Computer Support Forum

Need Help With Malware Removal

Question: Need Help With Malware Removal

I'm currently enrolled in the Malware Training Program, but my brother brought his machine that he says has a virus.  He cannot access the internet.  I've already had to wipe this machine for him once because of a very nasty virus.  I'm hoping someone can help me get rid of whatever is ailing it now.
 
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.19298  BrowserJavaVersion: 1.6.0_30
Run by Chris at 13:34:42 on 2013-05-25
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3069.1763 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Outdated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Outdated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\SelectRebates\SelectRebates.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe
C:\Program Files\TightVNC\tvnserver.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\STacSV.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\NETGEAR\WNA3100\WNA3100.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\TightVNC\tvnserver.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\TeamViewer\Version6\TeamViewer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Motorola Mobility\MotoCast\MotoCast.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\XPSMiniViewGadget\XPSMiniViewGadget.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6080506
mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6080506
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - <orphaned>
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - c:\program files\search toolbar\SearchToolbar.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: ShopAtHomeIEHelper Class: {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - c:\program files\selectrebates\toolbar\ShopAtHomeToolbar.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - c:\program files\search toolbar\SearchToolbar.dll
TB: ShopAtHome.com Toolbar: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - c:\program files\selectrebates\toolbar\ShopAtHomeToolbar.dll
TB: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - c:\program files\search toolbar\SearchToolbar.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: ShopAtHome.com Toolbar: {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - c:\program files\selectrebates\toolbar\ShopAtHomeToolbar.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Desktop Software] "c:\program files\common files\supportsoft\bin\bcont.exe"  /ini "c:\program files\comcastui\desktop software\uinstaller.ini" /fromrun /starthidden
uRun: [MotoCast] "c:\program files\motorola mobility\motocast\MotoLauncher.lnk"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [SigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\sttray.exe
mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SelectRebates] c:\program files\selectrebates\SelectRebates.exe
mRun: [tvncontrol] "c:\program files\tightvnc\tvnserver.exe" -controlservice -slave
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\users\chris\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wna3100\WNA3100.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://cabinetstogo.2020.net/Core/Player/2020PlayerAX_Win32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{38D253E0-B96D-4342-A944-60A6070B444E} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{6A54D737-AFBB-45B7-B1A7-8ECE6A52F569} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{74E3391A-3346-4BDB-86C3-F1E162F4D766} : DHCPNameServer = 75.75.75.75 75.75.76.76
AppInit_DLLs= c:\progra~1\google\google~2\GOEC62~1.DLL
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\chris\appdata\roaming\mozilla\firefox\profiles\k9i5ei9k.default\
FF - prefs.js: browser.search.selectedEngine - Xfinity
FF - prefs.js: browser.startup.homepage - hxxp://www.xfinity.com/?cid=insDate03272012
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - ExtSQL: !HIDDEN! 2011-04-04 12:19; [email protected]; c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 171064]
R0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\drivers\SCMNdisP.sys [2011-4-4 21728]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-1-26 176128]
R2 DeviceMonitorService;DeviceMonitorService;c:\program files\motorola media link\lite\NServiceEntry.exe [2012-6-5 87400]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-4-22 655944]
R2 Motorola Device Manager;Motorola Device Manager Service;c:\program files\motorola mobility\motorola device manager\MotoHelperService.exe [2012-6-4 116632]
R2 PST Service;PST Service;c:\program files\motorola\motforwarddaemon\ForwardDaemon.exe [2012-6-15 65657]
R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-2-20 2253688]
R2 tvnserver;TightVNC Server;c:\program files\tightvnc\tvnserver.exe [2011-5-26 826896]
R2 WSWNA3100;WSWNA3100;c:\program files\netgear\wna3100\WifiSvc.exe [2011-4-4 278528]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-4-22 22344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\drivers\bcmwlhigh6.sys [2009-11-6 699896]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-5-6 30192]
S3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [2009-7-10 25856]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2012-1-25 20864]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2012-1-25 8448]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 74112]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys [2011-4-4 50704]
S3 PCDSRVC{E9D79540-57D5953E-06020200}_0;PCDSRVC{E9D79540-57D5953E-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc.pkms [2012-8-17 22640]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
.
==================== Find3M  ====================
.
.
============= FINISH: 13:35:35.89 ===============
 
 

Relevance 100%
Preferred Solution: Need Help With Malware Removal

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Need Help With Malware Removal

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===Try this and see if the internet is restored.Click the button. In the Search box, type Command Prompt, and then, in the list of results, double-click Command Prompt.at the cursor type:ipconfig /flushdns <-- (A space between g and / is needed)repeat withipconfig /renewThen hit Enter, type Exit, hit the Enter key.You may need to run CMD - Command Prompt on Vista - Windows 7/8 with Elevated Privilegehttp://www.mydigitallife.info/2007/02/17/how-to-open-elevated-command-prompt-with-administrator-privileges-in-windows-vista/<<<>>>Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click on Delete tab follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).=== Please downloadJunkware Removal Tool to your Desktop.Please close your security software to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.The tool will open and start scanning your system.Please be patient as this can take a while to complete, depending on your system's specifications.On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.Please post the contents of JRT.txt into your reply.===Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofixLink 1Link 2IMPORTANT !!! Save ComboFix.exe to your Desktop1. Close any open browsers.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.3. Do not install any other programs until this if fixed.How to : Disable Anti-virus and Firewall...http://www.bleepingcomputer.com/forums/topic114351.htmlDouble click on ComboFix.exe and follow the prompts.When finished, it will produce a report for you.Please post the C:\ComboFix.txt Note: Do not mouse click ComboFix's window while it's running. That may cause it to stallNote: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.htmlNote: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.===Third party programs if not up to date can be the cause of infiltration an infection.Please run this security check for my review.Download Security Check by screen317 from here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.===Please paste the logs in your next reply DO NOT ATTACH THEM.Let me know what problem persists.

9 more replies
Relevance 47.56%

Staff Advisory: This post needs to remain here until one of the malware team advise that it can be moved. This member cannot access our malware forums due to their infection. ~ Animal----------------------------------------------------------------------------------------------------------------------Hello, I got some help from some nice people in the live chat. I have made a log with your hijackprogram and am posting it at the bottom. It created two .txt files so there are two reports. I am unable to open ANY link that has the words anti-spyware anywhere on the page or in the address bar so unfortunately I cannot post this in the malware removal forum because the internet window closes every time. I am in dire need of some help! I have a subscription to spy sweeper and it is keeping things out but I was infected with Antivirus xp 2008 and possibly some viruses because the computer was un-protected for about a month while I was in the hospital..I run with Windows XP and a wireless connection. If someone could take the time to look at this for me I would be so incredibly thankful! I offer my services as a photographer/graphic artist/professional gift shopper/myspace designer/beginner web designer. You can see what I do at www.perfectionpictures.com and contact me if you need anything at all!Current Symptoms (in the order of appearance)Random Total system crash then restart then blue screen then back to windows. msvcp71.exe is missing so a program is being prevented ... Read more

Answer:Antivirus Xp 2008 Removal Help/am I Infected? Can't Open Malware Removal Forum

Hi & welcome,I would like to try a couple things before we go much further so I have a bit better picture of what is happening and can take the needed cautions.1.) click start> run> type msconfig and hit enter.click "boot.ini" tabCheckmark /bootlogClick "apply" and "close"Reboot when askedLocate and delete this file:C:\windows\ntbtlog.txt (in case your extensions don't show it looks like a notepad)RebootLocate & post:C:\windows\ntbtlog.txt2.) Click start> run> type: cmd.exe and hit enter.type the following commands exactly as you see em & hit enter after each one:cd c:\windows\system32dir userinit.exeNote the file size please & report that back to me. Leave cmd open a sec.Back at the cmd window...Type:cd dllcachedir userinit.exedir spoolsv.exeNote file sizes & report that back to me.Type exit in the CMD window & hit enter. (this closes it)3.) Can you see also if you can get this program installed please:http://download.bleepingcomputer.com/hijac.../HJTInstall.exeSave file> run it> follow prompts to install excepting defaults.Allow it to "launch" hijackthis.Click the "Do a System Scan and Save a Log File" optionSave the log file and then it should open with NotepadGo to Edit, Select All and then Edit, Paste to paste the contents of the log hereLet me know if you had any problems with the above please.I advise keeping the system offline as much as possib... Read more

3 more replies
Relevance 47.56%

Apologies, but i'm a bit of a novice. my computer did a scan when i started it and came up with some trojans. when i tried to delete them, a malware removal programme tried to install itself so i closed the download dialog box. unfortunately, i cannot remember the name of the software that was trying to install itself. please would you review my log below and help me clean my computer?

many thanks
---------------------------------------------------------------

DDS (Ver_09-12-01.01) - NTFSx86
Run by 0 at 19:57:35.67 on 02/01/2010
Internet Explorer: 7.0.6001.18000
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.44.1033.18.3000.1826 [GMT 0:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows&... Read more

Answer:attempted removal of trojans try to install "malware removal software

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 47.15%

Hi,I have tried many ways to get rid of some Malware that has only recently infected my PV. I hope someone can help me as this is my work PC and I need to plug back into my office network in a few days, but think this would be a bad idea at the moment.The problem first showed itself by insisting I had many viruses etc, and I should install Internet Security 2010. I have installed Malware Bytes removal tool, and installed as instructed. It found the above, said it was removed, but still it appears to exist, although the name of the infection has changed a few times, and is currently redirecting my brower to a similar page to the above malware. A popup now shows that I should install Cyber Security to remove the infections. This is obviously another malicious antivirus/malware program.I have McAfee Enterprise installed (which I can't seem to disable)I have also run SuperAntiSpywarePlus, which did the trick removing a similar problem about a year ago on a different PC. However, although this program also finds problems, and supposedly removes t5hem, the problem is still there.Please help. I have shown Hijackthis log below.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:58:42 PM, on 29/12/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16945)Boot mode: NormalRunning processes:C:\windows\system32\csrss.exeC:\windows\system32\winlogon.exeC:\windows\system32\services.exeC:\windows\... Read more

Answer:Cyber Security removal; Malware removal not working

Hi,I have tried everything I know of to remove this pesky piece of malware. It seems to keep changing names, starting out as Internet Security 2010, and redirecting me on a google search to a webpage trying to convince I was riddled with viruii and malware, and then trying to sell me thier software, which is really just a scam. I ended up here after a few days of tearing my hair out, almost beaten. I went through the tutorials, but unfortunately that was before I fired off a post in desperation. Please delete my previous post, as I have now followed the suggested path, and run the utilities to help diagnose my problems. The resulting files are attached.Please help. I hope the files uploaded can provide an insight into whats happening.Apologies for jumping right in and posting a Hijackthis log before I had read the tutorials.ntents belowDDS.txt contents pasted belowDDS (Ver_09-12-01.01) - NTFSx86 Run by Greg.Middleton at 15:30:23.26 on Tue 29/12/2009Internet Explorer: 7.0.5730.13Microsoft Windows XP Professional 5.1.2600.2.1252.61.1033.18.3063.2330 [GMT 9.5:30]AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}============== Running Processes ===============C:\windows\system32\svchost -k DcomLaunchC:\windows\system32\svchost -k rpcssC:\windows\Syst... Read more

3 more replies
Relevance 45.92%

I have run the malware removal intructions and when through each programs as they did remove some of the malware and virus. The issue that I am having is that when I open the computer under seperate user and try to run the malware removal programs via internet or through USB drive, I keep seeing a window which pops up asking me which program I want to use to open the program. I have run the computer under the adminstrator and do not seem to have problems running the

View attachment mbam-log-2011-03-28 (17-02-07).txt



View attachment combofix log.txt



View attachment SUPERAntiSpyware Scan Log - 03-28-2011 - 16-42-24.log



View attachment hijackthis.log

malware removal steps and have attached the reports from the intructions.

Even when I try to open add or remove programs under control panel- I get the following message: "C\windoesn\system32\rundll32.exe- application not found. I am thinking that It is something to do with AVG and have removed the program with the step.

Please help....

View attachment mbam-log-2011-03-28 (17-02-07).txt



View attachment combofix log.txt



View attachment SUPERAntiSpyware Scan Log - 03-28-2011 - 16-42-24.log
 

Answer:Help with malware removal- have run malware removal instructions

ssmehta007 said:



....try to run the malware removal programs via internet or through USB driveClick to expand...

