Computer Support Forum

Malware with redirect prevents removal tools and logs from executing

Question: Malware with redirect prevents removal tools and logs from executing

Hi,

My son's Laptop has a nasty redirect virus that also prevents the execution of malware removal programs and also prevents the logging tool from working. The icons for both Malwarebytes and the dds tool have a colored "shield" that is imposed on top. Any help would be greatly appreciated. OS is Vista Home edition.
Appreciatively,

A

Relevance 100%
Preferred Solution: Malware with redirect prevents removal tools and logs from executing

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Malware with redirect prevents removal tools and logs from executing

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE-------------------------------------------------------------In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problemIf you still need help, please include the following in your next replyA detailed description of your problemsA new DDS log (don't forget attach.txt)Thanks and again sorry for the delay.

2 more replies
Relevance 99.63%

So I had a virus that I thought I had gotten rid of a month ago, but it seems to have returned last night while I was asleep. It now freezes or shuts down anytime I start the computer normally, so I have to start it in Safe Mode to get anything running. It won't let me install Malwarebytes or SUPERspyware removal or anything like that. Ad-aware removed a few things but when I rebooted I couldnt start my computer normally. I have McAfree, but I can no longer start it. Most removal programs I try to install don't work. And when I start a firefox browser, even in safe mode, it tells me "The procedure entry point [email protected]@Z could not be located in the dynamic link library msvcrt.dll." So here is my HijackThis log from Safe Mode:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:21:53 PM, on 5/4/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: Safe mode with network supportRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\wbem\unsecapp.exeC:\WINDOWS... Read more

Answer:Virus that prevents malware removal tools (malwarebytes, etc.)

Sorry, here is my dds file

3 more replies
Relevance 90.61%

Hey I am just really interested in PC security and repair and I was just wondering if you guys had any good resources for my own personal research. If you could tell what you would want to look for when examining these files created by the programs listed below and even what the purpose is for these programs that would be very helpful in helping me understand the process better. I got this from your malware removal procedure forum. Very insightful by the way

? BitDefender
? PandaActiveScan.
? GetRunKey
? ShowNew

Thanks
 

Answer:Examing logs created by malware removal tools

Your best resource is the thousands of posts in this forum.

BitDefender and Panda are rather self explanatory in most case however you still need to know the difference between valid detections and false detections and that comes with significant experience over a period of time.

We don't have time to really explain GetRunKey and ShowNew to you. In short GetRunKey shows lots of registry keys (not necessarily bad) and potentially bad files associated with certain infections. ShowNew dumps out important areas of the file system that may be used by malware. ShowNew also prints and uninstall program list so you can see if any malware is installed. You need to have a good understanding of ALL Windows OS's, the file systems, and the registry to understand what they are being used for. Also you need to again be able to distinguish between what is valid and what is not valid and that also comes with significant experience.

Reading the threads and reading the logs and seeing what is fixed and not fixed will teach you a lot.
 

1 more replies
Relevance 76.26%

UPDATE: I got a dds log: - see below2nd update: I see 2 strange files on my desktop : pev.exe & ncmd.cfxxeAfter a jpeg was downloaded onto my laptop, I got a black screen after windows loaded (I could log in but thats it). the cursor would also work while the black screen was there.After following the advice of someone in the chat room here, I downloaded and ran inherit which restored the start menu and the task bar.I downloaded hijack this onto a flash drive and ran it as hs.exe but it just started and shut down with no log. I downloaded dds and ran it but same thing..it starts and then closes with no log.I noticed that when I reboot, the desktop background is not there but all the icons are. Then as soon as 'security tool' (malware) loads, the icons disappear and its just a black screen with the start menu and the task bar.I wonder if hijack this and dds run but get screwed up when 'security tool' loads.The internet (firefox) still works at all times but any other application I try, I'm greeted with a warning message from the 'security tool' icon in the task bar saying that the app. I'm trying to use is infected..and the app. doesn't work. Task manager doesn't open either.Oddly enough, I'm able to 'sneak in' and open an app like word or notepad immediately after reboot and login and just before 'security tool' loads and turns the screen black.Any ideas?!DDS (Ver_09-10-24.04) - NTFSx86 ============== Pseudo HJT Report ===============mWinlogon: Shell=Explorer.exe c:&... Read more

Answer:malware/virus prevents hijack this and dds logs - only black screen!

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No inp... Read more

2 more replies
Relevance 75.85%

i'm having increasing problems with my computer and am now sure i have some form of malware or viruses. i've had a constant popup where MSWord tries to install itself repeatedly, and i have to manually cancel multiple times when i start the computer. i was worried this was a virus, but when i searched about it i found this was related to windows installer. if i disable windows installer, it goes away.

however, for the past week i've started getting repeated popups saying that google update has encountered a problem and needs to close. i read on some forums that this was related to a google chrome installation. i don't remember if i've even installed google chrome-- but i can't find it on my computer to uninstall it. in the past few days i've started to be redirected to various ad sites when i search for things on google in firefox. i have avira antivirus, windows defender, have used windows malicious software removal tool, lavasoft adaware, and windows defender. all were coming up with no malicious software when scanned, but the problem persists. windows malicious software removal tool just finished a full scan and removed one infection, for an ad program it said would cause random popups, which i haven't had a problem with. i have tried repeatedly to install MBAM and hijack this, along with other tools. even after renaming, i had a lot of problems. MBAM would not open at first, then would partially install, then finally said it completed its installation, started to update... Read more

Answer:google update problem, google search redirect, can't install malware removal tools, stopzilla(?) reported infected by UACd,...

i might've misunderstood the DDS instructions on the tutorial on how to post about these things. i looked at a couple of other posts where people have posted their hijackthis logs. here's mine:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:57:42 PM, on 4/1/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16791)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\ctfmon.exeC:\Program Files\SiteAdvisor\6261\SiteAdv.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exeC:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\program files\common files\mcafee\mna\mcnasvc.... Read more

5 more replies
Relevance 73.39%

I've followed the suggested methods for removing malware and viruses. Had vundo and a bunch of other junk. Analyzed hjt and removed everything per the hjt guide. I've attached mg log file for further suggestions. Thank you in advance for the help.
 

Answer:run removal tools / combofix - Logs for analysis help please

Hi v2ladimyr,
Welcome to Major Geeks!

Please attach the other logs requested in the READ & RUN ME FIRST. You're missing the logs for Combofix, MalwareBytes and SuperAntiSpyware.

Thanks.
abri
 

7 more replies
Relevance 72.98%

Two new malware removal tools by PC Tools just appeared on Softpedia today.
PC Tools Threat Removal Tool 2012

Fight back against malware.
PC Tools Threat Removal Tool is a handy and reliable utility designed to scan your computer for threats and remove them.

This Threat Removal Tool is designed to fight malicious code that has been known to prevent PC Tools' antivirus software from being installed. It performs a quick system scan in order to identify and neutralize the most common malware families that block, prevent, or terminate PC Tools' security software installers.

To ensure that the malware is completely eliminated, PC Tools Threat Removal Tool deletes the infected files and the registry values added by malware.

Requirements:

· Administrative rights
· If you are running Windows Me/XP, turn off System Restore.

Download
PC Tools ISO Burner 2012 1.0

Get the ability to access and delete persistent malware.
Safely remove malware from your computer with PC Tools ISO Burner. This is an advanced bootable antivirus tool that provides users with the ability to access and delete persistent malware.

When malware infects a computer, it gains control of many components that are key to the system's operations, making it very difficult to remove. Malware can use some of these system components to hide itself and prevent other software from detecting and removing it.

