Computer Support Forum

Examing logs created by malware removal tools

Question: Examing logs created by malware removal tools

Hey I am just really interested in PC security and repair and I was just wondering if you guys had any good resources for my own personal research. If you could tell what you would want to look for when examining these files created by the programs listed below and even what the purpose is for these programs that would be very helpful in helping me understand the process better. I got this from your malware removal procedure forum. Very insightful by the way

? BitDefender
? PandaActiveScan.
? GetRunKey
? ShowNew

Thanks

Relevance 100%
Preferred Solution: Examing logs created by malware removal tools

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Examing logs created by malware removal tools

Your best resource is the thousands of posts in this forum.

BitDefender and Panda are rather self explanatory in most case however you still need to know the difference between valid detections and false detections and that comes with significant experience over a period of time.

We don't have time to really explain GetRunKey and ShowNew to you. In short GetRunKey shows lots of registry keys (not necessarily bad) and potentially bad files associated with certain infections. ShowNew dumps out important areas of the file system that may be used by malware. ShowNew also prints and uninstall program list so you can see if any malware is installed. You need to have a good understanding of ALL Windows OS's, the file systems, and the registry to understand what they are being used for. Also you need to again be able to distinguish between what is valid and what is not valid and that also comes with significant experience.

Reading the threads and reading the logs and seeing what is fixed and not fixed will teach you a lot.

1 more replies
Relevance 89.79%

Hi,

My son's Laptop has a nasty redirect virus that also prevents the execution of malware removal programs and also prevents the logging tool from working. The icons for both Malwarebytes and the dds tool have a colored "shield" that is imposed on top. Any help would be greatly appreciated. OS is Vista Home edition.
Appreciatively,

A

Answer:Malware with redirect prevents removal tools and logs from executing

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

2 more replies
Relevance 73.39%

I've followed the suggested methods for removing malware and viruses. Had vundo and a bunch of other junk. Analyzed hjt and removed everything per the hjt guide. I've attached mg log file for further suggestions. Thank you in advance for the help.
 

Answer:run removal tools / combofix - Logs for analysis help please

Hi v2ladimyr,
Welcome to Major Geeks!

Please attach the other logs requested in the READ & RUN ME FIRST. You're missing the logs for Combofix, MalwareBytes and SuperAntiSpyware.

Thanks.
abri
 

7 more replies
Relevance 72.98%

Two new malware removal tools by PC Tools just appeared on Softpedia today.
PC Tools Threat Removal Tool 2012

Fight back against malware.
PC Tools Threat Removal Tool is a handy and reliable utility designed to scan your computer for threats and remove them.

This Threat Removal Tool is designed to fight malicious code that has been known to prevent PC Tools' antivirus software from being installed. It performs a quick system scan in order to identify and neutralize the most common malware families that block, prevent, or terminate PC Tools' security software installers.

To ensure that the malware is completely eliminated, PC Tools Threat Removal Tool deletes the infected files and the registry values added by malware.

Requirements:

· Administrative rights
· If you are running Windows Me/XP, turn off System Restore.

Download
PC Tools ISO Burner 2012 1.0

Get the ability to access and delete persistent malware.
Safely remove malware from your computer with PC Tools ISO Burner. This is an advanced bootable antivirus tool that provides users with the ability to access and delete persistent malware.

When malware infects a computer, it gains control of many components that are key to the system's operations, making it very difficult to remove. Malware can use some of these system components to hide itself and prevent other software from detecting and removing it.

If you can't install or run a security application in the first place, then how a... Read more

Answer:PC Tools Releases New Malware Removal Tools

Ok what files are in the zip when you download it?
All I get is pcttFixTool.dll, no exe???
 

7 more replies
Relevance 69.7%

I have scanned with AVG with the latest updates. On top of that insidious google redirect I get random pop ups even when I don't already have IE or Firefox running. Also getting sounds in the background like I'm clicking on a link, surfing the net when I'm not. And SYSTEM in task manager is hogging a ton of memory.Logfile of Trend Micro HijackThis v2.0.4Scan saved at 11:52:42 PM, on 8/7/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\AVG\AVG9\avgwdsvc.exeC:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exeC:\... Read more

Answer:persistent malware undetected by virus scans and malware removal tools

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.We need to create an OTL report,Please download OT... Read more

2 more replies
Relevance 69.29%

Since the ComboFix will not run on Vista or Windows 7 64-bit, I have to look for new malware/virus removal apps... It was good while it lasted. So what tools do people use for Vista these days when the computer says: "WARNING! YOURS COMPUTER IS AN INFECTED BY HARMFUL VIRUS!!!!"

Answer:64-Bit Virus Removal & Malware Removal Tools?

64-bit Anti-Virus:List of 64-bit Anti-Virus For VistaAnti-virus protection in 64-bit environmentsFree Anti-virus:avast! Free Antivirus Avira AntiVir Personal - Free AntivirusAVG Anti-Virus Free Edition 8.5Microsoft Security EssentialsPanda Cloud AntivirusKingsoft Free Antivirus (Cloud Scan)Paid for Anti-virus:NOD32 Anti-Virus PersonalMcAfee AntiVirus PlusTrend Micro AntiVirus plus AntiSpywareNorman Antivirus & AntispywareCA Anti-Virus Plus Anti-Spyware64-bit Anti-Malware tools:Malwarebytes Anti-MalwareSUPERAntiSpywareKaspersky Virus Removal Tool - How to install and use documentationSpyware TerminatorWindows Defender (64-bit)PrevxSpybot S&DAd-AwareNorman Malware CleanerSunbelt Counterspy (free Trial)Comodo BOClean Anti-MalwareSophos Anti-rootkitSanityCheck Advanced Rootkit and Malware DetectorESET Online Antiivirus ScannerESET SysInspectorAnVir Task Manager FreeWinPatrolStart with these:How to use Malwarebytes' Anti-Malware to scan and remove malware from your computerHow to use SUPERAntiSpyware to scan and remove malware from your computer

3 more replies
Relevance 68.88%

Hi,
Included are the logs from both HJT and MBAM.

I've gotten my WoW Acc hijacked the other day, and I followed the steps in this guide down to the last step, this being it. http://forums.wow-europe.com/thread.html?topicId=5383442401&sid=1

I've come to think that my system now is clean. And so I wish only for you to look at the logs and tell me is there's anything I've missed. Being fairly advanced in the world that is computers I should be able to be guided through most steps needed, if any.

Other than getting my acc stolen, I've not seen any other actions or behaviours that would be suspicious, so these logs should be a cakewalk to look at.

If there's anything you need to know, I will try to answer them ASAP.

Thanks ever so much for providing this service!
Sincerely
Johan Daxberg
 

More replies
Relevance 68.88%

Hi, i got infected because i was triying to run malwarebytes and it skip the part of analising the files, it ended in arount 1 minute in a full scan, and i tried to download dr web cure it, and it dont allow me, the computer seems fine, but those things are very strange, and when i was running the scan i was in safe mode...
 
thanks for the help

Answer:Malware infected, malware removal tools useless

Greetings samidelcueva and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.If you would allow me to call you by your first name I would prefer to do that.===================================================Ground Rules:First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter pro... Read more

0 more replies
Relevance 68.88%

Hi. I am trying to diagnose a problematic laptop for a friend. I don't know the details of what happened to cause the problems. The main problem I can detect is that the laptop is EXTREMELY slow. It seems like anything I try has a delayed response (even a simple mouse click). I followed the Malware Removal Guide, but was only able to run two of the five suggested tools as follows:

1) SUPERAntiSpyware - I ran this after manually updating the definition files on the version already installed and the scan found nothing.

2) Malwarebytes Anti-Malware - I was not able to update the definition files for the current version installed. After several attempts to uninstall this (via the Control Panel), I was able to do it via CCleaner. However, I was not able to re-install a more recent version due to problems with the Windows Installer service. After uninstalling an outdated version of Java (Update 14) via the Control Panel, I have not been able to install/uninstall any more programs.

2) combofix.exe - not compatible with 64-bit OS

3) RootRepeal - did not run on 64-bit OS

4) MGtools - did run; kept getting errors, but continued to completion

Attached are the SUPERAntiSpyware and MGTools logs:
 

Answer:Possible Malware preventing me from running malware removal tools

I am not seeing any malware in those logs. I do not know why MalwareBytes would not run, are you able to run it in safe mode? How does the PC behave when you use safe mode?

More than likely I think I will be sending you off to the software forum.

We can do this:

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:



O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - (no file)
O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - (no file)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - (no file)
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - (no file)
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsM... Read more

5 more replies
Relevance 67.65%

As we talked about:
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-02-2014
Ran by 3one4 Events (administrator) on 3ONE4EVENTS-PC on 18-02-2014 06:02:45
Running from C:\Users\3one4 Events\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
() C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe
() C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Apple Inc.) C:\... Read more

Answer:Malware removal 2nd computer - Post created for Bleepin Gringo

replied to first topicgringo

3 more replies
Relevance 67.65%

As we talked about:
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-02-2014
Ran by 3one4 Events (administrator) on 3ONE4EVENTS-PC on 18-02-2014 06:02:45
Running from C:\Users\3one4 Events\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
() C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe
() C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Apple Inc.) C:\... Read more

Answer:Malware removal 2nd computer - Post created for Bleepin Gringo

Hello nodiggity report looks good but we will do a cleanup anywayVery Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top of your post, click on the... Read more

34 more replies
Relevance 67.65%

As we spoke about:
 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-02-2014
Ran by 3one4 Events (administrator) on 3ONE4EVENTS-PC on 18-02-2014 06:02:45
Running from C:\Users\3one4 Events\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
() C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe
() C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Apple Inc.) C:\... Read more

Answer:Malware removal 2nd computer - Post created for Bleepin Gringo

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-02-2014
Ran by 3one4 Events at 2014-02-18 06:03:21
Running from C:\Users\3one4 Events\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 
==================== Installed Programs ======================
 
Adobe Acrobat 7.0 Standard - English, Français, Deutsch (x32 Version: 7.1.0 - Adobe Systems) Hidden
Adobe Acrobat 7.1.0 Standard - English, Français, Deutsch (x32 Version: 7.1.0 - Adobe Systems)
Apple Application Support (x32 Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
Avant Browser (remove only) (x32 Version: 12.5.0.0 - Avant Force)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
CCleaner (Version: 4.10 - Piriform)
Crystal Report 2008 Runtime SP3 (x32 Version: 12.3.0.601 - SAP AG)
Dell Toolbar (x32 Version: 1.8.12.0 - )
Dell V310-V510 Series (Version:  - Dell, Inc.)
EaseUS Todo Backup Free 6.5 (x32 Version: 6.5 - CHENGDU YIWO Tech Development Co., Ltd)
GDR 3128 for SQL Server 2012 (KB2793634) (64-bit)... Read more

4 more replies
Relevance 67.65%

Hi all, 
 
Recently on Chrome browsing on a site a received a web site popup saying "Your browser contains MALWARE. You have to install Chrome Malware Removal Tool". Confirming with OK opens an extension page:
 
https://chrome.google.com/webstore/detail/chrome-malware-removal-to/mbdoonnjlifcmakklcaembokjhjikank
 
I have a strong suspect this is a malware!!!
 
What I'm trying to understand if what kind of malware infected the web site I visited. Some technical specs could be useful . The web site is of a my friend and I'd like to help them to identify the malware infected their web site...
 