Specific download and installation instructions are in our R&R ME FIRST guide :
ComboFix
Running from: l:\combifix\ComboFix.exe <--- belongs on your desktop

RootRepeal
Save it to your Desktop

SAS & MBAM
Installed to the Default Location - "C:/Program Files", as we suggest that you keep them after malware removal.

MGTools.zip
Download this file to the root folder of the drive where you have installed Windows (Typically this would be C:\ and thus you would have a C:\MGtools.exe file after downloading). ​
Please make those corrections and attach the missing RRlog.txt (from RootRepeal) and MGlogs.zip - normally it is C:\MGlogs.zip . Please tell me any problems you still have.
 

18 more replies
Relevance 45.92%

Hi,

I have a dell xps 8300. It started acting up about 1 week ago (freezing while working online, freezing while trying to boot). Today i got the Blue screen asking me to restart if this was the first time I had received a blue screen.
I restarted it was fine for 30 minutes and everything froze.
I restarted it and I received error beeps ( 4 beeps)
I looked that up on dell support and they said it was RAM problems.
I opened up the computer vacuumed a bit, took out ram cards and reinstalled them.
It had been working o.k.for about 1 hour and only froze once more.
I decided to try the malware removal guide and here are the logs
Malware bytes did not find anything
TDSSKiller did not find anything
MGtools ran but as soon as it was done the window closed. i don't know how to find the log
Your help will be greatly appreciated
 

Answer:malware removal - have followed malware removal guide

I still want to see the log from Malware Bytes please.





MGtools ran but as soon as it was done the window closed. i don't know how to find the logClick to expand...

Should be directly on C:\ if that's where you boot Windows from. If you really cannot find the log, you'll have to run MGTools.exe again in order to produce a MGlogs.zip. Thanks.
 

20 more replies
Relevance 45.92%

I posted the software forum yesterday and was instructed to complete the malware removal steps and repost here. I have a new computer running Windows 8.1. When I say new, I mean I started having problems within a couple of hours after turning it on!

I have McAfee antivirus protection and downloaded and installed my MSOffice 2013 Home and Student. All seemed to be fine. The MSOffice was up and running and McAfee said I was protected. Suddenly and I don't remember what I was doing...it said Microsoft something (sounded like an antivirus or firewall something) had detected several problems and I needed to "clean my computer". Oh so ignorant of all that was going on with learning Windows 8.1 after using XP for years I told it to clean. Somewhere in there it suggested I do a system restore. All seemed OK until I realized MSOffice was no longer there. I tried to download it again and reload, but with no luck. It occurred to me it had something to do with the system restore so I tried to undo the restore. That of course didn't help. I'm also now getting messages from McAfee that I am covered and safe but that my firewall is turned off and needs to be turned on. However I can get McAfee to do nothing. I can open a screen, but nothing I do makes it do anything. I tried downloading their "Virtual Technician" before I started the process you recommended and it acted like it was downloading, but 20 minutes later it was still "spin... Read more

Answer:malware removal help - removal instructions attempted

Can you try running the tools that were not working before including Hitman, in safe mode please. Let me know how you get on.
 

16 more replies
Relevance 45.92%

I read and followed precisely "Vista and Win 7 Malware Removal/Cleaning Procedure"

My issue: I was informed my my isp the following: "Mail Log Parsed from Feb 15, 2013 19:47:04 to Feb 16, 2013 19:47:04 User sent approximately 141,801 messages to 136,591 unique recipients. There were 2598 bounces received in this period, 1 percent of the emails sent. "

I have AVG, running constantly. ISP changed my password to stop the mail. I ran AVG in safe mode. Still not sure trojan erradicated. ISP referred me to your site.

I performed all steps. I have attached all logs except TDSSKiller. While it ran clean, no apparent log was generated. All except RogueKiller found no issues. RogueKiller found as reflected in log.

Please advise if you believe my system is clean, or what further I should do. Since I haven't seemed to find anything, it's hard for me to be comfortable that it's clean.

Thank you emmensely!!

Mike Sieber
 

Answer:Help with malware removal--have performed removal instructions

Welcome to Major Geeks!




mike sieber said:





I performed all steps. I have attached all logs except TDSSKiller. While it ran clean, no apparent log was generated. All except RogueKiller found no issues. RogueKiller found as reflected in log.Click to expand...

Not problems. It is just junk from AVG. All of your logs are clean. Many times when something like this happens, it is not an infection. It is due to a spammer/spammers getting your email login and password and they use it from other PCs to send out their spam. There are cases of infections that can cause spamming ( like some master boot record or partition infections ) but you show no signs of these.


If you are not having any other malware problems, it is time to do our final steps:
We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
Go back to step 4 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
If running Vista or Win 7, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
Goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to ... Read more

3 more replies
Relevance 45.92%

Hello!
In reading more of these threads I can see Im not the only one with the iexplore issue.
Glad to know it can be corrected!!!!

I have multiple pop-ups and my computer is as slow as dirt.
When I get home at 3:30 Calif time I will do the HJTInstall.exe thing and post the results.
Would the results of one that was done two days ago help? Yes I was having the issue then and another company did one and told me to email it to someone, which I did but I havent heard anything back and my computer is close to useless at this point.
Can MFDnNC or anyone else help?
Thanks!!!!
Ginny
 

Answer:malware removal/popup/iexplore removal

16 more replies
Relevance 45.92%

Since the ComboFix will not run on Vista or Windows 7 64-bit, I have to look for new malware/virus removal apps... It was good while it lasted. So what tools do people use for Vista these days when the computer says: "WARNING! YOURS COMPUTER IS AN INFECTED BY HARMFUL VIRUS!!!!"

Answer:64-Bit Virus Removal & Malware Removal Tools?

64-bit Anti-Virus:List of 64-bit Anti-Virus For VistaAnti-virus protection in 64-bit environmentsFree Anti-virus:avast! Free Antivirus Avira AntiVir Personal - Free AntivirusAVG Anti-Virus Free Edition 8.5Microsoft Security EssentialsPanda Cloud AntivirusKingsoft Free Antivirus (Cloud Scan)Paid for Anti-virus:NOD32 Anti-Virus PersonalMcAfee AntiVirus PlusTrend Micro AntiVirus plus AntiSpywareNorman Antivirus & AntispywareCA Anti-Virus Plus Anti-Spyware64-bit Anti-Malware tools:Malwarebytes Anti-MalwareSUPERAntiSpywareKaspersky Virus Removal Tool - How to install and use documentationSpyware TerminatorWindows Defender (64-bit)PrevxSpybot S&DAd-AwareNorman Malware CleanerSunbelt Counterspy (free Trial)Comodo BOClean Anti-MalwareSophos Anti-rootkitSanityCheck Advanced Rootkit and Malware DetectorESET Online Antiivirus ScannerESET SysInspectorAnVir Task Manager FreeWinPatrolStart with these:How to use Malwarebytes' Anti-Malware to scan and remove malware from your computerHow to use SUPERAntiSpyware to scan and remove malware from your computer

3 more replies
Relevance 45.92%

Hi,

I am the IT manager in my company.

I have a co-worker, his computer has search redirect issue. That means most likely it has malware.
Then i installed some major malware removal: Spybot Search & Destroy, SUPERAntiSpyware, Malwarebytes

After i installed them, i cannot launch them(That definitely means it has some kind of malwares)
I needed to rename their .exe files, after i can run them and scan my computer.

SUPERAntiSpyware, Malwarebytes found something, but didn't solve the problem, search redirect and
blocking malware removal software are still there. Now i am running Spybot Search & Destroy will see what happened.

By the way, i run them in safe mode because when i logon window to normal mode, it is slow (like it takes a long time to explore hard drive, etc). I suspect the malware slow down my pc. hopefully not registry corrupted or something, but works smoothly in safe mode.

So you guys have any suggestions? or you need a log file from combofix?

Please advise,
Tommy

Answer:malware: google yahoo redirect and can't launch malware removal software

Try this:http://www.bleepingcomputer.com/virus-remo...sing-tdsskiller

5 more replies
Relevance 45.92%

I have scanned with AVG with the latest updates. On top of that insidious google redirect I get random pop ups even when I don't already have IE or Firefox running. Also getting sounds in the background like I'm clicking on a link, surfing the net when I'm not. And SYSTEM in task manager is hogging a ton of memory.Logfile of Trend Micro HijackThis v2.0.4Scan saved at 11:52:42 PM, on 8/7/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\AVG\AVG9\avgwdsvc.exeC:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exeC:\... Read more

Answer:persistent malware undetected by virus scans and malware removal tools

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.We need to create an OTL report,Please download OT... Read more

2 more replies
Relevance 45.51%

I did a hijackthis scan and here's what I got:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:18:17 PM, on 4/20/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeC:\WINDOWS\System32\DVDRAMSV.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exeC:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exeC:\WINDOWS\System32\00THotkey.exeC:\WINDOWS\system32\TFNF5.exeC:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exeC:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exeC:\WINDOWS\AGRSMMSG.exeC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics\SynTP\SynT... Read more

Answer:Malware Blocking Acess to Spybot, Microsoft Malicious Removal Tool and other anti-malware programs

Hey guys I solved my own problem. I completely reinstalled windows. (It was about that time anyway)

2 more replies
Relevance 45.51%

Hi, I'm suddenly having a lot of trouble with malware. My computer seemed to be running okay but I ran Malwarebytes as I occasionally do, and it picked up a fair amount of malware on my system. I deleted it and rebooted, but that's when my problems really began. Upon restarting, my internet connection has become almost unusable. It's extremely slow and generally I can't even open a page that I want after trying to refresh several times. Oddly though, google is working perfectly and a few other sites seem to work too, including this one. I've tried running MBAM again and again, each time it picks up more malware and I remove it, then reboot and the cycle renews. I can't seem to get rid of all of it, every time I scan my system there's just more of it. I've tried ComboFix but it doesn't seem to have done anything. One persistent thing seems to be photo_id.exe, I've got a few messages from MBAM saying it can't be removed and I need to reboot. Also, I've noticed that if I'm trying to reach a webpage, although it won't load there seems to be some redirecting, for example I just tried to reach a wikipedia page and it says &quot;The server at topsearchfeed.com is taking too long to respond&quot; For some reason I can't bloody format this properly no matter how hard I try, so here's an attached HJT log:
 

Answer:Malware removal attempt led to unusable internet, still can't remove all malware

problem has become more serious, now my mother has told me that the internet on her laptop is also extremely slow and essentially unusable, I'm worried that something from my computer has got on to hers via the wireless network we're both connected to. Somebody please help me
 

2 more replies
Relevance 45.51%

I was surfing the web today and I believe I clicked on a pop up by mistake when I shouldn't have. Avira then blew up with Malware alerts and I knew I had a problem...

I did a virus scan and it removed the detections found but when I did a restart they were back again. Also, the virus seems to move itself around to other .exe files. I found it had infected moviemaker.exe so I manually deleted the file as I don't need it but as soon as I emptied my recycle bin the moviemaker.exe file returned back to its original folder.

I'm afraid something really nasty has infected me. Avira is detecting it as a W32/Infector.Gen2 and Maleware Bytes is detecting 2 Malware.Packer.Gen files.

I went through the Read Me First steps on this site and preformed everything it asked. However, I was unable to uninstall my previous JAVA (ver 19) and was not able to install the newest version of JAVA. Both gave me errors that the installation program wasn't working.

I'm attaching the logs here. Can anyone help me get rid of whatever is infecting my machine? I would really appreciate the help!
 

Answer:HELP-Requested Malware Removal (Infector.Gen2 / Malware Pacger Gen)

Here is the 5th log.
 

6 more replies
Relevance 45.51%

Gud day to everyone,

My computer having some malware activity, i have used adware 2008, spyware removal tool, norton anti-virus and other removal tool, but still those malware cannot be deleted.. My Computer icon could not display its properties, instead it appears like a file when you see its properties. It also disabled TCP/IP that why until now i cannot connect to the internet.. I don't have WindowsXP SP2 cd for repair..

Please help me as soon as possible, because it is a server..

Answer:Urgent! My XP SP2 have malware activity!.. cannot remove using malware removal tool

Hello frozenfire03, Welcome to TSF!

I recommend that you read this article… "Having problems with spyware and pop-ups? - First Steps"; follow the instructions very carefully; then, post all the requested logs and information; as instructed, in the HiJackThis Log Help Forum.
(Simply, click on the coloured links to be re-directed.)