If you can't install or run a security application in the first place, then how a... Read more

Answer:PC Tools Releases New Malware Removal Tools

Ok what files are in the zip when you download it?
All I get is pcttFixTool.dll, no exe???
 

7 more replies
Relevance 69.7%

I have scanned with AVG with the latest updates. On top of that insidious google redirect I get random pop ups even when I don't already have IE or Firefox running. Also getting sounds in the background like I'm clicking on a link, surfing the net when I'm not. And SYSTEM in task manager is hogging a ton of memory.Logfile of Trend Micro HijackThis v2.0.4Scan saved at 11:52:42 PM, on 8/7/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\AVG\AVG9\avgwdsvc.exeC:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exeC:\... Read more

Answer:persistent malware undetected by virus scans and malware removal tools

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.We need to create an OTL report,Please download OT... Read more

2 more replies
Relevance 69.29%

Since the ComboFix will not run on Vista or Windows 7 64-bit, I have to look for new malware/virus removal apps... It was good while it lasted. So what tools do people use for Vista these days when the computer says: "WARNING! YOURS COMPUTER IS AN INFECTED BY HARMFUL VIRUS!!!!"

Answer:64-Bit Virus Removal & Malware Removal Tools?

64-bit Anti-Virus:List of 64-bit Anti-Virus For VistaAnti-virus protection in 64-bit environmentsFree Anti-virus:avast! Free Antivirus Avira AntiVir Personal - Free AntivirusAVG Anti-Virus Free Edition 8.5Microsoft Security EssentialsPanda Cloud AntivirusKingsoft Free Antivirus (Cloud Scan)Paid for Anti-virus:NOD32 Anti-Virus PersonalMcAfee AntiVirus PlusTrend Micro AntiVirus plus AntiSpywareNorman Antivirus & AntispywareCA Anti-Virus Plus Anti-Spyware64-bit Anti-Malware tools:Malwarebytes Anti-MalwareSUPERAntiSpywareKaspersky Virus Removal Tool - How to install and use documentationSpyware TerminatorWindows Defender (64-bit)PrevxSpybot S&DAd-AwareNorman Malware CleanerSunbelt Counterspy (free Trial)Comodo BOClean Anti-MalwareSophos Anti-rootkitSanityCheck Advanced Rootkit and Malware DetectorESET Online Antiivirus ScannerESET SysInspectorAnVir Task Manager FreeWinPatrolStart with these:How to use Malwarebytes' Anti-Malware to scan and remove malware from your computerHow to use SUPERAntiSpyware to scan and remove malware from your computer

3 more replies
Relevance 68.88%

Hi,
Included are the logs from both HJT and MBAM.

I've gotten my WoW Acc hijacked the other day, and I followed the steps in this guide down to the last step, this being it. http://forums.wow-europe.com/thread.html?topicId=5383442401&sid=1

I've come to think that my system now is clean. And so I wish only for you to look at the logs and tell me is there's anything I've missed. Being fairly advanced in the world that is computers I should be able to be guided through most steps needed, if any.

Other than getting my acc stolen, I've not seen any other actions or behaviours that would be suspicious, so these logs should be a cakewalk to look at.

If there's anything you need to know, I will try to answer them ASAP.

Thanks ever so much for providing this service!
Sincerely
Johan Daxberg
 

More replies
Relevance 68.88%

Hi. I am trying to diagnose a problematic laptop for a friend. I don't know the details of what happened to cause the problems. The main problem I can detect is that the laptop is EXTREMELY slow. It seems like anything I try has a delayed response (even a simple mouse click). I followed the Malware Removal Guide, but was only able to run two of the five suggested tools as follows:

1) SUPERAntiSpyware - I ran this after manually updating the definition files on the version already installed and the scan found nothing.

2) Malwarebytes Anti-Malware - I was not able to update the definition files for the current version installed. After several attempts to uninstall this (via the Control Panel), I was able to do it via CCleaner. However, I was not able to re-install a more recent version due to problems with the Windows Installer service. After uninstalling an outdated version of Java (Update 14) via the Control Panel, I have not been able to install/uninstall any more programs.

2) combofix.exe - not compatible with 64-bit OS

3) RootRepeal - did not run on 64-bit OS

4) MGtools - did run; kept getting errors, but continued to completion

Attached are the SUPERAntiSpyware and MGTools logs:
 

Answer:Possible Malware preventing me from running malware removal tools

I am not seeing any malware in those logs. I do not know why MalwareBytes would not run, are you able to run it in safe mode? How does the PC behave when you use safe mode?

More than likely I think I will be sending you off to the software forum.

We can do this:

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:



O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - (no file)
O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - (no file)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - (no file)
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - (no file)
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsM... Read more

5 more replies
Relevance 68.88%

Hi, i got infected because i was triying to run malwarebytes and it skip the part of analising the files, it ended in arount 1 minute in a full scan, and i tried to download dr web cure it, and it dont allow me, the computer seems fine, but those things are very strange, and when i was running the scan i was in safe mode...
 
thanks for the help

Answer:Malware infected, malware removal tools useless

Greetings samidelcueva and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.If you would allow me to call you by your first name I would prefer to do that.===================================================Ground Rules:First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter pro... Read more

0 more replies
Relevance 67.65%

Hi. Thanks for this. I need to first tell you that I don't even know how to generate the logs everyone posts here for troubleshooting. I'm sorry. Maybe someone could tell me how, then I will.

Because my laptop wouldn't even boot to the O/S last week, DELL's tech support helped me move files, reformat and reinstall the OS. I reinstalled McAfee. A security tool warning popped up. I knew it was rogue; I came here and got rid of using mbam and process explorer - very easy. Or I thought I did. On my daughter's desktop this morning, there were 3 porn shortcut links ON HER DESKTOP!!!! There was also a link to "Active Security" - trying to figure out wtf this was it turns out it was another rogue. Awesome. It at least had an uninstall on Add/Remove programs... but obviously it is not gone, if that is even the cause of all this... Thinking MBAM would be a logical quick fix, I figured I would try that. My Mbam won't load - I have reinstalled and it - it reinstalls and then when I try to quicksccan it says I don't have permissions and then I can't even open it again. I can reinstall, then it is hijacked when I try to scan. My McAfee won't scan either so both are being hijacked and I also am having the same browser redirects as others when clicking on sites from search results. McAfee can't even fix itself. In safemode, McAfee tells me the truth at least that it is not working (in regular mode it poses like everything is... Read more

Answer:Ugh - Malware Removal Tools Disbled by Malware

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

1 more replies
Relevance 67.65%

Hi all, 
 
Recently on Chrome browsing on a site a received a web site popup saying "Your browser contains MALWARE. You have to install Chrome Malware Removal Tool". Confirming with OK opens an extension page:
 
https://chrome.google.com/webstore/detail/chrome-malware-removal-to/mbdoonnjlifcmakklcaembokjhjikank
 
I have a strong suspect this is a malware!!!
 
What I'm trying to understand if what kind of malware infected the web site I visited. Some technical specs could be useful . The web site is of a my friend and I'd like to help them to identify the malware infected their web site...
 
