Computer Support Forum

Windows Firewall fails to start and this fake anti-virus virus keeps coming back!

Question: Windows Firewall fails to start and this fake anti-virus virus keeps coming back!

Hello I've been battling with this fake AV for a while now and I just discovered that Windows Firewall is putting out this error code when I try to restore it, 0x80070424. I am using AVG 2012 as a anti-virus program and running Windows 7 Home Premium SP1 64-bit. If anyone can help me with this I would be forever grateful.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Cole at 12:53:54 on 2011-12-26
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6062.2980 [GMT -5:00]
.
AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
C:\Program Files (x86)\Mp3Tube Toolbar\Mp3TubeSvc.exe
C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe
C:\Program Files (x86)\iZ3D Driver\Win64\S3DCService.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Trend Micro\Titanium\TiMiniService.exe
C:\Program Files (x86)\Tunngle\TnglCtrl.exe
C:\Program Files\Trend Micro\Titanium\TiResumeSrv.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\iZ3D Driver\Win32\S3DCService.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Mp3Tube Toolbar\Mp3TubeVideoToMp3.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Windows\WebCam\S6000\S6000Mnt.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\ClamWin\bin\ClamTray.exe
C:\Program Files (x86)\Real\RealPlayer\RealPlay.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Program Files (x86)\Android\android-sdk\platform-tools\adb.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://asus.msn.com
mStart Page = hxxp://asus.msn.com
mWinlogon: Userinit=c:\windows\syswow64\userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll
BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
TB: Mp3Tube Toolbar: {46897c77-e7a6-4c33-bffb-e9c2e2718942} - "C:\Program Files (x86)\Mp3Tube Toolbar\mp3tubetb.DLL"
TB: Astroburn Toolbar: {efeed92a-a33d-4873-ba8f-32baa631e54d} - C:\Program Files (x86)\Astroburn Toolbar\ABToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [DS3 Tool] C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe -mini
uRun: [Google Update] "C:\Users\Cole\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Desura] C:\Program Files (x86)\Desura\desura.exe -autostart
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [S6000Mnt] C:\Windows\SysWOW64\Rundll32.exe S6000Rmv.dll,WinMainRmv /StartStillMnt
mRun: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun: [CPMonitor] "C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe"
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun: [F0611679-3CCC-A390-D560-79B38387DE71] "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\F0611679-3CCC-A390-D560-79B38387DE71.avi", start minimized
mRun: [ClamWin] "C:\Program Files (x86)\ClamWin\bin\ClamTray.exe" --logon
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
dRun: [kgb] rundll32.exe "C:\Windows\System32\config\systemprofile\AppData\Local\App\kgb.dll",wmain
dRun: [F0611679-3CCC-A390-D560-79B38387DE71] "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\config\systemprofile\AppData\Roaming\F0611679-3CCC-A390-D560-79B38387DE71.avi", start minimized
uExplorerRun: [Policies] C:\install\server.exe
mExplorerRun: [Policies] C:\install\server.exe
StartupFolder: C:\Users\Cole\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
LSP: mswsock.dll
LSP: %SystemRoot%\system32\vsocklib.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{3BB21CA8-35D5-4229-99B4-515B288B6656} : DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{3BB21CA8-35D5-4229-99B4-515B288B6656}\14E64627F69646455647865627 : DhcpNameServer = 192.168.2.254
TCP: Interfaces\{3BB21CA8-35D5-4229-99B4-515B288B6656}\541474C45435 : DhcpNameServer = 192.168.2.1 192.168.0.1
TCP: Interfaces\{3BB21CA8-35D5-4229-99B4-515B288B6656}\C696E6B6379737 : DhcpNameServer = 68.87.71.230 68.87.73.246
TCP: Interfaces\{3BB21CA8-35D5-4229-99B4-515B288B6656}\D43554340265F434 : DhcpNameServer = 10.10.253.1 10.10.253.5
TCP: Interfaces\{3BB21CA8-35D5-4229-99B4-515B288B6656}\E4544574541425 : DhcpNameServer = 10.0.0.1
TCP: Interfaces\{CC769F48-DD41-4E7C-8EBE-96BEFFBBB07E} : DhcpNameServer = 68.87.71.230 68.87.73.246
TCP: Interfaces\{F0993E0D-6F62-4498-ABCA-961AFBDAB61F} : DhcpNameServer = 192.168.17.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: {6S1E081F-T61M-2275-208S-0R32C4F34QKV} - C:\install\server.exe
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll
BHO-X64: Trend Micro NSC BHO - No File
BHO-X64: Winamp Toolbar Loader: {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
BHO-X64: Winamp Toolbar Loader - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll
BHO-X64: TmBpIeBHO - No File
BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
TB-X64: Winamp Toolbar: {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
TB-X64: Mp3Tube Toolbar: {46897C77-E7A6-4c33-BFFB-E9C2E2718942} - "C:\Program Files (x86)\Mp3Tube Toolbar\mp3tubetb.DLL"
TB-X64: Astroburn Toolbar: {EFEED92A-A33D-4873-BA8F-32BAA631E54D} - C:\Program Files (x86)\Astroburn Toolbar\ABToolbar.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun-x64: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [S6000Mnt] C:\Windows\SysWOW64\Rundll32.exe S6000Rmv.dll,WinMainRmv /StartStillMnt
mRun-x64: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r
mRun-x64: [UpdReg] C:\Windows\UpdReg.EXE
mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun-x64: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun-x64: [CPMonitor] "C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe"
mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart
mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun-x64: [F0611679-3CCC-A390-D560-79B38387DE71] "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\F0611679-3CCC-A390-D560-79B38387DE71.avi", start minimized
mRun-x64: [ClamWin] "C:\Program Files (x86)\ClamWin\bin\ClamTray.exe" --logon
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
Hosts: 69.72.252.254 www.google-analytics.com.
Hosts: 69.72.252.254 ad-emea.doubleclick.net.
Hosts: 69.72.252.254 www.statcounter.com.
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Cole\AppData\Roaming\Mozilla\Firefox\Profiles\u5c7dgnk.default\
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B2729f4fc-6556-47b3-bca9-9ba2e61eac44%7D&mid=e8b3cbad157a47d19d9ad1191024e9fb-be2108af697626dcd62598518f3513a44d7696ab&ds=AVG&v=8.0.0.40&lang=en&pr=pr&d=2011-12-10%2014%3A55%3A26&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll
FF - plugin: C:\Program Files (x86)\Sony\Media Go\npmediago.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Cole\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Users\Cole\AppData\Roaming\Mozilla\Firefox\Profiles\u5c7dgnk.default\extensions\{394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B}\plugins\npLightshot.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
FF - user.js: browser.sessionstore.resume_from_crash - false
.
============= SERVICES / DRIVERS ===============
.
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 iZ3DShutterService;iZ3DShutterService;C:\Windows\system32\Drivers\iZ3DShutterService.sys --> C:\Windows\system32\Drivers\iZ3DShutterService.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 iZ3DInjectionDriver;Driver inject our D3D and OGL wrappers;C:\Program Files (x86)\iZ3D Driver\Win64\S3DInjectionDriver.sys [2011-7-25 43704]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
R2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-8-10 227184]
R2 Mp3Tube Toolbar Service;Mp3Tube Toolbar Updater Service;C:\Program Files (x86)\Mp3Tube Toolbar\Mp3TubeSvc.exe [2011-4-29 227840]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2011-12-3 2348864]
R2 Realtek11nSU;Realtek11nSU;C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe [2011-9-1 45056]
R2 S3DSvc32;S3D Service (Win32);C:\Program Files (x86)\iZ3D Driver\Win32\S3DCService.exe [2011-7-25 357888]
R2 S3DSvc64;S3D Service (Win64);C:\Program Files (x86)\iZ3D Driver\Win64\S3DCService.exe [2011-7-25 477696]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-9-14 508264]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-11-23 381248]
R2 TiMiniService;TiMiniService;C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [2010-10-26 241488]
R2 tmevtmgr;tmevtmgr;C:\Windows\system32\DRIVERS\tmevtmgr.sys --> C:\Windows\system32\DRIVERS\tmevtmgr.sys [?]
R2 TunngleService;TunngleService;C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2011-8-10 741224]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-14 2314240]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-8-21 846448]
R2 VMwareHostd;VMware Workstation Server;C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2011-8-22 11837440]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;C:\Windows\system32\DRIVERS\FLxHCIc.sys --> C:\Windows\system32\DRIVERS\FLxHCIc.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 MBfilt;MBfilt;C:\Windows\system32\drivers\MBfilt64.sys --> C:\Windows\system32\drivers\MBfilt64.sys [?]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\system32\DRIVERS\MijXfilt.sys --> C:\Windows\system32\DRIVERS\MijXfilt.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 nvoclk64;NVIDIA Enthusiasts Platform KDM;C:\Windows\system32\DRIVERS\nvoclk64.sys --> C:\Windows\system32\DRIVERS\nvoclk64.sys [?]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 S6000KNT;S6000KNT_WebCam Driver;C:\Windows\system32\Drivers\S6000KNT.sys --> C:\Windows\system32\Drivers\S6000KNT.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-9-14 219496]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\Windows\system32\DRIVERS\tap0901t.sys --> C:\Windows\system32\DRIVERS\tap0901t.sys [?]
S0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-14 135664]
S3 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2010-12-14 267480]
S3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\system32\DRIVERS\motfilt.sys --> C:\Windows\system32\DRIVERS\motfilt.sys [?]
S3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-12-14 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-12-14 79360]
S3 Desura Install Service;Desura Install Service;C:\Program Files (x86)\Common Files\Desura\desura_service.exe [2011-9-17 131912]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-14 135664]
S3 motandroidusb;Mot ADB Interface Driver;C:\Windows\system32\Drivers\motoandroid.sys --> C:\Windows\system32\Drivers\motoandroid.sys [?]
S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\system32\DRIVERS\motccgp.sys --> C:\Windows\system32\DRIVERS\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;C:\Windows\system32\DRIVERS\motccgpfl.sys --> C:\Windows\system32\DRIVERS\motccgpfl.sys [?]
S3 MotDev;Motorola Inc. USB Device;C:\Windows\system32\DRIVERS\motodrv.sys --> C:\Windows\system32\DRIVERS\motodrv.sys [?]
S3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\system32\DRIVERS\Motousbnet.sys --> C:\Windows\system32\DRIVERS\Motousbnet.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8192su.sys --> C:\Windows\system32\DRIVERS\RTL8192su.sys [?]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-8-6 118672]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-12-26 16:03:23 -------- d--h--w- C:\$AVG
2011-12-26 03:28:03 -------- d-----w- C:\Users\Cole\AppData\Roaming\AVG2012
2011-12-26 03:27:31 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2011-12-26 03:26:57 -------- d-----w- C:\Windows\System32\drivers\AVG
2011-12-26 03:26:57 -------- d-----w- C:\ProgramData\AVG2012
2011-12-26 03:26:28 -------- d-----w- C:\Program Files (x86)\AVG
2011-12-25 23:43:11 -------- d-----w- C:\Users\Cole\AppData\Roaming\.clamwin
2011-12-25 23:43:02 -------- d-----w- C:\ProgramData\.clamwin
2011-12-25 23:43:02 -------- d-----w- C:\Program Files (x86)\ClamWin
2011-12-25 16:39:24 323072 ----a-w- C:\Users\Cole\AppData\Local\aqb.exe
2011-12-25 16:39:23 323072 ----a-w- C:\Users\Cole\AppData\Local\fur.exe
2011-12-20 08:37:37 -------- d-----w- C:\FRST
2011-12-20 04:36:51 -------- d-----w- C:\ProgramData\STOPzilla!
2011-12-17 19:39:37 -------- d-----w- C:\Windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP
2011-12-16 02:32:06 -------- d-----w- C:\Windows\6833245EDD86479A882A8360D62C8194.TMP
2011-12-16 02:31:50 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2011-12-16 02:21:55 -------- d-----w- C:\Program Files (x86)\Eidos
2011-12-12 09:36:13 30720 ----a-w- C:\Windows\SysWow64\31HULNm6.com
2011-12-10 19:47:04 -------- d--h--w- C:\ProgramData\Common Files
2011-12-10 19:46:34 -------- d-----w- C:\ProgramData\MFAData
2011-12-09 21:20:08 79872 ----a-w- C:\Windows\SysWow64\31HULNm6.com_
2011-12-05 17:15:57 -------- d-----w- C:\ubuntu
2011-12-04 07:26:11 -------- d-----we C:\Windows\system64
2011-11-30 15:07:06 -------- d-----w- C:\grub
2011-11-29 19:22:39 3123272 ----a-w- C:\Windows\SysWow64\pbsvc.exe
2011-11-26 22:50:05 -------- d-----w- C:\Program Files (x86)\PowerDataRecovery
2011-11-26 22:00:18 -------- d-----w- C:\Users\Cole\AppData\Local\Windows Live
2011-11-26 21:59:51 -------- d-----w- C:\Users\Cole\AppData\Local\{E97A627A-47FF-4515-96D0-771DA3A5FBB2}
2011-11-26 21:59:51 -------- d-----w- C:\Users\Cole\AppData\Local\{3DE53483-BE23-4730-B590-8B25B20A6570}
.
==================== Find3M ====================
.
2011-12-26 03:15:21 119296 ----a-w- C:\Windows\SysWow64\zlib.dll
2011-12-25 02:55:30 280976 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2011-12-25 02:55:30 280976 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2011-12-21 20:54:10 280976 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2011-12-04 23:45:44 45056 ----a-w- C:\Windows\System32\acovcnt.exe
2011-11-29 19:22:40 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2011-11-25 17:07:50 313856 ----a-w- C:\ProgramData\Update 9-16-11.exe
2011-11-24 02:47:47 6004544 ----a-w- C:\Windows\System32\nvcpl.dll
2011-11-24 02:41:24 3028800 ----a-w- C:\Windows\System32\nvsvc64.dll
2011-11-24 02:38:53 2562368 ----a-w- C:\Windows\System32\nvsvcr.dll
2011-11-24 02:38:49 889664 ----a-w- C:\Windows\System32\nvvsvc.exe
2011-11-24 02:38:44 63296 ----a-w- C:\Windows\System32\nvshext.dll
2011-11-24 02:38:44 118080 ----a-w- C:\Windows\System32\nvmctray.dll
2011-11-24 00:29:36 406336 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2011-11-15 05:50:29 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-10 23:32:02 115272 ----a-w- C:\Windows\System32\drivers\MijXfilt.sys
2011-11-09 14:21:44 31040 ----a-w- C:\Windows\System32\nvhdap64.dll
2011-11-09 14:21:39 187200 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2011-11-09 14:21:39 1451840 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
2011-11-08 03:51:00 539456 ----a-w- C:\Windows\System32\nvhotkey.dll
2011-10-28 18:53:15 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2011-10-28 18:53:14 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2011-10-23 18:19:03 627600 ----a-w- C:\Windows\System32\deployJava1.dll
2011-10-07 11:23:46 283728 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2011-09-28 22:45:42 15453832 ----a-w- C:\Windows\SysWow64\xlive.dll
2011-09-28 22:45:42 13642888 ----a-w- C:\Windows\SysWow64\xlivefnt.dll
.
============= FINISH: 12:54:25.23 ===============