Please ensure that you create a new thread in the HiJackThis Log Help Forum; not back here in this one.

When carrying out The 5 Steps, if you cannot complete any of them for whatever reason, just continue on with the next one until they are all completed.
However,it is extremely important to make mention of the fact that you could not complete any of the steps in your post to The HJT Help Forum; where an Analyst will assist you with other workarounds.

Once done, please be patient, as the Security Team Analysts are usually very busy; one of them will answer your request as soon as they can.

Good Luck with it.

Kind Regards,

7 more replies
Relevance 45.51%

Please help me,
I cannot access any internet (wifi & ethernet) after malware removal using GridinSoft Anti Malware. I already updated network drivers, but it's still not working.
 

More replies
Relevance 45.1%

Dell m1330 Vista home premium. I have malware isses, frequent memory dumps, google redirection and something is preventing me from running or installing anti-malware programs. I had to install malwarebytes using the rename method, but the program will not run in safe mode or normal. I had spybot previously installed but I was also prevented from opening, so I tried reinstalling, but before it can complete the installation I get the blue screen of death memory dump! Before reading the procedure I ran coolweb, kill2me, windows defender and windows malicious software tool. None of the programs found anything. I also perfomed a couple system restores, but both failed.

Should I continue with the cleaning procedure (combofix), or does anyone know how I can get malwarebytes and spybot to run?
 

Answer:Trying to follow malware removal procedure, but malware is preventing me?

Here's my MGtools log, it was the only program that worked.
 

4 more replies
Relevance 45.1%

Please find attached the logs from the scans in the Windows XP Cleaning Procedures. I followed the Cleaning Procedures but still have a problem. The problems can be pinpointed to yesterday when I surfed to a web site without having an up-to-date Anti-Virus definition files. Before I knew it, I had an infected machine.
There seems to be 2 problems.

(1) After restarting the computer, Windows File Protection gives following message.

Windows File Protection
Files that are required for Windows to run properly have been replaced by unrecognized versions. To maintain system stability, Windows must restore the original versions of these files. Insert your Windows XP Profession CD2 now.

I have Dell OEM Windows XP Media Center 2005 installed on my Dell Dimension 5150/E510. Problem is, Dell has a Windows XP re-installation CD but Dell states there is no 'CD2'.

(2) I keep getting pop ups every time Internet Explorer is open. The pop ups occur on their own.

Hopeful you can help me to fix the problem. :confused
Thanks,
Ankur

p.s. Please note, the AVG Anti-spyware log is not attached because it was not generated by the tool. I scanned my computer using Trend Micro (after updating virus definition files) and I can provide the logs if you need.
 

Answer:Malware problem not fixed with Malware Removal instructions

Welcome to Major Geeks!

Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Uninstall the below old versions of software:
Java 2 Runtime Environment, SE v1.4.2_03

Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

F3 - REG:win.ini: load=C:\WINDOWS\system32\mlljg.exe
O2 - BHO: (no name) - {3F7BDD0B-0462-4F19-8B87-54D83601B87C} - C:\WINDOWS\system32\mlljg.dll
O2 - BHO: (no name) - {B8AFD866-6B8B-490E-DA2E-39E671810F96} - C:\WINDOWS\system32\mknamps.dll (file missing)
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime

After clicking Fix, exit HJT.


Now download The Avenger by Swandog46, and save it to your Desktop.

Extract avenger.exe from the Zip file and save it to your desktop
Run avenger.exe by double-clicking on it.
Check the 'Input script manually' box.
Click on the magnifying glass icon.
Copy everything in the Quote box below, and paste it in the box that opens:




Files to delete:
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\mlljg.exe
C:\WINDOWS\system3... Read more

9 more replies
Relevance 45.1%

Four steps that will keep your PC happy, healthy, and crap-free

Malware sucks. In the best-case scenario, it craps up your system with unwanted files and occasionally makes itself known in the form of a persistent pop-up window or annoying browser-based toolbar. In the worst-case scenario, malware completely takes over your desktop or laptop and ruins your life.

Your system slows to a crawl. You can’t even boot into Windows in the time it takes you to walk to the kitchen and back. Your data gets sent off to a faraway Internet land or, worse, your actual keystrokes are recorded for some unsavory individual to see. Malware locks down your browser, making you unable to actually do any browsing without being carted off to some bogus domain. You can barely run a program in Windows without getting bombarded by fake advertisements, programs, and dancing people on your desktop.

We can’t make this stuff up.

So what’s a computer enthusiast to do? Step zero: Read this guide, because we’re going to walk you through all the key details you need to know to both rid your computer of this junk and keep it free of downloaded nasties forevermore.



Read more at:
Maximum PC | Malware Removal Guide 2011: How to Get Rid of All The Latest Malware

Answer:Malware Removal Guide 2011: How to Get Rid of All The Latest Malware

Most excellent reading, thanks for posting for all to see, I , myself, use most all of these myself, the only paid program i have is malwarebytes, the rest are free add ons or are free programs . Thanks.

5 more replies
Relevance 45.1%

Hi, i got infected because i was triying to run malwarebytes and it skip the part of analising the files, it ended in arount 1 minute in a full scan, and i tried to download dr web cure it, and it dont allow me, the computer seems fine, but those things are very strange, and when i was running the scan i was in safe mode...
 
thanks for the help

Answer:Malware infected, malware removal tools useless

Greetings samidelcueva and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.If you would allow me to call you by your first name I would prefer to do that.===================================================Ground Rules:First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter pro... Read more

0 more replies
Relevance 45.1%

Had a machine in riddle with viruses which we duly cleaned up and removed without incident. Uninstalled the applications one at a time, restarting each time it was required and all was good.

After removing the last app (dont ask me which one it was I cant rememebr) the machine no longer starts.

It's boot cycling but once we disable automatic restart on system failure it brings up a STOP 24 error.

Have booted to puppy linux and examined the hard drive (which is SATA btw) and the data seems intact so we can assume, physically at least, that the drive is good.

Booting to an XP CD and attempting to access the recovery console to run chkdsk /r and it appears the drive is either not detected or is empty (the latter we know not to be the case)

Boot to an X CD to attempt a repair install and it tells me there is no hard drive present.

Check the BIOS and the drive is detected properly. swap the hard drive for a SATA CD and it detects the CD without issue which makes me thing the SATA controller must be functioning too.

Now it seems that the this single disk system has some kind of RAID configured on it according to the boot screens. My next step would be to remove the RAID but I'm concerned it might format the drive. Is this likely? It has an ASUS A8R-MX/S motherboard but the info I get from their site is a little vague.

Am I on the right track with the RAID thing or way off base, help me folks its driving me nuts.
 

More replies
Relevance 45.1%

Hi. I am trying to diagnose a problematic laptop for a friend. I don't know the details of what happened to cause the problems. The main problem I can detect is that the laptop is EXTREMELY slow. It seems like anything I try has a delayed response (even a simple mouse click). I followed the Malware Removal Guide, but was only able to run two of the five suggested tools as follows:

1) SUPERAntiSpyware - I ran this after manually updating the definition files on the version already installed and the scan found nothing.

2) Malwarebytes Anti-Malware - I was not able to update the definition files for the current version installed. After several attempts to uninstall this (via the Control Panel), I was able to do it via CCleaner. However, I was not able to re-install a more recent version due to problems with the Windows Installer service. After uninstalling an outdated version of Java (Update 14) via the Control Panel, I have not been able to install/uninstall any more programs.

2) combofix.exe - not compatible with 64-bit OS

3) RootRepeal - did not run on 64-bit OS

4) MGtools - did run; kept getting errors, but continued to completion

Attached are the SUPERAntiSpyware and MGTools logs:
 

Answer:Possible Malware preventing me from running malware removal tools

I am not seeing any malware in those logs. I do not know why MalwareBytes would not run, are you able to run it in safe mode? How does the PC behave when you use safe mode?

More than likely I think I will be sending you off to the software forum.

We can do this:

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:



O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - (no file)
O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - (no file)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - (no file)
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - (no file)
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsM... Read more

5 more replies
Relevance 44.28%

HEY GEEKS NEED A LITTLE HELP. I HAVE A WINANTIVIRUS POP U THAT COMES UP EVERYTIME I AM ON THE NET, AFTER U X IT OUT 5 TO 6 OTHER POP-UP COME UP ABOUT A VIRUS. I AM RUNNING AVG EVERY MORNING, SYBOT SEARCH AND DESTROY, AD-WARE 6.0. HERE IS A HIJACK THIS LOG FILE TELL ME WHAT TO GET RID OF PLZ.

EDIT: Removed inline HJT log


THANKS

DOOKIE
 

Answer:winantivirus removal, malware removal

Hi and Welcome to Majorgeeks!

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.


Run this first

Virtumonde aka Trojan Vundo Removal - some people also refer to this as WinFixer

Then run the below and atach the requested logs for the malware experts to look over.


Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
Make sure you check version numbers and get all updates.
Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:
Downloading, Installing, and Running HijackThis

Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.



When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:

[*]runkeys.txt - the log from GetRunKey.bat
[*]newfiles.txt - the log from ShowNew.bat
CounterSpy - ONLY IF you were not a... Read more

1 more replies
Relevance 44.28%

About a week ago, I noticed that when running Internet Explorer www.google.com that clicking on a website would take me to an add instead of the website. If I clicked back and clicked on the website again, it would correctly go to the website.

A day or two before noticing this issue I had upgraded to AVG 8.0 Free and had installed the latest Firefox version.

I am running a Windows XP Professional SP2, Intel Pentium 2.8 GHz.

I ran the instructions at forums.majorgeeks.com/showthread.php?t=35407 and am still experiencing the same issue as described above.

Any help would be greatly appreciated! This is the first forum I've ever posted to so be patient!

Thanks,
Deb
 

Answer:Malware - Exists after running MalWare Removal

This is the last of the Malware log files.

Thanks again!
Deb
 

2 more replies
Relevance 44.28%

Have got a strange one, where have attempted to remove XP antispyware 2009 using malware antimalwarebytes. Looks to have been partly successful - but have got something else interfering. Frequently have pages on IE as "not found".

Have posted HJThis log and Malware Antimalwarebytes log below. Thanks for any assistance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:01:58, on 08/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdjserv.exe
C:\WINDOWS\system32\lxdjcoms.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ATI Technologi... Read more

Answer:Malware - blocking removal by malware antimalwarebytes

16 more replies
Relevance 44.28%

Hi all, 
 
Recently on Chrome browsing on a site a received a web site popup saying "Your browser contains MALWARE. You have to install Chrome Malware Removal Tool". Confirming with OK opens an extension page:
 
https://chrome.google.com/webstore/detail/chrome-malware-removal-to/mbdoonnjlifcmakklcaembokjhjikank
 
I have a strong suspect this is a malware!!!
 
What I'm trying to understand if what kind of malware infected the web site I visited. Some technical specs could be useful . The web site is of a my friend and I'd like to help them to identify the malware infected their web site...
 
 

More replies
Relevance 44.28%

Hi. Thanks for this. I need to first tell you that I don't even know how to generate the logs everyone posts here for troubleshooting. I'm sorry. Maybe someone could tell me how, then I will.

Because my laptop wouldn't even boot to the O/S last week, DELL's tech support helped me move files, reformat and reinstall the OS. I reinstalled McAfee. A security tool warning popped up. I knew it was rogue; I came here and got rid of using mbam and process explorer - very easy. Or I thought I did. On my daughter's desktop this morning, there were 3 porn shortcut links ON HER DESKTOP!!!! There was also a link to "Active Security" - trying to figure out wtf this was it turns out it was another rogue. Awesome. It at least had an uninstall on Add/Remove programs... but obviously it is not gone, if that is even the cause of all this... Thinking MBAM would be a logical quick fix, I figured I would try that. My Mbam won't load - I have reinstalled and it - it reinstalls and then when I try to quicksccan it says I don't have permissions and then I can't even open it again. I can reinstall, then it is hijacked when I try to scan. My McAfee won't scan either so both are being hijacked and I also am having the same browser redirects as others when clicking on sites from search results. McAfee can't even fix itself. In safemode, McAfee tells me the truth at least that it is not working (in regular mode it poses like everything is... Read more

Answer:Ugh - Malware Removal Tools Disbled by Malware

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

1 more replies
Relevance 44.28%

Hiya

Im running XP, avg detected trojans, the first one it got rid of, the second one Generic13.ATHP it could only remove it partially, apparently located in in c:\windows\system32\svchost.exe

Started the Malware Removal Process as recommended, SuperAntiSpyware wouldnt install, so I changed the filename, and it has installed but when I attempt to run it I get an error message -

SUPERAntiSpyware Free Edition has encountered a problem and needs to close. We are sorry for the inconvenience

The same happens with any other malware/spyware removal program, Spybot S&D, Malwarebytes etc...