 

More replies
Relevance 67.65%

Hi. Thanks for this. I need to first tell you that I don't even know how to generate the logs everyone posts here for troubleshooting. I'm sorry. Maybe someone could tell me how, then I will.

Because my laptop wouldn't even boot to the O/S last week, DELL's tech support helped me move files, reformat and reinstall the OS. I reinstalled McAfee. A security tool warning popped up. I knew it was rogue; I came here and got rid of using mbam and process explorer - very easy. Or I thought I did. On my daughter's desktop this morning, there were 3 porn shortcut links ON HER DESKTOP!!!! There was also a link to "Active Security" - trying to figure out wtf this was it turns out it was another rogue. Awesome. It at least had an uninstall on Add/Remove programs... but obviously it is not gone, if that is even the cause of all this... Thinking MBAM would be a logical quick fix, I figured I would try that. My Mbam won't load - I have reinstalled and it - it reinstalls and then when I try to quicksccan it says I don't have permissions and then I can't even open it again. I can reinstall, then it is hijacked when I try to scan. My McAfee won't scan either so both are being hijacked and I also am having the same browser redirects as others when clicking on sites from search results. McAfee can't even fix itself. In safemode, McAfee tells me the truth at least that it is not working (in regular mode it poses like everything is... Read more

Answer:Ugh - Malware Removal Tools Disbled by Malware

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

1 more replies
Relevance 67.65%

Hi Guys,

Thanks for a great website, and many good tools you have put together.

I have a problem getting rid of what I think is Spyware on my wife's laptop.

She is currently unable to do Google searches properly, and all results seem to end in being re-directed to a 'Coupon Mountain' website, we can browse to some websites manually, but all those of the major malware removal companies (including yours) just result in the standard IE website unavailable error message.

I have tried downloading all the tools in your READ AND RUN ME FIRST section to a CD, and then copying them to the laptop to run, unfortunately none of them install (even if I change the names.)

I'm getting to the point where I'm considering a repair install, but would like to know if there's anything else I can do to get things fixed without such drastic action.

TIA

Neil
 

Answer:Can't Run Malware Removal Tools.

Welcome to Major Geeks!


Please follow the instructions in the READ & RUN ME FIRST link given futher down and attach the requested logs when you finish these instructions.
If you have problems where no tools seem to run, please try following the steps given in the below and then continue on no matter what you find. You only need to try the TDSSserv steps if having problems getting scans in the Read & Run Me First.

TDSSserv Non-Plug & Play Driver Disable

If something does not run, write down the info to explain to us later but keep on going.
Do not assume that because one step does not work that they all will not.
READ & RUN ME FIRST. Malware Removal Guide


Helpful Notes:

If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode. You can run steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware, Malwarebytes and Spybot ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
To avoid addtional delay in gettin... Read more

1 more replies
Relevance 67.65%

Hello All,
I have tried all possible tools
SpySweeper,Kaspersky,Spypot,Spyware Doctor,Adaware
SuperAntiSpyware,MalwareBytes,CCleaner,RogueRemover

I think its the virtumonde...The thing is I have a couple of registry entries pointing to Dlls that do not exist but even if i remove them they keep coming back.I have tried booting into safe mode and deleting them but it does not help.I am posting my HijackThis log.I have disabled system restore as well

I keep getting random Ad-Websites and messages that my computer has been affected.

I have highlighted the susicious registry entries.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:56:00 PM, on 03-Dec-08
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system3... Read more

More replies
Relevance 67.65%

I ran through as much of the readme as I could, but only MGtools worked. Please look at the attached logs and advise me on what to do next. Thanks.
 

Answer:Can't run malware removal tools

Welcome to Major Geeks!

Your log shows that you were in safe boot mode. You should be in normal boot mode unless that is not possible and you did not say you could not boot in normal mode.

A few of your Windows system files (ndis.sys and beep.sys) are infected and will need to be replaced by clean copies. It will be much easier to do this once we can get ComboFix to work. So let's start with the below fix and see if we can get other tools to run afterwards.


Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

F2 - REG:system.ini: UserInit=userinit.exe
O4 - Startup: zqosys32.exe
O23 - Service: Dhcp server (DhcpSrv) - Unknown owner - C:\WINDOWS\dhcp\svchost.exe (file missing)

After clicking Fix, exit HJT.

Now copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.




REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,"Click to expand...

Make sure that you tell me if you receive a success message abou... Read more

1 more replies
Relevance 67.65%

Hi Geeks,
I'm pretty sure I have a malware issue on my PC. I can't access any security websites, like malwarebytes.org and more. In fact, I am surprised I can access the Geeks website! I can download removal tools, but they won't run and I've tried quite a few.. I can't boot into safe mode -The dreaded Windows blue screen error message comes up-"Windows has detected a problem and needs to shut down". I followed your "Read me first" and did everything I could, including remove the old Java versions. When I tried to install Java again, it said the program is not digitally signed and shut down. This has happened a few times with other installs as well. My browsers shut down frequently on their own as well. Ihave a recent hijack this log, but not sure whether to attach it or not, as it was mentioned it may be filtered as spam. Anyway, hope you can suggest something. Thanks!
Bobby
 

Answer:malware won't let me run any removal tools and more

If you can't boot into safe mode and normal mode will not allow you to run any of the scans, there isn't much we can do to help you. Have you tried running all the requested scans? Have you tried renaming them as per the Read and Run First instructions? Will MGTools.exe not run?

You can try using a different computer to create this disc and then boot to it with the infected machine. ( You will need to first go into the bios and change the boot up order to make the cd drive the first boot device.)

Kaspersky Rescue Disk.
 

11 more replies
Relevance 67.65%

Hello all,

This is my second go-round through your instructions. The first in 04/2009 was successful. Presently, I cannot get any recommended tools to run --even if I rename an exe. I cannot locate the exe for Malwarebytes; I get an "exception unknown software exception (0xc0000409) occurred in application at location 0x77f7c60b" error message when attempting to open SuperAntiSpyWare. I attempted both in system mode and normal mode. (I have run them successfully in the past.) I see the Security Tool shortcut on my desktop and I bet its the culprit.

I am attaching two logs below. Your help is very appreciated.
Dawna G.
 

Answer:Malware removal tools won't run

Welcome to Major Geeks!

You MGlogs.zip file is not as useful as we need for two main reasons:

You don't have the current version. You are 7 months out of date.
You ran it in safe boot mode and normal boot mode is the preferred method.
Is all of the software you have that far out of date?

I will give you something to try below but the malware may have additional things hiding that we cannot see with this outdated version of MGtools.



Uninstall the below old versions of Java:
Java(TM) 6 Update 13

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: Browser Helper Object - {AFD4AD01-58C1-47DB-A404-FBE00A6C5486} - C:\Program Files\Shared\_lib.dll
O4 - HKLM\..\Run: [tijidekel] Rundll32.exe "c:\windows\system32\jetebemi.dll",a
O4 - HKUS\S-1-5-19\..\Run: [wadahetuju] Rundll32.exe "C:\WINDOWS\system32\yikujode.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [wadahetuju] Rundll32.exe "C:\WINDOWS\system32\yikujode.dll",s (User 'NETWORK SERVICE')
O20 - AppInit_DLLs: c:\windows\system32\jisasiti.dll C:\WINDOWS\system32\gitoribo.dll c:\windows\system32\juduwuho.dll c:\windows\system32\jetebemi.dll,mapopabe.dll
O21 ... Read more

7 more replies
Relevance 67.65%

I have aToshiba M105 laptop. I have CCleaner and Avast Home installed. I ran Avast - no issues, ran CC and Registry cleaner. I have something on this that when I do a google search will look like legitimate results but when I click on a link will send me somewhere else, usually redirect me to an ad or the info.com.I also can not access certain websites -MajorGeeks being one of them or any of the sites that contain the malware removal tools listed in the MJ procedures. Si I tried to access MJ from another computer and save the tools to a usb stick then transfer to the infected computer. Worked OK until I tried to run the various apps. SAS I get "encountered error needs to close" Spybot - "connection w/sever could not be established" Malwarebytes just wouldn't install. Don't know what to do now ---HELP!!!!!
 

Answer:Can not run MALware removal tools

For MBAM, just run it without updating.

Have you tried running the other scans in safe mode?

The Read and Run First instructions have links to manual updates for both SAS and MBAM.

Did you run the MGTools.exe? Were there any issues with that? Can you attach the C:\MGLogs.zip?
 

3 more replies
Relevance 67.65%

I am trying to follow clean up procedures, http://forums.majorgeeks.com/showthread.php?t=35407 and have 2 questions;
1. when I run Microsoft Windows Malicious Software removal tool, does it clean/fix automatically or do I have to click on something? I tried to go to the help section and I get "page cannot be displayed".
2. when I run Spybot Search & Destroy, I click immunize but i don't see S&D helper.

ty
 

Answer:Using malware removal tools

1. Just run teh tool there is nothig else you have to do.

2. When you Immunize; Spybot is making changes to the Registry.
 

3 more replies
Relevance 66.83%

Help! My daughters laptop seems to be infected with browser hijacker I can't get rid of it. I can't download windows updates and all different browsers aren't working right, sending me to wrong sites and preventing download of AV and malware removal tools. Super anti spyware was installed and wouldnt work, have tried to install windows malicious software removal tool via USB but it won't install or run, have also tried to install spybot via USB but it wont install, error message when it try's to connect to download some of installation files I think. Any advice you guys can offer would be very gratefully recieved, many thanks
 

Answer:Can't install malware removal tools

Welcome to Major Geeks!





TomPo said:





and all different browsers aren't working right, sending me to wrong sites and preventing download of AV and malware removal tools.Click to expand...

Has a proxy server been inserted in the browser? See the below:

Proxy Server - Changing Settings



TomPo said:





Super anti spyware was installed and wouldnt work,Click to expand...

You need to be more specific. Exactly what happens.





TomPo said:





have tried to install windows malicious software removal tool via USB but it won't install or run,Click to expand...

Exactly what happens? Any error messages.

Have you tried to install and run tools in safe boot mode as suggested in our cleaning procedures?





TomPo said:





have also tried to install spybot via USBClick to expand...

Waste of time anyway as it is ineffective against most of todays malware.


Also try the below to see if you can get anywhere.


Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click and choose Run as Administrator


You only need to get one of them to run, not all of them. You may get warnings from y... Read more

12 more replies
Relevance 66.83%

Running windows xp media edition on e machine. Will not run any spyware programs. Will not run HJT. Found BRAVIAX.EXE in sys 32. Ran killbox to delete. Could not delete braviax sys32.exe. Had killbox replace file with dummy file then marked read only to stop the red x
trying to sell me its programs. Tried to down load several other spyware removal programs. Get message Access Denied no matter what.
Browser has been taken over by redirect program. HELP! WARNING I am NOT computer literate.

Answer:Nasty Malware. Can't run any removal tools.