Relevance 100%
Preferred Solution: Windows Firewall fails to start and this fake anti-virus virus keeps coming back!

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Windows Firewall fails to start and this fake anti-virus virus keeps coming back!

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/434544 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
Please do this even if you have previously posted logs for us.If you were unable to produce the logs originally please try once more.If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system. If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available. Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.Thank you for your patience, and again sorry for the delay.*************************************************** We need to see some information about what is happening in your machine. Please perform the following scan again: Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.DDS.scr DDS.pifDouble click on the DDS icon, allow it to run. A small box will open, with an explanation about the tool. No input is needed, the scan is running. Notepad will open with the results. Follow the instructions that pop up for posting the results. Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE We also need a new log from the GMER anti-rootkit Scanner. Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step. Please first disable any CD emulation programs using the steps found in this topic: Why we request you disable CD Emulation when receiving Malware Removal Advice Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here: How to create a GMER logAs I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

9 more replies
Relevance 98.4%

Hello,I seem to have contracted a virus or malware of some description that generates fake, "Your Computer may be infected" - type alerts in my Windows taskbar and attempts to install a fake antivirus onto my pc called XPShieldSetup.exe. It also causes advertising popup, though this is fairly rare (once or twice an hour, max).I am running Windows XP, Service Pack 3, and I have Trend Micro PC-cillin Internet Security 14 for antivirus software. I have also turned on Windows firewall, as per the instructions on this site.My antivirus program detects an infected file called C:\WINDOWS\SysNotifier.exe, and classifies it as something called "Mal_FakeAV-9". It Quarantines this file repeatedly, but it always comes back, even if I manually drag it to the Recycle Bin.I have run HijackThis and attached a copy of the log file it created.Thanks in advance for your help. Here is my hijackthis log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:27:32 PM, on 4/28/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16827)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:&#... Read more

Answer:Malware of some sort causing ad popups, fake virus alerts, trying to install fake anti-virus, etc -- HijackThis log attached.

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resul... Read more

4 more replies
Relevance 97.17%

I have a nasty if not multiple nasty virus's and have not been successful removing them. It started with the XP Anti-Virus 2011 Removal fake anti-virus popping up with all real anti-virus programs disabled and anytime I try to go to an antivirus website I'm redirected to a random site. This happens in all browsers not just Internet Explorer. I also had many of my files changed to hidden file folders and also the start/all programs button does not show any of my programs. I mananged to get both Malwarebytes and Superantispyware on my computer and was able to get rid of much of the problems by running these programs. Now it seems the XP Anti-Virus 2011 has been removed but I still have the issue with my webpages being redirected depending on which page I try to access. I also have many processes that should not be running in the task manager and when i close them out they just start back up again. This worm seems to be accessing my iexplorer because there are multiple iexplorer.exe open at all times and sometimes the CPU Usage gets very high which is not normal for my computer. The final symptom is that at random times I get a webpage pop up or if not a webpage an error that reads like the following example:

An error has occured in the script on this page.

line: 13
Char: 1
Error: Object doesnt support this property or method
Code: 0
URL: http:/www2a.glam.com/mobile/detect.act?affiliatedld=288743725

Do you want to continue scripts on this page?

I will get at ... Read more

Answer:XP Anti-Virus 2011 Fake Anti-VIrus and webpages being Redirected Virus

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
Do not d... Read more

17 more replies
Relevance 96.35%

Hi,

This is my first post here, and my computer appears to be infected.

The Symptoms:
-- The desktop has "disappeared" and is replaced by a blank blue screen. The icons on the desktop are all gone.
-- There is no "bar" at the bottom: no start button, no task bar, no clock, no indications of open programs. i.e., the entire screen is blue.

-- However, the situation is different right after I start-up.
-- At first, I see all my programs. Sometimes I see the task bar and start button, clock, etc., sometimes not.
-- But something is wrong even then. The computer is slow. And I know desktop will not last long. Sometimes if I am quick I can double click on a desktop icon before the desktop disappears.
-- Sometimes there is a "transition" period. For a few seconds I'll see the desktop, then for a few it will go "all blue".
-- When it is "all blue", I can still get into programs. If I open up the task manager, I can click on the "New Task ..." button under the "Applications" tab.
-- I can still work with documents, but thinks are slow.
-- When I start in safe mode, I still have the problem of the missing desktop.

Other Signs:
-- When I can see the clock, it says "VIRUS ALERT!" followed by the time. My google searches inform me that this is a common symptom.

What I have done so far:
-- I've done the Norton "Quick Scan" -- found something the first time, and fixed i... Read more

Answer:Fake Anti-virus -- No Start Menu/task Bar/clock -- Or Has "virus Alert" At Clock

Welcome to BC no_more_virusIf you're using Windows 2000/XP, please print out and follow the instructions for using SDFix in BC's self-help tutorial "How to use SDFix". This program is for Windows 2000/XP ONLY.-- When using this tool, you must use the Administrator's account or an account with "Administrative rights"-- Disconnect from the Internet and temporarily disable your anti-virus and any anti-malware real time protection before performing a scan.When done, the SDFix report log will open in notepad and automatically be saved in the SDFix folder as Report.txt. Please copy and paste the contents of Report.txt in your next reply. Be sure to renable you anti-virus and and other security programs before connecting to the Internet.To fix the policy restrictions created by this infection, please open the SDFix folder or download XP_CodecRepair.inf and save it to your desktop. for Windows XP ONLY. Right-click on XP_CodecRepair.inf and select Install from the Context menu.Note: To download the .inf file, go to File, choose "Save page as" All Files and save XP_CodecRepair.inf to your desktop.Then log off or reboot to apply the changes.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has f... Read more

3 more replies
Relevance 95.12%

I hope that this is in the right section but I am having a problem with my computer. I can constantly hear programs running in the background. I currently have two anti spyware/malware installed on my computer. One is SpyHunter and the other is CyberDefender. They both are picking up on some virus called Vundo and everytime I delete it, it just comes right back. It is so frustrating surfing the internet because it freezes or moves extra slowly. Figured I'd ask you guys before I take a hammer to it lol.

Thanks

Answer:Windows XP SP2 running slow, virus protection catches it but the virus keeps coming back

Hello,i am moving yjis to the Am I Infected forum from XP.Please disable those apps while we do this.Next run MBAM (MalwareBytes):NOTE: Before saving MBAM please rename it to zztoy.exe....now save it to your desktop.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the St... Read more

9 more replies
Relevance 92.66%

Attention please! There is a new adware "Anti-Virus-1". Its a fake anti-virus program which looks like Windows default "Security Center".
<a target='_blank' title='ImageShack - Image And Video Hosting' href='http://img155.imageshack.us/my.php?image=antivirus1.jpg'><img src='http://img155.imageshack.us/img155/3616/antivirus1.jpg' border='0'/></a><br/><a href="http://g.imageshack.us/img155/antivirus1.jpg/1/"><img src="http://img155.imageshack.us/img155/antivirus1.jpg/1/w570.png" border="0"></a>
Here is what the "Panda Labs" says: It is designed to simulate a scan of the computer, supposedly detecting thousands of strains of (non-existent) malware. The end aim is to sell users a pay version of the fake antivirus in order to eliminate the threats.
When run, this adware warns the user that the computer is not protected. The main screen displayed is a spoof of the Window Security Center.
It then pretends to scan the system for malware. If users do not immediately take the bait and buy the pay version of the fake antivirus, the malicious code will sporadically display a message reminding the user that the computer is infected.
In warning messages, and after the fake scan, a link is provided from which users can download the fake antivirus. Anyone clicking on the link will be redirected to a page like this.
Additionally, when infected users visit certain Web pages with compara... Read more

Answer:Beware of “Anti-Virus-1″ - Another Fake Anti-virus in Town

Thanks for the heads up. Rogue programs appear to be everywhere these days.

5 more replies
Relevance 92.25%

Hi all,

I think my computer (hp desktop with Windows XP) got infected with similar virus(es) as many of you posted. It started with frequent popup windows warning about internet security attack, and 'Programs' and other selections under START are invisible. So I followed instructions on one thread of this forum to download SDFix, then tried to restart in safe mode and failed.

I was able to reboot after performing system recovery, but when I run SDFix, I didn't see the same message as shown in the instruction page, with a y/n choice. Instead, I got many more choices (A-E, 1-3, etc) and none of them looks like the right one. Should I download Malwarebytes' Anti-Malware and run it first?

Thanks a lot for your help!

Answer:Fake Anti-virus Warning, Programs Under Start Invisible, Endless Reboot

You should not be following specific instructions provided to someone else. Those instructions were given to help fix that particular member's problems, NOT YOURS. Before taking any action, the helper must investigate the nature of the malware issues and then formulate a fix for the victim. Although your problem may be similar, the solution could be different based on the kind of hardware, software, system requirements, etc. and the presence of other malware. Using someone else's fix instructions could lead to disastrous problems with your operating system. It's best that you tell us what specific issues YOU are having rather than point to someone else.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click... Read more

6 more replies
Relevance 91.02%

I have gotten the Fake Anti Virus 2011,
Have followed the directions from (Bleeping Computers) web site using, RKILL, Malware Bytes and Security essentials. When i am finished my icons on the descktop were gone, (Fixed them with "properties, advanced aand unclicking hidden files" but I still have no Icons in the all programs menu in the start menu except those that i have loaded since the fix. (PSI)
any ideas?

Answer:Missing Program Icons in Start menu. All Programs after fake anti virus 2011

What else is currently wrong with the system?

Any indication that your malware problems still exist?

Louis

7 more replies
Relevance 89.38%

My anti-virus said it removed a trojan. When I restarted my computer my anti-virus was turned off and it won't turn back on. I ran MalwareBytes and I didn't find anything, so I need some help.

Answer:Anti-virus removed virus now anti-virus won't turn back on.

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results hereDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

11 more replies
Relevance 89.38%

First off, i'm sorry if this is not in the right place.

Ok, 2nd off I am very good about not getting viruses, I haven't had one in years & yes I am running a legit virus scanning program. I woke up this morning and logged onto my PC & all of a sudden it started going absolutely crazy, now I can't do anything on it. I have not installed or downloaded anything in a couple of days and yesterday it was running 110% fine. I was wondering if anyone could help me with the solution on this because I don't know what to do, I do not want to format. I just rebooted my pc & now i'm running it in safe mode to see if I can get my virus scan running because it wouldn't let me do anything when I just started it up. If that doesn't work then i'm up for other suggestions because I honestly don't know what to do.

Answer:Fake Windows 7 anti-virus

Hi, Erased.