Is there anything I can do to fix this?

Thankyou!
 

Answer:malware halps/malware removal not running

Hi again,

also tried doing this (as seen in another thread)

Click Start > Control Panel > System > Hardware > Device Manager > View > Show Hidden Devices.

* Scroll down to ?Non-plug and Play Drivers? and click the plus icon to open those drivers.
* Then search for TDSSserv.sys
* Let me know if you find this or not.
* If you do find it, right click on it, and select Disable. Do not try to uninstall it.
* Also if this is found and you disable it, then reboot and see if you can run the cleaning procedure and attach the requested logs.


but the device mentioned is not present (although there are a few that have error "!" things next to them, but 30 or so others.

:confused have no idea if any of this will help you lovely helper person, but i guess im just trying...
 

2 more replies
Relevance 42.64%

When I try to run a scan from usind AVG anti-virus, Avira, Windows Defender, or SuperAntiSpyware; when the scan gets to a certain point, Windows shuts computer down with a blue window. It says Kernel_Stack_ Inpage_ Error plus some standard verbage about if you recently installed sortware/hardware,see administrator, etc. At bottom it says: STOP: 0x00000077 (0x00000001, 0x00000000, 0x00000000, 0xF79B1D24). I could sometimes run AVG scan in "select drives/folders" mode but recently it quit allowing that after I upgrade to AVG 9 (free). I uninstalled AVG and went to Avira but with same results. Scanning with Windows defender did the same. I recently installed and ran SuperAntiSpyware and was able to pinpoint problem to " System Volume Information" directory. I am unable to open to see contents as Windows shows no files in it. When I ask Ariva to scan it, Ariva says no files also but if I use AntiSpyware to scan, it shows many files during it's scan but will get to a certain point and computer will shut down. I can almost see file that shuts it down but it happens too fast to catch it. I was able to run "RootRepeal" and log is below. I was not able to run "DDS.scr".

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/30 13:15
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: rootrepe... Read more

Answer:Unknown malware/virus won't let any anti-virus/windows defender/malware removal progran to complete scans

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

23 more replies
Relevance 41.82%

I have followed recommended protocols to suceessfully remove the "Trovi" malware from my computer.
But have one minor problem.
The virus removal programs successfully removed the malware programs, as the program no longer runs on my computer.
But the malware appears to have left code in the windows startup directing the computer to run files which are now no longer present on my computer.
Problem is that this causes the following Windows Popup box "Run DLL" to come up , before any other windows startup programs run.

The Pop up box contains the following wording"

" There was a problem starting
C:\Users\LESTER\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll
The specified module could not be found."

Does anyone have any suggestions on how to get rid of the code lines in start up that lead to the popup box, so that it will no longer occur at computer start up.

Thanks.
Lester
 

Answer:Trovi Malware - "Run DLL" pop up box remains on windows startup after malware removal

Follow this thread and attach requested reports

http://malwaretips.com/threads/malware-removal-assistance-how-to-get-help.20334/
 

1 more replies
Relevance 41.82%

My computer recently became infected. At first, my taskmanager and regedit were locked. Next, my desktop background was locked. I fixed these problems, but continue to be bombarded with malware in my running processes which regenerate upon rebooting. Eventually, I could not startup Windows. Once the Windows loading page was finished, my computer would restart. I upgraded to XP Pro, can now log on, but still have malware. Please help! Thanks for your time!
 

Answer:completed steps in "READ & RUN ME FIRST MALWARE REMOVAL GUIDE" and still have malware

Re: completed steps in "READ & RUN ME FIRST MALWARE REMOVAL GUIDE" and still have mal

Here is my MGTools.zip log. Thanks in advance for your help. Any addition info needed please let me know. Take care.
 

4 more replies
Relevance 41.41%

I ran the steps in the Malware removal guide, i haven't seen any new pop-ups, but i noticed that there were a few problems that bitdefender could not fix, and my laptop is still running slow.

I am running windows XP, and will attach all logs.

Thank you in advance for all you assistance.
 

Answer:ran all the steps in "Read & Run Me First malware removal guide," still have malware

Re: ran all the steps in "Read & Run Me First malware removal guide," still have malw

Here are the last three logs.
 

10 more replies
Relevance 41%

Hey,

So I got infected with this virus/malware MS Removal Tool. Things that I noticed: it created a file nvpcpl.dll, hid all my d drive files and removed 90% of the items from the Start > All Programs menu. I ran through all the scans but still cant seem to get the programs in the All Programs menu back. Attached are my clean scans in the order recommended. Just as an fyi, C: is my primary drive, D: stores all documents/pictures/music, F: is the external hard drive. Thanks for the help.
 

Answer:Malware removal help - MS Removal

Things that I noticed: it created a file nvpcpl.dllClick to expand...

See this link About nvpcpl.dll You do not have macafee installed and I am not seeing the file in your logs. Do you still see it? If so give me the full file path. But you also have NvCpl.dll running which relates to Nvidia which IS installed.

Download and run OTM.

Download OTM by Old Timer and save it to your Desktop.


Right-click OTM.exe And select " Run as administrator " to run it.
Paste the following code under the area. Do not include the word Code.

Code:


:reg
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}]

:files
C:\Documents and Settings\All Users\Application Data\oJh06504hBkGg06504

:Commands
[emptytemp]
[Reboot]

Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
Push the large button.
OTM may ask to reboot the machine. Please do so if asked.
Copy everything in the Results window (under the green bar), and paste it into notepad, save it as something appropriate and attach it into your next reply.

NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file prese... Read more

3 more replies
Relevance 40.18%

Hi guys i hope sumone can help with this prob please. I have noticed there is lots of unwated junk on my machine and i was hoping sumone cold advise what to remove and any other tools required to remove all traces from system if any additional programs are required...

i have included a HJT log with this post.

thanks mick

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:40:23, on 05/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Startup Mechanic\StartupMonitor.exe
C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Go... Read more

More replies
Relevance 40.18%

Help folks I've looked around and done many of the "fixes" which cleaned up many issues but still can't get the system clean. Attached is the latest HJT file
 

Answer:Help: Pop ups/ malware removal

Welcome to MajorGeeks.com!

Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

Read & RUN ME FIRST Before Asking for Support
 

10 more replies
Relevance 40.18%
Question: Malware removal

My computer is running very slow. Very often the programs become non responsive.  I use Trend Micro and that did pick up a few things but problems are still there.  I sesm to have a lot of files and folders with AI_RecyceBin as part of the name.  I also recently deleted Update4497 folder.  I will attach the logs.
 
Much appreciated.
 
Maz

Answer:Malware removal

Hello mazdarx5 and welcome to Bleeping Computer.
My name is Satchfan and I would be glad to help you with your computer problem.Please read the following guidelines which will help to make cleaning your machine easier:
please follow all instructions in the order posted
please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
if you don't understand something, please don't hesitate to ask for clarification before proceeding
the fixes are specific to your problem and should only be used for this issue on this machine.
please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!
 IMPORTANT:
Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested
I am looking at your logs now and will reply with instructions shortly.
Satchfan

63 more replies
Relevance 40.18%

I went through the read and run me first thread and I hope I did everything right. I tried to do as much as I could. I would rather do it myself but at some point you have to know when to ask for help! I hope to work on analyzing HJT logs a little more from a learning view rather than trying to fix my computer. So here goes:

I was getting windows antispyware 2006 popups all the sudden and then they were getting worse and varied from that to your system is infected and a french vacation ad.

I ran adware,spybot,ccleaner,windows defender,ewido (avg anti-spyware), and vundofix.exe. Not in that order but I ran them all and toggled system restore.

I ran bitdefender and then I went back and verified that everything was deleted and had to delete the files in the housecall6 quarantine folder and the C:\WINDOWS\system32\winjks32.dll was still there but not accessible due to a program using it.

Then I ran panda activescan and deleted all the guest cookies and then deleted all the rest of the files except for:

Potentially unwanted tools:Application/HideWindow.A C:\hp\bin\FondleWindow.exe and

Potentially unwanted tool:Application/KillApp.B
C:\hp\bin\KillIt.exe

I really want to know if I have to do anything else to get this stuff out of my computer or if through a great walk through I managed to do this myself.

Here are the first three log files:
 

Answer:Need malware removal help

If you need anymore info than this I will get it as soon as I can.
The popups seem to have stopped for now but I will reboot and give it a work out for a while.
I feel violated and not real trustworthy of my pc right now!
Thanks!!
 

7 more replies
Relevance 40.18%
Question: Malware Removal

Hi there. I've been following your directions to remove some malware from my computer and I got as far as trying it to run your Farbar Recovery Scan Tool from the flash drive to the infected computer. I'm unable to run the program as it says that "cannot be run in DOS mode". Any thoughts on how I could get pass that and unlock my screen?
Thank you!

Answer:Malware Removal

Which operating system is installed? Also tell me, if it is 32- or 64bit.

17 more replies
Relevance 40.18%

I was able to rename mbam.exe and remove infections for a second time. I also deleted the folder listed in gmer log. Maybe that is how it returned.

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-02-19 20:20:17
Windows 6.1.7600
Running: gmer.exe
---- Files - GMER 1.0.15 ----

File C:\Users\brittainps\Downloads\The Little Rascals (Our Gang) - 4 Pack Collectors Series DVD - In Black & White\TLR4 1-Hook & Ladder 2-Call to Action 3-Hi Neighbor 4-Engine Trouble 5-Sundown Ltd 6-The 8th Wonder of the World\HOOK_NEIGHBOR_SUNDOWN_81099\VIDEO_TS\VTS_01_1.VOB 1073709056 bytes
File C:\Users\brittainps\Downloads\The Little Rascals (Our Gang) - 4 Pack Collectors Series DVD - In Black & White\TLR4 1-Hook & Ladder 2-Call to Action 3-Hi Neighbor 4-Engine Trouble 5-Sundown Ltd 6-The 8th Wonder of the World\HOOK_NEIGHBOR_SUNDOWN_81099\VIDEO_TS\VTS_01_3.VOB 1073709056 bytes
File C:\Users\brittainps\Downloads\The Little Rascals (Our Gang) - 4 Pack Collectors Series DVD - In Black & White\TLR4 1-Hook & Ladder 2-Call to Action 3-Hi Neighbor 4-Engine Trouble 5-Sundown Ltd 6-The 8th Wonder of the World\HOOK_NEIGHBOR_SUNDOWN_81099\VIDEO_TS\VTS_01_4.VOB 1029593088 bytes

---- EOF - GMER 1.0.15 ----
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Run by brittainps at 19:21:53 on 2012-02-... Read more

Answer:malware removal log

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the r... Read more

3 more replies
Relevance 40.18%
Question: Malware removal

Hey everyone, thanks for your time.I've run AdAware, Stinger, Spybot, Panda, and AVG; I am convinced that malware is still lurking in my computer. One particular example is cyj.exeToday it has morphed into kuji.exe and is dropping icons onto my desktop.I'm new at this, so if I missed something, let me know. Here's a hijack log:Logfile of HijackThis v1.99.1Scan saved at 9:34:25 AM, on 6/10/2005Platform: Windows XP (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 (6.00.2600.0000)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Messenger\msmsgs.exeC:\windows\system\hpsysdrv.exeC:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exeC:\HP\KBD\KBD.EXEC:\WINDOWS\System32\igfxtray.exeC:\WINDOWS\System32\hkcmd.exeC:\Program Files\Java\jre1.5.0_02\bin\jusched.exeC:\PROGRA~1\Grisoft\AVG7\avgcc.exeC:\PROGRA~1\Grisoft\AVG7\avgemc.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\Program Files\iTunes\iTunesHelper.exeC:\PROGRA~1\Grisoft\AVG7�... Read more

Answer:Malware removal

Hello anaximander and welcome to the BC forums. After reviewing your log I see that you are running msconfig in /auto mode which means that you may have selectively removed some items in the past from the startup procedure. This can hide malware from us when we are performing a fix, so we would like you to reenable those startup entries by doing the following:Please click on Start, then Run, and type msconfig and then press Enter. When the window opens you should be on the General tab. Click on the Normal Startup item. Then press ok until you are out of the program. It will ask you to reboot so reboot normally.Now please create a new Hijackthis Log and post it here as a reply. I will review it when it comes in.OT

5 more replies
Relevance 40.18%

I am a total novice PC user and I have recently connected to the internet via broadband. On the advice of some friends I have AVG anti virus software installed, and the Zone Alarm free firewall. My AVG scanner repeatedly finds a trojan which it claims to heal, but which has always returned the next time I scan. I have downloaded and run all the programs in your read and run me first thread, but the pesky little blighter is still there. I need some expert help.