Hello fxstc1340 and to BleepingComputer.WARNING I am NOT computer literate.Not a problem. If you don't understand something, feel free to ask questions and I'll explain it better. The same holds true for any helper you work with here.Now. . . let's see what we're looking at here.Please install RootRepealNote: Vista users ,, right click on desktop icon and select "Run as Administrator."Direct Download (Recommended)Primary MirrorSecondary MirrorSecondary MirrorSecondary MirrorZip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)
Primary MirrorSecondary MirrorSecondary MirrorRar Mirrors - Only if you know what a RAR is and can extract it.
Primary MirrorSecondary MirrorSecondary MirrorDisconnect from the Internet or physically unplug your Internet cable connection.Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver. Temporarily disable your anti-virus and real-time anti-spyware protection.After starting the scan, do not use the computer until the scan has completed.When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.Extract RootRepeal.exe from the zip archive.Open on your desktop.Click the "Drivers" tab, and then click the button.Allow RootRepeal to run a scan of your system. This may take some time.Once the scan completes, push the button. Save the... Read more

6 more replies
Relevance 66.83%

I am getting an error "unable to connect to the proxy server" while opening chrome, firefox or IE.
 
I have unchecked the proxy setting and it still reverts back when I try to open a browser.
 
I am pasting the results from the mini tool box. below -
 
I also ran  ADW Cleaner , TDSSkiller and malwarebytes.
 
 
 
 
 
MiniToolBox by Farbar  Version: 30-11-2014
Ran by jints1234 (administrator) on 02-02-2015 at 23:43:08
Running from "D:\adware"
Microsoft Windows 8  (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
 
 
 
========================= IP Configuration: ================================
 
Qualcomm Atheros AR9485 Wireless Network Adapter = Wi-Fi (Connected)
Realtek PCIe GBE Family Controller = Ethernet (Media disconnected)
 
 
# -----... Read more

Answer:tried several malware removal tools and still cant connect

Sorry, not at home, report's too long to read -- what firewall, anti-virus, anti-malware are you using?  One thing I can recommend is you "sneaker-net" [via usb stsick or CD/DVD] Tweaking.com's Windows Repair (All in One), install & run it.  Accept defaults checkmarks, add #26 & 27 [if memory serves me], ones that indicate normalizing Windows operations.

2 more replies
Relevance 66.83%

can anyone tell me if there ar any bootable malware removal programs other than avg

thanks in advance

ray

Answer:bootable malware removal tools

Here are a couple:http://www.free-av.com/en/products/12/avir...cue_system.htmlhttp://www.freedrweb.com/livecd/

2 more replies
Relevance 66.83%

My Windows 7 x64 machine is presenting Antivirus 360 malware. I am looking for tools that will work with Windows 7. I tried combofix and some others but I am finding out they are not made for Windows 7. Please help. I am not even sure what to use to collect logs to submit here.

--M


Submitted DDS log in log submit forum but I would still like suggestions on Windows 7 compatible removal tools.

More replies
Relevance 66.83%

I can't download anything at all and I suspect it is a malware issue. And yes, I've tried removing firewalls, anti-virus, pop-up blocker, etc...
If i try to download something on firefox i get this message: "C:\Documents and Settings\HP_Administrator\Desktop\XXXXXXX could not be saved, because you cannot change the contents of that folder.
Change the folder properties and try again, or try saving in a different location."

If I try to download something on IE i get this: "The requested site is either unavailable or can not be found.Please try again later "

Some symptoms that might be unrelated, I tried running a disk check, but it stops at step 2/3, and an old malware that i deleted left autorun, but i got rid of that as well.

I would download malwarebytes or something to try and get rid of the problem, but i can't :\
 

Answer:Can't even download malware removal tools

Welcome to Major Geeks!

Please read ALL of this message including the notes before doing anything.

Pleases follow the instructions in the below link:

READ & RUN ME FIRST. Malware Removal Guide
and attach the requested logs when you finish these instructions.
**** If something does not run, write down the info to explain to us later but keep on going. ****
Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.

After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:

If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware and Malwarebytes ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
If you cannot seem to login to an infected user account, try using a differe... Read more

3 more replies
Relevance 66.83%

Hello Geek Saviors

Am trying to run the Malware Removal Tools for my Acer 2012 Laptop, Windows 7, IE 11, AVG antivirus, Comodo Firewall. Have downloaded the Tools to desktop and followed the Win 7 malware removal directions. Have following problems despite lowering Internet security settings, trying with Comodo Firewall disabled (also Comodo in safe mode) with all tools software entered as safe applications, running in Windows Normal Ops:
1 - Defogger, after clicking DISABLE and YES get immediate red X message "Unable to Create Log"
2 - RogueKiller, right click "run as admin", depending on Comodo settings noted above variably got Alert Triangle "Software is Not Available" or once setup opened and started abruptly disappeared with message "Download Manager has stopped working. A problem caused the program to stop working correctly. Windows will Close and notify you if a solution is available". Tried renaming to "RK.exe" with same result.
3 - Malwarebytes - tried after RogueKiller failure, right click "run as admin", and got exact same response as for RogueKiller.

Did not try other tools. Any idea what I can do to get tools to run? Have not tried computer Safe Mode - would this help?
Thanks for any suggestions and guidance.
 

Answer:Malware Removal Tools not Opening

Yes, you can try safe mode, but be sure to first disable your AV software.
 

6 more replies
Relevance 66.83%

When I go to download ie:  RKILL or malwarebytes they do not download.  I am running firefox.  I have tried explorer.  I have an HP windows XP. 

Answer:cannot download any malware removal tools

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/518053 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

2 more replies
Relevance 66.01%

my lap top is brand new and i know i have a virus or Malware because it has slowed down consistently and also the command prompt always pops up with gombzo updating or something along those line i have tired to delete the software that i believe was malware or a virus and it just keeps poping up so now im working on malware removal and need these log reviewed if i understand correctly
 

Answer:Malware removal Logs Please Help!

Re run Hitman Pro and have it remove all that it finds.



Fix items using RogueKiller.

Double-click RogueKiller.exe to run. (Vista/7/8 right-click and select Run as Administrator)
When it opens, press the Scan button
Now click the Registry tab and locate these detections:


[Suspicious.Path] Rocket Updater.job -- C:\Users\equil\AppData\Roaming\ROCKET~1\UPDATE~1\UPDATE~1.EXE (/Check) -> FOUND
[Suspicious.Path] \\EnergoTech Update -- C:\ProgramData\EnergoTech\update.exe -> FOUND
[Suspicious.Path] \\Rocket Updater -- C:\Users\equil\AppData\Roaming\ROCKET~1\UPDATE~1\UPDATE~1.EXE (/Check) -> FOUND
Place a checkmark next to each of these items, leave the others unchecked.
Now press the Delete button.
When it is finished, there will be a log on your desktop called: RKreport[2].txt
Attach RKreport[2].txt to your next message. (How to attach)
Reboot the machine.


Download and run OTM.

Download OTM by Old Timer and save it to your Desktop.


Right-click OTM.exe And select " Run as administrator " to run it.
Paste the following code under the area. Do not include the word Code.


Code:

:Files
C:\Users\equil\AppData\Local\nsx306D.tmp
C:\Users\equil\AppData\Local\proxy.log
C:\ProgramData\3002.abs
C:\ProgramData\3002.xml
C:\Users\equil\AppData\Roaming\ROCKET~1
C:\ProgramData\EnergoTech

:Commands
[emptytemp]
[Reboot]

Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and ... Read more

5 more replies
Relevance 66.01%

Here are my logs. So Far.

I am not really sure how o run the ComboFix using vista. I can get to the Comand Prompt window, I do not know what to do from there. I can get to it with and without the DVD.. i read my manual that came with my computer which told me to press f12 after BIOS.
 

Answer:Malware Removal Logs.. where should I go from here.

Sorry I didnt finish. The problem that I am having is that I keep fake AntiVirus scans that say that my computer is infected...blah blah blah. My wallpaper on my computer changed to first a porno picture.. and then when I restarted again to blue background with a "VIRUS VIRUS" box as the picture. This all stopped after I ran the tests, which was yesterday.. now today when searching the web when I click on anything it clicks the link 5 times. Plus the computer is running much slower than it used to, and everytime I run my trend micro virus scan it comes up with 14-35 infected files.
 

8 more replies
Relevance 66.01%

I'm posting the logs I have from following your Windows XP malware removal/cleaning procedure.

Everything seems good except Privatefirewall keeps asking me to block/accept this: user_feed_synchronization-{8f514c19-b8ef-4685-8bcb-0725ecb0b51d}.job. Is this a problem?
 

Answer:Malware removal logs

Welcome to Major Geeks!

You need to attach the C:\MGlogs.zip file from MGtools as requested.






jbuchs said:





user_feed_synchronization-{8f514c19-b8ef-4685-8bcb-0725ecb0b51d}.job. Is this a problem?Click to expand...

No!
 

1 more replies
Relevance 66.01%

Im hoping that i did this correctly, but my computer was hit with some crazy virus, i looked online as to how to delete it, but i wasnt sure if it had gotten rid of the virus completely.  I have not had any other issues or pop ups from the virus since i followed the youtube videos direction of deleting it a few weeks ago.  the issue im having now is with my pictures.  the virus seemed to wipe out most of my pictures, however, i can still see the thubnail of each picture (although i dont get to see my actual photo, its the default jpeg or whatever) and whenever i click on a picture, i see that it still has a file size.  I try double clicking it to open it up in my photo viewer, and it just basically tells me the picture cant be found and that its in an incorrect format, which i never had a problem with before the virus.  so as of now, it looks like ive lost almost all my pictures. i am not very tech savy so any help is appreciated, i believe i attached the logs the correct way but i can also copy and paste them just in case? let me know. thanks for your help

Answer:Malware Removal Logs

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer. 1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.2. The fixes are specific to your problem and should only be used for this issue on this machine.3. If you don't know or understand something, please don't hesitate to ask.4. Please DO NOT run any other tools or scans while I am helping you.5. It is important that you reply to this thread. Do not start a new topic.6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.7. Absence of symptoms does not mean that everything is clear.If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line. *************************************************************************Please do not attach your logs unless absolutely necessary. Copy and paste them in your reply(ies)One or more of the iden... Read more

14 more replies
Relevance 66.01%

I just did this whole process a couple of weeks ago when I was have a lot of issues with this computer...With your help I got this pc running great just like it was supposed to...Right now I am not having any real issues but I am having some difficulties try to accessto an address on one of my domains..I had a contact manager installed to my new hosting that I cannot accesshere is that address to that directory: http://itskrl.com/eI can access home directory with no problems:  http://itskrl.comI contacted the person who I got this software from and told him that I could not access the contact manager...(Skype) he texted me back and said thathe had no problems and was able to access it and log in...He thought it might be my computer...so here I am and here are the first logsAdwCleaner--------------# AdwCleaner v3.210 - Report created 21/05/2014 at 06:43:58# Updated 19/05/2014 by Xplode# Operating System : Windows 8.1  (64 bits)# Username : Valued Customer - VALUEDCUSTOMER# Running from : C:\Users\Valued Customer\Downloads\adwcleaner_3.210.exe# Option : Clean***** [ Services ] ********** [ Files / Folders ] *****Folder Deleted : C:\ProgramData\AVG SafeGuard toolbarFolder Deleted : C:\ProgramData\AVG Secure SearchFolder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbarFolder Deleted : C:\Program Files (x86)\Common Files\AVG Secure SearchFolder Deleted : C:\Program Files\AVG SafeGuard toolbar[!] Folder Deleted : C:\Users\Valued Customer\AppData\Local\AVG SafeGuard ... Read more

Answer:First Logs for malware removal

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer. 1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.2. The fixes are specific to your problem and should only be used for this issue on this machine.3. If you don't know or understand something, please don't hesitate to ask.4. Please DO NOT run any other tools or scans while I am helping you.5. It is important that you reply to this thread. Do not start a new topic.6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.7. Absence of symptoms does not mean that everything is clear.If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line. *************************************************************************QuoteRight now I am not having any real issues but I am having some difficulties try to accessto an address on one of my ... Read more

3 more replies
Relevance 66.01%

Tried to set a password for my admin account, was informed that Windows wouldn't let me, followed by seeing a password applied to my admin account that I didn't set...