 

More replies
Relevance 67.65%

I am trying to follow clean up procedures, http://forums.majorgeeks.com/showthread.php?t=35407 and have 2 questions;
1. when I run Microsoft Windows Malicious Software removal tool, does it clean/fix automatically or do I have to click on something? I tried to go to the help section and I get "page cannot be displayed".
2. when I run Spybot Search & Destroy, I click immunize but i don't see S&D helper.

ty
 

Answer:Using malware removal tools

1. Just run teh tool there is nothig else you have to do.

2. When you Immunize; Spybot is making changes to the Registry.
 

3 more replies
Relevance 67.65%

Hello All,
I have tried all possible tools
SpySweeper,Kaspersky,Spypot,Spyware Doctor,Adaware
SuperAntiSpyware,MalwareBytes,CCleaner,RogueRemover

I think its the virtumonde...The thing is I have a couple of registry entries pointing to Dlls that do not exist but even if i remove them they keep coming back.I have tried booting into safe mode and deleting them but it does not help.I am posting my HijackThis log.I have disabled system restore as well

I keep getting random Ad-Websites and messages that my computer has been affected.

I have highlighted the susicious registry entries.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:56:00 PM, on 03-Dec-08
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system3... Read more

More replies
Relevance 67.65%

I ran through as much of the readme as I could, but only MGtools worked. Please look at the attached logs and advise me on what to do next. Thanks.
 

Answer:Can't run malware removal tools

Welcome to Major Geeks!

Your log shows that you were in safe boot mode. You should be in normal boot mode unless that is not possible and you did not say you could not boot in normal mode.

A few of your Windows system files (ndis.sys and beep.sys) are infected and will need to be replaced by clean copies. It will be much easier to do this once we can get ComboFix to work. So let's start with the below fix and see if we can get other tools to run afterwards.


Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

F2 - REG:system.ini: UserInit=userinit.exe
O4 - Startup: zqosys32.exe
O23 - Service: Dhcp server (DhcpSrv) - Unknown owner - C:\WINDOWS\dhcp\svchost.exe (file missing)

After clicking Fix, exit HJT.

Now copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.




REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,"Click to expand...

Make sure that you tell me if you receive a success message abou... Read more

1 more replies
Relevance 67.65%

Hello all,

This is my second go-round through your instructions. The first in 04/2009 was successful. Presently, I cannot get any recommended tools to run --even if I rename an exe. I cannot locate the exe for Malwarebytes; I get an "exception unknown software exception (0xc0000409) occurred in application at location 0x77f7c60b" error message when attempting to open SuperAntiSpyWare. I attempted both in system mode and normal mode. (I have run them successfully in the past.) I see the Security Tool shortcut on my desktop and I bet its the culprit.

I am attaching two logs below. Your help is very appreciated.
Dawna G.
 

Answer:Malware removal tools won't run

Welcome to Major Geeks!

You MGlogs.zip file is not as useful as we need for two main reasons:

You don't have the current version. You are 7 months out of date.
You ran it in safe boot mode and normal boot mode is the preferred method.
Is all of the software you have that far out of date?

I will give you something to try below but the malware may have additional things hiding that we cannot see with this outdated version of MGtools.



Uninstall the below old versions of Java:
Java(TM) 6 Update 13

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: Browser Helper Object - {AFD4AD01-58C1-47DB-A404-FBE00A6C5486} - C:\Program Files\Shared\_lib.dll
O4 - HKLM\..\Run: [tijidekel] Rundll32.exe "c:\windows\system32\jetebemi.dll",a
O4 - HKUS\S-1-5-19\..\Run: [wadahetuju] Rundll32.exe "C:\WINDOWS\system32\yikujode.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [wadahetuju] Rundll32.exe "C:\WINDOWS\system32\yikujode.dll",s (User 'NETWORK SERVICE')
O20 - AppInit_DLLs: c:\windows\system32\jisasiti.dll C:\WINDOWS\system32\gitoribo.dll c:\windows\system32\juduwuho.dll c:\windows\system32\jetebemi.dll,mapopabe.dll
O21 ... Read more

7 more replies
Relevance 67.65%

Hi Guys,

Thanks for a great website, and many good tools you have put together.

I have a problem getting rid of what I think is Spyware on my wife's laptop.

She is currently unable to do Google searches properly, and all results seem to end in being re-directed to a 'Coupon Mountain' website, we can browse to some websites manually, but all those of the major malware removal companies (including yours) just result in the standard IE website unavailable error message.

I have tried downloading all the tools in your READ AND RUN ME FIRST section to a CD, and then copying them to the laptop to run, unfortunately none of them install (even if I change the names.)

I'm getting to the point where I'm considering a repair install, but would like to know if there's anything else I can do to get things fixed without such drastic action.

TIA

Neil
 

Answer:Can't Run Malware Removal Tools.

Welcome to Major Geeks!


Please follow the instructions in the READ & RUN ME FIRST link given futher down and attach the requested logs when you finish these instructions.
If you have problems where no tools seem to run, please try following the steps given in the below and then continue on no matter what you find. You only need to try the TDSSserv steps if having problems getting scans in the Read & Run Me First.

TDSSserv Non-Plug & Play Driver Disable

If something does not run, write down the info to explain to us later but keep on going.
Do not assume that because one step does not work that they all will not.
READ & RUN ME FIRST. Malware Removal Guide


Helpful Notes:

If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode. You can run steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware, Malwarebytes and Spybot ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
To avoid addtional delay in gettin... Read more

1 more replies
Relevance 67.65%

Hi Geeks,
I'm pretty sure I have a malware issue on my PC. I can't access any security websites, like malwarebytes.org and more. In fact, I am surprised I can access the Geeks website! I can download removal tools, but they won't run and I've tried quite a few.. I can't boot into safe mode -The dreaded Windows blue screen error message comes up-"Windows has detected a problem and needs to shut down". I followed your "Read me first" and did everything I could, including remove the old Java versions. When I tried to install Java again, it said the program is not digitally signed and shut down. This has happened a few times with other installs as well. My browsers shut down frequently on their own as well. Ihave a recent hijack this log, but not sure whether to attach it or not, as it was mentioned it may be filtered as spam. Anyway, hope you can suggest something. Thanks!
Bobby
 

Answer:malware won't let me run any removal tools and more

If you can't boot into safe mode and normal mode will not allow you to run any of the scans, there isn't much we can do to help you. Have you tried running all the requested scans? Have you tried renaming them as per the Read and Run First instructions? Will MGTools.exe not run?

You can try using a different computer to create this disc and then boot to it with the infected machine. ( You will need to first go into the bios and change the boot up order to make the cd drive the first boot device.)

Kaspersky Rescue Disk.
 

11 more replies
Relevance 67.65%

I have aToshiba M105 laptop. I have CCleaner and Avast Home installed. I ran Avast - no issues, ran CC and Registry cleaner. I have something on this that when I do a google search will look like legitimate results but when I click on a link will send me somewhere else, usually redirect me to an ad or the info.com.I also can not access certain websites -MajorGeeks being one of them or any of the sites that contain the malware removal tools listed in the MJ procedures. Si I tried to access MJ from another computer and save the tools to a usb stick then transfer to the infected computer. Worked OK until I tried to run the various apps. SAS I get "encountered error needs to close" Spybot - "connection w/sever could not be established" Malwarebytes just wouldn't install. Don't know what to do now ---HELP!!!!!
 

Answer:Can not run MALware removal tools

For MBAM, just run it without updating.

Have you tried running the other scans in safe mode?

The Read and Run First instructions have links to manual updates for both SAS and MBAM.

Did you run the MGTools.exe? Were there any issues with that? Can you attach the C:\MGLogs.zip?
 