I have saved the logs from counterspy, bitdefender, panda, runkeys, newfiles and hijackthis. I think all of them have come up with a problem at some stage, with a virus/program that they cannot disinfect/heal etc. I will attach these logs to my next post when someone replies, as I'm unsure as to which is the most important and I cannot attach all of them, can I?

Here's hoping someone can help me,

Mudrock
 

Answer:Malware removal - please help!

Here is some more info to help any would-be saviours to diagnose the problem:

Specs:
Intel Celeron II, 733MHz (11x67)
256MB (SDRAM)
Windows XP Professional (SP1)
Hard disk space 19083MB (60% free)

Problems:
2 programs requesting internet access on a regular basis:
w?auboot.exe (from C:\WINDOWS\System32\SKS~1\WAUBOO~1.EXE)
fkzr.exe (from C:\PROGRA~1\COMMON~1\fkzr\fkzrm.exe)

persistent trojan (from C:\WINDOWS\S?mantec\wucrtupd.exe)

I don't know if any of the above are causing serious damage to my machine. Many operations are slow, but is this just a reflection of ageing technology? [see specs, above]

Surely somebody is willing to help...

I will attach the counterspy, bitdefender and panda scan logs now, and post the other logs later.

mudrock
 

13 more replies
Relevance 40.18%
Question: Malware removal

1. my hp pc is 6 months old, and OS is Vista
2. i have an annoying abebot virus notification that keeps popping up telling me it's a security warning and redirects itself to web page of pc-cleaner of some kind.
3. i have updated all programs and i scanned pc with norton & ad-aware , both purchased, in normal AND safe modes; with avg , spyware doctor and spybot, malwarebytes - both modes also - and ALL OF THEM tell me full scans were ran and there are no infections
4. stopzilla and other software that only scan for free, show many threats and infections but how many can i keep buying?
5. i did everything step-by-step from your "READ & RUN ME FIRST" site
6.i cleaned and defrag'ed
7.BOTTOM LINE IS THAT POP-UP's are STILL popping up PLUS now i have other problems:
a. desktop background is all black screen now and will NOT load any vista picture, eventhou it shows picture in control panel browse window
b. ALL windows with pictures in it will NOT display picture UNLESS i go to "view" and then it will show it; initially shows only tags

WHAT ELSE CAN I DO?? please help

Lillian
 

Answer:Malware removal

WHAT ELSE CAN I DO??Click to expand...

Move this thread to the malware forum; add your scan logs when they ask for them.




i did everything step-by-step from your "READ & RUN ME FIRST" siteClick to expand...

everything? Read this (Step 4 from the Vista Removal Procedures) >




Step 4: Do You Still Have Problems

* Yes, I?m still having problems
o Start a new thread and clearly describe in detail the problems you are having and how long ago they started. Think about what you were doing at the time.
o Now you need to attach (See: HOW TO: Attach Items To Your Post ) the below logs created while running the above scans
+ SASlog.txt log from SuperAntiSpyware.
+ Malwarebytes Anti-Malware log
+ .
+ MGlogs.zip - normally it is C:\MGlogs.zip - only attach this log from MGtools.exe DO NOT attach any logs seen in the MGtools folder.
o Be patient after posting your logs and wait for one of the helpers to get to you. It can take a while to read thru all of the logs and to create individual fixes for you.Click to expand...

When we get the 'all clear' from the geniuses in the malware forum, we can then tackle your picture issues. You also said something about 'how many can I keep buying?' What does this mean? Have you been buying software from prompts and pop-ups on your PC? If you're referring to online scans, they are all fre... Read more

2 more replies
Relevance 40.18%
Question: Malware Removal

My computer will not allow me to boot without the blue screen of death. I can only use Last known good configuration. My cd drives no longer work nor have a drive letter. I cannot restore computer back to a good restore point. I have scanned with the following: Getrunkey, Shownew, Spybot, Counter Spy, AVG, Ad-Aware, Bitdefender, HJT. Counter Spy and Bitdefender found nothing therefore I have no logs. I will post the others. Any help would be most appreciated.
 

Answer:Malware Removal

My computer will not allow me to boot without the blue screen of death. I can only use Last known good configuration. My cd drives no longer work nor have a drive letter. I cannot restore computer back to a good restore point. I have scanned with the following: Getrunkey, Shownew, Spybot, Counter Spy, AVG, Ad-Aware, Bitdefender, HJT. Counter Spy and Bitdefender found nothing therefore I have no logs. I will post the others. Any help would be most appreciated.

Here are the other logs.
 

6 more replies
Relevance 40.18%
Question: malware removal

running malwarebyte. regularly picks up on malware.trace and broken.opencommand and removes but never permanently.

heres a copy of my most recetn log:

10/31/2010 7:44:25 PM
mbam-log-2010-10-31 (19-44-25).txt

Scan type: Quick scan
Objects scanned: 148712
Time elapsed: 4 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\kolenkom\AppData\Roaming\dkfjasdfshd.bat (Malware.Trace) -> Quarantined and deleted successfully.
any advice on how to remove either permanently?

thanks

Answer:malware removal

Hello,Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Orange Blossom

1 more replies
Relevance 40.18%
Question: malware removal

Hi,

I recently noticed that my AVG was not performing automatically performing scans or notifying me that a site was safe to go to. i'm not sure how long this has been going on. I downloaded a video player (which i never have done in the past) that was suggested to me by a site that i was trying to watch a movie on. something in my gut told me that it wasn't right so i tried to perform a scan using AVG and i received "this program is blocked by group policy, for more information contact your system administrator". i'm not sure if the virus came from the video player that i downloaded or not. i still have windows 7 home premium disk that i bought and installed years ago (not sure if it will still work or not) if that is what you guys are referring to when asking in the instructions if i have access to a windows install disk or a boot CD. i'm rally not that computer savvy on the technical side. i followed all the steps for the NEW INSTRUCTIONS- read this before posting for malware removal help blog. i really hope you guys can help me.

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16457
Run by dede at 16:57:06 on 2014-11-18
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3032.1644 [GMT -6:00]
.
AV: AVG Internet Security 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Internet Security 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553B... Read more

Answer:malware removal

Hello and Welcome to TSF.

My name is Tolga and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.
If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.
First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
Perform everything in the correct order. Sometimes one step requires the previous one.
If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your un... Read more

19 more replies
Relevance 40.18%

Hi, I've been having some issues with my laptop lately it has been slow and I'm trouble connecting to the internet sometimes, so i decided to check for malware and ran through the Malware Removal Guide. Hope you guys can guide me what to do next.Thanks.
 

Answer:Malware removal help

Other than what Hitman found, which could just be false positives, I am not finding any malware in your logs. I suggest you post in the software forum for further assistance.

Since you are not having any malware problems, it is time to do our final steps:

We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware. You can uninstall RogueKiller and HitManPro.
Go back to step 4 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
If running Vista or Win 7, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
Go to add/remove programs and uninstall HijackThis.
Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
related to MGtools and some other items from our cleaning procedures.
After doing the above, you should work thru the below link

How to Protect yourself from malware!

Malware removal from a National Chain = $149
Malware removal from MajorGeeks = $0
 

3 more replies
Relevance 40.18%
Question: Malware removal..?

Hi, and thank you before I even start . I did all the steps as per the instructions on this forum. The Superanti didn't pick up anything, nor did the Malwarebytes.

Hopefully I have attached everything correct.

The reason I am posting is because my anti-virus software (webroot) has twice picked up malware for quarantine, even after the superantispy and malwarebytes running.

Thank you!
 

Answer:Malware removal..?

The other one.
 

10 more replies
Relevance 40.18%

Hi guysI'm new to the forums and i followed all of your guide to removing the malware, I have all the logs ready but I'll give you some background info first.I let my friend use my laptop while I was on vacation last month. I got it back and he said there was a lot of viruses on it. Download AVG and ran that and deleted what I could than came here and now turning to you guys for advice. After running AVG it still seemed like i had spyware and malware problems because almost everytime i would click on a link to something it would redirect me to some weird search engine or a article not relating at all to what I searched. So i followed your guide step by step and here are the logs...Malwarebytes' Anti-Malware 1.41Database version: 3090Windows 5.1.2600 Service Pack 311/2/2009 7:04:41 PMmbam-log-2009-11-02 (19-04-41).txtScan type: Quick ScanObjects scanned: 95234Time elapsed: 5 minute(s), 2 second(s)Memory Processes Infected: 0Memory Modules Infected: 2Registry Keys Infected: 2Registry Values Infected: 8Registry Data Items Infected: 5Folders Infected: 1Files Infected: 7Memory Processes Infected:(No malicious items detected)Memory Modules Infected:c:\WINDOWS\system32\rahuziti.dll (Trojan.Vundo.H) -> Delete on reboot.\\?\globalroot\systemroot\system32\hjgruibyufoqov.dll (Trojan.FakeAlert) -> Delete on reboot.Registry Keys Infected:HKEY_CLASSES_ROOT\CLSID\{ca7654f9-4f26-43f5-b51a-a20648c4bc3f} (Trojan.Vundo.H) -> Quarantined and deleted successfully.HKEY_CURR... Read more

Answer:help with malware removal

Welcome to Computer Hope, a specialist will be along, please be patient.

2 more replies
Relevance 40.18%

Hi
Iam a Novice User.. Today i was infected by a Malware that gives a pop up"Attention!some dangerous trojan horses detected in your system..Windows Xp files Corrupted" and so on whenever i try to open Windows explorer..If i try to access internet explorer it leads to a id "http://free-viruscan.com/id/4912933/4/1/"Well this is my Hijackthis logfile

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:07:19, on 6/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
c:\Progr... Read more

Answer:Malware removal help...

Welcome to TSF.

Please print the below instructions or copy them to Notepad. Make sure to work through the fixes in the order mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you checked the last one:

O2 - BHO: IE ext - {2FF811E6-8925-4084-A649-C159955E67E8} - C:\WINDOWS\system32\coni.dll
O2 - BHO: Zango - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)
O3 - Toolbar: Zango - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)

Locate the following Files/Folders and delete them if they exist (if no location given, just do a search for them):

C:\WINDOWS\system32\coni.dll

Download Malwarebytes ' Anti-Malware at http://www.besttechie.net/tools/mbam-setup.exe or http://www.majorgeeks.com/Malwarebyt...are_d5756.html Double-click on mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Full Scan, then click Scan.
* The scan may take some time to finish, so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open i... Read more

5 more replies
Relevance 40.18%

Not sure when/how the infections took place. Potentially after Avast detected a problem after trying to download a file for a Palm phone. Avast service won't start. Tried uninstall/reinstall of Avast to no avail. Various programs detected numerous issues as attached. Patiently standing by for advice. Thanks,
 

Answer:Malware removal of course

I am not seeing much to do at all.

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchgateway.net/search/%

After clicking Fix exit HJT.


Are you able to install any other anti virus, what happens when you do?
 

2 more replies
Relevance 40.18%

Not sure if I have any malware/viruses right now but it seems there are some issues with my computer where I get denied access to certain functions and popups showing errors stating "your browser doesn't have the correct flash player installed " , "your computer is running slow and needs to be tweaked for better performance" I have mcafee anti-virus and malwarebytes installed and operating . Running windows 7 Home , Office 2010. I attached the requested logs . Hope I got it right. Thanks , Pedro.

Answer:Removal of malware help

I have Secunia running at the moment and it advises that Shockwave needs to be updated. Secunia is updating shockwave and has been doing so for a few hours. Is it normal for it to update for such a long time?

1 more replies
Relevance 40.18%
Question: Malware Removal

I was going through the Malware Removal for Delta-Search, and when it came to Hitman Pro, I forgot the step about changing all to ingore and hit next, after I did it there was no taking it back, I saw it after I hit it. Now I can't get into system restore or a couple things on my computer. Can someone please help me... Also the delta search virus is still on computer....
 