Followed your procedure....
A couple of things....

Had problems in Nov; ran thru your removal process, $AVG seems to havethe problem, couldn't remove files... got them removed, 'password' disappeared from the admin file, I thought all was well.

today, was told by combo fix that AVG was still running....

combofix - ran x3 - 1st time - got a message from my aviva (which came back on after the reboot), that it had found an infected file- the EICAR Test-Signature Virus
Virus: Eicar-Test-Signature
Type: Test file
In the wild: No
Reported Infections: Low
Distribution Potential: Low
Damage Potential: Low
Static file: Yes
File size: 68 Bytes
MD5 checksum: 44d88612fea8a8f36de82e1278abb02

2nd run... got a PEV.EXE error.... error info didn't stay on screen long enough for me to catch it all

3rd run - got the "infected" EICAR-TEST-SIGNATURE message again...

attached here are SAS log, MBAM Log, and first run combofix log
(2nd run with PEV.EXE error did not create log)
 

Answer:Help! My Malware Removal logs

Re: Help! My Malware Removal logs - PART TWO

the continuing saga....
attached:
Combofix Log number 2 (from 3rd running of Combofix)
Root Repeal Log
MGtools Log
 

6 more replies
Relevance 66.01%

Hello,
Here are all the logs from the scans I did, I couldn't find one for malwarebytes. there is no 'log' folder created in the malwarebytes folder under program files. When I ran it, nothing was found - most likely because my husband had run it already without keeping a log? Not sure.

Anyway, any help would be appreciated, computer seems to be working great for the time being.

Thank you,
Naomi
 

Answer:Malware Removal Logs Win 7

Those logs are clean.

If you are not having any other malware problems, it is time to do our final steps:
We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
"%userprofile%\Desktop\combofix" /uninstall
Notes: The space between the combofix" and the /uninstall, it must be there.
This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
Go back to step 6 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
Go to add/remove programs and uninstall HijackThis.
Goto the C:\MGtools folder and find the MGclean.bat file. Double click on th... Read more

1 more replies
Relevance 66.01%

It appears that my computer has been hijacked by coupon mountain and maybe a few others. The following it the DDS.txt log and attached is the attached.txt zip file.Thanks!Mark--------------------------DDS (Ver_09-02-01.01) - NTFSx86 Run by DellUser at 12:53:51.45 on Mon 03/09/2009Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.651 [GMT -4:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Nexon\Mabinogi\npkcmsvc.exeC:\WINDOWS\system32\nvsvc32.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\PROGRA~1\AVG\AVG8\avgemc.exeC:\Program Files\AVG\AVG8\avgcsrvx.exeC:\PROGRA~1\AVG\AVG8\avgnsx.exeC:\WINDOWS\Explorer.EXEC... Read more

Answer:Malware removal / DDS logs etc

Hello mmauerman,Please download Malwarebytes' Anti-Malware from Here or Here Double Click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Full Scan", then click Scan. The scan may take some time to finish, so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy and Paste the entire Malwarebytes' Anti-Malware report in your next reply along with a fresh HijackThis log. Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediatly. If you encounter this message:"c:\program files\malwarebytes' Anti-Malware\mbamext.dll Unable to register the dll/ocx: RegSvr32 failed with exit code 0x5" Click on ignore mbamext.dll

2 more replies
Relevance 66.01%

Referred from here: http://www.bleepingcomputer.com/forums/topic382491.html ~ OBhere is the DDS log.DDS (Ver_11-03-05.01) - NTFSx86 Run by Marteezy at 20:26:57.56 on Sun 03/06/2011internet explorer: 8.0.6001.18702browserjavaversion: 1.6.0_18Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.895.405 [GMT -8:00].AV: Kaspersky Anti-Virus *Disabled/Outdated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}FW: Kaspersky Anti-Virus *Disabled* .============== Running Processes ===============.C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exec:\program files\idt\v114_ecs_d_6207.2v7_6099.8xp_g2.0v_rc_sdc\wdm\STacSV.exesvchost.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\svchost.exe -k hpdevmgmtC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\system32\WgaTray.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exeC:\WINDOWS\System32\svchost.exe -k HPZ12C:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\System32\svchost.exe -k HPZ12C:\WIN... Read more

Answer:Malware removal logs

Here is the GMER log

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Marteezy at 20:26:57.56 on Sun 03/06/2011
internet explorer: 8.0.6001.18702
browserjavaversion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.895.405 [GMT -8:00]
.
AV: Kaspersky Anti-Virus *Disabled/Outdated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Anti-Virus *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\idt\v114_ecs_d_6207.2v7_6099.8xp_g2.0v_rc_sdc\wdm\STacSV.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k imgsvc
... Read more

8 more replies
Relevance 66.01%

Hello... This is my brothers machine, so im not exactly sure how it got infected. I had some blue screen issues when running SAS, but other than that I believe the removal prossess went fairly smoothly. Below are the attached logs as per request. Thanks in advance for you help.
 

Answer:Malware Removal Logs

(logs cont.)
 

2 more replies
Relevance 66.01%

I have malware ads on my computer. I've attached the logs.
What do I do now?

Thanks a lot for the help!
KBI
 

Answer:Malware Removal - logs

Re run Hitman and have it delete all of the Potential Unwanted Programs.



Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Attach JRT.txt to your next message.


Delete this:
C:\ProgramData\BitGuard



Re run RogueKiller, just a scan and attach the log.


Now run the C:\MGtools\GetLogs.bat file by double clicking on it. (Right click and run as admin if using Vista, Windows7 or Win8) Then attach the new C:\MGlogs.zip file that will be created by running this.

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!
 

49 more replies
Relevance 66.01%

Each time i had malware ive just formated my pc now im sick of this and i found ur forum with a big hope for help!
I know from where this infection came if you need the adress just tell me that!

First i though that would help - that an Screen Shot that includes the virus name + hes location after full PC scan: http://img353.imageshack.us/my.php?i...3265565gi0.jpg

Second thing that i wanna say its that im not using anything except spyware doctor and Ad Aware cuz ive tried nod32 its slowing my PC to hell!
So just let you know that.

Now here Pandas log:

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-06-24 23:35:20
PROTECTIONS: 0
MALWARE: 0
SUSPECTS: 1
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
;===================================================================================================================================================================================
MALWARE
Id D... Read more

Answer:Malware removal help - with logs

Hi Ramije,

Sorry for the delay in looking into your log, as we are extremely busy in this section of the forums. If you still require assistance and are not seeking help elsewhere, then please carry out my instructions.

Please subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Add Subscription.

--------------------------------------------------------------

Please download HijackThis. This program will help us determine if there are any spyware/malware on your computer. Double-click on the file you just downloaded. Click on the "Install" button.
--------------------------------------------------------------

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
Please attach extra.txt to your post.
To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from ... Read more

3 more replies
Relevance 66.01%

here is the SuperAntispyware logSUPERAntiSpyware Scan Loghttp://www.superantispyware.comGenerated 09/11/2010 at 02:36 AMApplication Version : 4.42.1000Core Rules Database Version : 5488Trace Rules Database Version: 3300Scan type       : Complete ScanTotal Scan Time : 06:57:49Memory items scanned      : 839Memory threats detected   : 6Registry items scanned    : 7825Registry threats detected : 1239File items scanned        : 163914File threats detected     : 189Adware.MyWebSearch   C:\PROGRAM FILES\MYWEBSEARCH\BAR\2.BIN\F3HKSTUB.DLL   C:\PROGRAM FILES\MYWEBSEARCH\BAR\2.BIN\F3HKSTUB.DLL   C:\PROGRAM FILES\MYWEBSEARCH\BAR\2.BIN\MWSOESTB.DLL   C:\PROGRAM FILES\MYWEBSEARCH\BAR\2.BIN\MWSOESTB.DLL   C:\PROGRAM FILES\MYWEBSEARCH\BAR\2.BIN\MWSSRCAS.DLL   C:\PROGRAM FILES\MYWEBSEARCH\BAR\2.BIN\MWSSRCAS.DLL   C:\PROGRAM FILES\MYWEBSEARCH\BAR\2.BIN\MWSOEMON.EXE   C:\PROGRAM FILES\MYWEBSEARCH\BAR\2.BIN\MWSOEMON.EXE   C:\PROGRAM FILES\MYWEBSEARCH\BAR\2.BIN\M3SRCHMN.EXE   C:\PROGRAM FILES\MYWEBSEARCH\BAR\2.BIN\M3SRCHMN.EXE   [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\BAR\2.BIN\MWSOEMON.EXE   C:\PROGRA~1\MYWEBS~1\BAR\2.BIN\MWSOEMON.EXE   [My Web Search Bar Search Scope Monitor] C:\PROGRA~1\MYWEBS~1\BAR\2.BI... Read more

Answer:Malware removal logs

OTL Extras logfile created on: 9/22/2010 7:50:13 PM - Run 1OTL by OldTimer - Version 3.2.14.1     Folder = C:\Users\Macey\DownloadsWindows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18943)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 63.00% Memory free6.00 Gb Paging File | 5.00 Gb Available in Paging File | 76.00% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program FilesDrive C: | 149.01 Gb Total Space | 87.93 Gb Free Space | 59.01% Space Free | Partition Type: NTFSD: Drive not present or media not loadedE: Drive not present or media not loadedF: Drive not present or media not loadedG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loaded Computer Name: MACEY-PCCurrent User Name: MaceyLogged in as Administrator. Current Boot Mode: NormalScan Mode: Current userCompany Name Whitelist: OffSkip Microsoft Files: OffFile Age = 30 DaysOutput = Minimal ========== Extra Registry (SafeList) ==========  ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation).hlp [@ = hlpfile] -- C... Read more

2 more replies
Relevance 66.01%

I have used HJT in the past, so I returned to the website when I ran into some issues with a machine at work. First signs were pop-ups, then when I googled a word and clicked on a result the link would not go where directed but to an advertisement. I followed all of the steps on the malware removal guide by chaslang, and here are my logs. I will reply to load the fourth log from mgtools.
 

Answer:Malware Removal Logs

MGlogs zip
 

2 more replies
Relevance 66.01%

I am hoping you can help us clean this computer of Vundo and any other malware. I have followed your steps below and attached the logs. I have also summarized what we did before finding your forum. Thank you so much for any help you can offer!


SYSTEM
Dell Dimension desktop
XP Home and Service Pack 3

SYMPTOMS
Constant pop-ups; inability to complete purchases online; printing problems.


WHAT WE DID BEFORE FINDING YOUR FORUM
We ran McAfee, Superantispyware, and Malwarebytes before finding this forum. I did not save the initial logs.

Briefly, the initial Superantispyware scan found about 20 to 30 files labeled Vundo Variant and Vundo Variant-T (I think). Upon reboot after cleaning, we got an error message saying that the zesupoma.dll file was missing.