Windows 7 has a much more robust System Restore than XP and Vista so you may want to try that first. If that isn't successful, I suggest MBAM. Instructions:

Please download Malwarebytes' Anti-Malware to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, be sure Quick scan is selected, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, EXCEPT items in System Restore as shown in this sample:

Click Remove Selected.

9 more replies
Relevance 88.56%

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:57:03 PM, on 9/9/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16876)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\Brmfrmps.exeC:\WINDOWS\System32\GEARSec.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Dell Support Center\bin\sprtsvc.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\WINDOWS\system32\SearchIndexer.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\system32\BRMFRSMG.EXEC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\Dell\Media Experience\DMXLauncher.... Read more

Answer:Please diagnose Hijackthis log: Personal Guard 2009 virus (fake anti-virus)

DDS (Ver_09-07-30.01) - NTFSx86
Run by Admin at 14:22:35.14 on Wed 09/09/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1270.580 [GMT -4:00]
============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Progra... Read more

3 more replies
Relevance 88.56%

I have a computer with Windows XP Pro SP3 running IE8 when I do google searches and click on the results I am redirected to a different page than what is shown in the result. I've run Malwarebytes and it did not find any viruses or malware, I restored the computer back to a date prior to when the redirects where happening, that did not work. Webroot says it is finding viruses but I can't quarentine or delete the viruses. Webroot listed the location of several viruses and when i checked that location nothing was there, several registry entries and temporary internet files. Unfortunately after I did the system restore webroot is not working properly so I can't post its logs below is the output of DDS. I also attached the attach.txt from DDS, I can't attach a GMER log because it is too large. If it needs to be emailed to someone please let me know.Thanks,Pete.DDS (Ver_11-03-05.01) - NTFSx86 Run by Pete at 8:19:12.42 on Tue 04/05/2011Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3037.2325 [GMT -7:00].AV: Webroot AntiVirus with Spy Sweeper *Enabled/Updated* {77E10C7F-2CCA-4187-9394-BDBC267AD597}.============== Running Processes ===============.C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k nets... Read more

Answer:Infected with Google redirect virus and fake anti-virus software pop ups

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

3 more replies
Relevance 88.56%

Hi there.

Two days ago I was sent a fake youtube link through YIM. I clicked on the link not knowing it was a fake. It started with a letter G before the words youtube on the URL. Once I clicked on it, it took me to a page that appeared to be a youtube page. Once there, it said that I had to update my Adobe in order to see the video. Well, like an idiot I clicked on it and all he-- broke loose. I now don't have access to use any of the following on my computer: Safe Mode, System Restore, Spybot Search and Destroy, AVG, Super Antispyware, or Ccleaner. If I hit F8 after rebooting the computer, it takes me to the black screen where I can choose Safe Mode. Once there, I pick safe mode and it brings me back to the same black screen over and over again. When I try to do system restore, it says it's disabled by group policy. I've searched high and low to try to fix the System Restore problem and it just won't let me. Can someone please help me? I'm going crazy over here. Thanks so much.
 

Answer:Fake youtube link gave me a virus, disabled spyware/malware/anti-virus

Hello again.

I have realized that I have this lingering around somewhere in my computer. $McRebootA5E6DEAA56$

Would anyone be able to tell me how I go about trying to find out in which folder this is at? I found this running when I entered msconfig on the Run field.
 

1 more replies
Relevance 88.56%

Hi there.

Two days ago I was sent a fake youtube link through YIM. I clicked on the link not knowing it was a fake. It started with a letter G before the words youtube on the URL. Once I clicked on it, it took me to a page that appeared to be a youtube page. Once there, it said that I had to update my Adobe in order to see the video. Well, like an idiot I clicked on it and all he-- broke loose. I now don't have access to use any of the following on my computer: Safe Mode, System Restore, Spybot Search and Destroy, AVG, Super Antispyware, or Ccleaner. If I hit F8 after rebooting the computer, it takes me to the black screen where I can choose Safe Mode. Once there, I pick safe mode and it brings me back to the same black screen over and over again. When I try to do system restore, it says it's disabled my group policy. I've searched high and low to try to fix the System Restore problem and it just won't let me. Can someone please help me? I'm going crazy over here. Thanks so much.
 

Answer:Fake youtube link gave me a virus, disabled spyware/malware/anti-virus

You can try doing this:

Here is the link to the MS article How to recover from a corrupt registry.
 

5 more replies
Relevance 88.15%

The program says it is removing the problem however the virus keeps coming back. It was run in safe mode.
AVG 8.0 Anti-Virus command line scanner
Copyright © 1992 - 2008 AVG Technologies
Program version 8.0.145, engine 8.0.0
Virus Database: Version 270.10.9/1900 2009-01-18

C:\WINDOWS\system32\ezodsp.dll Trojan horse Vundo.DO Object was moved to Virus Vault.
C:\WINDOWS\system32\efcBsPGa.dll Trojan horse Vundo.DM Object was moved to Virus Vault.
C:\WINDOWS\system32\winlogon.exe (588) Trojan horse Vundo.DO Object was moved to Virus Vault.
C:\WINDOWS\system32\ssqPgEtu.dll Trojan horse Generic12.AWPU Object was moved to Virus Vault.
C:\WINDOWS\system32\lsass.exe (672) Trojan horse Generic12.AWPU Object was moved to Virus Vault.
C:\26c2d1535b56d242cf2bfb61228a81\msxml4-KB927978-enu.log Locked file. Not tested.
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Locked file. Not tested.
C:\Documents and Settings\Christine\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Locked file. Not tested.
C:\Documents and Settings\Christine\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Locked file. Not tested.
C:\Documents and Settings\Christine\NTUSER.DAT Locked file. Not tested.
C:\Documents and Settings\Christine&... Read more

Answer:Antivirus 2009 Fake Anti-Virus Trojan Virus

Let's try a different scanner--------------------The process of cleaning your computer may require temporarily disabliling some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click ... Read more

1 more replies
Relevance 88.15%

Hi, I've been having problems on my computer with ads and anti-virus pop ups and now some kuykwyey.sys and it's opening my browsers and slowing my computer down. I can't get rid of it and I'm having a hard time cleaning this up. Any help would be fantastic.

Here's my HijackThis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:18:38 PM, on 11/19/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOW... Read more

Answer:Anti-Virus Doctor and fake Microsoft virus scanner

Hello and welcome to Bleeping Computer We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for postin... Read more

12 more replies
Relevance 88.15%

Recently acquired a laptop with infections that seem to mimick the Windows 2012 Fake Anti Virus infections that I've seen. Defogger has already been used to turn off the CD Emulation and I scanned with SAS Super Anti Spyware to see what I could find. Internet connection (wired and wireless) was unable to connect until after the first SAS scan. Upon the first scan SAS located Malware.Trace and a SVC Host.Fake file. They were quarantined and then I had access to the Internet temporarily. I used Defraggler to try and get some sense of order on the system but it appeared to load what I thought was originally a worm back into the system as the hard drive re-acquired about 20Gb of used space just from Defragging. The Norton Anti-Virus has been allegedly expired so I turned on the Windows Firewall. Below is the first DDS file as well as the attachment located on the Attachments list.
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Todd at 17:32:22 on 2012-03-19
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.2813.1531 [GMT -4:00]
.
AV: Norton 360 *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windo... Read more

Answer:Windows 2012 Fake Anti-Virus?

Hello and Welcome to Bleeping Computer!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us1.Do not run any other tool untill instructed to do so!doing so will only at best cause you unneeded worry as it finds our backups and may even list our toolsand at worst can cause conficts with our tools and lead to unforseen things to happen2.Please Do not Attach logs or put in code boxes.besides the time it takes me to open the reports it makes it harder to find something if I need to go back to do more research and putting them in code boxes just makes them so hard to read3. After each step give me a little feedback It does not need to be long but just something so I know how things are going it can be something likeI am still getting redirected The computer is running as it shouldDon't put things like - it is the same as before or still the same this just makes me go back and look for you last feedback as to how things are4. read every post completely before doing anythingPay special attention to the Notes** I have put inThese are things I have found that happen allot and can be taken care of easily just by reading the Notes**Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Ba... Read more

19 more replies
Relevance 88.15%

Hi,

I'm running 32 bit Vista and my computer is infected with a trojan, I think. Basically, there is a little Windows type symbol in the bottom of my screen that keeps popping up and saying things like;
Code:
"Windows Security has detected spyware/adware"
Code:
"Your computer is infected! It is recommended you run a spyware tool"
And there is also a pop up in the main part of my screen that says;
Code:
CRITICAL ERROR! System halted as a result of the critical kernel error.
As per the instructions in one of the sticky threads, I downloaded and ran HiJackThis and this is what's in the notepad file.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:56:35 PM, on 22/03/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\igfxsrvc.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Prog... Read more

More replies
Relevance 88.15%

My sister got a virus and some malware I'm afraid on her laptop. I ran malwarebytes and it found something and removed them. I also ran AVG and it found nothing else. After doing this when she was using it the next day, while she was online she got this pop-up that looked like a MS Windows virus warning. It was fake because I have seen this type of pop-up before and it also started to want to download a file, which I stopped. But after disconnecting from the web I ran malwarebytes and AVG scan again and nothing was found. So I ran hijackthis to see if something was still lurking in the registry. Attached is the log, could you look it over for me? I'm not sure what to look for...

Answer:fake Windows anti-virus window

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the ... Read more

2 more replies
Relevance 87.74%

IS the esset firewall any worth comparied to comando? or outpost or others? I know its mainly a anti virus with built in firewall but does is it worth it? is comando the best?

Answer:eset firewall and anti virus or whats the best firewall with windows

If you are looking for a firewall and an antivirus, look no further than windows firewall and MSE.
Who knows windows better than microsoft.

Microsoft Security Essentials - Free Antivirus for Windows

9 more replies
Relevance 87.74%

My brother has a computer that will not load avg anti virus, spybot, ad aware or windows update. I ran an online scan using panda software and it found alot of spyware and I downloaded the trial version and it won't load either. I keep getting an error message saying it has generated errors and has to close. Is this a virus and how do I get rid of it? The computer is a custom built with windows 2000 and 2.66 GHZ Celeron
 

Answer:anti-virus windows update won't start, virus problem???

6 more replies
Relevance 87.33%

Well about a week ago some bull shit fake anti virus popped up on my desktop and basically crippled my PC. It broke my windows security essentials install, turned off my firewall, and would not let me use my web browsers at all.

I finally had the time to try and get rid of it today and when I turn on my PC its no longer there! I was able to reinstall MSE and turn back on my firewalls. After doing a full scan with MSE it turned up nothing. Think I am in the clear or should I reformat? I really don't want to do that but I don't want all my passwords stolen either.

Edit: Grr nvm it wont let me turn on the Windows Security Service Center. When I click turn on it says service can not be started. Is there anyways I can get that back on somehow?
 

Answer:Windows 7 anti spyware 2011 (Fake virus)

So, just how does this stuff get such a strangehold with UAC a standard part of the picture etc....? Or did you approve a UAC requester too?
 

15 more replies
Relevance 87.33%

My parents clicked the ?Infect my computer? button on a pop-up. The PC will not completely boot into Windows XP (not even safe mode). When you press the power button the Windows failed to load properly...... Boot in safe mode etc menu appears. It doesn't matter which option you choose, as soon as the Windows desktop background appears, the Windows is shutting down screen appears and the computer shuts off.

Using a Ubuntu live CD I accessed their cookies and found the last entry was buy-internet-security-10(1).txt

I used an Avira rescue CD in ?Action at malware discovery: Protocol malware record only?.

Avira reports:

U.exe <<<is the Trojan horse TR/Dldr.FraudLoad.wxvl.18

(TR/Dldr.FraudLoad.wxvl.18) is reported in many other places as well as:

TR/Crypt.ZPACK.Gen
TR/Crypt.XPACK.Gen2
TR/Rootkit.Gen

What is the best course of action?

Thank you in advance.

Answer:Fake anti-virus warning; Now PC will not load Windows

More Info:


In the process of backing up documents (using ubuntu) I found: Internet Security 2010 is also present -> C:\Program Files\Internet Security 2010



--Brian

3 more replies
Relevance 86.92%

Earlier today my computer began to act strangely. Shortcuts linking to such programs as "Micro Antivirus 2009", "QUALITY PORN", "BEST ZOO PORN", etc. began to appear on my desktop. Also I have been receiving fake Anti-Virus errors, trying to lead me to purchasing Anti-Virus products, amongst other products. Also, fake blue error screens appeared on my desktop if I allowed it to go to the screensaver. Then it would go through a fake reboot and send you back to the desktop. I ran various scans with AVG, ComboFix and Malwarebytes' Anti-Malware. All of the programs have found various trojans and viruses, and for the most part remove them. But then they suddenly re-surface after they have been removed. Thank you very much for reading.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:40:32 PM, on 9/15/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\Bon... Read more

Answer:Various Shortcuts Created On Desktop + Fake Anti-virus Warnings + Fake Error Screens & More.