Answer:Malware Removal

Hi there and welcome.

Can you ensure that you attach the log from Hitman showing what was deleted?
Also, you need to be thorough and attach all of the other requested logs from running the R&R as referenced below.

READ & RUN ME FIRST. Malware Removal Guide
 

21 more replies
Relevance 40.18%

I noticed a couple of weeks ago that my CA anti-virus had a pop up box that said 3 viruses were detected and removed from my computer. This happened a few more times, but I didn't notice any problems with the computer so I continued on my merry way. Yesterday the computer had slowed noticeably and went to Windows Task Manager and on the CPU Usage svchost.exe SYSTEM was using 50%. There were multiple instances of svchost.exe SYSTEM and svchost.exe NETWORK SERVICE. I don't know if this has anything to do with the problems I'm having, but...
 

Answer:Need Help With Malware Removal

I also attached a Kapersky on-line virus scan.
 

5 more replies
Relevance 40.18%
Question: Malware Removal?

Hello there,

In the past week or two my computer has been getting slower and slower and slower. I have noticed a process named "ctalogd.exe", within the task manager window, googled it and found it to be some sort of malware. I noticed that HiJackThis is a common tool used for you to help us, so I have downloaded it and will be patiently waiting for instruction.

I have avg and counterspy but this process is left undetected. Help would be much appreciated with this removal process. Please advise. Thanks!

Answer:Malware Removal?

Are you using Cisco Systems? ctalogd.exe is related to the Cisco certification agency agreements service process and installed in this path:C:\Program Files\Cisco Systems\CiscoTrustAgent\ctalogd.exeAnytime you come across a suspicious file, search the name using Google or the following links:BC's File DatabaseBC's Startup Programs DatabaseFile Research CenterThreatExpert Malware SearchIf no search results are found, you are given the option to "Submit a New Sample".Determining whether a file is malware or a legitimate process sometimes depends on the location (path) it is running from. One of the ways that malware tries to hide is to give itself the same name as a critical system file. However, it then places itself in a different location on your computer. A file's properties may give a clue to identifying it. Right-click on the file, Properties and examine the General and Version tabs.If you cannot find any information, the file has a legitimate name but is not located where it is supposed to be, or you want a second opinion, submit it to jotti's virusscan or virustotal.com. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.Post back with the results of the file analysis.

5 more replies
Relevance 40.18%
Question: Malware removal

Hello:

Im usually pretty good with virus and malware removal, but I have a doozy on my hands.

To make a long story short, I inadvertently trusted an executable and it has wreaked havoc on my home ppc.

I have been working on it 2 days and have made progress but this is where I am.

My borwser ranadomly redirects to sites Im not going to when I use goole links and probably yahoo, although I rarely use yahoo.

I was using Symantec endpoint protection, but whatever was installed, pretty much ruined it. Full scans of my C: drive wouldnt fully scan. It only scanned about 1000 files and then said it was completed.

I have since tried to uninstall Symantec but it wouldnt uninstall fully.
Im going to try another attempt to uninstall tonight.

But that isnt the problem, I have run several malware programs includin Hijack This, Root Repeal, Loaris Trojan remover, and deleted a bunch of garbage.

But..... Root Repeal found the following files which are hidden and invisible.

th: C:\WINDOWS\system32\MSIVXbmqqaruofnxbtfwstgkvppbdgcnfxues.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\MSIVXcount
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\MSIVXxtuwywcfaqbdmixetewswwiblhylkltk.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\drivers\MSIVXrxdaivrfqqumqsefekqqqpnuylakcmej.sys
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\XXXXXX\Local Settings\Temporary Internet Files\Con... Read more

Answer:Malware removal

I will try this next any help would be greatly apprciated.

http://forums.majorgeeks.com/showthread.php?t=192101&highlight=Invisible+malware+files

PG
 

2 more replies
Relevance 40.18%

To all,

Would someone be so kind as to help me fix my computer. Every time we try to search on
Google and any other search engine, our search is redirected to a website that has nothing to
do with the search query. I tried McAfee, Spybot, Ad-Aware, and Hitman Pro 3.5 to no avail.
Attached are my DDS log and my GMER log. Thank you!

V/R Colin

Answer:Malware Removal Help

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

2 more replies
Relevance 40.18%
Question: Malware Removal

Hello-

Earlier this evening I visited an acquaintance's business website. Within seconds of arriving at the site, my Zone Alarm firewall began indicating that files were attempting access and I had numerous other security alerts pop up. My CPU fan started to fire up (which scares me because of a previous infection) and I shut down my computer immediately.

Upon restarting, I ran Malwarebytes. I got this list of infections:

braviax.exe
Trojan - figaro.sys
Backdoor.Bot - sysldtray
Backdoor.Bot - ld12.exe
Fake.Beep.sys - beep.sys
Fake.Beep.sys - beep.sys
Trojan.FakeAlert - braviax.exe
Worm.KoobFace - ld12.exe
Disabled Security Center

My AVG also informed me of a threat detected: bravia.exe

I told Malwarebytes to remove all the found/selected files and AVG to move the file to the Virus Vault.

Because I was concerned about files still hidden and regenerating upon restart, I decided to come to Major Geeks. I've gone through the Read & Run Me First steps and have attached the first 4 logs to this post (5th log to immediately follow). Although I didn't see any problems found in the scans and my CPU fan has since calmed, I want to run the logs by the expert team for peace of mind as I've relied upon Quarantines and the Virus Vault with (what I hope were) minor attacks over the past year or more. Would love to get an 'all clear' before proceeding.

Can I provide any additional information?

Thank you very much for the... Read more

Answer:Malware Removal

5th log attached.
 

4 more replies
Relevance 40.18%

WinXP Pro SP3 build 2600, Intel Celeron 2.53HGz, 2 gig RAM, Biostar U8668D mb, Phoenix-Award Bios v 6.00pg

This computer was removed from service simply to replace with a newer computer. It was used to run a billing application.
I was doing normal testing and maintenance on the computer when I noticed Malwarebytes would not run. That was the only symptom that got my attention.

Current status:
I can run Spyware S&D with no results.

I cannot run HijackThis. It does not even begin to open.

I uninstalled Malware bytes then downloaded a new install program, renamed the install to Bam.exe. It installed OK but upon initial launch it closes immediately. When Malwarebytes is run from icon, it opens to desktop and closes quickly.

I could not install Windows Defender. On the first attempt to install I got the message?Windows Installer is not running.? I started Windows Installer manually and Defender installed. I cannot get Defender updates but get ?error code 0x80240022.?
I can scan with Defender but no problems are reported.

I ran SmitFraudFix and got a scan report that these were detected and to use a Rootkit scanner: xpdx xpdt huy32 pe386 lzx32 msguard
I located xpdx huy32 in HK_CU/Microsoft/Search Assistant/ACMru/5603 and deleted both .

I finally decided to use the MajorGeeks detailed instructions beginning with ?Getting Started? and followed each step of downloading programs then running per the instructions under ?Wind... Read more

Answer:Help please with Malware removal

I am not seeing any malware in your logs. Why am I also not seeing any AV software installed?

Have you tried running SAS and MBAM on this user: Coahoma Electric

What about safe mode, do they run there?
 

7 more replies
Relevance 40.18%
Question: malware removal

I have just finished the Malware removal House cleaning scans ill attach the logs . Thank You this site is excelent

More replies
Relevance 40.18%

Hi there! I friend at work brought in his son's laptop and asked me to take a look / run some scans... said it was sluggish and acting "weird", ie:

"It won't shutdown correctly sometimes, and won't connect to the internet sometimes...lots of querks."

That's all I know, but it looks like a few things showed up on a couple of the scans. Any assistance at cleaning necessary items would be appreciated. Logs are attached...

Also...noticed the RogueKiller created an "RK Quarantine" folder on the desktop. Maybe that's standard behavior...but thought I would mention it in case it's not.

TIA...don't know what I would do without my majorgeeks!

Diane
 

Answer:Possible Malware...help with removal

Rerun Hitman and have it delete this item:
C:\Users\Clayton\Downloads\setup.exe

Otherwise, I am not finding any malware in your logs. I suggest you post in the software forum for additional assistance. You might want to include answers to these questions:

A slow computer is not always due to malware:

Please explain what operations are slow! For example answer the below:

* Is boot up slow?
* Is shutdown slow?
* Is browsing/surfing slow?
* Is downloading slow?
* Is running any application?
* Is it also slow in safe boot mode?
* Also are any process showing in Task Manager to be using a lot of CPU time?
* Anything else slow?

If you are not having any other malware problems, it is time to do our final steps:
We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
Renable your Disk Emulation software with Defogger if you had disabled it in step 4 of the READ &
RUN ME.
Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall,
don't worry about it. Just move on to the next step.
If running Vista, Win 7 or Win 8, it is time to make sure you have reenabled UAC by double clicking
on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
Now goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if
running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove ... Read more

3 more replies
Relevance 40.18%
Question: malware removal

I have a malware problem due to Antivir Solutions Pro. I got rid of the virus--- I think--- but it left my laptop unable to access Google or anything related to Google.I followed your malware removal directions until the GMER log section. I could not download the GMER link 1 or the GMER link 2. The GMER link 1 gave me an error message that the website was taking too long to respond and the GMER link 2 took me to the spyware doctor home page. I didn't know what to download there. Can you help?Thanks.I was infected by Antivir Solutions Pro. I believe I removed it from my computer but some of its effects remain. For the past two weeks I was unable to access Google or any Google program (Chrome, Picasa, etc.), Safari, or Internet Explorer. I removed Google Chrome from my computer, hoping to download a new version without a misdirect. As of tonight, I can access the google website, but when I try to download Chrome, I get a message that the server took too long to respond. (Same message as I have received for many other websites.) The only browser I can access is Firefox. There are a number of websites that I cannot access now. For example, Windows Defender is unable to check for definition updates--- error message 0x80072.efd. Also, my browser is REALLY slow.Here is the DDS log I created:DDS (Ver_10-03-17.01) - NTFSx86 Run by Carol Lee at 21:36:48.33 on Mon 08/30/2010Internet Explorer: 8.0.6001.18943 BrowserJavaVersion: 1.6.0_20Microsoft? Windows Vista? Business... Read more

Answer:malware removal

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

28 more replies
Relevance 40.18%

You probably remember me from the last time I asked you for help, and again I thank you. This, however, is for my desktop. The last computer you helped me with was for my laptop.

I ran everything just as instructed and will be attaching the logs.

The computer seems to be running fine, now, but the same problem happened after running combo-fix. My clock did not switch back to 12 hour time.

The problem with this computer was found in add/remove programs with some of the programs noted in "read & run me first." I removed them, and hope they are gone now, but please tell me if you find anything else with the logs that might help.

Your help is much appreciated. I thank you again.
 

Answer:Help With Malware Removal

MGlogs
 

13 more replies
Relevance 40.18%

Hi there everyone. I am prettty new to the whole Hijack this scene but I have a family friends computer that I was given to fix, and I am looking for a spot of help.
The computer uses Dial-up Internet via PeoplesPC (???) I will try to include as much information as I can but I will probably forget to include something

The issue - The computer will not let you access the internet via a web browser even though it connects to a working network.

What I have already done - I installed AVG and ran a full virus scan on the computer and also a full computer comandline check in Safe Mode. It doesn't seem to be working as right after it says it has quarantined/ move to vault, the problems just keep showing up on a rescan.

I also tried to do a windows update but it kicked it back telling me that certain services were missing, ie the Windows Update Service and some other services

I have included in this a Log I generated Via HijackThis, followed by a DDS Log (I suppose this may help?) and a RootReal log
Computer specs -

Dell Inspiron 6000
Microsoft Windows XP - Media Center Edition - Version 2002 - Service Pack 3
Intel Pentium M Processor 1.73GHZ
504MB Ram

Here is the HijackThis log that was generated when I scanned it -

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:02:12 PM, on 1/31/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32... Read more

Answer:Malware Removal Help

Here are the DDS and RootRepeal Logs (wouldn't let me fit em in with the original report)
DDS (Ver_09-12-01.01) - NTFSx86
Run by Administrator at 19:55:07.35 on Sun 01/31/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.109 [GMT -5:00]
============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\PeoplePC\ISP6300\Browser\Bartshel.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Upd... Read more

2 more replies
Relevance 40.18%

Any help much appreciated...no idea how this has happened!