3 more replies
Relevance 67.24%

All browsers redirect to Yahoo and install as default search engine and remove open pages, multiple removal tools suggested tried - Malwarebytes, CC Cleaner, Registry Mechanic (keeps claiming to remove 2 items in Internet Explorer but are not removed after clean and are identified when re-run), MiniToolBox, ADW Cleaner, Junkware Removal Tool, ESET and others find dozens of threats claimed removed and not a thing changes with this redirect to Yahoo and removal of set open pages
 
Here is the DDS text log:
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer:   BrowserJavaVersion: 10.51.2
Run by BlueJeep at 10:39:42 on 2014-07-15
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.1909.638 [GMT -6:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\FileOpen\Services\FileOpenManager32.exe
C:\Windows\System32\tcpsvcs.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
C:\Program Files\IObit\Advanced SystemCare 7\Monitor.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe
C:\Window... Read more

Answer:Unknown redirect virus not cleaned by multiple removal tools

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Download the correct version of this tool for your operating system.Farbar Recovery Scan Tool (64 bit)Farbar Recovery Scan Tool (32 bit)and save it to a folder on your computer's Desktop.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.===Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.To attach a file select the "More Reply Option" and follow the instructions.Wait for further instructions.

35 more replies
Relevance 66.83%

Hello Geek Saviors

Am trying to run the Malware Removal Tools for my Acer 2012 Laptop, Windows 7, IE 11, AVG antivirus, Comodo Firewall. Have downloaded the Tools to desktop and followed the Win 7 malware removal directions. Have following problems despite lowering Internet security settings, trying with Comodo Firewall disabled (also Comodo in safe mode) with all tools software entered as safe applications, running in Windows Normal Ops:
1 - Defogger, after clicking DISABLE and YES get immediate red X message "Unable to Create Log"
2 - RogueKiller, right click "run as admin", depending on Comodo settings noted above variably got Alert Triangle "Software is Not Available" or once setup opened and started abruptly disappeared with message "Download Manager has stopped working. A problem caused the program to stop working correctly. Windows will Close and notify you if a solution is available". Tried renaming to "RK.exe" with same result.
3 - Malwarebytes - tried after RogueKiller failure, right click "run as admin", and got exact same response as for RogueKiller.

Did not try other tools. Any idea what I can do to get tools to run? Have not tried computer Safe Mode - would this help?
Thanks for any suggestions and guidance.
 

Answer:Malware Removal Tools not Opening

Yes, you can try safe mode, but be sure to first disable your AV software.
 

6 more replies
Relevance 66.83%

Help! My daughters laptop seems to be infected with browser hijacker I can't get rid of it. I can't download windows updates and all different browsers aren't working right, sending me to wrong sites and preventing download of AV and malware removal tools. Super anti spyware was installed and wouldnt work, have tried to install windows malicious software removal tool via USB but it won't install or run, have also tried to install spybot via USB but it wont install, error message when it try's to connect to download some of installation files I think. Any advice you guys can offer would be very gratefully recieved, many thanks
 

Answer:Can't install malware removal tools

Welcome to Major Geeks!





TomPo said:





and all different browsers aren't working right, sending me to wrong sites and preventing download of AV and malware removal tools.Click to expand...

Has a proxy server been inserted in the browser? See the below:

Proxy Server - Changing Settings



TomPo said:





Super anti spyware was installed and wouldnt work,Click to expand...

You need to be more specific. Exactly what happens.





TomPo said:





have tried to install windows malicious software removal tool via USB but it won't install or run,Click to expand...

Exactly what happens? Any error messages.

Have you tried to install and run tools in safe boot mode as suggested in our cleaning procedures?





TomPo said:





have also tried to install spybot via USBClick to expand...

Waste of time anyway as it is ineffective against most of todays malware.


Also try the below to see if you can get anywhere.


Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click and choose Run as Administrator


You only need to get one of them to run, not all of them. You may get warnings from y... Read more

12 more replies
Relevance 66.83%

My Windows 7 x64 machine is presenting Antivirus 360 malware. I am looking for tools that will work with Windows 7. I tried combofix and some others but I am finding out they are not made for Windows 7. Please help. I am not even sure what to use to collect logs to submit here.

--M


Submitted DDS log in log submit forum but I would still like suggestions on Windows 7 compatible removal tools.

More replies
Relevance 66.83%

Running windows xp media edition on e machine. Will not run any spyware programs. Will not run HJT. Found BRAVIAX.EXE in sys 32. Ran killbox to delete. Could not delete braviax sys32.exe. Had killbox replace file with dummy file then marked read only to stop the red x
trying to sell me its programs. Tried to down load several other spyware removal programs. Get message Access Denied no matter what.
Browser has been taken over by redirect program. HELP! WARNING I am NOT computer literate.

Answer:Nasty Malware. Can't run any removal tools.

Hello fxstc1340 and to BleepingComputer.WARNING I am NOT computer literate.Not a problem. If you don't understand something, feel free to ask questions and I'll explain it better. The same holds true for any helper you work with here.Now. . . let's see what we're looking at here.Please install RootRepealNote: Vista users ,, right click on desktop icon and select "Run as Administrator."Direct Download (Recommended)Primary MirrorSecondary MirrorSecondary MirrorSecondary MirrorZip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)
Primary MirrorSecondary MirrorSecondary MirrorRar Mirrors - Only if you know what a RAR is and can extract it.
Primary MirrorSecondary MirrorSecondary MirrorDisconnect from the Internet or physically unplug your Internet cable connection.Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver. Temporarily disable your anti-virus and real-time anti-spyware protection.After starting the scan, do not use the computer until the scan has completed.When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.Extract RootRepeal.exe from the zip archive.Open on your desktop.Click the "Drivers" tab, and then click the button.Allow RootRepeal to run a scan of your system. This may take some time.Once the scan completes, push the button. Save the... Read more

6 more replies
Relevance 66.83%

When I go to download ie:  RKILL or malwarebytes they do not download.  I am running firefox.  I have tried explorer.  I have an HP windows XP. 

Answer:cannot download any malware removal tools

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/518053 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

2 more replies
Relevance 66.83%

can anyone tell me if there ar any bootable malware removal programs other than avg

thanks in advance

ray

Answer:bootable malware removal tools

Here are a couple:http://www.free-av.com/en/products/12/avir...cue_system.htmlhttp://www.freedrweb.com/livecd/

2 more replies
Relevance 66.83%

I am getting an error "unable to connect to the proxy server" while opening chrome, firefox or IE.
 
I have unchecked the proxy setting and it still reverts back when I try to open a browser.
 
I am pasting the results from the mini tool box. below -
 
I also ran  ADW Cleaner , TDSSkiller and malwarebytes.
 
 
 
 
 
MiniToolBox by Farbar  Version: 30-11-2014
Ran by jints1234 (administrator) on 02-02-2015 at 23:43:08
Running from "D:\adware"
Microsoft Windows 8  (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
 
 
 
========================= IP Configuration: ================================
 
Qualcomm Atheros AR9485 Wireless Network Adapter = Wi-Fi (Connected)
Realtek PCIe GBE Family Controller = Ethernet (Media disconnected)
 
 
# -----... Read more

Answer:tried several malware removal tools and still cant connect

Sorry, not at home, report's too long to read -- what firewall, anti-virus, anti-malware are you using?  One thing I can recommend is you "sneaker-net" [via usb stsick or CD/DVD] Tweaking.com's Windows Repair (All in One), install & run it.  Accept defaults checkmarks, add #26 & 27 [if memory serves me], ones that indicate normalizing Windows operations.

2 more replies
Relevance 66.83%

I can't download anything at all and I suspect it is a malware issue. And yes, I've tried removing firewalls, anti-virus, pop-up blocker, etc...
If i try to download something on firefox i get this message: "C:\Documents and Settings\HP_Administrator\Desktop\XXXXXXX could not be saved, because you cannot change the contents of that folder.
Change the folder properties and try again, or try saving in a different location."