HII ran various scans with AVG, ComboFix and Malwarebytes' Anti-Malware.Please post all the logs you have ...steam

1 more replies
Relevance 86.51%

I noted that on start-up of my computer that my anti-virus was now, the last program to load. When looking at the task manager that shows all your running programs, I switched to the start-up dab which show the running programs and their priority on start-up. I noted that my anti-virus in now at medium. The question is simple, at least I thought, how do I change it to high?

More replies
Relevance 86.1%

As said in the title, the Windows Xp Security Center virus keeps on coming back. I've gotten rid of the thing 6 times now, and I'm sure it'll come back again unless I find to cause of it. I also noticed that my automatic updates is off, and I can no longer turn it on. It always says that it's unable to change settings. I have no idea what to do. Anytime I get the virus, I just scan and remove it, but it's becoming a real nuisance, and I want to stop getting it now. Any help would be much appreciated.

Here's my DDS log.
.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Run by Jonathan at 11:19:44 on 2011-05-30
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3069.2185 [GMT -4:00]
.
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\W... Read more

Answer:Windows Xp Security Virus Keeps Coming Back

Hello, Welcome to TSF.
I'm nasdaq and will be helping you.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

Please do not install or uninstall any programs, or run any other scanners or software, unless I specifically ask you to do so. Also please copy and paste logs into the thread, rather than add them as attachments.
===

Please download Malwarebytes Anti-Malware and save it to your desktop.[list]
alternate download link 2Make sure you are connected to the Internet.
Double-click on Download_mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware

Then click Finish.
MBAM will automatically start and you will be asked ... Read more

11 more replies
Relevance 86.1%

I've removed this virus sooo many times now, and it seems to keep coming back. Also, now i have the "generic host processes for win32 services has encountered an error" type thing going on, and I'm not sure if it's a virus, a bad driver, or some other error. I've run the Malwarebytes and Avira scan to remove the virus again, but it'll probably return quite soon. Here are my Malwarebytes logs:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6476

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/29/2011 11:29:53 PM
mbam-log-2011-04-29 (23-29-53).txt

Scan type: Quick scan
Objects scanned: 153582
Time elapsed: 17 minute(s), 17 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
c:\documents and settings\Jonathan\local settings\application data\umy.exe (Trojan.FakeMS) -> 3188 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInterne... Read more

Answer:Windows XP Security Virus Keeps Coming Back

Hello,And welcome to BleepingComputer.com, before we can assist you with your question of: Am I infected? You will need to perform the following tasks and post the logs of each if you can.Malwarebytes Anti-MalwarePlease Update Malwarebytes Anti-Malware and run a FULL SCAN, then post the new log here along with the others.SUPERAntiSpyware:Please download and scan with SUPERAntiSpyware FreeDouble-click SUPERAntiSypware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)In the Main Menu, click the Preferences... button.Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminat... Read more

1 more replies
Relevance 86.1%

As said in the title, the Windows Xp Security Center virus keeps on coming back. I've gotten rid of the thing 6 times now, and I'm sure it'll come back again unless I find to cause of it. I also noticed that my automatic updates is off, and I can no longer turn it on. It always says that it's unable to change settings. I have no idea what to do. Anytime I get the virus, I just scan and remove it, but it's becoming a real nuisance, and I want to stop getting it now. Any help would be much appreciated.

Answer:Windows Xp Security Virus Keeps Coming Back

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined below. Use a USB flash drive to download and transfer the tools to the affected machine, if necessary. You might like to run the Flash_Disinfector.exe on the clean machine and the flash drive first to protect against any possible transfer of infection via USB.


NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

1 more replies
Relevance 85.69%

Hi there,I'm having a lot of trouble which I recently obtained on my computer. Whilst visiting a cinema's website in Google Chrome (www.hoyts.com.au) and doing nothing else on my computer, I received a popup from my taskbar saying:"Windows Security Alert: Windows reports that computer is infected. Antivirus software helps to protect your computer against viruses and other security threats. Click here for the scan your computer. Your system might be at risk now."Immediately after, an icon came in my taskbar of a red and yellow sheld with a green stripe running through it, and a fake antivirus program popped up, labelled "Antivirus Action". It started performing a "scan" of my computer. I immediately tried closing everything that came up, turned off my internet and went straight to AVG and Malwarebytes to see if there was anything I could do. Upon trying to open AVG, I received the following error message:Title: Security WarningMessage: "Application cannot be executed. The file avgui.exe is infected. Do you want to activate your antivirus software now?"Options: Yes or NoClicking Yes attempts to open the following URL in Internet Explorer: http://antispyroad.net/shop?abc=cGdpZD03JnI90C4xClicking No closes the pop-up, but then continues another fake scan in the toolbar.The exact same thing happened when trying to open Malwarebytes, as well as Google Chrome, Mozilla Firefox and Internet Explorer.I am now on another computer and have ... Read more

Answer:Infected with fake anti-virus virus

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The ... Read more

3 more replies
Relevance 85.69%

Hi Guys,

My mother had a virus on her laptop where a fake anti-virus software called Security Tool kept opening pop ups telling her she had all sorts of trojan horses & viruses on her computer. I managed to stop the pop-ups but the computer is still infected.

I have tried using MalwareBytes to remove the virus as a few articles recommend this software. However I cannot even run a scan using MalwareBytes, it installs and opens (this was after I changed the .exe filename) then when I click scan it closes after about 2 seconds. So I looked up various fixes for this aswell and none have worked....I am literally running out of things to do!! Unfortunately I do not have a boot disc but any help would be greatly appreciated.



=========================================================




DDS (Ver_10-03-17.01) - NTFSx86
Run by Vonny at 23:49:35.09 on 27/09/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.499 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
... Read more

Answer:Fake Anti-Virus Software Virus

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Please post the C:\ComboFix.txt in your next reply for further review.

Please re-enable your antivirus before posting the ComboFix.txt log.

------------------------------------------------------

If you have trouble running ComboFix in Normal Mode, run it in Safe Mode with Networking: Restart your computer.
After hearing your computer beep once durin... Read more

5 more replies
Relevance 85.69%

EDIT:Moved to appropriate forum,Virus, Trojan, Spyware, and Malware Removal Logs ~~boopmeLogfile of Trend Micro HijackThis v2.0.4Scan saved at 10:25:51 AM, on 10/2/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16981)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\WINDOWS\system32\CSHelper.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\system32\PnkBstrA.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exeC:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GSv2.exeC:\WINDOWS\system32\wscntfy.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\Winamp... Read more

Answer:Browser redirecting virus///Virus keeps coming back//Thank You

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the ... Read more

2 more replies
Relevance 84.46%

How to Remove Win 7 Anti-Spyware 2011 (Fake Anti-Virus Infections)





Quote:
If your PC is infected with the Win 7 Anti-Spyware 2011 malware or something similar, you?ve come to the right place, because we?re going to show you how to get rid of it, and free your PC from the awful clutches of this insidious malware (and many others)
Win 7 Anti-Spyware 2011 is just one of many fake antivirus applications like Antivirus Live, Advanced Virus Remover, Internet Security 2010, Security Tool, and others that hold your computer hostage until you pay their ransom money. They tell you that your PC is infected with fake viruses, and prevent you from doing anything to remove them.
This particular virus goes by a lot of names, including XP Antispyware, Win 7 Antispyware, Win 7 Internet Security 2011, Win 7 Guard, Win 7 Security, Vista Internet Security 2011, and many, many others. It?s all the same virus, but renames itself depending on your system and which strain you get infected with.


Source ...

Answer:How to Remove Win 7 Anti-Spyware 2011 (Fake Anti-Virus Infections)

Thanks for the information. I hope I never have to use it.

2 more replies
Relevance 84.46%

Howdy,

I was wondering if anyone has done much experimenting yet with both anti-virus software and/or firewall software for Windows 8? Any recommendations for free software? I just upgraded (majorly) from Windows XP (as in bought a new machine) and my pair of choice before was Avast & ZoneAlarm.

Also, is something natively installed on Windows 8 that now makes one or both of these no longer needed? I kind of doubt it...

Thanks for your recommendations!
 

Answer:Windows 8 - Anti-virus/firewall?

Windows 8 comes with a reworking of Windows Defender. This version for Win 8 is like a combination of Win Defender and Microsoft Security Essentials. So yes it does come with a built-in anti-virus, antispyware.
 

7 more replies
Relevance 84.46%

Do I need to get my own internet security for windows 10, or does it have its own security

Answer:windows 10 anti virus and firewall

Windows 10 will come with its own Firewall as all previous versions have done but you will need to add an Anti-Virus program of your own choice. In addition I would advise installing Malwarebytes and Anti-Spyware.

8 more replies
Relevance 84.05%

I worked with Broni all day today and he was extremely generous with his time. My problems started about 10 days ago when I found the Vista 2012 Security virus on my machine. My AV quarantined the viruses but I had no internet. I ran the various fixes including Rkill and Combo-Fix and got my internet back a few days later. It was fine all week and then yesterday it went down again. Broni helped me through the following thread:

http://www.bleepingcomputer.com/forums/topic441308.html/page__st__15
He helped me get my internet back and my system seemed to be running better than ever tonight. Then, after running the Mini Tool Box and aswMBR tools, the computer restarted and couldn't. It asked me if I wanted to go to a restore point and repair which I selected Yes to. It restarted, slowly, and I found that my firewall was disabled, my MBAL was corrupt or missing and my Avira Anti-Virus was shot as well. Scary.

Broni then told me to follow these instructions here:

http://www.bleepingcomputer.com/forums/topic34773.html
I have begun to do that and will post the logs associated with the steps. I really appreciate anyone that can help me.

Answer:Please HELP me... Virus has knocked out firewall, Anti-Virus, MBAM and internet!

DDS Log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_26
Run by Todd at 22:52:16 on 2012-02-04
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.2036.1314 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:... Read more

49 more replies
Relevance 84.05%

Tech Support Guy,

My computer is very slow. I can not update any of my anti-virus software or anti-malware. I have no idea what to do. Can someone please help me...

Here is my HJT log.

Thanks in advance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:23:17 AM, on 3/15/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Java\jre6\bin\jqs.... Read more

Answer:Virus! Computer very slow...firewall down and cant update anti-virus

16 more replies
Relevance 84.05%

Here is the list of the problems in order of which I noticed things going awry:

1. My Firefox browser will re-direct my google searches to a new Firefox window pop-up with "google-analytics" in its address bar, but would never finish loading the new popped-up window. Firefox would also re-direct and never finish loading my google searches by opening a new tab with a "directdlr.com/....." in its address bar.

2. Microsoft Office 2010 applications don't open, instead a "DW20.exe" and a "DWWin.exe" replicates itself an infinite number of times in my processes, maxing out my CPU.

3. My anti-virus applications (Spyware Doctor, Microsoft Security Essentials, avast!, malwarebytes) won't update, and therefore won't run or scan. Firefox also won't load various anti-virus sites, such as this message board.

4. Other applications crash directly upon opening them (VLC Media Player)

Solutions that I've tried:

1. Resetting my router. I'd read somewhere online that doing this would solve the problem. It did not.

2. Trying to restore from a restore point. I opened System Restore, but the restore points were all very recent and within the timeframe of infection.

3. Un-installing Microsoft Office 2010 and re-installing. System won't let me un-install.

Here are my scan reports:

DDS (Ver_10-03-17.01) - NTFSx86
Run by dildon at 14:31:20.50 on Fri 06/04/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20
Microso... Read more

Answer:Browser Re-directs; Microsoft Office Fails to Load; Anti-Virus Fails to Update:upset:

Hi

Please do the following:

Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2



**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.When finished, it will produce a report for you.
Please post the C:\ComboFix.txt for further review.

14 more replies
Relevance 83.23%

I have had a few problems with this. I will be on a completely harmless website, such as Youtube and suddenly Java 6 will start loading and then a fake anti-virus or a fake anti-spyware program will open up and I can't open any programs and it will tell me I have hundreds of viruses and that I have to buy their program, or some will even pretend to be from Windows Vista. What free progams can I use that will stop these from attacking me? I have Malwarebytes, AVG, and Spybot: S&D. What causes these? I don't even go on bad websites and I get these.

Answer:Fake anti-virus/anti-spyware attacks. Please help!