Thanks
 

Answer:Malware removal help

Hello,

You're missing Addition.txt report.
 

8 more replies
Relevance 40.18%
Question: Malware removal

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.Please run the following tools in the order listed.Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) ( 511KB ) to your desktop. Double click the aswMBR.exe to run it Click the "Scan" button to start scan. Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANTPlease post the contents of that log in your next reply.There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.===Please DownloadTDSSKiller.zip>>> Double-click on TDSSKiller.exe to run the application.Click on the Start Scan button and wait for the scan and disinfection process to be over.If an infected file is detected, the default action will be Cure, click on Continue
If a suspicious file is detected, the default action will be Skip, click on Continue
If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please c... Read more

Answer:Malware removal

heres the log from aswMBRaswMBR version 0.9.8.986 Copyright© 2011 AVAST SoftwareRun date: 2011-09-16 15:52:24-----------------------------15:52:24.822 OS Version: Windows x64 6.1.7600 15:52:24.822 Number of processors: 4 586 0x50315:52:24.823 ComputerName: VANCE-PC UserName: Vance15:52:28.263 Initialize success15:52:49.834 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-515:52:49.837 Disk 0 Vendor: ST31000528AS CC3E Size: 953869MB BusType: 315:52:49.840 Device \Driver\atapi -> MajorFunction fffffa8003e305c015:52:51.843 Disk 0 MBR read successfully15:52:51.844 Disk 0 MBR scan15:52:51.844 Disk 0 Windows 7 default MBR code found via API15:52:51.844 Disk 0 unknown MBR code15:52:51.845 Disk 0 MBR hidden15:52:51.845 Disk 0 MBR [possible unknown [email protected]] **ROOTKIT**15:52:51.846 Disk 0 trace - called modules:15:52:51.847 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8003e305c0]<<15:52:51.848 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80035d4060]15:52:51.848 3 CLASSPNP.SYS[fffff8800140143f] -> nt!IofCallDriver -> [0xfffffa80032d2520]15:52:51.848 5 ACPI.sys[fffff88000fa3781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-5[0xfffffa80032d1060]15:52:51.850 \Driver\atapi[0xfffffa80035429b0] -> IRP_MJ_CREATE -> 0xfffffa8003e305c015:52:51.851 S... Read more

9 more replies
Relevance 40.18%

Hello,

A few weeks I unintentionally installed the 'funmoods' internet browser toolbar
(http://www.funmoods.com/) when I was trying to install some additional fonts for MS Word.

This causes random audio advertisements to play on my computer even when all browser windows are closed. In addition, I seem to a 'svchost' trojan on my computer that I have been unable to get rid of. I am not sure if this is related to the funmoods toolbar.

I followed instruction I found online to get rid of the funmoods toolbar, but while the toolbar has been removed from the browsers, the audio ads continue to play.

I have also tried using McAfee anti-virus and Malwarebytes Bytes with little success.

Would you be able to help me remove the audio ads as well as the svchost trojan from my computer? I have pasted the necessary scan logs. This issue has frustrated me for weeks and your help is much appreciated! Thanks a lot!
APK

Hijack this:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:35:30 PM, on 11/3/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Users\Apoorva\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
C:\Users\Apoorva\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
... Read more

Answer:Malware removal-Please help!

your being helped here
http://forums.techguy.org/virus-other-malware-removal/1075368-malware-removal-please-help.html

please do not duplicate post

closing this thread
 

1 more replies
Relevance 40.18%
Question: Malware removal

Hi
I am new to this forum so I am really hoping for some help )

I managed to pick up the latest Personal Shield Pro Malware and have so far spent the best part of two days trying to sort out my PC.

So far I have managed to get the malware to think I have paid for it so it doesn't keep popping up. I have run malwarebytes and AVG (for good measure).

My initial problem was that I only had a balck screen with a flashing _ top left but, eventually, managed to boot from the XP CD. With this forums help I have managed to get to the recovery mode and now I am completely lost.

Any help would be sooooooo much appreciated.

Mot44

Answer:Malware removal

Hi Forum

I'm not sure how to let you know I have decided to call in an expert to sort out my PC as I use it for work.

Hope this post is the right thing to do.

Great site and really appreciate that people give their time voluntarily so really needed to let you know.

Many thanks
Linda

2 more replies
Relevance 40.18%

So it would appear that I am infected with WinantivirusPro 2006, I get the pop ups constantly but I have not installed the program. I also get blank windows popping up to a certain ip address that contains information on what I was currently doing. Such as this "http://85.12.25.85/trafc-2/rfe.php?cmp=vm_mg_ff_nonusa_fail&nid=ec&uid=AB11DEAC21A011DB973F00167647FA98&guid=e0f30edd+1D10514769CC421B8E80F83036AF28EA&lid=forums%3E&url=http%3A%2F%2Fforums.majorgeeks.com%2Fshowthread.php%3Ft%3D38752&affid=862"

So I went through the steps you guys have posted and I have lots of logs for you read, I really need your help and I hope that I can make it as painless as possible. I already ran VundoFix as well and it deleted a lot of .dll files that I noticed were spyware.

Oh and for future notice, I am unable to load safe mode. My computer simply loads it and I cannot do anything but move my mouse. I do not know if this is related to spyware or not.

Attached are the various logs that were requested in the steps.

Thanks in advance,
Ryan
 

Answer:Various Malware, need help in removal Please

Here are some additional files that were requested.
 

8 more replies
Relevance 40.18%

Here is my log file from hijackthis. Any suggestions!?Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:50:21 PM, on 3/17/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16791)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\cisvc.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\system32\LxrSII1s.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\program files\common files\mcafee\mna\mcnasvc.exec:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeC:\Program Files\McAfee\VirusScan\McShield.exeC:\Program Files\McAfee\MPF�... Read more

Answer:malware removal help

I forgot my DSS output. Here it is.

DDS (Ver_09-03-16.01) - NTFSx86
Run by Cathy at 20:22:23.13 on Tue 03/17/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_10
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.766.309 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\LxrSII1s.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan... Read more

3 more replies
Relevance 40.18%
Question: Malware removal

Something is preventing from entering any site that requires a log in. I even had to use a back door to get in here. I had that awesomehomepages thing, I used their uninstall utility but I am still being blocked by something. I am being prevented from uploading a log file.
 

More replies
Relevance 40.18%
Question: Malware Removal

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/419044 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Answer:Malware Removal

Hello again!I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.Thank you for using Bleeping Computer, and have a great day!

2 more replies
Relevance 40.18%
Question: Malware Removal

Hi all! Its unbelivable the things that are out on the internet that can be annoying to say the least. The only thing that worked for me was to just do a system restore. Take your computer back in time a few days before the spyware imbedded itself into your registry. It works, believe me.
 

Answer:Malware Removal

Jag5050 said:



Hi all! Its unbelivable the things that are out on the internet that can be annoying to say the least. The only thing that worked for me was to just do a system restore. Take your computer back in time a few days before the spyware imbedded itself into your registry. It works, believe me.Click to expand...

This doesn't work in every case because sometimes your restore points holds the infection. The best way to remove it is to never get it. The best way to never get it is to surf safely, keep windows up-to-date, have an updated antivirus and firewall installed.

How to Protect yourself from malware!
 

1 more replies
Relevance 40.18%

Deckard's System Scanner v20071014.68Run by Nigel on 2008-04-26 12:21:06Computer is in Normal Mode.--------------------------------------------------------------------------------Backed up registry hives.Performed disk cleanup.-- HijackThis (run as Nigel.exe) -----------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:23:40 PM, on 26/04/2008Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16643)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\LogMeIn\x86\LogMeInSystray.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Java\jre1.6.0_05\bin\jusched.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\PowerISO\PWRISOVM.EXEC:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exeC:\Windows\vVX3000.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\Windows Live\Messenger\msnmsgr.exeC:\Users\Nigel\AppData\Local\Plaxo\3.8.1.1\PlaxoHelper... Read more

Answer:Help With Malware Removal

Hello NigelL. to BleepingComputer.comMy name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)Please give me some time to look over your computer's log(s).Please take note of the following:In the meantime, please refrain from making any changes to your computer.Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Finally, please reply using the button in the lower left hand corner of your screen.Please run Deckard's System Scanner again, this time using these instructions:Click on Start, click on RunCopy and paste the following in the open window and then click OK:
"%userprofile%\desktop\dss.exe" /configThis will open up DSS configurationClick on Check All.Click Scan.
DSS will now run again.Please post back both logs that open in notepad.
Main.txt and Extra.txtSee you soon,Billy3

1 more replies
Relevance 40.18%

I am attaching my three logs: SuperAntispyware, Malwarebytes' Anti-Malware, HijackThis. Please help.Thank you for your expediency.Mike[Saving space, attachment deleted by admin]

Answer:Malware Removal Help

Hello klemak and welcome to Computer Hope Forum. My name is Superdave but you can just call me SD. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs. 1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.2. The fixes are specific to your problem and should only be used for this issue on this machine.3. If you don't know or understand something, please don't hesitate to ask.4. Please DO NOT run any other tools or scans while I am helping you.5. It is important that you reply to this thread. Do not start a new topic.6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.7. Absence of symptoms does not mean that everything is clear.Download Disable/Remove Windows Messenger to the desktop to remove Windows Messenger.Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.Exit out of MessengerDisable then delete the two files that were put on the desktop.Open HijackThis and select Do a system scan onlyPlace a check mark next to the following entries: (if there)O2 - BHO: (no name) - {7E853D72-626A-48... Read more

7 more replies
Relevance 40.18%
Question: malware removal

hello,
I am having an issue wherein i cannot log on to windows. i have microsoft security and yesterday it notified me of a virus, i cleaned it and restarted. upon restart it asked for verification of windows, but would not allow it. desperate to do my job, i did a system restore while in safe mode and it let me in but then the virus notification came, asked for restart which i did not do as i knew what would happen. today i returned to work, and as i expected upon booting my computer, it would not log into windows, did another system restore and nothing..
followed the steps in your forum for malware removal with malwarebytes.. please find attached the log..though it cleaned 6 i still cannot log into windows upon restart...
Urgent help is needed if possible because it is my work pc and the consequences of not working today are very serious..
Thanks in advance
 

Answer:malware removal

So if you got Malware Bytes to run, why could nothing else be run? Did you try? If so what happened?
 

1 more replies
Relevance 40.18%
Question: malware removal

I've recently been getting redirected to other websites when searching the internet. I'm told it's a malware virus.
I downloaded malwarebytes but it wouldn't scan. I tried to go back to an earlier checkpoint but it wouldn't do it.
My McAfee antivirus doesn't pick up anything. What can I do besides reformating the PC?

Answer:malware removal

Hello and welcome!!Some types of malware will disable MBAM (MalwareBytes) and other security tools. If MBAM will not install, try renaming it.Before saving any of your security programs, rename them first. For example, before you save Malwarebytes', rename it to something like MBblah.exe and then click on Save and save it to your desktop. Same thing after you install it. Before running it, rename the main executable file first***Right-click on the mbam-setup.exe file and change the .exe extension to .bat, .com, .pif, or .scr and then double-click on it to run.If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files, right-click on mbam.exe and change the .exe as noted above. Then double-click on it to run..***Another work around is by not using the mouse to install it, Just use the arrow keys, tab, and enter keys.***Open up command prompt, type in following commands: XP >> click the Start menu at the lower-left of your computer's desktop and select "Run". Type cmd into the Run box and click "OK".Vista >> click the Start menu at the lower-left of your computer's desktop and Type cmd in the search box.regsvr32 mbamext.dllregsvr32 ssubtmr6.dll regsvr32 vbalsgrid6.ocxregsvr32 zlib.dll ****If you cannot use the Internet,you will need access to another computer that has a connection.From there save mbam-setup.exe to a flash,usb,jump drive or CD. Now transfer it to the infected machine, then install and run the program. If you cannot tra... Read more

1 more replies
Relevance 40.18%

twit2 could not run either DDS or RSIT. ~ OBI've finally gotten some results from the Runscanner.exe program I was requested to run for the search for the malware on one of my computers. I hope these results below can give you the clues needed to tell me what to kill/fix and how.Runscanner logfile* = signed file- = file not foundGeneral info------------Computer name : SMOKEYCreation time : 3/10/2009 4:35:42 PMHosts <> 127.0.0.1 : 0Hosts file location : %SystemRoot%\System32\drivers\etcIE version : 7.0.5730.11OS : Microsoft Windows XPOS Build : 2600OS SP : Service Pack 3RunScanner Version : 1.8.0.0User Language : English (United States)User rights : AdministratorWindows folder : C:\WINDOWSRunning processes----------------- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated) C:\WINDOWS\System32\alg.exe (Microsoft Corporation)* C:\PROGRA~1\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)* C:\PROGRA~1\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)* C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)* C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\csrss.exe (Microsoft Corporation) C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) C:\WINDOWS\system32\svchost.exe (Microsoft Co... Read more

Answer:Help with malware removal

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructio... Read more

2 more replies
Relevance 40.18%

Have run malware removal instructions

The only one that failed was ComboFix. It has been a problem as it hangs up.
The recovery module that ComboFix installs also hangs up. Computer freezes.