Malwarebytes also found a few infected files, but I can't remember if they were labeled Vundo or not; we cleaned the system too quickly.

We also rescanned everything before finding your forum. A new Malwarebytes scan was clean, but Superantispyware still reported about 6 Vundo Variant files. We could not boot into safe mode. The third scan on all three scanners was clean, but we still could not boot into safe mode. After this, we found your forum and followed your procedures.



RESULTS AFTER FOLLOWING YOUR PROCEDURES

All logs are attached. Briefly, results were as follows:

Superantispyware: clean

Malwarebytes: clean

Combofix: deleted 3 files
c:\windows\system32... Read more

Answer:Please help with Malware Removal Logs

Here are the additional two logs. Thank you!
 

9 more replies
Relevance 66.01%

Hello, we had malware on our computer as our background was changed and the virus scan alerted us of a few viruses such as generic fakealert.b and jokebluesceen. I followed all the steps and am now posting the logs.

thanks for the help

ps. the clock is still in 24 hour time, what should i do about this.
 

Answer:Malware removal logs

here is my fourth log.
 

2 more replies
Relevance 66.01%

I did all the steps in the "Read & Run Me First. Malware Removal Guide", and now I have a bunch of logs which I A)don't know how to read, and B) don't know what to do next. I know that I was infected with the WebHancer infection, and want to make sure that my computer is free.

Like I said before, i ran all the necessary scans and have the logs to submit. I need to know which logs you need to see. After you take a look at the logs you need, i would also like to know how to correctly remove, if needed, MGtools & combo-fix application that I have in my C: drive.

Speaking of which, after running combo-fix I was told that the clock would be set back to 12-hour time, however, I had to change this manually.

The first logs in which I will upload go in order of the scans that I ran.

1)SuperAntiSpyware log
2)Malwarebytes Anti-Malware log
3)Combo-Fix log
 

Answer:Need Help with Malware Removal logs

here are the first MGlogs
 

5 more replies
Relevance 66.01%

I have ran read me run first here are my files.
Other people have tried to clean this computer and found Rootkits and Trojan Win32 crilock.B I am not sure what they have done to this computer but the crilock or ??? is preventing files to open. Such as a pdf file. I am not sure if Malware is the problem or virus ?
Please advise
 

Answer:Malware Removal Logs PLease HELP

Hi there.

Before we continue I would like for you to use MSConfig to put this machine back into normal start up mode, if you haven't done so already.

Do you know what this file is?


C:\WINDOWS\system32\Bed Roster14.ps



Fix items using RogueKiller.

Double-click RogueKiller.exe to run. (Vista/7/8 right-click and select Run as Administrator)
When it opens, press the Scan button
Now click the Registry tab and locate these detections:


[RUN][SUSP PATH] HKCU\[...]\Run : Erura ("C:\Documents and Settings\Lisa\Local Settings\Temp\Ilza\erura.exe" [-]) -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : ulmistyn (C:\Documents and Settings\Lisa\ulmistyn.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\.DEFAULT\[...]\Run : SearchProtect (C:\Documents and Settings\UpdatusUser\Application Data\SearchProtect\bin\cltmng.exe [x]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-1123561945-854245398-725345543-1003\[...]\Run : Erura ("C:\Documents and Settings\Lisa\Local Settings\Temp\Ilza\erura.exe" [-]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-1123561945-854245398-725345543-1003\[...]\Run : ulmistyn (C:\Documents and Settings\Lisa\ulmistyn.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-18\[...]\Run : SearchProtect (C:\Documents and Settings\UpdatusUser\Application Data\SearchProtect\bin\cltmng.exe [x]) -> FOUND

Place a checkmark next to each of these items, leave the others unchecked.
Now press the Delete button.
When it is finished, there will be a l... Read more

7 more replies
Relevance 66.01%

Hi,

Things seem to all be back to normal after doing the Malware Removal, I thought i would still attach the logs just to be on the safe side incase there's anything im missing, my PC has quietened down too buts still making random rumbles
Thankyou for taking the time to make all this Malware Removal possible :wave

Do i still need all of the programmes i have downloaded from here? as if not i shall remove them, I have AVG 8.0 which i think covers all adaware,spyware etc.

Thankyou
 

Answer:Malware Removal Logs

Is this the right log?
 

12 more replies
Relevance 66.01%

here are the logs for the malware removal, not sure if it has found anything still having problems with paltalk, so please any help would be nice, i was told to do this before anybody would help me to find out why paltalk. won't let me click on link and things!
 

Answer:logs for malware removal

arnie4 said:





here are the logs for the malware removal, not sure if it has found anything still having problems with paltalk, so please any help would be nice, i was told to do this before anybody would help me to find out why paltalk. won't let me click on link and things!Click to expand...

here is the last log to post!!
 

10 more replies
Relevance 66.01%

....
 

Answer:Malware Removal Logs

Welcome to Major Geeks!

You installed a lot of junkware on this PC. You need to learn to say no to toolbars!

Uninstall the below programs. If you do not find them or they will not uninstall, just keep going.
IObit Apps Toolbar v8.5
uTorrentControl_v6 Toolbar
Web Protect for Windows

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista or Win 7, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

R3 - URLSearchHook: YouTubeUploaderLib.YouTubeUploaderLib - - (no file)
R3 - URLSearchHook: IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\8.5\iobitappsToolbarIE.dll
R3 - URLSearchHook: (no name) - {687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
R3 - URLSearchHook: FCToolbarURLSearchHook Class - {4d95229d-bcd1-51b4-d184-411b9857a1f4} - C:\Program Files (x86)\Bucksbee Loyalty Plugin - 100815\Helper.dll
R3 - URLSearchHook: uTorrentControl_v6 Toolbar - {96f454ea-9d38-474f-b504-56193e00c1a5} - C:\Program Files (x86)\uTorrentControl_v6\prxtbuTor.dll
O2 - BHO: IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\8.5\iobitappsToolbarIE.dll
O2 - BHO: (no name) - {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - (no file)
O2 - BHO: WebProtect - {2C... Read more

7 more replies
Relevance 66.01%

Im hoping that i did this correctly, but my computer was hit with some crazy virus, i looked online as to how to delete it, but i wasnt sure if it had gotten rid of the virus completely.  I have not had any other issues or pop ups from the virus since i followed the youtube videos direction of deleting it a few weeks ago.  the issue im having now is with my pictures.  the virus seemed to wipe out most of my pictures, however, i can still see the thubnail of each picture (although i dont get to see my actual photo, its the default jpeg or whatever) and whenever i click on a picture, i see that it still has a file size.  I try double clicking it to open it up in my photo viewer, and it just basically tells me the picture cant be found and that its in an incorrect format, which i never had a problem with before the virus.  so as of now, it looks like ive lost almost all my pictures. i am not very tech savy so any help is appreciated, i believe i attached the logs the correct way but i can also copy and paste them just in case? let me know. thanks for your help

Answer:Malware Removal Logs

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer. 1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.2. The fixes are specific to your problem and should only be used for this issue on this machine.3. If you don't know or understand something, please don't hesitate to ask.4. Please DO NOT run any other tools or scans while I am helping you.5. It is important that you reply to this thread. Do not start a new topic.6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.7. Absence of symptoms does not mean that everything is clear.If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line. *************************************************************************Please do not attach your logs unless absolutely necessary. Copy and paste them in your reply(ies)One or more of the iden... Read more

14 more replies
Relevance 66.01%

So I just decided that it was time for me to check my computer. I just built a new desktop and I want to clean my laptop because I am quite sure that it has some malware/viruses. I run Windows Vista 32-bit. I don't have any "flashy" problem (besides slowing down of the computers) but I believe that I have some that are monitoring my internet use. And I believe this has been going on for 6+ months but I was too lazy to do anything about it. But my credit card was recently hacked into. So I ran all the Steps that you guys suggested and I am attaching the logs of what I found. Furthermore, I ran some other diagnostic tool and it returned that there was a problem with my ftp, tftp and sfc_os.dll. I did some research and found that some sdbot worms use those files to monitor the internet use. I believe that is the case because any wireless network I sign into, when I check, it shows that it is signed in as "NetworkName 2" and it takes a long time to identify. I ran all the tools and all the steps (up to 4) that you guys suggested and I did not have any problem in terms of getting the programs to run. Can someone take a look at the logs and tell me what they think?
Thanks a lot for your help.

The other option is to reinstall the OS but I would like to avoid. Thanks a lot for your help.
 

Answer:Malware Removal Logs. Please help

Hi and welcome to Major Geeks, ksbutega!

Please also attach the log from running MalwareBytes' Anti-Malware.
 

5 more replies
Relevance 66.01%

Im doing this for somebody.when i shut down the computer it installed 102 windows updates.Can malware block updates from installing.Is there anything i need to do that you can see from the logs?
 

Answer:malware removal logs

Yes, malware can block updates.

Rerun Hitman and have it remove everything it finds. Reboot and rescan with Hitman and attack the log.

Also, please tell me what malware issues you are having.
 

5 more replies
Relevance 66.01%

 dds.zip   7.8KB
  3 downloads
 attach.zip   7.8KB
  1 downloads

Answer:Malware Removal Logs

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator&#... Read more

3 more replies
Relevance 66.01%

I am a Youtuber & heres a 42sec clip of me detailing my exact problem with my computer here:

http://youtu.be/a850VGb1-98

I believe it could be malware related because I did some full scans last night, and ALOT of infected stuff got removed. But I still have the distorted audio problem so I wanted to know if you could look at my attached logs, and let me know if my current audio problem is malware related somehow, or is my system clean?

My system:
Microsoft windows xp
home edition
version 2002
service pack 3

mobile AMD sempron(tm)
processor 3600+
1.99GHz, 896MB of RAM
 

Answer:Malware Removal logs here....

Hi & welcome.

Yes, let's cover all bases and have you run these procedures.

READ & RUN ME FIRST - Malware Removal Guide
 

13 more replies
Relevance 66.01%

# AdwCleaner v3.207 - Report created 09/05/2014 at 13:21:23# Updated 05/05/2014 by Xplode# Operating System : Windows 8.1  (64 bits)# Username : Valued Customer - VALUEDCUSTOMER# Running from : C:\Users\Valued Customer\Downloads\adwcleaner(3).exe# Option : Clean***** [ Services ] ********** [ Files / Folders ] *****Folder Deleted : C:\ProgramData\ParetoLogicFolder Deleted : C:\ProgramData\PC Optimizer ProFolder Deleted : C:\ProgramData\StarAppFolder Deleted : C:\ProgramData\ssafe  saoveiFolder Deleted : C:\Program Files (x86)\LinkSwiftFolder Deleted : C:\Program Files (x86)\MyPC BackupFolder Deleted : C:\Program Files (x86)\SearchProtectFolder Deleted : C:\Users\Valued Customer\AppData\Local\Bundled software uninstallerFolder Deleted : C:\Users\Valued Customer\AppData\Local\DefineExtFolder Deleted : C:\Users\Valued Customer\AppData\Local\PackageAwareFolder Deleted : C:\Users\Valued Customer\AppData\LocalLow\ssafe  saoveiFolder Deleted : C:\Users\Valued Customer\AppData\Roaming\ParetoLogicFile Deleted : C:\ENDFile Deleted : C:\WINDOWS\System32\Tasks\SMupdate1File Deleted : C:\WINDOWS\System32\Tasks\SomotoUpdateCheckerAutoStart***** [ Shortcuts ] ********** [ Registry ] *****Key Deleted : HKLM\SOFTWARE\Classes\jZip.fileKey Deleted : HKLM\SOFTWARE\Classes\Prod.capKey Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E... Read more

Answer:First Logs for malware removal

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer. 1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.2. The fixes are specific to your problem and should only be used for this issue on this machine.3. If you don't know or understand something, please don't hesitate to ask.4. Please DO NOT run any other tools or scans while I am helping you.5. It is important that you reply to this thread. Do not start a new topic.6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.7. Absence of symptoms does not mean that everything is clear.If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line. *************************************************************************The log shows that you have two Anti-virus programs on your computer. Windows 8 comes with its own AV called Windows Defe... Read more

11 more replies
Relevance 66.01%

Hi, i have run the read me first.. and run all fo the programmes,

i have attatched my logs below, any help would be appreciated as to whether my computer is running ok and virus free or not, thanks
 

Answer:Malware removal logs

the other is
 

5 more replies
Relevance 66.01%

Hi,

My laptop had the "z-connect" problem and an error message regarding windows explorer on startup. I completed all the instructions in your READ & RUN ME FIRST and I have attached the logs to this (and the following) post.