Hello, and welcome to Computer Hope Forums!I'm Crush but, you can call me Chris too and I will be helping you with your Malware issuesPlease note the following information about the malware forum:Only members of the Malware Removal Specialist user group are allowed to give advice on removing malware from your computer. Do not follow the advice of anyone without that user title.From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by the staff I noted above. Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.If you have already asked for help somewhere, please post the link to the topic you were helped.We try our best to reply quickly, but for any reason we do not reply in two days, do this:Reply to this topic with the word BUMP.Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.Now that we have that out of the way:Download OTL  to your DesktopDouble click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.Under the Custom Scan box paste this inCode: [Select]netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%systemroo... Read more

1 more replies
Relevance 83.23%

Antivirus vanished! Can't install ANY new one!Can't access microsoft and any anti virus sites (thus i cannot download or scan my computer from there)I tried to install a copy of avast pro but the set- up immediately close after opening, i also noticed a lot of programs behaving like this just like the bandmaster game from e games and Grand Theft Auto Vice City( once i opened it, it immediately closes)Tried to install that in safe mode, but the computer does not start and reboots back into normal mode.This is the content of DDS logDDS (Ver_10-11-26.01) - NTFSx86 Run by neopc10 at 19:47:12.65 on Fri 11/26/2010Internet Explorer: 6.0.2900.2180Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.353 [GMT -8:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Common Files\Acronis\Schedule2\schedul2.exeC:\WINDOWS\System32\svchost.exe -k AkamaiC:\WINDOWS\system32\svchost.exe -k imgsvcC:\WINDOWS\Explorer.EXEC:\Program Files\KGB\Mpk.exeC:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exeC:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exeC:\WINDOWS\PixArt\PAC7302\Monitor.exeC:\Program Files\... Read more

Answer:anti virus banished.can't install any anti virus programs, can't acces microsoft and anti virus sites!!!...

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the ... Read more

2 more replies
Relevance 83.23%

I think I have a virus. I just clicked on an exe file that I wasn't sure about. After I rebooted my system, my firewall and McAfee won't load-up.

The exe file I clicked on is Replay AV 8.42.exe.

What should I do?

Thanks in advance for any help!
 

Answer:Clicked on exe - Now firewall and anti-virus are turned off - Virus?

You are infected most likely and need to run a hijack this file and post it in the Malware Forum for help.
http://blog.trendmicro.com/hijackthis-version-202-available-now/
 

3 more replies
Relevance 82.82%

hi,

was in the middle of browsing last night and got hit with this virus. a screen popped up and said my computer was infected and to scan my drives. at the same time, it shut down chrome and my ad-aware watch popped up and said started a live scan. I let ad-aware finish, restarted my computer, and I got the same fake antivirus pop ups as before. ad-aware started again in the background. I let it finish again and restarted again, and the same process happened. this is the popup I get after I restart:


it also turns my desktop white after I click OK.

I stopped the scan and tried to open chrome, firefox, IE, nothing works. sometimes they won't even open (and a popup will say that the file is infected) and sometimes it will open but will not display any websites; the browser just remains white or gives me a "this webpage cannot be displayed" general error.

I tried to open add/remove programs and nothing shows up (the window opens but I do not get a list of programs, the area is just white).

I was able to save GMER and DDS to a flash drive and ran them from the desktop.

during my GMER scan I had periodic popups saying my files were infected and that a scan would begin (which of course it didn't). eventually the pop ups stopped but all 3 browsers still don't work.

also, regarding the GMER scan, I have two hard drives, C: and F: (not partitioned, 2 actual drives). I unchecked F and left C checked. while the main drive is C, most of my actual file... Read more

Answer:virus prompting me to install fake anti-virus software.. "Worm.Win32.Netsky"

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Please see this >> http://img.photobucket.com/albums/v6...ee_disable.gif

Please post the C:\ComboFix.txt in your next reply for further review.

Please re-enable your antivirus before posting the ComboFix.txt log.

------------------------------------------------------

15 more replies
Relevance 82.82%

I am running Window 7 on a HP.
I keep getting Fake Plugin attempt 2 that keeps popping up.
 
I ran a full scan with Norton 360 and it said that it "resolved" 112 cookies.
 
Thank you in advance
 
Tony

Answer:Fake Plugin 2 virus keeps coming up on Norton

Hello,
 
Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
§  Flush DNS
§  Report IE Proxy Settings
§  Reset IE Proxy Settings
§  Report FF Proxy Settings
§  Reset FF Proxy Settings
§  List content of Hosts
§  List IP configuration
§  List Winsock Entries
§  List last 10 Event Viewer log
§  List Installed Programs
§  List Devices
§  List Users, Partitions and Memory size.
§  List Minidump Files
§  List Restore Points
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
---------------
ESET Online Scanner
§  Click here to download the installer for ESET Online Scanner and save it to your Desktop.
§  Disable all your antivirus and antimalware software - see how to do that here.
§  Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
§  Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
§  Select Enable detection of potentially unwanted applications.
§  Click Advanced Settings, then place a checkmark in the following:
o    Remove found threats
o    Scan archives
o    S... Read more

1 more replies
Relevance 82.82%

I picked up the fake "Anti Virus Warning" Virus/Trojan while on a peer to peer site. It's on my laptop. Ive gotten this a few times before and Mal-ware Bytes has always handled it or doing a system go back to a known good date would fix it. Also tried my McAfee and Windows Defender which detected a files and deleted it. This time, nothing worked worked. When I tried opening the Go Back option nothing opened. I tried that several times. This looked like it was blocking a lot of things to keep me from trying to get at files or to see what was running. I came to this site and saw several suggestions to run ComboFix, so I downloaded it, on another computer and installed it on the laptop, since I had the network shut down on the laptop to keep it from continuly downloading unwanted sites. I installed the Combo-fix file in the computer and then ran it, but it never got past the first blue screen - "ComboFix is Preparing to Run". I waited for over an hour and that screen never changed.

Anyone have any more suggestions?

Answer:Fake Anti Virus virus

Hello and Welcome.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

A Reminder....

As seen in Post #2 of our sticky topic 'NEW INSTRUCTIONS Read this Before Posting For Malware Removal Help'

Quote:




Why we don't ask you to run ComboFix from the onset

As stated by the author of ComboFix:

ComboFix is a very powerful tool which when improperly used may render your machine to a doorstop.

We first need to verify if there's any rootkits present and how they could affect our tools. DDS & GMER are preliminary scans. We use their logs to map our strategy for attack.

With these logs we can determine the i... Read more

1 more replies
Relevance 82.82%

Hi all I'm new here. I'm hoping you guys can help me out. I recently was infected with a Fake Anti-Virus Virus and it basically closed out of every program I was running as well as prevented me from going on the internet and even reopening any other program. The first thing I did was restart in safemode and scan using AVG and MalwareBytes and it did find a trojan and removed it. I then restarted normally and it was still basically doing the same thing. I then checked my restore point and it gave me a date of a few days before, so I decided to do that. Once the restore was done everything seemed to run fine and I was no longer getting Anti-Virus pop ups and was able to get on online again. The only problem is that I noticed that my computer was starting up 5 times slower then normally and anything I loaded was loading a lot slower. The biggest thing I noticed was that when I tried to run a game like Starcraft II it ran extremely slow and so slow that I couldn't even play at all. I have no idea what's doing this, but something is definitely wrong. I found this great thread on here http://forums.techguy.org/virus-other-malware-removal/985447-win-7-security-2011-fake.html and ran the OTL.exe.

System info is:

OS Version: Microsoft Windows 7 Professional , 64 bit
Processor: Intel(R) Core(TM) i7 CPU Q 720 @ 1.60GHz, Intel64 Family 6 Model 30 Stepping 5
Processor Count: 8
RAM: 8180 Mb
Graphics Card: NVIDIA GeForce GTX 260M, 1024 Mb
Hard Drives: C: Total - 461899... Read more

Answer:Fake Anti-Virus Virus

Any ideas/suggestions please? Laptop is running terribly slower and I really don't want to have to wipe it all out and reinstall everything.

Thanks
 

2 more replies
Relevance 82.82%

Hi All,

OK so basically was browsing intertoobs, then Chrome crashes so i try to reopen but to my surprise its been deleted then all of a sudden a little warning pops up, tray icons same as Microsoft Security Center in XP. Saying i have a virus blah blah blah, and that i was being intruded, although as soon as i saw the icon i disconnect from the internet. I restarted computer booted into MRI deleted the startup files that i looked like the virus:

fwxyvwsfr (Startup Name)
bkrrlaeth (Folder Name)
olrnvyotssd.exe (EXE Name)

I am sitting behind a hardware firewall Netbox Blue NB-SOHO, latest firmware.
Using MSSE as antivirus (didnt detect the virus btw)

Ran GMER, came back with No System Modification. I scanned ALL drives!

DDS Came back with the following.

So far have imposed a quarentine to my users, and a password reset request for everything that can be cached on the systems!

Thought i would come here just to see if you think the threat is neutralized or not.


ER
DDS (Ver_10-03-17.01) - NTFSX64
Run by Brendan at 23:10:46.75 on Sat 05/08/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4093.1701 [GMT 10:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Essentials\MsMpEng.... Read more

Answer:Fake Anti-Virus Virus

-bump-

1 more replies
Relevance 82%

Hello, my name is Jake, and just last night I somehow acquired a fake anti-virus called XP Anti-Spyware. I cannot seem to get rid of it, it closes down Internet Explorer, and refuses to allow me to run McAfee or Malwarebytes Anti-Malware. I just ran HiJackThis and clicked "SCAN", the following are the logs from the scan results. I will post the first half of the log in this post, then the second half immediately following, please help:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:24:59 PM, on 3/24/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17095)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Acronis\BackupServer\backupserver.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService�... Read more

Answer:Can't Get Rid of XP Anti-Spyware Fake Anti-Virus

Hello and welcome to Bleeping Computer.My name is km2357 and I will be helping you to remove any infection(s) that you may have.I will be giving you a series of instructions that need to be followed in the order in which I give them to you.If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.Please do not start another thread or topic, I will assist you at this thread until we solve your problems.Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.Sorry for the delay in replying, the forum is very busy. If you still need help, please do the following:Step # 1 Download and run DDSDownload DDS and save it to your desktop from here or here or hereDisable any script blocker, and then double click dds.scr to run the tool. When done, DDS will open two (2) logs: DDS.txt Attach.txtSave both reports to your desktop. Post them back to your topic.Step # 2: Download and Run GmerPlease download gmer.zip from Gmer and save it to your desktop.***Please close any open programs ***Double-click gmer.exe. The program will begin to run.**Caution**These types of scans can produce false positives. Do NOT take any action on any "<--- ROOTKIT" entries unless advised by a trained Security AnalystIf possible rootkit activity is found, you will be asked if you would like to perform a full scan. Cli... Read more

3 more replies
Relevance 82%

Hi,
I have been a windows 8 tester since basically as soon as the DP came out in September.
I use windows 8 CP now on my netbook (which I take to college) and I am not 100% sure if it was a virus I caught but I think it is very suspicious how it was working flawless one second and then the next second it was just impossible to do anything.
Luckily I am prepared now with this stuff thanks to dropbox and my external HDD, so the only things that are important is my college work which is backed up in dropbox which is then backed up on my external hdd through time machine when I get home onto my mac.
So to save fighting with my netbook, virus or no virus, I am just going to do a reinstall (luckily I can access bios/boot options when I just force shutdown/restart my netbook unlike when I just do a standard windows 8 shutdown.
I have gone to the Avast website and they say that Avast 7 works great on the beta in which I guess they mean CP(consumer preview) so I am going to test that out in parallels before I do on my netbook.
I would like to know if ZoneAlarm free firwall works on windows 8 CP?
That is the setup I have always used (apart from switching from AVG to Avast) and is the set up really I wanted from the start, but with the DP I have been fine, but I just don?t have a clue if it is a virus or not. But like I said, I will just reinstall as that?s just simple enough. As the only thing I have really installed is opera and MS Office 2003.
I?m too bothered, as if no one is ... Read more

Answer:Zonealarm firewall+Avast 7 anti-virus work with windows 8 CP?

If you read the FAQ on windows 8 CP there is a full list of what works anything else may / or may not
http://www.microsoft.com/en-us/windows/compatibility/en-US/CompatCenter/ProductViewerWithDefaultFilters?Type=Software_Products&Category=3&Subcategory=0&Architecture=X64&CurrentPage=0&TotalPages=-1&ShowCriteria=10%20Results%20Per%20Page&SortCriteria=Relevance&IsSearchWithinFilterAvailable=True&FilterByCompatibility=ALL&AbsolutePage=-1&LastRequested=2

5 more replies
Relevance 81.59%

Greetings,

My pc caught the Vista Antivirus 2012 the other day and today. The first time it disabled the internet and removed windows security system and firewall as well as made it unsucessful to system restore. I followed directions from http://www.bleepingcomputer.com/virus-removal/remove-win-7-antispyware-2012 but I still can't turn on windows firewall or security. I also can't start IPSEC policy agent under the dhcp dependencies. I get the message 'Due to an identified problem, Windows cannot display Windows Firewall Settings'. My computer caught the virus again today as I was browsing with another antivirus which didn't stop the virus from attacking again. I want to make sure my computer is completely clean of this virus without disabling the internet and restoring windows security center without installing the OS. I'd also like a recomendation for an antivirus that is powerful enough against this virus. Thank you in advance! My HJ log is below:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:50:50 AM, on 12/20/2011
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16830)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files&#... Read more

Answer:Vista 2012 Virus Keeps Coming Back! Removed Windows Security Center and internet.