If I try to download something on IE i get this: "The requested site is either unavailable or can not be found.Please try again later "

Some symptoms that might be unrelated, I tried running a disk check, but it stops at step 2/3, and an old malware that i deleted left autorun, but i got rid of that as well.

I would download malwarebytes or something to try and get rid of the problem, but i can't :\
 

Answer:Can't even download malware removal tools

Welcome to Major Geeks!

Please read ALL of this message including the notes before doing anything.

Pleases follow the instructions in the below link:

READ & RUN ME FIRST. Malware Removal Guide
and attach the requested logs when you finish these instructions.
**** If something does not run, write down the info to explain to us later but keep on going. ****
Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.

After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:

If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware and Malwarebytes ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
If you cannot seem to login to an infected user account, try using a differe... Read more

3 more replies
Relevance 66.42%

Hey there,

I'm working on my dad's computer and am having a helluva time trying to fix whatever is wrong with it.

Its not letting me run and malware programs. For example, if I run Malwarebytes (or TDSSkiller, Spybot, GMER) I get: Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item. I am logged in as Admin and get the same result if I right click > run as admin.

I was able to get DDS to run and heres the log:
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_20
Run by <removed> at 8:21:53 on 2011-07-28
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.2557.1192 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
"\\.\globalroot\Device\svchost.exe\svchost.exe"
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Window... Read more

Answer:Redirect and Unable to run malware tools

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resouce! To tell me this, please click on http://www.bleepingcomputer.com/logreply/411710 and follow the instructions there. If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following inf... Read more

30 more replies
Relevance 66.01%

Thanks much; my machine is better than it's been in months.
Where I posted my logs, I was instructed to post here. See the bottom of this note for more.

Still unable to use FrontPage to access my webhost. Created a support ticket. They were unable to recreate the problem.
Had attacks handled by Zone Alarm today from _restore.

So after you guys / gals check these, I'll be glad to toggle restore. Waiting to see if further action is indicated. Salamata, danke, arigato gozaimasu, THANKS!
peteschulte

SUPERAntiSpywareScanLog-05-17-2009-13-10-49.log:
You have already attached this file in thread : First Hello & activation resend request
mbam-log-2009-05-17 (14-06-17).txt:
You have already attached this file in thread : First Hello & activation resend request
ComboFix.txt:
You have already attached this file in thread : First Hello & activation resend request
MGlogs.zip:
You have already attached this file in thread : First Hello & activation resend request

Looking forward to your reply in my email Inbox. Thank you so much for your work!


Wow I am really grateful to you all for this process.

Afterward, today I was able to get a Zone Alarm update for the first time since December. My computer now shuts down and starts normally, with the boot up time cut in half. I consider it fixed. Before, there were a number of errors in boot up -- such as the system couldn't find my profile (desktop icons) -- which have been corr... Read more

Answer:the 4 logs after malware removal

Welcome to Major Geeks!

You are in pretty good shape now after running the cleaning procedure. We just have a few additional things to do.

Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Uninstall the below old versions of software which are very ineffective and you are much better off with SUPERAntiSpyware and Malwarevytes that we had you install:
Ad-Aware 2007
Ad-Aware SE Personal


Now we need to use ComboFix again.

Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
If it is not on your Desktop, the below will not work.

Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
Open Notepad and copy/paste the text in the below quote box into it:




KILLALL::

File::
C:\el6jaeh0.sys
c:\windows\system32\kdymu.exe

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"c:\windows\system32\kdymu.exe"=-
"Adobe Reader Speed Launcher"=-
"QuickTime Task"=-Click to expand...


Save the above as CFscript.txt and ... Read more

8 more replies
Relevance 66.01%

Im doing this for somebody.when i shut down the computer it installed 102 windows updates.Can malware block updates from installing.Is there anything i need to do that you can see from the logs?
 

Answer:malware removal logs

Yes, malware can block updates.

Rerun Hitman and have it remove everything it finds. Reboot and rescan with Hitman and attack the log.

Also, please tell me what malware issues you are having.
 

5 more replies
Relevance 66.01%

So I just decided that it was time for me to check my computer. I just built a new desktop and I want to clean my laptop because I am quite sure that it has some malware/viruses. I run Windows Vista 32-bit. I don't have any "flashy" problem (besides slowing down of the computers) but I believe that I have some that are monitoring my internet use. And I believe this has been going on for 6+ months but I was too lazy to do anything about it. But my credit card was recently hacked into. So I ran all the Steps that you guys suggested and I am attaching the logs of what I found. Furthermore, I ran some other diagnostic tool and it returned that there was a problem with my ftp, tftp and sfc_os.dll. I did some research and found that some sdbot worms use those files to monitor the internet use. I believe that is the case because any wireless network I sign into, when I check, it shows that it is signed in as "NetworkName 2" and it takes a long time to identify. I ran all the tools and all the steps (up to 4) that you guys suggested and I did not have any problem in terms of getting the programs to run. Can someone take a look at the logs and tell me what they think?
Thanks a lot for your help.

The other option is to reinstall the OS but I would like to avoid. Thanks a lot for your help.
 

Answer:Malware Removal Logs. Please help

Hi and welcome to Major Geeks, ksbutega!

Please also attach the log from running MalwareBytes' Anti-Malware.
 

5 more replies
Relevance 66.01%

here is the SuperAntispyware logSUPERAntiSpyware Scan Loghttp://www.superantispyware.comGenerated 09/11/2010 at 02:36 AMApplication Version : 4.42.1000Core Rules Database Version : 5488Trace Rules Database Version: 3300Scan type       : Complete ScanTotal Scan Time : 06:57:49Memory items scanned      : 839Memory threats detected   : 6Registry items scanned    : 7825Registry threats detected : 1239File items scanned        : 163914File threats detected     : 189Adware.MyWebSearch   C:\PROGRAM FILES\MYWEBSEARCH\BAR\2.BIN\F3HKSTUB.DLL   C:\PROGRAM FILES\MYWEBSEARCH\BAR\2.BIN\F3HKSTUB.DLL   C:\PROGRAM FILES\MYWEBSEARCH\BAR\2.BIN\MWSOESTB.DLL   C:\PROGRAM FILES\MYWEBSEARCH\BAR\2.BIN\MWSOESTB.DLL   C:\PROGRAM FILES\MYWEBSEARCH\BAR\2.BIN\MWSSRCAS.DLL   C:\PROGRAM FILES\MYWEBSEARCH\BAR\2.BIN\MWSSRCAS.DLL   C:\PROGRAM FILES\MYWEBSEARCH\BAR\2.BIN\MWSOEMON.EXE   C:\PROGRAM FILES\MYWEBSEARCH\BAR\2.BIN\MWSOEMON.EXE   C:\PROGRAM FILES\MYWEBSEARCH\BAR\2.BIN\M3SRCHMN.EXE   C:\PROGRAM FILES\MYWEBSEARCH\BAR\2.BIN\M3SRCHMN.EXE   [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\BAR\2.BIN\MWSOEMON.EXE   C:\PROGRA~1\MYWEBS~1\BAR\2.BIN\MWSOEMON.EXE   [My Web Search Bar Search Scope Monitor] C:\PROGRA~1\MYWEBS~1\BAR\2.BI... Read more

Answer:Malware removal logs

OTL Extras logfile created on: 9/22/2010 7:50:13 PM - Run 1OTL by OldTimer - Version 3.2.14.1     Folder = C:\Users\Macey\DownloadsWindows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18943)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 63.00% Memory free6.00 Gb Paging File | 5.00 Gb Available in Paging File | 76.00% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program FilesDrive C: | 149.01 Gb Total Space | 87.93 Gb Free Space | 59.01% Space Free | Partition Type: NTFSD: Drive not present or media not loadedE: Drive not present or media not loadedF: Drive not present or media not loadedG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loaded Computer Name: MACEY-PCCurrent User Name: MaceyLogged in as Administrator. Current Boot Mode: NormalScan Mode: Current userCompany Name Whitelist: OffSkip Microsoft Files: OffFile Age = 30 DaysOutput = Minimal ========== Extra Registry (SafeList) ==========  ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation).hlp [@ = hlpfile] -- C... Read more

2 more replies
Relevance 66.01%

my computer seems to be very slow. i done the items listed for the slow pc on the read and run page, then i completed the read and run first scans , and here are my log results.
thanks
 

Answer:help with malware removal logs

Not seeing any malware in those logs. Merry Christmas.