The problem seems to have been solved. Thanks a million for your step by step instructions.

Just one query: I didn't have .NET installed, which lead to an error (Error Message Type 4 i.e. process DLL.exe - Application Error) while running MGTools. I continued with the process as instructed and didn't repeat it. I have now installed .NET Software. Should I run MGTools again or leave it be?

Thanks for your help.

Shilpa.
 

Answer:Logs after removal of Malware

Remaining Logs

The remaining two logs.

Shilpa.
 

4 more replies
Relevance 66.01%

The problem on my computer is the ads on the websites show women in underwear. It probably started a few weeks ago when my son and his friend were on my computer.

I also just got a message saying I needed to update java. Should I go ahead and do this now?

I know my windows update isn't up to date because I have not been able to update them. I can click some individual updates and the pc runs fine. Othertimes I update windows and startup will lock up which then turns into a vicious cycle that never gets completed. I may need to get help with this step from a computer store.

I really appreciate the help.
 

Answer:Malware Removal - Here are my logs

I strongly advise you to cleanup your Desktop. Remove eveything but links to run programs. Do not download and save programs here and defintely do not use it for long term storage. A cluttered Desktop is malware's playground and it can also cause performance degradation especially when you start saving large files here like you are doing. And you are even saving multiple versions of the same programs here. You need to stop downloading to the Desktop!!!!!!



Uninstall the below programs. If you do not find any of them or they will not uninstall, just keep going on.
BrowserProtect
Homepage Protection
SafeSaver 1.74
soafuE sauve

Please download OTM by Old Timer and save it to your Desktop.

Run OTM.exe by double clicking on it (Note: if using Vista, Win7 or Win8, don't double click, use right click and select Run As Administrator).
Copy the lines from the below codebox to the clipboard by highlighting ALL of them and pressing CTRL + C
(or, after highlighting, right-click and choose Copy): Do not include the word Code: which is just a title line of
the code box

Code:

:Processes
explorer.exe

:Services
BrowserProtect

:Files
C:\Users\Dogcat\Desktop\ComboFix.exe
C:\Program Files (x86)\Common Files\Homepage Protection
C:\ProgramData\soafuE sauve
C:\ProgramData\BrowserProtect\2.6.1040.25\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
C:\ProgramData\Babylon
C:\ProgramData\BrowserProtect
C:\Users\Dogcat\AppData\Roaming\Microsoft\Windows\Start Menu\... Read more

7 more replies
Relevance 66.01%

Here are my logs that were requested, I do think I got rid of it but these logs will tell the truth. The RKFree program is a program I put on myself for personal reasons, helps me with passwords, and I am the only one using this machine. (Hope I got this in the right spot) And I couldn't find the ComboFix.txt to add with the logs.
 

Answer:My Logs from Malware Removal

Hi

The combofix log is usually located on your C Drive

C:\ComboFix.txt please also upload this for review
 

6 more replies
Relevance 66.01%

Can someone please check out these logs and let me know what I need to do.

thanks,
 

Answer:malware logs...help with removal

Welcome to MajorGeeks.com, please follow our standard cleaning procedures:

Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support


Make sure you check version numbers and get all updates.
Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

After doing ALL of the above and you still have a problem, make sure you have booted to normal mode and run the steps in the below thread to properly use HijackThis and attach the log:

Downloading, Installing, and Running HijackThis

Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around..
When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:
CounterSpy
AVG Antispyware log - ONLY IF NEEDED you were not able to run CounterSpy
Bitdefender - from step 6
Panda Scan - from step 6
runkeys.txt - the log from GetRunKey.bat
newfiles.txt - the log from ShowNew.bat
HijackThis
NOTE: You can only attach 3 files in a single message so it will require that you use two messages to attach all of these logs!
 

1 more replies
Relevance 66.01%

My scan results.
 

Answer:Need help with these logs Malware removal

Re: Need help with these logs Maleware removal

Welcome to MajorGeeks.com!

Did you download and run SAS and MBAM? If so, please attach the logs from those two scans.
 

7 more replies
Relevance 66.01%

hi there,

long time lurker, first time poster!

i read the sticky about logging everything first and THEN posting, so i've attached all my logs after following the instructions to the letter.

someone got a little crazy downloading torrent files and now i have trojans and other nasties.

system is a barebones that i built, WIN XP SP2, 2GB RAM, 2.8GHz Celeron, ASUS Mobo, 40GB HDD (boot drive) and 200GB secondary drive, partitioned as E:, F:, G:.

i have plenty of computer experience (building, reg-editing, etc.) and i think i know most of what needs to be done, but i don't know everything... so that's where you guys come in!

please have a look and let me know what you would do (besides not downloading torrent files! LOL)

thanks in advance
FM
 

Answer:please take a look at my logs... malware removal

here are the other 2 logs

thanks!
FM
 

14 more replies
Relevance 66.01%

Thanks much; my machine is better than it's been in months.
Where I posted my logs, I was instructed to post here. See the bottom of this note for more.

Still unable to use FrontPage to access my webhost. Created a support ticket. They were unable to recreate the problem.
Had attacks handled by Zone Alarm today from _restore.

So after you guys / gals check these, I'll be glad to toggle restore. Waiting to see if further action is indicated. Salamata, danke, arigato gozaimasu, THANKS!
peteschulte

SUPERAntiSpywareScanLog-05-17-2009-13-10-49.log:
You have already attached this file in thread : First Hello & activation resend request
mbam-log-2009-05-17 (14-06-17).txt:
You have already attached this file in thread : First Hello & activation resend request
ComboFix.txt:
You have already attached this file in thread : First Hello & activation resend request
MGlogs.zip:
You have already attached this file in thread : First Hello & activation resend request

Looking forward to your reply in my email Inbox. Thank you so much for your work!


Wow I am really grateful to you all for this process.

Afterward, today I was able to get a Zone Alarm update for the first time since December. My computer now shuts down and starts normally, with the boot up time cut in half. I consider it fixed. Before, there were a number of errors in boot up -- such as the system couldn't find my profile (desktop icons) -- which have been corr... Read more

Answer:the 4 logs after malware removal

Welcome to Major Geeks!

You are in pretty good shape now after running the cleaning procedure. We just have a few additional things to do.

Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Uninstall the below old versions of software which are very ineffective and you are much better off with SUPERAntiSpyware and Malwarevytes that we had you install:
Ad-Aware 2007
Ad-Aware SE Personal


Now we need to use ComboFix again.

Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
If it is not on your Desktop, the below will not work.

Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
Open Notepad and copy/paste the text in the below quote box into it:




KILLALL::

File::
C:\el6jaeh0.sys
c:\windows\system32\kdymu.exe

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"c:\windows\system32\kdymu.exe"=-
"Adobe Reader Speed Launcher"=-
"QuickTime Task"=-Click to expand...


Save the above as CFscript.txt and ... Read more

8 more replies
Relevance 66.01%

I have went through the read and run me, and logs are attached. I am attempting to clean my nephews computer. From what I learned from him was, He came home from work Wed 12/11/08, and got on the computer, but he didn't say what and where he went. Then he went to bed and when he woke up, he went back to computer to find it had no taskbar, no icons, couldn't get anything to run. Had to ctrl Alt Delete, then search for running anything, some things didn't run, like control panel and system restore. I was able to get on the internet and download SAS and ran it under safe mode and was able to bring back the desktop and icons. Tried removing myself, but, wasn't completely removing, then resorted to you. Thanks for your time on helping!
 

Answer:Malware removal logs.

Here are the other logs. Thanks again!
 

17 more replies
Relevance 66.01%

# AdwCleaner v3.207 - Report created 09/05/2014 at 13:21:23# Updated 05/05/2014 by Xplode# Operating System : Windows 8.1  (64 bits)# Username : Valued Customer - VALUEDCUSTOMER# Running from : C:\Users\Valued Customer\Downloads\adwcleaner(3).exe# Option : Clean***** [ Services ] ********** [ Files / Folders ] *****Folder Deleted : C:\ProgramData\ParetoLogicFolder Deleted : C:\ProgramData\PC Optimizer ProFolder Deleted : C:\ProgramData\StarAppFolder Deleted : C:\ProgramData\ssafe  saoveiFolder Deleted : C:\Program Files (x86)\LinkSwiftFolder Deleted : C:\Program Files (x86)\MyPC BackupFolder Deleted : C:\Program Files (x86)\SearchProtectFolder Deleted : C:\Users\Valued Customer\AppData\Local\Bundled software uninstallerFolder Deleted : C:\Users\Valued Customer\AppData\Local\DefineExtFolder Deleted : C:\Users\Valued Customer\AppData\Local\PackageAwareFolder Deleted : C:\Users\Valued Customer\AppData\LocalLow\ssafe  saoveiFolder Deleted : C:\Users\Valued Customer\AppData\Roaming\ParetoLogicFile Deleted : C:\ENDFile Deleted : C:\WINDOWS\System32\Tasks\SMupdate1File Deleted : C:\WINDOWS\System32\Tasks\SomotoUpdateCheckerAutoStart***** [ Shortcuts ] ********** [ Registry ] *****Key Deleted : HKLM\SOFTWARE\Classes\jZip.fileKey Deleted : HKLM\SOFTWARE\Classes\Prod.capKey Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E... Read more

Answer:First Logs for malware removal

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer. 1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.2. The fixes are specific to your problem and should only be used for this issue on this machine.3. If you don't know or understand something, please don't hesitate to ask.4. Please DO NOT run any other tools or scans while I am helping you.5. It is important that you reply to this thread. Do not start a new topic.6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.7. Absence of symptoms does not mean that everything is clear.If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line. *************************************************************************The log shows that you have two Anti-virus programs on your computer. Windows 8 comes with its own AV called Windows Defe... Read more

11 more replies
Relevance 66.01%

my computer seems to be very slow. i done the items listed for the slow pc on the read and run page, then i completed the read and run first scans , and here are my log results.
thanks
 

Answer:help with malware removal logs

Not seeing any malware in those logs. Merry Christmas.