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/433537 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

2 more replies
Relevance 80.77%

Hi I am having a problem with getting fake anti virus pop ups, google redirecting my searches to random sites that I think are clearly from the virus or something, and there are 2 files on my desktop that I did not install and I delete them and then the next time my computer gets restarted they are back upon restarting, and once when the fake anti virus was open it took over and would not let me open IE or my task manager or anything else and it also shut down all my programs.

Thanks for the help!

Answer:Fake Anti-Virus Pop Ups

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator&#... Read more

3 more replies
Relevance 80.77%
Question: Fake Anti-Virus

Hello,

I was on a website that I go to regularly when what looked like my 'my computer' window came up and said a virus was detected and asked me if it could my system. I stupidly said yes and it said I had seven viruses. It then said that I needed to download something to get rid of the viruses and click on something to get rid of them. That's when I realized that this was actually a tab in my browser and not the 'my computer' window. I exited the tab without downloading anything, to my knowledge, but I want to make sure that nothing was put on my computer without my knowledge. From what I looked up on my computer this is anti-virus 2010, though it didn't call itself that. It actually made itself look like Windows Security Suite. Any help would be much appreciated. Here is my hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:50:17 PM, on 3/13/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\vsnp2uvc.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\ThinkPad\Utilities\EZE... Read more

Answer:Fake Anti-Virus

I know everyone's really busy but if someone could just quickly look through this and let me know if everything's okay, I'd really appreciate it. I want to make sure that thing didn't actually download anything onto my computer. Thanks so much, you guys are awesome!
 

2 more replies
Relevance 80.77%

Hi

Just browsing through some websites when as I was about to close my Computer, I noticed a Program called 'Anti Virus XP 2008' or something along those lines has installed itself on my PC.Also the background to my desktop changed to an all blue background with a message in the middle saying something along the lines of 'Warning Virus on Computer. Please install an anti-virus to scan you computer'.

I obviously knew something was wrong, not to mention my McAfee was popping up ever 5 seconds detecting a trojan and even the 'new' virus scanner popping up every second tellingm me I have 200-odd viruses, so in the end I went into safe mode and uninstalled the software as I was 80% sure that was causing the trojan and I coundn't do it in normal mode. But I still couldn't change my background because it disabled me from doing it, so I had to get something called 'fixreg' to sort the problem out.

I am still unsure whether the virus is on my PC so my HijackthisLog is below and if there is anything wrong any help will be appreciated. I have had a major virus before and I don't want this to lead into another one!

Thanks.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:02:06, on 08/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WIND... Read more

Answer:Fake Anti-Virus Help!

Mods please lock, I have found another website to help sort my problem out. I dont want to waste a helpers time
 

1 more replies
Relevance 80.77%

Ran AdAware and spybot SD. The programs in question detected many critical objects and deleted all of them. However, the pop ups and ads-sites keep loading whenever I use internet explorer. This site keeps loading as we speak. ( loaded 20 times in tabs now)

[ http://url.cpvfeed.com/cpv.jsp?p=11...electedKeyword=ron&selectedListingId=6388540]


Logfile of HijackThis v1.99.1
Scan saved at 2:24:00 PM, on 5/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\Program Files\Mouse Driver\MouseDrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\winupdate\winupdate.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifi... Read more

Answer:HJT LOG. pop ups, ads, fake anti virus. help ;__;

14 more replies
Relevance 80.77%

For the last month or so I have randomly encountered pop ups when surfing. These pop ups claim that my pc is infected, and advise that I install a specific software (for $xx) in order to remove the infection.

I have not installed the software intentionally, but in attempting to exit the pop up I beleive some malware may have been loaded. I have ran a scan with mcaffee, spybot S&D and Malwarebytes, but to no avail.

The computer is becoming increasingly slow, and in my firewall logs I have noticed hundreds of individual IP's trying to connect to my pc on port (TCP) 18610.

I'm an using firefox 3.0.15, on Win XP SP3, and have access to a full install disc for Win XP.

Any advice would be much appreciated.

Thanks

--------------------------


DDS (Ver_09-10-26.01) - NTFSx86
Run by David2 at 12:25:30.93 on 01/11/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.423 [GMT 0:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxpers.... Read more

Answer:Fake Anti-Virus pop-up

Hi and welcome to TSF.

My name is Iain and I will be helping you clean your system.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

Please do not install or uninstall any programmes, or run any other scanners or software, unless I specifically ask you to do so. Also please copy and paste logs into the thread, rather than add them as attachments.



Combofix
Download ComboFix from one of these locations:

Link 1
Link 2


and rename it to stirling.exe before saving it to your desktop.

Double click on the renamed ComboFix.exe & follow the prompts.
When finished it will produce a log at C:\ComboFix.txt for you
Please include the log in your next reply.

13 more replies
Relevance 80.77%

Ok, the fake antivirus is like telling me i have 100+ infected files and asking me to buy their program (scam). I've booted my computer in safemode and Downloaded Malwarebytes Anti-Malware Program, so the program did it's magic but for some reason about 60% of the sites i visit are redirected to fake shopping sites. here's the log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:08:48 AM, on 7/15/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Documents and Settings\Kevin\Kevin.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Craps\Internet Download Manager\IDMan.exe
C:\Program Files\Craps\Internet Download Manager\IEMonitor.exe
C:\Pro... Read more

More replies
Relevance 80.77%

Hey i'm running XP pro on my lenovo thinkpad, and i've come across a nasty virus. It wont let me run programs, and when i try to open a program, it tells me that '"whatever.exe" is infected, do you want to install new virus protection?' , disguised as windows GUI

If i click no, my computer's internal processes try to shut it down, but the program denies them ability to run, and the same mesage comes up. Basically, i cannot do anything unless i click "yes" on the message, which redirects me to some random website.

I cannot run task manager or anything else, what are my options?

Thank you for any help

Answer:fake anti-virus help

Hi and welcome to TSF.

My name is Iain and I will be helping you clean your system.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

Please do not install or uninstall any programmes, or run any other scanners or software, unless I specifically ask you to do so. Also please copy and paste logs into the thread, rather than add them as attachments.


Please download Rkill from any one of these links and save it to your desktop.

Rkill.com
Rkill.scr
Rkill.pif


Now double click on Rkill to run it.

Do not reboot!



Combofix
Download ComboFix from one of these locations:

Link 1
Link 2


and rename it to glasgow.exe before saving it to your desktop.

Double click on the renamed ComboFix.exe & follow the pro... Read more

1 more replies
Relevance 80.77%
Question: Fake Anti-Virus

My computer had 2 viruses back to back, Windows Total Security and Vista Anti Virus 2011. I used Rkill, FixNCR and Malwarebytes to remove most of the virus. I can use my computer now but I get alerts that IP adresses are trying to make changes to my computer (they are blocked by Webroot). Also when I use google I get directed to the wrong pages and sometimes my computer adds a tab and takes me to websites that I have never seen or searched for. Everytime I scan my computer it comes back with 20 or more cookies and viruses. I don't know what to do next. Any help would be greatly appreciated.

More replies
Relevance 80.77%

Hello;One, and only one, of my client's computer's get's a pop-up every 10 minutes stating there is virus activity on their computer. Closing the waning box always opens an Internet Explorer window which simulates a scan. The window purports to be from secure-components.com. This window is always followed by a notice from Norton AV 2008 referring to Trojan.Malscript!html. The history screen usually shows a file, Promo3[1].html, has been removed from one of several folders in %user%\Local Settings\Temporary Internet Files\Content.ie5. Norton's advice is to stop System Restore, Run Liveupdate, Run a full scan, and restart System Restore. I have done that and the malware continues to appear. I have run Ad Aware (2008) which submitted a suspicious file, C:\Windows\pp09.exe, and SpyBot S&D which found nothing. Somewhere there must be a root compenent that keeps opening the secure-componets.com screen that Norton AV does not catch. Please help me remove it.HighJackThis log attached.

Answer:Fake Anti-virus Ad Pop-up

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_Sca... Read more

3 more replies
Relevance 80.77%

i got infected with the fake anti-virus 2008. i used spybot and malwarebytes' anti-malware but the windows security alert is still there. how do i get rid of this thing? here is my hijack this txt report and attached is my combofix reportLogfile of Trend Micro HijackThis v2.0.2Scan saved at 8:28:19 PM, on 8/31/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Avast4\aswUpdSv.exeC:\Program Files\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Common Files\Command Software\dvpapi.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\PROGRA~1\Avast4\ashDisp.exeC:\Program Files\Lexmark 2500 Series\lxddamon.exeC:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe... Read more

Answer:Can't Get Rid Of The Fake Anti-virus

HelloApologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.If you have since resolved the original problem you were having would appreciate you letting us know If not please perform the following below so I can have a look at the current condition of your machine.Thanks and again sorry for the delay.Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)NextPlease do a scan with Kaspersky Online ScannerNote: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.Click on the Accept button and install any components it needs.The program will install and then begin downloading the latest definition files.After the files have been downloaded on the left side of the page in the Scan section select My ComputerThis will start the program and scan your system.The scan will take a while, so be patient and let it run.Once the scan is complete, click on View scan reportNow, click on the Save Report as button.Save the file to your desktop.Copy and paste that information in your next post.

2 more replies
Relevance 80.77%
Question: Fake Anti-Virus

My husband's new Windows 7 PC is infected with fake antivirus. It is blocking any attempts to download and install HijackThis. (I even saved the executable to my USB drive and gave that to him. The fake AV is saying that the executable is infected and is blocking it.)

Does anyone have any suggestions for getting this fake AV off of my husband's computer?

Thank you in advance for your help!

Barbara
 

Answer:Fake Anti-Virus

7 more replies
Relevance 80.36%

Hi there, could anyone tell me if there is a free anti virus, anti spyware and firewall for UBUNTU 8.04 i386.

Thanks for any replies.
 

Answer:Free anti virus, Firewall/anti spyware for UBUNTU

6 more replies
Relevance 79.95%

search is redirecting windows firewall keeps turning off and anti virus wont update don't know if tey are related here is my ijack tis log thankyou
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:34:17, on 24/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
C:\Program Files\PC C... Read more

More replies
Relevance 79.95%

I have a problem with a so called anti-virus trying to take over my computer. I already use AVG, Spybot S&D and System Mechanic (with tea timer). I did run the ark.txt program but it did not find anything. I attached the hijackthis file, the DDS file and the Attach file. Please help this is very annoying and creating problems with running my normal items. If there is anything else you need to know, please ask. Thanks.
 

Answer:Fake anti-virus taking over

6 more replies
Relevance 79.95%

Last night I got some pop-ups for Anti Virus System Pro, I've run Super Anti Spyware, MalwareBytes, Spy-Bot and AVG9. Thought I had it removed, but I am still getting redirects on FireFox.

Not sure if this is related, but I cannot boot to safe mode either, it hangs at MUP.sys and then BSOD.

Windows Defender also will not start automatically, even though I reset it to start with windows each time I reboot.

I've followed the prep guide, but Root Repeal hangs while scanning files and locks up the machine.

My other logs are attached.

Thanks for your time.

DDS (Ver_09-12-01.01) - NTFSx86
Run by Airstad at 8:10:24.87 on Wed 12/02/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1312 [GMT -6:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\W... Read more

Answer:Anti Virus System Pro - Fake Pop-Ups

After several attempts with various tools, I've removed Anti-Virus Pro. BUT, I still cannot boot to safe mode and most links from Google have been hijacked.

4 more replies
Relevance 79.95%

I have a PC with Windows XP Media Center that was just infected. This is not posted from the infected PC.
I can not access Anti-Virus/Malware programs as they are being blocked. Task Manager is being blocked. Safe Mode will not fully boot up, restarting after drivers load.
I can not find the XP Media Center disk (legal copy), but do have XP Home handy.
My sister was using the PC, Yahoo IM, when the fake warning popped up. AVG Free was active at the time, but the Trojan loaded anyway. She said nothing else but Yahoo was open at the time the Trojan popped up.
This is one of the ones that tells you to buy the "Anti-Virus" program to get rid of the infection.

Answer:Fake Anti-Virus Trojan

Hi,Try downloading MBAM, or are you able to download anything?Please download Malwarebytes Anti-Malware (v1.44) and save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.
For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and ... Read more

14 more replies
Relevance 79.95%

My computer has recently been affected by a virus that is disguised as an antivirus program called security shield. It's telling me I have 33 virus and I should sign up for security shield to help clean them out. I currently have Kaspersky antivirus. What do o need to do to get rid of this pesky virus?Edit: Moved topic from Vista to the more appropriate forum. ~ Animal

Answer:Fake anti-virus program

Take a look here: Remove Security Shield or SecurityShield (Uninstall Guide)

1 more replies
Relevance 79.95%

Happy New Year guys,

A fake anti-virus malware has infected my PC. It added proxies to browsers and restricted access to internet. Have entered into safemode with networking, deleted the proxies and am able to access internet now. Please find below log from DDS and attached more logs from DDS and GMER.