I also still seem to have redirection by malware on my browser.

Original source of problem was a file titled Facebook_Password.zip that came in an e-mail.

I have attached the logs.
 

Answer:Please Help with Malware removal

What malware issues are you having, as I am not seeing any malware in your logs.
 

38 more replies
Relevance 40.18%
Question: Malware Removal

Hi, I have read and completed the R&R Malware Removal guide and I have attached my logs. I was not able to run the RootRepeal (it is a .rar file and wanted me to select a program to run) or the MGTools.exe (the folder is located on my C drive but when I double-click on the icon and then run, nothing happens). Also, when I ran the combo fix it never disconnected me from the internet like it said would happen. I didn't have any programs running or open while combofix was running but after the fact i opened internet explorer (trying to run RootRepeal) and it crashed.

The Super AntiSpyware was the only program that found "potentially harmful" files but previous to finding your website I ran Spybot and it came across 70+ possibly harmful files.

Thanks for your help.
 

Answer:Malware Removal

Welcome to Major Geeks!

What malware problems brought you here to begin with.





Texaslg said:





or the MGTools.exe (the folder is located on my C drive but when I double-click on the icon and then run, nothing happens).Click to expand...

Let's try to debug this.

Please click Start, Run, and enter cmd and click OK. This will open a command prompt window. Enter the below commands at the command prompt each followed by the enter key. The bold black are commands. The purple is merely informational.

cd \MGtools <-- this changes to the MGtools folder and the prompt should change to C:\MGtools>
nwktst<-- this will try to run all one scan from MGtools. Tell me what error messages, if any, you see.
analyse <-- this will try to run TrendMicro Hijackthis. Click Twice on the Accept button to accept the license agreement if it shows. Then run a scan and save a log. Tell me what error messages, if any, you see.
GetRunKey <-- this will try to run all one scan from MGtools. Tell me what error messages, if any, you see.
ShowNew <-- this will try to run all another scan from MGtools. Tell me what error messages, if any, you see.
Now look for the C:\MGlogs.zip file and attach it no matter what happened while doing the above.
 

7 more replies
Relevance 40.18%

Hi there!I've gone through all the steps u recommended here. There were some slight problem during the process, mainly after running quick scan with anti-malware and rebooting as recommended, the system crashed, and have to do a restore to boot. After that I run cc cleaner again, and malware again (SAS haven't find anything earlier, therefore I skipped to run it again). In that run, malware stated -finally- everything as clean. However AVG keeps sending alerts about Packed.Protector.C in atapi.sys. (The system itself is already looking much more healthier, thanks)I'll try to attach all the logs I've created during the process. Thx in advance[Saving space, attachment deleted by admin]

Answer:Malware removal help

Never mind! I've read everything here, using the self helping methods (your analizer tool as well), and combofix (great scripts) and my pc is clean. Thx for the great posts and itineraries

1 more replies
Relevance 40.18%

Hi,

So something was done to my MAC. Every time I click on a link I have pop-ups, I have videos on webpages for advertising and when I shut down there is a new window that asks me if I want to abort installation.

Any help would be great.
 

Answer:Malware Removal Help

Unfortunately I don't support Mac here.
You need to find Mac forum.
 

3 more replies
Relevance 40.18%

Hello,

A few weeks I unintentionally installed the 'funmoods' internet browser toolbar
(http://www.funmoods.com/) when I was trying to install some additional fonts for MS Word.

This causes random audio advertisements to play on my computer even when all browser windows are closed. In addition, I seem to a 'svchost' trojan on my computer that I have been unable to get rid of. I am not sure if this is related to the funmoods toolbar.

I followed instruction I found online to get rid of the funmoods toolbar, but while the toolbar has been removed from the browsers, the audio ads continue to play.

I have also tried using McAfee anti-virus and Malwarebytes Bytes with little success.

Would you be able to help me remove the audio ads as well as the svchost trojan from my computer? I have pasted the necessary scan logs. This issue has frustrated me for weeks and your help is much appreciated! Thanks a lot!
APK

Hijack this:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:35:30 PM, on 11/3/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Users\Apoorva\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
C:\Users\Apoorva\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
... Read more

Answer:Malware removal-Please help!

15 more replies
Relevance 40.18%

I don't know if my posts are being read or seen. I'm very frustrated since neither of my posts asking for help from yesterday got a response. I know I'm not supposed to bump my posts, but both threads are now at page two and three. I only tried to make those threads as informative as possible.

Thank you to Ivor who PMd me and sent me this link: http://www.technibble.com/how-to-remove-syssecuritysitecom-w32myzorfk/

Those instructions I've seen posted and I wasn't sure if I should go on with step two of that procedure. I've had that problem, but I've not seen it recently although I still experience the problem below. I need some guidance please.

My taskbar currently has a flashing X and ? in a blue circle in it. A mouseover reads "Critical System Errors!" and clicking it directs me to virusburst.com.

I've also noticed under software explorer in Windows Defender two isamonitor.exe running in startup. Then isamonitor.exe and isamini.exe currently running. Both paths lead to a VideoKeyCodec.

I did follow the Read & Run me instructions to no avail. Should I attach new logs or will the logs I previously posted suffice? Thanks in advance for the help. I hope someone sees this soon.
 

Answer:STILL need help with malware removal

I update my logs. Accordiing to Panda scan my situation is getting worse. Someone please help.
 

3 more replies
Relevance 40.18%

I have done the suggested malware removal process and the infection is still showing up on my virus scan (xxyczh.sys Hacktool.Rootkit). It has been about a week since I detected the problem, and my antivirus and malwarebytes said it quarantined and deleted the file at that time. I went through your READ ME last night and the infection continues to show up in my virus scan. My computer seems to be running fine as of now.

Thanks to the mods for running such an informative and helpful forum.
 

Answer:Help w/ Malware Removal

Re: Help w/ Malware Removal-MGLogs

Here is my MGtools results
 

6 more replies
Relevance 40.18%
Question: Malware Removal

Due to being out of town I missed the reply in the last thread I started, so round 2. Thanks!

Important: Be sure to mention that you tried to follow the Prep Guide but were unable to get DDS to run. 64bit 2k3
OTL File
__________

OTL logfile created on: 2/29/2012 8:02:54 AM - Run 1
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Documents and Settings\Administrator.JLG\Desktop
64bit-Windows Server 2003 Enterprise Edition Service Pack 2 (Version = 5.2.3790) - Type = NTServer
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

47.99 Gb Total Physical Memory | 46.16 Gb Available Physical Memory | 96.18% Memory free
125.85 Gb Paging File | 125.25 Gb Available in Paging File | 99.52% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48.31 Gb Total Space | 12.71 Gb Free Space | 26.31% Space Free | Partition Type: NTFS
Drive D: | 87.77 Gb Total Space | 8.75 Gb Free Space | 9.97% Space Free | Partition Type: NTFS
Drive G: | 1103.43 Gb Total Space | 124.58 Gb Free Space | 11.29% Space Free | Partition Type: NTFS
Drive X: | 999.99 Gb Total Space | 481.36 Gb Free Space | 48.14% Space Free | Partition Type: NTFS
Drive Y: | 326.01 Gb Total Space | 300.96 Gb Free Space | 92.31% Space Free | Partition Type: NTFS
Drive Z: | 1862.00 Gb Total Space | 955.17 Gb Free Space | ... Read more

Answer:Malware Removal

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

2 more replies
Relevance 40.18%

I have scanned my computer with Norton Anti-virus and Ad-aware 2008. I found some infections and thought I removed them all but I'm still having problems. The Norton Anti-virus icon that shows in the taskbar on the bottom right hand side of my computer is gone so I'm not sure if that has been working correctly. When I first start windows it's very slow. I also had some problems with some websites saying the page cannot be displayed but I still had internet access. When I open up the windows security center the page isn't displayed correctly and says this "The Securty Center is currently unavailable because the "Security Center" service has not started or was stopped. Please close this window, restart your computer (or start the "Security Center" service), and then open the Security Center again. "I couldn't get my computer to scan using Kaspersky but I do have the logs for both DSS and HijackthisThanks for the help!Deckard's System Scanner v20071014.68Run by Compaq_Owner on 2008-08-04 19:16:09Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --53: 2008-08-05 02:16:15 UTC - RP490 - Deckard's System Scanner Restore Point52: 2008-08-04 19:23:07 UTC - RP489 - System Checkpoint51: 2008-08-03 18:55:28 UTC - RP488 - Syst... Read more

Answer:Need Help With Malware Removal

Hello,

I know you all are very busy and I will wait until you guys get time to help me I just had some additional information I forgot to add earlier and I can't seem to find a way to edit my post. The reason I can't get Kaspersky to scan is it said I can't run it with my anti virus and that I would need to disable it. The way I would disable my anti virus would be to turn off the icon on the bottom right hand side of the taskbar but as I mentioned before that has disappeared. I then went online and searched all my processes and turned off any that was associated with my Norton antivirus and it still didn't work. I'm not sure that helps any but I figured it wouldn't hurt Thanks again!

15 more replies
Relevance 40.18%
Question: Malware Removal

Hi, a computer tech at my school used hijackthis on my computer and had the data analyzed, and soon after my computer starting working a lot faster. Now, I have problems with internet and my computer just seems to be running very slow. Could someone analyze this reports for me? Thank you so much!!!Julia Chasler Deckard's System Scanner v20071014.68Run by User on 2008-08-08 00:32:05Computer is in Normal Mode.---------------------------------------------------------------------------------- HijackThis (run as User.exe) ------------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:35:09 AM, on 8/8/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Cisco Systems\Cisco Secure Services Client\ConnectionClient.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program... Read more

Answer:Malware Removal

Hello and welcome to BCWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. We aim to provide the valuable service known to come from BC to every member we can, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay. Please see here for instructionshow to install HijackThis and make a logfile. Save it into convenient location and include it to your next reply, please.NextPlease do a scan with Kaspersky Online ScannerNote: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.Click on the Accept button and install any components it needs.The program will install and then begin downloading the latest definition files.After the files have been downloaded on the left side of the page in the Scan section select My ComputerThis will start the program and scan your system.The scan will take a while, so b... Read more

2 more replies
Relevance 40.18%
Question: malware removal

I am not computer literate to start off with Anyway, I have Google Chrome and a "Default Extension 1.0" appeared on my list of extensions and I do not know how it got there. When I looked up to to see what it was it said it was a form of malware. I thought malware destroyed the computer? Anyway, I did see this question posted from a few years ago. So I am guessing this is an on going problem with Google. How do I get of this? Its endlessly frustrating when it redirects me to another site! I am using an older system well in the Microsoft world anyway. Its Windows XP and I use Google Chrome and we also have Internet Explorer. I hope this helps, like I said, I am not very computer literate, but I am a quick study!


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:32:06 AM, on 10/30/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe
C:\Users\H.A.L.9001\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\Real\RealPlayer\upd... Read more

More replies
Relevance 40.18%
Question: Malware Removal

Working on malware removal
I can hear ads running in hidden web browser process.
Task Manager does not show the processes, but scans by other tools (hijackthis and GMER) show them.
GMER scan is running and shows 4 hidden iexplore.exe processes running.

Here is the DDS.txt:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by chazemery at 7:53:10 on 2012-09-08
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.3071.1346 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: AVG Anti-Virus Free *Disabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: AVG Anti-Virus Free *Disabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
"C:\Windows\system32\svchost.exe"
"C:\Windows\system32\svchost.exe"
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32�... Read more

Answer:Malware Removal

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems.Please do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e... Read more

3 more replies
Relevance 40.18%
Question: MALWARE REMOVAL

I do not know how to get read of this virus on my window XP laptop Dell.

More replies