If you are not having any other malware problems, it is time to do our final steps:
We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
"%userprofile%\Desktop\combofix" /uninstall
Notes: The space between the combofix" and the /uninstall, it must be there.
This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
Go back to step 4 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
Go to add/remove programs and uninstall HijackThis.
Goto the C:\MGtools folder and find the M... Read more

1 more replies
Relevance 66.01%

Here are my logs. So Far.

I am not really sure how o run the ComboFix using vista. I can get to the Comand Prompt window, I do not know what to do from there. I can get to it with and without the DVD.. i read my manual that came with my computer which told me to press f12 after BIOS.
 

Answer:Malware Removal Logs.. where should I go from here.

Sorry I didnt finish. The problem that I am having is that I keep fake AntiVirus scans that say that my computer is infected...blah blah blah. My wallpaper on my computer changed to first a porno picture.. and then when I restarted again to blue background with a "VIRUS VIRUS" box as the picture. This all stopped after I ran the tests, which was yesterday.. now today when searching the web when I click on anything it clicks the link 5 times. Plus the computer is running much slower than it used to, and everytime I run my trend micro virus scan it comes up with 14-35 infected files.
 

8 more replies
Relevance 66.01%

hi there,

long time lurker, first time poster!

i read the sticky about logging everything first and THEN posting, so i've attached all my logs after following the instructions to the letter.

someone got a little crazy downloading torrent files and now i have trojans and other nasties.

system is a barebones that i built, WIN XP SP2, 2GB RAM, 2.8GHz Celeron, ASUS Mobo, 40GB HDD (boot drive) and 200GB secondary drive, partitioned as E:, F:, G:.

i have plenty of computer experience (building, reg-editing, etc.) and i think i know most of what needs to be done, but i don't know everything... so that's where you guys come in!

please have a look and let me know what you would do (besides not downloading torrent files! LOL)

thanks in advance
FM
 

Answer:please take a look at my logs... malware removal

here are the other 2 logs

thanks!
FM
 

14 more replies
Relevance 66.01%

Hello, we had malware on our computer as our background was changed and the virus scan alerted us of a few viruses such as generic fakealert.b and jokebluesceen. I followed all the steps and am now posting the logs.

thanks for the help

ps. the clock is still in 24 hour time, what should i do about this.
 

Answer:Malware removal logs

here is my fourth log.
 

2 more replies
Relevance 66.01%

I am hoping you can help us clean this computer of Vundo and any other malware. I have followed your steps below and attached the logs. I have also summarized what we did before finding your forum. Thank you so much for any help you can offer!


SYSTEM
Dell Dimension desktop
XP Home and Service Pack 3

SYMPTOMS
Constant pop-ups; inability to complete purchases online; printing problems.


WHAT WE DID BEFORE FINDING YOUR FORUM
We ran McAfee, Superantispyware, and Malwarebytes before finding this forum. I did not save the initial logs.

Briefly, the initial Superantispyware scan found about 20 to 30 files labeled Vundo Variant and Vundo Variant-T (I think). Upon reboot after cleaning, we got an error message saying that the zesupoma.dll file was missing.

Malwarebytes also found a few infected files, but I can't remember if they were labeled Vundo or not; we cleaned the system too quickly.

We also rescanned everything before finding your forum. A new Malwarebytes scan was clean, but Superantispyware still reported about 6 Vundo Variant files. We could not boot into safe mode. The third scan on all three scanners was clean, but we still could not boot into safe mode. After this, we found your forum and followed your procedures.



RESULTS AFTER FOLLOWING YOUR PROCEDURES

All logs are attached. Briefly, results were as follows:

Superantispyware: clean

Malwarebytes: clean

Combofix: deleted 3 files
c:\windows\system32... Read more

Answer:Please help with Malware Removal Logs

Here are the additional two logs. Thank you!
 

9 more replies
Relevance 66.01%

Hello,After the malware removal everything seems to be working better. Could someone spare some time to review my logs and make sure im clean? Thanks!

P.S. i don't know if the files attached properly so i'll try again if they didnt.
P.P.S. Yeah, they did. are they the right ones?
 

Answer:Malware removal logs

Your logs look pretty good. Let's have you do this:

Use windows explorer to find and delete:
c:\windows\system32\fqvslksoutxuozr.exe
c:\windows\system32\nujolala

Please use add/remove programs to uninstall:
J2SE Runtime Environment 5.0 Update 9"
Java 2 Runtime Environment, SE v1.4.2"
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 3"
Java(TM) 6 Update 6"
Java(TM) SE Runtime Environment 6 Update 1

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

Then attach the below logs:
* C:\MGlogs.zip
 

4 more replies
Relevance 66.01%

I am a Youtuber & heres a 42sec clip of me detailing my exact problem with my computer here:

http://youtu.be/a850VGb1-98

I believe it could be malware related because I did some full scans last night, and ALOT of infected stuff got removed. But I still have the distorted audio problem so I wanted to know if you could look at my attached logs, and let me know if my current audio problem is malware related somehow, or is my system clean?

My system:
Microsoft windows xp
home edition
version 2002
service pack 3

mobile AMD sempron(tm)
processor 3600+
1.99GHz, 896MB of RAM
 

Answer:Malware Removal logs here....

Hi & welcome.

Yes, let's cover all bases and have you run these procedures.

READ & RUN ME FIRST - Malware Removal Guide
 

13 more replies
Relevance 66.01%

Referred from here: http://www.bleepingcomputer.com/forums/topic382491.html ~ OBhere is the DDS log.DDS (Ver_11-03-05.01) - NTFSx86 Run by Marteezy at 20:26:57.56 on Sun 03/06/2011internet explorer: 8.0.6001.18702browserjavaversion: 1.6.0_18Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.895.405 [GMT -8:00].AV: Kaspersky Anti-Virus *Disabled/Outdated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}FW: Kaspersky Anti-Virus *Disabled* .============== Running Processes ===============.C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exec:\program files\idt\v114_ecs_d_6207.2v7_6099.8xp_g2.0v_rc_sdc\wdm\STacSV.exesvchost.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\svchost.exe -k hpdevmgmtC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\system32\WgaTray.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exeC:\WINDOWS\System32\svchost.exe -k HPZ12C:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\System32\svchost.exe -k HPZ12C:\WIN... Read more

Answer:Malware removal logs

Here is the GMER log

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Marteezy at 20:26:57.56 on Sun 03/06/2011
internet explorer: 8.0.6001.18702
browserjavaversion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.895.405 [GMT -8:00]
.
AV: Kaspersky Anti-Virus *Disabled/Outdated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Anti-Virus *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\idt\v114_ecs_d_6207.2v7_6099.8xp_g2.0v_rc_sdc\wdm\STacSV.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k imgsvc
... Read more

8 more replies
Relevance 66.01%

I did all the steps in the "Read & Run Me First. Malware Removal Guide", and now I have a bunch of logs which I A)don't know how to read, and B) don't know what to do next. I know that I was infected with the WebHancer infection, and want to make sure that my computer is free.