Please help. Cheers!!

DDS (Ver_10-12-12.02) - NTFSx86 NETWORK
Run by User at 2:10:30.01 on 05/01/2011
Internet Explorer: 8.0.6001.18943 BrowserJavaVersion: 1.6.0_13
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.44.1033.18.3070.2477 [GMT 0:00]

AV: McAfee VirusScan *Enabled/Updated* {2A28CCAF-2E53-0F80-A82C-9572D1C24D8C}
SP: McAfee VirusScan *Enabled/Updated* {91492D4B-0869-000E-929C-AE00AA450731}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Personal Firewall *Enabled* {12134D8A-643C-0ED8-8373-3C472F110AF7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows&... Read more

Answer:fake anti-virus malware

Hello manoj123 ,This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. If McAfee gives you any problems, you may have to temporarily uninstall it. For some reason, this is common with McAfee. 1. Download this file - combofix.exe http://download.bleepingcomputer.com/sUBs/ComboFix.exe 2. Double click combofix.exe & follow the prompts.3. When finished, it will produce a log for you. Post that log in your next reply please.Note:Do not mouseclick combofix's window while it's running. That may cause it to stall.If you have trouble running it the first time, then rename ComboFix.exe to manoj.exe and try again.Thanks,tea

4 more replies
Relevance 79.95%

My daughter has gotten another pop-up with a fake anti-virus program. I've attached the logs, but again I was unable to complete the RootRepeal Scan. I kept getting an error message after it ran for awhile.

Thanks for you help
 

Answer:Recurring Fake Anti-virus

What is the pop up for and when does it occur? I am not seeing any malware in your logs.
 

5 more replies
Relevance 79.95%

Hi,

I got a anti-virus trojan on my computer the other day. it is the one that says:

"Resident shield alert"
"multiple threats detected"

it resembles the AVG dialogue. I spent the last day and a half going through various removal techniques from websites I went to. I thought I got rid of it but it is back up. I want to use combofix but I keep seeing that I should have somebody here guiding me. I am not a novice and I understand processes, the registry and various other ways a virus can infect a computer, but I am not an exert like you guys. If there is maybe another post on this site that you could redirect me to or if somebody is willing to guide me through this I would much appreciate it. all I got to say is thank God for this website because I have been helped out a couple of times already. thanks in advance

Answer:fake anti virus program

Hello,Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Orange Blossom

1 more replies
Relevance 79.95%

I have a problem with a so called anti-virus trying to take over my computer. I already use AVG, Spybot S&D and System Mechanic (with tea timer). I did run the ark.txt program but it did not find anything. I attached the hijackthis file, the DDS file and the Attach file. Please help this is very annoying and creating problems with running my normal items. If there is anything else you need to know, please ask. Thanks.
 

More replies
Relevance 79.95%

I use the free avg anti virus,never had any real problems,
Over the last week i get a pop up in the bottom right corner of the desktop,saying it need updating,im reluctant to click on it because when i click out of the pop up go into the AVG program itself its states "protection is up to date",it updates automatically on boot up
Anyone else seeing this?
Ran antimalwarebytes,found nothing

Answer:AVG anti virus update is it fake?

Bit quick to jump the gun,avg says "the pop up is legitimate a service pack update"
Solved

1 more replies
Relevance 79.95%

A couple of days ago I contracted a virus. Initially I assumed that my virus scanner (Avira AntiVir) had caught it, but the next day a fake virus infection warning and glut of popups to an obviously fake virus scan website indicated otherwise.

It immediately attacked Spybot (to the point where I couldn't even install a new version), but didn't seem to consider my virus scanner a threat. Through multiple scans I've managed to get Spybot working again, and the popups and the fake virus alert have long since stopped, but there are still bits and pieces hiding around somewhere trying to cause problems. Earlier today, for example, it tried repeatedly to alter my registry by adding something called awepajor.dll (might've been awepajon), but that seemed to stop after a good ten minutes of denials.

Avira AntiVir recognises the virus as a trojan called FakeVir.LSK. At the moment there are two files Avira is consistently associating with it, all in the system32 folder; 303357.exe and frmwrk32.exe. I've quarantined both of them but I'm also getting several registry changes/additions that are reappearing after every restart.

I've also got the latest version of HijackThis downloaded, in case you want a log.

Can any of you help me, please?
 

Answer:Fake Anti-Virus Trojan

I'm not a fan of bumping my own threads, but this virus - at least I believe it is caused by the virus - has been erratically attacking my system for the last couple of days. The most serious incident was the spawning of several Vundo.gen viruses that, while I did quarantine as soon as possible, crippled my PC's processing speed and created a whole slew of annoying little trojans and spyware that I'm still not certain I've fully removed.

It's starting to seem like this virus is changing its tactics on a regular basis and I'm not entirely certain I can deal with them all on my own. Every time I think I've finally gotten rid of the worst of it something new and unpleasant pops up. It's more than a little frustrating.

I'll include a HijackThis log for the sake of being thorough.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:38:11 PM, on 25/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\HP\KBD\KBD.EXE
C:\Pr... Read more

2 more replies
Relevance 79.95%

I have an XP desktop that's infected with the sort of nastyware that says, "You're infected! Click here and send us money!" (OK, I'm paraphrasing.) I run AVG 8.5 Free on that system. It also popped up Internet Explorer, and pointed to porn.com (My normal browser is Firefox.) It seemed to sit on top of AVG, would not let me run AVG, kept popping up some "anti-virus program."

I'm pretty careful, but over the past couple of days I downloaded updates to TurboTax and a Canon BJC-250 driver. I'm going to guess that the driver is the culprit.

I went into Safe Mode and did a Restore from a checkpoint that is a few days old. The system is back up, and seems to be just fine. But I assume that whatever nastiness got into my system must still be there, and that it's only a matter of time before it somehow gets reactivated. For the time being, I've removed its cable to my router.

I have not yet deleted the downloaded new driver -- I thought I'd ask for advice here before I start ripping things out. The driver may or may not be the culprit, but I do want to remove AND delete the downloaded files (nominally, a floppy disk image).

This morning I ran an AVG scan from Safe Mode and it made mention of cardspacesp2.db. I see that in the CardSpace directory (C:\Documents and Settings\Paul\Local Settings\Application Data\Microsoft\CardSpace ) there is a CardSpaceSP2.db and CardSpaceSP2... Read more

More replies
Relevance 79.95%

Hi,

last night went on my computer only to find a fake anti virus window running and saying it was scanning. The window then showed that it had found several things and was still scanning. Windows said that there was spywar at the bottom right hand corner and when i went to click the balloon it changed to another one which brought me back to the antivirus. It also showed up in my bottom right hand doc as a blue circle. I cannot open taskmgr because it says that it has been disabled or cant run the exe file. I then rebooted only to find the desktop background changed to and blue screen with warning you have been infected all over it. I then tried to scan in safe mode with avg, ad aware and spybot and right before they are done scanning the computer shuts down as if it was unplugged. I do not know what to do at this point. Please help.

More replies
Relevance 79.95%

My son got duped by a fake anti-virus popup scam. He followed some directions that included restarting computer, when it rebooted almost all icons in the tray were gone. It removed my Verizon security suite, will not let me access any windows security features, will not let me download any of the free a/v - a/spyware recommended by other posters in this sys security forum. It won't let me uninstall ANY programs. It pops up every 3-4 mins declaring Internet explorer has a worm trying to access my credit card info or with a list of all these other infections,it's relentless. It will not let me use Firefox. It added it's own icon in my tray and calls itself System Security. It blocks any attempt to use/download anything to use against it whether it's windows defender/malware remover or commercial products. What the hell!!? Anyone heard of this particular level of scam and take over of computer function? Any ideas to defeat it? Using Vista Home Premium 32 bit.Thanx.

Answer:Fake anti-virus has taken over my vista pc

It happens. What was the name of this av app? Antivirus 2009?

here is how to fix it (I would consider a better AV than Verizon security suit also what is it trend or Mcafee? must likely it has been disabled/corrupted by the rogue malware)
The advantage to NOD32 4 is it has self defense to prevent this occuring, and password protection of the settings to prevent unauthorized modifications/changes. It is also one of the top AV apps currently on the market (3-star certified, Advanced+)

There are two ways to do it (easy and advanced)

First try online scanners/cleaners as this may easily remedy the problemm(run all three, and in order):
ESET NOD32 Online Scanner
Symantec/Norton scan
Kaspersky Virus Scanner


Easy:
Attempt a system restore to a point before the fake app was installed, then run NOD32 to clean up the traces before the app tries to re-install. If you cannot do this through Vista, boot into the Vista disk or recovery partition, and select "repair", then system restore.
Download NOD32 (it is a trial, but will clean, then you can remove it), also run Malwarebytes.

Advanced:
Requires anothe pc to download NOD32 4, then create a bootable rescue disk. Make the disk, restart, and boot into it using the infected machine. This will remove the Malware, afterwards attempt a system restore, boot back into the NOD32 rescue disk, and clean again, then boot into Windows and run malwarebytes.

The intrinsic value of creating this rescue cd, is that it can be used... Read more

5 more replies
Relevance 79.95%

I awoke this morning in horror as I found multiple internet sites open displaying Porn and a fake windows security message that keeps popping up. I constantly catch my brother looking at porn, and he also keeps download p2p file sharing programs such as; limewire or frostwire. I blocked most of the access to limewire, and he downloads frostwire, I have to uninstall those programs once a week.. I can't do a system restore or open any legit Anti Virus Programs. When I try to it says that the application can't be executed, that the .exe file is infected and asks if I want to activate my anti virus protection now. I'm operating from a cheap ~300$ emachine that we've had for a little over one year. Any help is greatly appreciated before this virus gets out of hand.Edit* I have not tried accessing the system restore or any Anti-Virus programs in safe mode yet as I am in a hurry to get to school and I don't have the time at the moment.EDIT: Moved from Vista to more appropriate Am I Infected forum ~ Hamluis.

Answer:Fake Anti-Virus Program

I downloaded RKill and eliminated most of the malware.. Absolutely amazing product Bleeping Computer!
2nd time running RKill after a reboot:
C:\Users\darcie\AppData\Local\asam.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
c:\Users\darcie\Downloads\rkill.com

1 more replies
Relevance 79.95%

This is now the third time I've gotten one of these fake antivirus things. I haven't clicked any of the pop ups, but I don't know how to get rid of it. The past two I've just had a friend Wipe my entire computer and I really don't want to do that again. I've tried running Maleware and some others but no luck. I appreciate any help.

Logs:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:13:20 PM, on 9/14/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
C:\Program Files\AVG\AVG9\... Read more

Answer:Another Fake Anti-Virus Software. Please help

If anyone knows how to fix this, I'd really appreciate the help.
 

1 more replies
Relevance 79.95%

Hi, thank you orange blossom for giving me instructions on how to proceed.l The infection is an anti-virus trojan. It comes up with a dialogue saying:"Resident shield alert""multiple threats detected" there will be several infections listed in the dialogue, and when I closed it it would still pop up later. I first ran malware bytes and it found some infections but it still didn't get rid of it. I searched on the net for different removal instructions and followed some of the suggestions such as using msconfig. I then rebooted in safe mode and ranmalware bytes again. I deleted some of the suspicious programs in the windows directory, and did some work in the registry to get rid of any keys that dealt with some of the names I found that were suspicious. malware bytes found some more infections and I thought I was good but when I rebooted in normal mode, the virus still came up. I ran AVG this time and it found multiple infections, but they were in programs I use such as AVG, and some other programs that are on my toolbar, such as my tomtom software and qtask. that is when I made my post.after following the preperation guide I downloaded the 2 programs and here is what happened.1. DDS worked fine and I got the logs2. GMER came up with several problems right away and said there may be a rootkit. when I did a scan, I got about 20-25 listed in the dialogue, but after awhile I came back and I got the blue screen of death. I rebooted my comput... Read more

Answer:fake (AVG?) anti-virus program

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.We need to create an OTL report,Please downloa... Read more

26 more replies
Relevance 79.95%

Hi, I'm told this is the place to ask about this kind of thing. Have managed to install some sort of fake antivirus software on my PC.

Below is my hijack this log, hope you can help

Thanks
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:58:43, on 25/02/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\AOL&#... Read more

Answer:Fake Anti Virus Software

Hello UKC,

Welcome to Bleeping Computer

Sorry about the delay. If you still need help, please post a new and complete HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea

2 more replies
Relevance 79.95%

My computer keeps giving me alerts about my computer being infected. a little green symbol pops up on the bottom displaying this message. it has porn pop ups and viagra pop ups. it wont let me open any program besides firefox but it wont let me download anything either. i went into safe mode and installed Malewarebytes. I quarantined everything that came up but the pop ups and fake alerts continue. Can anyone help me? i cant seem to fix this
 

More replies
Relevance 79.95%

Hello all and thanks for taking the time to read my post.