If you are not having any other malware problems, it is time to do our final steps:
We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
"%userprofile%\Desktop\combofix" /uninstall
Notes: The space between the combofix" and the /uninstall, it must be there.
This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
Go back to step 4 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
Go to add/remove programs and uninstall HijackThis.
Goto the C:\MGtools folder and find the M... Read more

1 more replies
Relevance 66.01%

Hi. Have run through all the recommended processes for malware detection and removal as per your READ & RUN ME FIRST. Am hoping to attach the logs and get some feedback on what problem I may have, if any. Have run them on my PC and Laptop, both with differnt operating systems (XP and Win 7 Pro resp).

The attachments to this email are off the laptop. None of the searches on either machine turned up anything overtly scary (not that I'd know any different!) but maybe the logs will turn up something. I did find the program Snadboy Revelation 2 when doing a manual search through programs, which alerted me to maybe something being astray. I removed it before doing the malware probing. Any help much appreciated anyway. :wave
 

Answer:Malware removal logs

I seperated the other logs you posted for the other machine into a thread of it's own. Far too confusing to merge the two combined.

What brought you to us in the first place? Just a routine check? The logs look great, not seeing any malware. Are you having any problems relating to malware?
 

5 more replies
Relevance 66.01%

My pc has became very slow and unresponsive and freezes up constantly when I am on the internet. I play PWI online and now constantly is disconnecting from server. This started about a month ago. Please help if you can and thank you in advance for any help you may be able to give. I have run spybot and adaware both tell me some files cant be removed because I need to run as administrator but I am the only user and my account is set as admin?
I hope I uploaded the info as it stated if not please let me know anymore info you might need to assist me
 

Answer:Logs from malware removal how too

Your issues are not malware related. But we can clean up a few things.

Use windows explorer to find and delete:
C:\Users\eric\AppData\Roaming\Microsoft\Windows\Templates\b7ck80m8ec8vkd
C:\Users\eric\AppData\Roaming\Microsoft\Windows\Templates\s8ta14g2pp4nrg

Please download Junkware Removal Tool to your desktop.
Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Attach JRT.txt to your next message.
Now I suggest you post in the software forum for additional assistance.

Since you are not having any malware problems, it is time to do our final steps:

We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware. You can uninstall RogueKiller and HitManPro.
Go back to step 4 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
If running Vista or Win 7, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
Go to add/remove programs and unin... Read more

1 more replies
Relevance 66.01%

Hi these are my malware removal logs. Please Help.

This is the order the logs are in. Thankyou

RougeKiller

Malwarebytes

TDSS Killer

Hitman Pro

MG Tools
 

Answer:My Malware Removal Logs Please Help

What issues are you having, as I am not finding any malware in your logs.
 

6 more replies
Relevance 66.01%

Hi I noticed having a lot of uploads in the past months. So scan for malware and found your site. I followed all instructions and here are my logs:

TDSSKILLER did not find anything so I don't have any log.

Thank You for your help.
 

Answer:My Logs For Malware removal

Double-click RogueKiller.exe to run. (Vista/7 right-click and select Run as Administrator)
When it opens, press the Scan button
Now click the Registry tab and locate these detections:
[RUN][NOTFOUND] HKLM\[...]\Run : RunDLLEntry_THXCfg (C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64) -> TROUVÉ
[RUN][NOTFOUND] HKLM\[...]\Run : RunDLLEntry_EptMon (C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64) -> TROUVÉ
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\Run : UpdReg (C:\Windows\Updreg.EXE) -> TROUVÉ
[Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7} (C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl) -> TROUVÉ
[Services][ROGUE ST] HKLM\[...]\ControlSet002\Services\{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7} (C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl) -> TROUVÉ
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> TROUVÉ
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> TROUVÉ
[HJ] HKLM\[...]\System : EnableLUA (0) -> TROUVÉ
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> TROUVÉ
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> TROUVÉ
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> TROUVÉ
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> TROUVÉ
[HJ DESK] HKCU\[...]\NewStart... Read more

9 more replies
Relevance 66.01%

Just doing a routine check up and looking to get someone to check my logs.

Please let me know if I've forgotten to attach anything.

Thanks everyone!
 

Answer:Ran Malware Removal / Logs

Re run Hitman and have it delete Potential Unwanted Programs.


Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ham.asksearch.com/?cfg=2-396-0-2qTng
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

After clicking Fix exit HJT.


Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.





REGEDIT4

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{DAB980A8-D9D0-453F-BCE1-D29AFE30CFB1}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}]Click to expand...

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

Things running nicely?

 

3 more replies
Relevance 66.01%

DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by user at 16:43:19.89 on Fri 12/24/2010
Internet Explorer: 8.0.7137.0
Microsoft Windows 7 Ultimate 6.1.7137.0.1252.1.1033.18.1014.86 [GMT -5:00]

AV: Microsoft Security Essentials *Disabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
AV: Panda Cloud Antivirus *Disabled/Updated* {86971480-9989-6750-B122-681A86518D59}
SP: Microsoft Security Essentials *Disabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Panda Cloud Antivirus *Disabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program File... Read more

Answer:Malware Removal Logs

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

2 more replies
Relevance 66.01%

Hello,After the malware removal everything seems to be working better. Could someone spare some time to review my logs and make sure im clean? Thanks!

P.S. i don't know if the files attached properly so i'll try again if they didnt.
P.P.S. Yeah, they did. are they the right ones?
 

Answer:Malware removal logs

Your logs look pretty good. Let's have you do this:

Use windows explorer to find and delete:
c:\windows\system32\fqvslksoutxuozr.exe
c:\windows\system32\nujolala

Please use add/remove programs to uninstall:
J2SE Runtime Environment 5.0 Update 9"
Java 2 Runtime Environment, SE v1.4.2"
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 3"
Java(TM) 6 Update 6"
Java(TM) SE Runtime Environment 6 Update 1

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

Then attach the below logs:
* C:\MGlogs.zip
 

4 more replies
Relevance 66.01%

Hello

I've followed all instructions in "Read & Run Me First". I have the following results downloading and attempting to run the suggested tools for Windows XP operating system:

SUPERAntiSpyware: downloaded but unable to run. No log created. While attempting to run, received the following message: Windows cannot access the specified device, path or files. You many not have appropriate permission to access item. (note - I am setup as administrator).

Malwarebytes Anti-Malware: downloaded bu unable to run. No log created. While attempting to run, received the following message: Windows cannot access the specified device, path or files. You many not have appropriate permission to access item. (note - I am setup as administrator).

combofix.exe: downloaded and ran, but did not complete. No log created. When attempting to run, I got a far as the blue screen C:\ ComboFix is preparing to run. I sat in that condition for 2.5 hours. I finally closed out.

RootRepeal: downloaded and ran. It was basically a flash on the screen. Log generated but empty. See attached.

MGTools: downloaded and ran. Log attached.

My problem started 1 week ago when my Antivirus Program (F-Secure) stopped auto-updating the Antivirus and Malware components. I uninstalled and attempted to re-install (per F-secure's support) and was unable to install completely. I suspect the virus is preventing the install. I am currently do NOT have any Antiv... Read more

Answer:Virus Unable to Run Malware Removal Tools

Java(TM) 6 Update 26 <--- uninstall outdated Java.



Download and run Win32kDiag per the below instructions:

Download this Win32kDiag and save to C:\Win32kDiag.exe. You must save it here!!!!
Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please attach this log
C:\win32kdiag.exe -f -r




Now we need to scan the system with this special tool.

Please download Junction.zip and save it to your root folder (C:\Junction.zip)
Unzip it and put junction.exe in the root folder (C:\junction.exe)
Now click Start => Run... => Copy and paste the following command in the run box and click OK:
cmd /c junction -s c:\ >C:\log.txt

A command prompt window opens and also a license agreement from SysInternals will appear.
Accept the license agreement and the scan will begin.
Wait until a log file opens. Attach this C:\log.txt when it finishes (the command prompt window will close when it finishes). (How to attach items to your post)
NOTE: It scans your whole hard disk so if can take a long time. Be patient and don't do anything else while it is scanning.



Download and run OTM.

Download OTM by Old Timer and save it to your Desktop.


Right-click OTM.exe And select " Run as administrator " to run it.
Paste the following code under the area. Do not include the word Code.

... Read more

8 more replies
Relevance 66.01%

Hi,
I have a problem where I cannot run any virus or malware removal tools. I have tried them in safe mode and I have tried renaming them. I am able to load them and update them and I can start them momentarily. Then they stop and I can not restart them. I get an error that they are not available or that I do not have permission. I have tried to run online scans and they also fail to load. I also have a problem with iexplorer and firefox being hijacked and loading various web sites I am not intending on going to. Not bad sites just not the ones I am trying to get to. Let me know what you want me to try. I work on computers daily and have not run into anything like this. Thanks in advance for you help.
 

Answer:Cannot load any virus or malware removal tools

I am able to run MGtools.exe and I have attached the log.
 

29 more replies
Relevance 65.19%

I followed the steps in the "Read here before..." thread and here are my logs:=========================================================HijackThis=========================================================Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:03:36 PM, on 5/30/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\crypserv.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\WINDOWS\system32\HPZipm12.exeC:\WINDOWS\system32\RioMSC.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\WINDOWS\system32\ZuneBusEnum.exeC:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\DSentry.exeC:\Program Files\USBToolbox\Res.EXEC:\Program Files\Zune\ZuneLauncher.exeC:\Program Files\ATI Technologies\ATI.ACE\cli.exeC:\Program Files\Windows... Read more

Answer:Tommypauly-Malware Removal-(Logs)

Open HijackThis and select Do a system scan only.Place a check mark next to the following entries: (if there) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sb/*http://www.yahoo.com/search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*http://www.yahoo.com O16 - DPF: {1C955F3B-5B32-4393-A05D-24B4970CD2A1} - http://streamp.babenet.com/cabs/videox.cab .Important: Close all windows except for HijackThis and then click Fix checked.Exit HijackThis. ----------You have Viewpoint installed.Viewpoint Media Player/Manager/Toolbar is considered as Foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".More information: ViewMgr.exe - UselessViewpoint to Plunge Into Adware.It is suggested to remove the program now.Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present. Viewpoint Viewpoint Manager Viewpoint Media Player Viewpoint Toolbar Viewpoint Experience Technology.----------Malwarebytes and SUPERAntispyware are way out of date on the version numbers.Open Malwarebytes' Anti-Malware.Click the Update tab.Click Check for UpdatesIf an update is found, it will download and install.Click the Scanner tab.Select "Perform Quick Scan", then click Scan.The scan may take some time to ... Read more

1 more replies
Relevance 65.19%

Ended up with record checker (I assume this is the culprit) on laptop, since then annoying pop ups, webpages etc, attached logs, TDSSkiller no threats found.
 

Answer:Followed the malware removal, logs posted

Could you attach the MGLogs.zip, too please?
 

5 more replies
Relevance 65.19%

Hi, I just ran through the steps in this guide http://forums.majorgeeks.com/showthread.php?t=35407

I need someone to view my logs. I'll post newfiles.txt, and my HJT log in my next post. Thanks.

BTW - I had some problems with Spybot. I am already familar with the program but I couldn't figure out how to run "SD Helper function," so I just did a normal scan (in safe mode) and then hit "Immunze."
 

Answer:Malware Removal - Someone to View Logs?

Here are my other attachments...
 