Like I said before, i ran all the necessary scans and have the logs to submit. I need to know which logs you need to see. After you take a look at the logs you need, i would also like to know how to correctly remove, if needed, MGtools & combo-fix application that I have in my C: drive.

Speaking of which, after running combo-fix I was told that the clock would be set back to 12-hour time, however, I had to change this manually.

The first logs in which I will upload go in order of the scans that I ran.

1)SuperAntiSpyware log
2)Malwarebytes Anti-Malware log
3)Combo-Fix log
 

Answer:Need Help with Malware Removal logs

here are the first MGlogs
 

5 more replies
Relevance 66.01%

I have used HJT in the past, so I returned to the website when I ran into some issues with a machine at work. First signs were pop-ups, then when I googled a word and clicked on a result the link would not go where directed but to an advertisement. I followed all of the steps on the malware removal guide by chaslang, and here are my logs. I will reply to load the fourth log from mgtools.
 

Answer:Malware Removal Logs

MGlogs zip
 

2 more replies
Relevance 66.01%

Hi, i have run the read me first.. and run all fo the programmes,

i have attatched my logs below, any help would be appreciated as to whether my computer is running ok and virus free or not, thanks
 

Answer:Malware removal logs

the other is
 

5 more replies
Relevance 66.01%

Tried to set a password for my admin account, was informed that Windows wouldn't let me, followed by seeing a password applied to my admin account that I didn't set...

Followed your procedure....
A couple of things....

Had problems in Nov; ran thru your removal process, $AVG seems to havethe problem, couldn't remove files... got them removed, 'password' disappeared from the admin file, I thought all was well.

today, was told by combo fix that AVG was still running....

combofix - ran x3 - 1st time - got a message from my aviva (which came back on after the reboot), that it had found an infected file- the EICAR Test-Signature Virus
Virus: Eicar-Test-Signature
Type: Test file
In the wild: No
Reported Infections: Low
Distribution Potential: Low
Damage Potential: Low
Static file: Yes
File size: 68 Bytes
MD5 checksum: 44d88612fea8a8f36de82e1278abb02

2nd run... got a PEV.EXE error.... error info didn't stay on screen long enough for me to catch it all

3rd run - got the "infected" EICAR-TEST-SIGNATURE message again...

attached here are SAS log, MBAM Log, and first run combofix log
(2nd run with PEV.EXE error did not create log)
 

Answer:Help! My Malware Removal logs

Re: Help! My Malware Removal logs - PART TWO

the continuing saga....
attached:
Combofix Log number 2 (from 3rd running of Combofix)
Root Repeal Log
MGtools Log
 

6 more replies
Relevance 66.01%

DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by user at 16:43:19.89 on Fri 12/24/2010
Internet Explorer: 8.0.7137.0
Microsoft Windows 7 Ultimate 6.1.7137.0.1252.1.1033.18.1014.86 [GMT -5:00]

AV: Microsoft Security Essentials *Disabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
AV: Panda Cloud Antivirus *Disabled/Updated* {86971480-9989-6750-B122-681A86518D59}
SP: Microsoft Security Essentials *Disabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Panda Cloud Antivirus *Disabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program File... Read more

Answer:Malware Removal Logs

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

2 more replies
Relevance 66.01%

I have went through the read and run me, and logs are attached. I am attempting to clean my nephews computer. From what I learned from him was, He came home from work Wed 12/11/08, and got on the computer, but he didn't say what and where he went. Then he went to bed and when he woke up, he went back to computer to find it had no taskbar, no icons, couldn't get anything to run. Had to ctrl Alt Delete, then search for running anything, some things didn't run, like control panel and system restore. I was able to get on the internet and download SAS and ran it under safe mode and was able to bring back the desktop and icons. Tried removing myself, but, wasn't completely removing, then resorted to you. Thanks for your time on helping!
 

Answer:Malware removal logs.

Here are the other logs. Thanks again!
 

17 more replies
Relevance 66.01%

# AdwCleaner v3.207 - Report created 09/05/2014 at 13:21:23# Updated 05/05/2014 by Xplode# Operating System : Windows 8.1  (64 bits)# Username : Valued Customer - VALUEDCUSTOMER# Running from : C:\Users\Valued Customer\Downloads\adwcleaner(3).exe# Option : Clean***** [ Services ] ********** [ Files / Folders ] *****Folder Deleted : C:\ProgramData\ParetoLogicFolder Deleted : C:\ProgramData\PC Optimizer ProFolder Deleted : C:\ProgramData\StarAppFolder Deleted : C:\ProgramData\ssafe  saoveiFolder Deleted : C:\Program Files (x86)\LinkSwiftFolder Deleted : C:\Program Files (x86)\MyPC BackupFolder Deleted : C:\Program Files (x86)\SearchProtectFolder Deleted : C:\Users\Valued Customer\AppData\Local\Bundled software uninstallerFolder Deleted : C:\Users\Valued Customer\AppData\Local\DefineExtFolder Deleted : C:\Users\Valued Customer\AppData\Local\PackageAwareFolder Deleted : C:\Users\Valued Customer\AppData\LocalLow\ssafe  saoveiFolder Deleted : C:\Users\Valued Customer\AppData\Roaming\ParetoLogicFile Deleted : C:\ENDFile Deleted : C:\WINDOWS\System32\Tasks\SMupdate1File Deleted : C:\WINDOWS\System32\Tasks\SomotoUpdateCheckerAutoStart***** [ Shortcuts ] ********** [ Registry ] *****Key Deleted : HKLM\SOFTWARE\Classes\jZip.fileKey Deleted : HKLM\SOFTWARE\Classes\Prod.capKey Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E... Read more

Answer:First Logs for malware removal

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer. 1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.2. The fixes are specific to your problem and should only be used for this issue on this machine.3. If you don't know or understand something, please don't hesitate to ask.4. Please DO NOT run any other tools or scans while I am helping you.5. It is important that you reply to this thread. Do not start a new topic.6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.7. Absence of symptoms does not mean that everything is clear.If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line. *************************************************************************The log shows that you have two Anti-virus programs on your computer. Windows 8 comes with its own AV called Windows Defe... Read more

11 more replies
Relevance 66.01%

I have ran read me run first here are my files.
Other people have tried to clean this computer and found Rootkits and Trojan Win32 crilock.B I am not sure what they have done to this computer but the crilock or ??? is preventing files to open. Such as a pdf file. I am not sure if Malware is the problem or virus ?
Please advise
 

Answer:Malware Removal Logs PLease HELP

Hi there.

Before we continue I would like for you to use MSConfig to put this machine back into normal start up mode, if you haven't done so already.

Do you know what this file is?


C:\WINDOWS\system32\Bed Roster14.ps



Fix items using RogueKiller.