I have a Dell GX270. Fresh back from the computer guy who just gave me a new motherboard after the last one was litterally smoking.

I was wandering around the web downloading a few new softwares and I must have gotten a bad egg.

I am running Avast Pro and scanned everything before installing anything, but I guess it missed it.

I had the warning come up in my tray saying that my computer was infected. Shortly after that my desktop picture was changed to something saying about the same thing.

I ran Avast (for like 3 hours) and Super Anti-Spyware that both found things that needed to go. I luckily was able to save my documents and back up a few things in the mean time.

Then it was time to reboot. I rebooted and now my computer will go to my desktop but not show any start menu, tray or desktop icons. I can move my mouse around but typing does nothing (including Cntrl+Atl+Delete). After about 2 minutes of sitting there it takes me to the log out screen and it says Administrator and I click on that it it says "Loading your personal settings" then it takes me to my desktop (without icons still) for about a second and then brings me back to the Administrator screen and says "Saving your settings".

I have now rebooted a bunch of times. I can't get into Safe mode no matter which F key I use. So no luck there.

I don't mind reformatting to get rid of this damn virus, but I don't h... Read more

Answer:Fake Anti-Virus Took Over My Computer :(

7 more replies
Relevance 79.95%

Hi,

My idiot boyfriend was using my computer to watch TV shows online. I now have a System Defender shortcut on my desktop. The Target is C:\documents and settings\all users\application data\cc4505\wscc45.exe

cc4505 is a hidden, read-only folder. I can't change those settings (I tried by right clicking in the folder--the boxes are greyed out).

Every so often the computer makes a pterodactyl sound and a "Warning! Virus Detected" Box pops up. It looks like a windows thing so I clicked on "Remove All" the first time it happened and it brought up a fake IE window prompting me to upgrade my version.

I can't access the internet, run McAfee or open the task manager. Chrome (the browser he was using) will open but no pages will load, not even the history. When I try to open Firefox the Crash Reporter pops up over and over.

I don't have a Windows install disk.

Thank you!



DDS (Ver_09-10-26.01) - NTFSx86
Run by Suzanne at 1227.40 on Sun 11/22/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.627 [GMT -5:00]

AV: System Defender *On-access scanning enabled* (Updated) {57C897E7-8B0B-4B30-AC57-E86F998ED352}
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: System Defender *enabled* {F624AE30-B292-4C22-A806-F8B0A4C93B17}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Pr... Read more

Answer:Fake anti-virus installed

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

One or more of the identified infections is a backdoor trojan.

This type of infection allows hackers to remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Please refer to Microsoft's Online Safety article for tips on creating a strong password.

Do not change passwords or do any transactions from the infected computer until it has been cleaned.

------------------------------------------------------

Please download the files below, courtesy of bleepingcomputer.com, and save them to your desktop.

rkill.exe
rkill.com
rkill.pif
rkill.scr


If necessary, download them to a USB drive on another computer, and transfer th... Read more

19 more replies
Relevance 79.95%

on my laptop i had fake anti-virus alerts popping up i new my anti-virus was in working order so i ignored the popups and did computer scans with avg 9, adaware and spybot search and destroy. These identified some viruses and i clicked "fix the problem". this got rid of the popup but when i search on google and click a link the browser redirects to a seemingly random page such as buying new antivirus software on amazon or ebay. however if i open the link from google in a new tap it goes straight to the page i want.

im using windows xp

please help

here is my hjt log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:06:05, on 01/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\... Read more

More replies
Relevance 79.95%

I'm not sure where to start on this one. I'm trying to clean a machine that was brought in, and while I know it is infected, I'm unsure of the extent. Apparently the machine has been showing odd symptoms for months, including a warning that coverage from an anti-virus that was never installed has expired and looks like it might have been a rogue anti-virus, but it's not acting right, I'm beginning to think that it's currupted (it's sad when even the malware is corrupted), it also gives a vague warning about the win32 file. At two in the afternoon the machine locks up, daily. The user only called me today because At&t Yahoo antivirus has installed itself on the machine. She told it to scan and it installed a fake copy of Norton AntiVirus 2004 on the machine. I know it's fake because i went throught the registry, and I've worked with Norton's enough to know that that ain't it. Thus far I've managed to get rid of the fake nortons (I think). I'm unsure how to get rid of the yahoo antivirus, or anything else hiding on the machine. I've set Malwarebytes to scanning over night (by the look of things it might take a while) but it has already hit a few of the yahoo antivirus files and while it will hesitate over a file for about five minutes, it doesn't do anything about it. Help?

Answer:Fake AT&T Yahoo Anti-Virus?

I'm unsure how to get rid of the yahoo antivirus,Have you seen this ?http://www.ehow.com/how_5865501_remove-yah...s-software.htmlWill it let you go to Add or Remove Programs to see the extent of what programs may be installed on it ?Does it have Superantispyware installed yet?

8 more replies
Relevance 79.95%

Hi
I would love to follow your recommendations but I can't even get on the internet on the affected laptop. The icon on the bottom bar shows that I am connected; but when I click Internet Explorer is says it can't connect. What setting should I change so we can begin? Thank you so much.

Answer:Fake Anti- Virus and Restore

I have progressed to the point where I am trying to use rkill and malwarebye's anti malware ... I had to download to a jump drive and when I tried to install and use, I am getting an error code 732 and cannot proceed. Ideas?

3 more replies
Relevance 79.95%

My husband recently had his hard drive stop working. Only about an hour or so before this happened, he kept getting a message about some sort of anti-virus problem -- we believe that it was a fake anti-virus/malware issue. The message was something along the lines of "AV8 wants to install."

Has anyone run into this? Is there a way to recover from this? He was unable to open anything or do a system restore.

I appreciate your help!
 

More replies
Relevance 79.95%

My wife and I each have a PC running Windows 7 Professional edition. Today she showed me the dreaded Anti-Virus pop-up that wants registration ($$$) in order to 'clean the pc'.

Following instructions on this site, from my uninfected PC I downloaded RKILL and MalwareBytes and unhide.exe and transferred them to a thumb drive. I transferred the files to her PC and tried to run RKILL but got a pop-up (from Windows?) asking me to chose which program to run the file with. Same if I tried to run the MalwareBytes install program. This was done under her account.

I logged out of her account and logged into the PC with my old account (it was previously my PC before I gave it to her). With my account I was able to install MalwareBytes and run RKILL (as admin) and then MalwareBytes Full System Scan. MB found 9 infections and quarantined them (Trojan.FakeAlert, Trojan.Agent, Trojan.Exe.Shell.Gen, Hijack.StartMenuInternet). Happily I thought to myself... that's it. Problem fixed.

However when I rebooted to complete the MB removal process I was unable to get my Microsoft Security Essentials to start up. The message stated the necessary service wasn't running. So I right-clicked My Computer and selected "Manage" to see which services were available and that wouldn't start either. But that gave me the error that the file C:\ProgramData\Microsoft\Windows\StartMenu\Programs\AdministrativeTools\Computer... Read more

Answer:Fake Anti-Virus Malware... got it bad!

Can you access Safe Mode via hitting F8 after the BIOS post screen.

11 more replies
Relevance 79.95%

My university recently began requiring everyone on the network to run an anti-virus program, which is verified by a cisco application when a user attempts to open a web browser. What's annoying is that I'm living in on-campus housing, so university internet is MY internet at home.

I can't stand anti-virus programs, I've never ran them, and I've been virus free for 10+ years. It really bugs me that my university is forcing software upon us. Is there any way to modify the registry or w/e so that my computer shows that I am running an anti-virus program without actually running one? Thanks hardocp peepz T_T
 

Answer:Can I fake having an anti-virus program?

Just get clamwin. It is so lightweight you won't even notice it.

http://www.clamwin.com/
 

60 more replies
Relevance 79.95%

I just got this weird anti virus called Anti-virus soft. It keeps giving alerts about infected things, opens pop ups to porno websites, and does not allow me to open programs. I cannot open task manager, or use the exehelper.(suggested in the other thread, but doesn't work) Since I have vista, to use programs I have to allow it. It always says,"consent.exe infected cannot execute program" What do I do?

Answer:Fake Anti-virus, everything infected.

If you have an active internet connection, copy/paste the links below into your browser, don't click them or the rogue might redirect. If you don't have an active internet connection, download the tools from another machine, and transfer them to the affected machine via USB flash drive.


Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.


http://download.bleepingcomputer.com/grinler/rkill.exe
http://download.bleepingcomputer.com/grinler/rkill.com
http://download.bleepingcomputer.com/grinler/rkill.scr
http://download.bleepingcomputer.com/grinler/rkill.pif


Note:

You will likely see a message from this rogue telling you the file is infected. Ignore the message. Leave the message OPEN, do not close the message. Run rkill repeatedly until it's able to do it's job. This may take a few tries. You'll be able to tell rkill has done it's job when your desktop (explorer.exe) cycles off and then on again.

At this point, you should now be able to run analysis tools.

Once the tool has run, do NOT reboot the machine, and then try once again to run DDS and GMER.

If for some reason the machine reboots, repeat the process. Again, try not to restart the machine.



Download DD... Read more

2 more replies
Relevance 79.95%

When I turned on my computer this morning my computer was being attacked by a serious virus, something called Defence Security or Defence Center was attacking my computer and was posting porn advertisements on my desktop

My real Anti-Virus (Shaw Secure) deleted the virus and I rebooted my computer but now there seems to be some sort of aftermath of this virus not letting me access my computer's programs everything has been changed! When I click a program theres a pop up that says "Please select a program to open with this file"

I would open screen shots but it won't let me open paint.

Answer:Fake Anti-Virus Program!

I can't download any programs to my desktop because then they become corrupt PLEASE SOMEONE HELP ME :(

I might consider reformatting

1 more replies
Relevance 79.95%

I am trying to help a friend remove some anti virus program which got on her machine somehow. The program keeps showing up programs being run as being infected.. it won't allow anything to open other than a browser. It is trying to sell their program to disinfect it. The program I believe was named Anti Spy Soft with a windows anti virus logo in the taskbar. It kept forwarding browsers to their website to try to sell it. I disabled a few programs from the startup in msconfig and the program stopped running, but I'm unsure which it was that caused it. The program isn't causing issues anymore, but I'd like to get it removed as well as anything else that could be potentially harming system performance.




DDS (Ver_10-03-17.01) - NTFSx86
Run by Steve at 1:48:55.05 on Tue 05/11/2010
Internet Explorer: 7.0.6001.18000
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.3006.1878 [GMT -7:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe ... Read more

Answer:Fake Anti Virus Malware

Hi,

Please do the following:


Download Combofix from either of the links below. You must rename it to combo.exe before saving it.
Save it to your desktop. Change the save as file type to "all files"

**Note: In the event you already have Combofix, delete it, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**
If you are using Firefox, make sure that your download settings are as follows:Tools->Options->Main tab
Set to "Always ask me where to Save the files".


Link 1
Link 2

----------------------------------------------------------- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

-----------------------------------------------------------
NOTE: If ComboFix asks to install the Recovery Console, please ALLOW it to do so.

--------------------------------------------... Read more

2 more replies
Relevance 79.95%

It seems my old computer has become quite a mess - I'd really appreciate any help you can give. Here's what follows:

[A] Symptoms / my sob story
[A1] Fake security alerts
[A2] Altered wallpaper
[A3] Blocked task manager and some files types/programs

[B] Defogger/DDS / GMER attempt summaries
[A] Symptoms
I'm running windows xp 32 bit SP 3.
[A1] Fake security alerts
I get three different kinds of warning messages.

The first shows up before the desktop loads and is never seen again:
Spyware Alert!
Security Warning!
Worm.Win32.NetSky detected on your machine.
This virus is distributed via the internet through e-mail and Active-x objects.
The worm has its own SMTP enging which means it gathers e-mails from your local computer and redistributes itself.
In worst cases this worm can allow attachers to access your computer, stealing passwords and personal data.
Viruses can damage your confidential data and work on your computer.
Continue [sic - reason why I think it's fake] working in unprotected mode is very dangerous.
Type: Virus
System Affected: Windows 2000, ME, NT, XP, Vista, 7
Security Risk (0-5): 5 [lol]
Recommendations: It is necessary to perform a full system scan.

The second message pops up from the toolbar at regular intervals, from an icon with a white x in a red circle:
Click here to protect your computer from spyware! Your computer is infected! It is recommended to use special anti-spyware tools to prevent data loss. Windows will now... Read more

Answer:Pop-up / fake anti-virus infection

hi moyogo,Your log is a few days old. If you still need help simply reply to my post. I have pasted in your hjt log for easier viewing. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:55:40 PM, on 2/26/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Symantec AntiVirus\DefWatch.exeC:\Program Files\PivX\PreEmpt\loadsvc.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Symantec AntiVirus\Rtvscan.exeC:\WINDOWS\System32\wltrysvc.exeC:\WINDOWS\System32\bcmwltry.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.e... Read more

8 more replies