7 more replies
Relevance 65.19%

Don't know if any of this is a virus/malware/trojan or what. Please help. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:14:21 PM, on 1/5/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exec:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\WINDOWS\Explorer.EXEc:\Program Files\Common Files\Symantec Shared\ccSetMgr.exec:\Program Files\Norton AntiVirus\navapsvc.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exec:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\svchost.exec:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exeC:\Program Files\Active WebCam\Watchdog.exeC:\Program Files\Java\j2re1.4.2_03\bin\jusched.exeC:\windows\system\hpsysdrv.exeC:\HP\KBD\KBD.EXEC:\WINDOWS\system32\VTTimer.exeC:\WINDOW... Read more

Answer:Hijackthis Logs And Malware Removal

Hello Richard French LMT Welcome to Bleeping Computer! Sorry about the delay. We're all volunteers here, and it's been very busy. If you still need help, please post a new HijackThis log to make sure nothing has changed. Before posting the log, please make sure you follow all the steps found in this topic: Preparation Guide For Use Before Posting A Hijackthis Log <--link And I'll be happy to take a look at it for you. ===== I also need to see a different type of log from Hijackthis: Run Hijackthis.Click on "Open the Misc Tools section".Next click on "Open uninstall manager".Press the button 'save list'. It will open a Notepad file.Place the content of that file here in your next reply.Thanks, for your patience. Stelios

7 more replies
Relevance 65.19%

You never know what's lurking on your computer. Computer experts recommend scan with this new software - click here. Recent News & About spyware malware removal. Malwarebytes Anti-Malware 1.11 (Personal Computer World) Have you ever considered what makes an anti-spyware program an effective one? We at Malwarebytes.
---------------------
johnsmith

Internet solution
 

More replies
Relevance 65.19%

Just finished the malware removal procedures and my computer seems to be having the same problems. I am using google chrome browser and has crashed on me a few times before. It hasnt crashed on me since i started the procedure but the internet is still not at its best. I just moved in with my gf and it is her laptop so i am not quite sure how long the computer has been having this problem. She says maybe a few months but it could be longer. I attached logs from SUPERAntiSpyware, Malwarebytes Anti-Malware, and MGtools. When i tried running combofix my computer crashed and restarted in recovery mode. I started windows normally and skipped this step. Also when i tried running Root Repeal i got an error message: FOPS- Device Io control error!. I also had to skip this step. Everything else ran fine and logs are attached. Any help is greatly appreciated. Thank You.
 

Answer:help with malware removal- logs attached.

I am not seeing much in your system, though I need you to tell me what these are:
C:\ProgramData\aPcIcEn08509
C:\ProgramData\dNpMdAm08509
C:\ProgramData\WqehTRYH.dat

If you don't know, delete them. Also delete this:
C:\Program Files\AVG

Tell me exactly what issues you are having.
 

13 more replies
Relevance 65.19%

Hi, I followed the steps that were asked here and I'd like to know what I need to do next. What I need to put in the fixlog.txt
 df.png   30.32KB
  0 downloads
 
Here are my files FRST.txt and Addition.exe
 
My computer is repeatedly starting multiple processes when I start it. Example attached. This is causing my computer to perform extremely slow. Please help ASAP. Thanks!
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
Ran by Josh_x (administrator) on EDMLIFE (08-09-2016 10:53:27)
Running from C:\Users\Josh_x\Desktop
Loaded Profiles: Josh_x (Available Profiles: Josh_x)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
() ... Read more

More replies
Relevance 65.19%

I ran the 5 scans on my PC.

I have attached the logs.

I am having problems attaching the malwarebytes log. my results did not show any threats in the log but i still need to upload it but just cant.

Please direct me after this.

Thanks.
 

Answer:Malware Removal Snan Logs

Double-click RogueKiller.exe to run. (Vista/7 right-click and select Run as Administrator)
When it opens, press the Scan button
Now click the Registry tab and locate these detections:

[RUN][ROGUE ST] HKCU\[...]\Run : 39083 (C:\Documents and Settings\Nicolette Wilson\Application Data\2f1e2\39083.js) -> FOUND
[RUN][ROGUE ST] HKUS\S-1-5-21-854245398-651377827-1644491937-1003\[...]\Run : 39083 (C:\Documents and Settings\Nicolette Wilson\Application Data\2f1e2\39083.js) -> FOUND

Place a checkmark each of these items, leave the others unchecked.
Now press the Delete button.
When it is finished, there will be a log on your desktop called: RKreport[2].txt
Attach RKreport[2].txt to your next message. (How to attach)
Do not reboot your computer yet.

Please download Junkware Removal Tool to your desktop.
Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Attach JRT.txt to your next message.
Now reboot and rescan with RogueKiller and attach that new log as well.

Be sure to tell me how things are running now.
 

4 more replies
Relevance 65.19%

Hi all,

I've been trying to fix my neighbor's netbook. Here are the specs:

Dell Inspiron 1012
Windows 7 Starter (32-bit)
Intel Atom N450 (1.66ghz)
1GB RAM

When I got it, it barely started up all the way. Explorer would crash and restart one or two times before the HD stopped crunching. Internet Explorer was her main concern because it would redirect her to a site (search.conduit.com/etc, etc) but IE would crash before it even got there. Then it would loop, reopening and crashing until I killed it with the Task Manager.

Even in the short period where I was able to click stuff in IE, all of the options I needed to change homepage or add-ons settings were greyed out. I was able to change it all with a work-around (accessing the cpl file directly) and changed the homepage to Google plus removed a bunch of unnessary add-ons (none of which were the Conduit.com stuff). This helped it load up a little better but it would still crash and loop after opening the webpage.

I tried to return it to Dell factory settings using the F8 "Repair My Computer" function at boot, but I get "parameter is incorrect" and then nothing at all until I manually shut down.

Also, I couldn't get into the Management Console or any workarounds to access the harddrives, it would either cause the computer to freeze or return an error whenever I tried to get in.

So, to rule out malware, I followed the guide. No malware was found by anything, but I am at... Read more

Answer:Malware Removal Guide logs

Hi Welcome to Major Geeks!

Can you please attach MGlogs.zip as well? It can be found at the root of C:
 

14 more replies
Relevance 65.19%

Hello, im new to all this stuff. Ive completed all the steps besides the system restore one as i wasnt sure whether im supposed to post my logs up before i did that. Anyway, here are logs and any help with what to do and what to delete etc is much appreciated. Thankyou
 

Answer:Windows 7 Malware Removal Logs help

I am not finding any malware in your logs. You can rerun Hitman and have it remove all that is listed under Potential Unwanted Programs.

Tell me what issues you are having that prompted you to post.
 

5 more replies
Relevance 65.19%

Went through all four steps of the Windows XP Cleaning Procedure, attached the logs that were generated. Thanks for any help.
 

Answer:Malware Removal Logs For Review

Your logs are clean....If you are not having any other malware problems, it is time to do our final steps:
We recommed you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real time protection. They are useful as backup scanners. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)

Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
"%userprofile%\Desktop\combofix" /u

Notes: The space between the combofix" and the /u, it must be there.
This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.


Delete the C:\combofix folder from combofix (if it exists)


Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
Go to add/remove programs and uninstall HijackThis.
You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
If you are running Vista, Windows XP or Windows ME, do the below:

Refer to the cleaning steps in the READ ME for... Read more

1 more replies
Relevance 65.19%

I've been getting some weird activity on my desktop machine running XP Pro for about the last 6-8 months.

- In Outlook express, messages will be completely blank both the message itself and the sender / subject area. Sometimes selecting the message will "fill in" the info other times it remains blank. (It seemed to have started here)

- In multiple applications as well as the OS, the secondary prompt windows that pop up when your saving / exporting etc, will be blank, or improperly laid out, or missing info/features often with garbled text, or completely sized wrong, often completely off the screen requiring multiple dragging of the window to get to the save/ cancel / feature buttons. This also occurs with the hovering windows you get when the cursor is overtop of features etc...

A restart usually corrects these issues temporarily, following the basic maintanenace guide and Malaware removal guide has fixed these problems for longer periods of time. I've run them twice in the last 3 months, however the last time I ran them, this past Friday the issues immediately started again.

Attached are the logs
-Rootrepeal would not work for me...i downloaded it twice and each time I extract it and start the .EXE file it does nothing...

Any advice will be greatly appreciated.

Thanks in advance.

Chris
 

Answer:Malware Removal Guide Logs

You are running an old version of MGTools. We will deal with that in a moment.

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:




O1 - Hosts: 38.115.131.131 sk2.slsk.org
O1 - Hosts: 38.115.131.131 www.slsk.org
O1 - Hosts: 38.115.131.131 mail.slsk.org
O1 - Hosts: 38.115.131.131 server.slsk.orgClick to expand...

After clicking Fix, exit HJT.

* Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
If it is not on your Desktop, the below will not work.
* Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
* If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
* Open Notepad and copy/paste the text in the below code box into it (make sure you scroll all the way down in the code box to get all lines selected ):

Code:

KILLALL::

File::
C:\WINDOWS\Temp\00a48372-2fd2-4be9-a3a8-ed4fc7f947a1.tmp
C:\WINDOWS\Temp\16bd22dc-2166-45ce-b3b5-4... Read more

3 more replies
Relevance 65.19%

Hi, here are the logs of the malware removal process.

the problem that i had, was that unexpectedly my firefox browser, it shutted down at certain times.

thanks for your help.
 

Answer:malware removal, logs attached

the last log
 

6 more replies
Relevance 65.19%

Hi, I ran the programs according to the Malware removal guide (Windows XP). Would someone be able to check my logs?
Thanks,
Kim
 

Answer:Malware Removal - Please check logs

Combo fix log attached. Thanks.
 

2 more replies
Relevance 65.19%

i reported a malware problem earlier, as a guest, but have since become a registered user. i'm being prompted to allow the installation of an ask toolbar. i removed everything "ask" related using revo uninstaller, but continued to receive the prompt. i followed the steps in the "malware removal guide" and am submitting the requested logs for review. also, i'm confused regarding step 6. i ran HJT, but took no action when i received the results of the scan. how do i proceed in regards to the scan results? thanks for all your help, you guys are doing a great job!       [recovering disk space - old attachment deleted by admin]

Answer:Logs from malware removal guide

Hello jpb759.You have way too much real-time antispyware running. This actually giving you less protection rather than more.WinpatrolSpySweeperMalwarebytesDisable either SpySweeper or Malwarebytes and just use it as an on-demand scanner. Winpatrol should be fine as it does not interfere with anything like the others do.----------Disable SpySweeper so it does not block any fixes.You can re-enable it after we're done.To disable SpySweeper: Open Spysweeper and click Options over to the left thenProgram Options and uncheck Load at windows startupOver to the left click Shields and uncheckeverything.UncheckHome page shieldUncheckAutomatically restore default without notification.----------Disable Winpatrol so it does not block any fixes.You can re-enable it after we're done.Right-click the running icon of Winpatrol in the sytem tray and choose exit. ----------Malwarebytes is a version behind so you need to update and run it again.Open Malwarebytes' Anti-Malware.* Click the Update tab.* Click Check for Updates* If an update is found, it will download and install.* Click the Scanner tab.* Select Perform Quick Scan, then click Scan.* The scan may take some time to finish,so please be patient.* When the scan is complete, click OK, then Show Results to view the results.* Make sure that everything is checked, and click Remove Selected.* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)* The log is automatically saved ... Read more

1 more replies