Double-click RogueKiller.exe to run. (Vista/7/8 right-click and select Run as Administrator)
When it opens, press the Scan button
Now click the Registry tab and locate these detections:


[RUN][SUSP PATH] HKCU\[...]\Run : Erura ("C:\Documents and Settings\Lisa\Local Settings\Temp\Ilza\erura.exe" [-]) -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : ulmistyn (C:\Documents and Settings\Lisa\ulmistyn.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\.DEFAULT\[...]\Run : SearchProtect (C:\Documents and Settings\UpdatusUser\Application Data\SearchProtect\bin\cltmng.exe [x]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-1123561945-854245398-725345543-1003\[...]\Run : Erura ("C:\Documents and Settings\Lisa\Local Settings\Temp\Ilza\erura.exe" [-]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-1123561945-854245398-725345543-1003\[...]\Run : ulmistyn (C:\Documents and Settings\Lisa\ulmistyn.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-18\[...]\Run : SearchProtect (C:\Documents and Settings\UpdatusUser\Application Data\SearchProtect\bin\cltmng.exe [x]) -> FOUND

Place a checkmark next to each of these items, leave the others unchecked.
Now press the Delete button.
When it is finished, there will be a l... Read more

7 more replies
Relevance 66.01%

Can someone please check out these logs and let me know what I need to do.

thanks,
 

Answer:malware logs...help with removal

Welcome to MajorGeeks.com, please follow our standard cleaning procedures:

Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support


Make sure you check version numbers and get all updates.
Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

After doing ALL of the above and you still have a problem, make sure you have booted to normal mode and run the steps in the below thread to properly use HijackThis and attach the log:

Downloading, Installing, and Running HijackThis

Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around..
When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:
CounterSpy
AVG Antispyware log - ONLY IF NEEDED you were not able to run CounterSpy
Bitdefender - from step 6
Panda Scan - from step 6
runkeys.txt - the log from GetRunKey.bat
newfiles.txt - the log from ShowNew.bat
HijackThis
NOTE: You can only attach 3 files in a single message so it will require that you use two messages to attach all of these logs!
 

1 more replies
Relevance 66.01%

Here are my logs that were requested, I do think I got rid of it but these logs will tell the truth. The RKFree program is a program I put on myself for personal reasons, helps me with passwords, and I am the only one using this machine. (Hope I got this in the right spot) And I couldn't find the ComboFix.txt to add with the logs.
 

Answer:My Logs from Malware Removal

Hi

The combofix log is usually located on your C Drive

C:\ComboFix.txt please also upload this for review
 

6 more replies
Relevance 66.01%

My pc has became very slow and unresponsive and freezes up constantly when I am on the internet. I play PWI online and now constantly is disconnecting from server. This started about a month ago. Please help if you can and thank you in advance for any help you may be able to give. I have run spybot and adaware both tell me some files cant be removed because I need to run as administrator but I am the only user and my account is set as admin?
I hope I uploaded the info as it stated if not please let me know anymore info you might need to assist me
 

Answer:Logs from malware removal how too

Your issues are not malware related. But we can clean up a few things.

Use windows explorer to find and delete:
C:\Users\eric\AppData\Roaming\Microsoft\Windows\Templates\b7ck80m8ec8vkd
C:\Users\eric\AppData\Roaming\Microsoft\Windows\Templates\s8ta14g2pp4nrg

Please download Junkware Removal Tool to your desktop.
Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Attach JRT.txt to your next message.
Now I suggest you post in the software forum for additional assistance.

Since you are not having any malware problems, it is time to do our final steps:

We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware. You can uninstall RogueKiller and HitManPro.
Go back to step 4 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
If running Vista or Win 7, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
Go to add/remove programs and unin... Read more

1 more replies
Relevance 66.01%

I just did this whole process a couple of weeks ago when I was have a lot of issues with this computer...With your help I got this pc running great just like it was supposed to...Right now I am not having any real issues but I am having some difficulties try to accessto an address on one of my domains..I had a contact manager installed to my new hosting that I cannot accesshere is that address to that directory: http://itskrl.com/eI can access home directory with no problems:  http://itskrl.comI contacted the person who I got this software from and told him that I could not access the contact manager...(Skype) he texted me back and said thathe had no problems and was able to access it and log in...He thought it might be my computer...so here I am and here are the first logsAdwCleaner--------------# AdwCleaner v3.210 - Report created 21/05/2014 at 06:43:58# Updated 19/05/2014 by Xplode# Operating System : Windows 8.1  (64 bits)# Username : Valued Customer - VALUEDCUSTOMER# Running from : C:\Users\Valued Customer\Downloads\adwcleaner_3.210.exe# Option : Clean***** [ Services ] ********** [ Files / Folders ] *****Folder Deleted : C:\ProgramData\AVG SafeGuard toolbarFolder Deleted : C:\ProgramData\AVG Secure SearchFolder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbarFolder Deleted : C:\Program Files (x86)\Common Files\AVG Secure SearchFolder Deleted : C:\Program Files\AVG SafeGuard toolbar[!] Folder Deleted : C:\Users\Valued Customer\AppData\Local\AVG SafeGuard ... Read more

Answer:First Logs for malware removal

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer. 1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.2. The fixes are specific to your problem and should only be used for this issue on this machine.3. If you don't know or understand something, please don't hesitate to ask.4. Please DO NOT run any other tools or scans while I am helping you.5. It is important that you reply to this thread. Do not start a new topic.6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.7. Absence of symptoms does not mean that everything is clear.If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line. *************************************************************************QuoteRight now I am not having any real issues but I am having some difficulties try to accessto an address on one of my ... Read more

3 more replies
Relevance 66.01%

Just doing a routine check up and looking to get someone to check my logs.

Please let me know if I've forgotten to attach anything.

Thanks everyone!
 

Answer:Ran Malware Removal / Logs

Re run Hitman and have it delete Potential Unwanted Programs.


Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ham.asksearch.com/?cfg=2-396-0-2qTng
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

After clicking Fix exit HJT.


Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.





REGEDIT4

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{DAB980A8-D9D0-453F-BCE1-D29AFE30CFB1}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}]Click to expand...

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

Things running nicely?

 

3 more replies
Relevance 66.01%

My scan results.
 

Answer:Need help with these logs Malware removal

Re: Need help with these logs Maleware removal

Welcome to MajorGeeks.com!

Did you download and run SAS and MBAM? If so, please attach the logs from those two scans.
 

7 more replies
Relevance 66.01%

....
 

Answer:Malware Removal Logs

Welcome to Major Geeks!

You installed a lot of junkware on this PC. You need to learn to say no to toolbars!

Uninstall the below programs. If you do not find them or they will not uninstall, just keep going.
IObit Apps Toolbar v8.5
uTorrentControl_v6 Toolbar
Web Protect for Windows

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista or Win 7, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

R3 - URLSearchHook: YouTubeUploaderLib.YouTubeUploaderLib - - (no file)
R3 - URLSearchHook: IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\8.5\iobitappsToolbarIE.dll
R3 - URLSearchHook: (no name) - {687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
R3 - URLSearchHook: FCToolbarURLSearchHook Class - {4d95229d-bcd1-51b4-d184-411b9857a1f4} - C:\Program Files (x86)\Bucksbee Loyalty Plugin - 100815\Helper.dll
R3 - URLSearchHook: uTorrentControl_v6 Toolbar - {96f454ea-9d38-474f-b504-56193e00c1a5} - C:\Program Files (x86)\uTorrentControl_v6\prxtbuTor.dll
O2 - BHO: IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\8.5\iobitappsToolbarIE.dll
O2 - BHO: (no name) - {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - (no file)
O2 - BHO: WebProtect - {2C... Read more

7 more replies
Relevance 66.01%

Im hoping that i did this correctly, but my computer was hit with some crazy virus, i looked online as to how to delete it, but i wasnt sure if it had gotten rid of the virus completely.  I have not had any other issues or pop ups from the virus since i followed the youtube videos direction of deleting it a few weeks ago.  the issue im having now is with my pictures.  the virus seemed to wipe out most of my pictures, however, i can still see the thubnail of each picture (although i dont get to see my actual photo, its the default jpeg or whatever) and whenever i click on a picture, i see that it still has a file size.  I try double clicking it to open it up in my photo viewer, and it just basically tells me the picture cant be found and that its in an incorrect format, which i never had a problem with before the virus.  so as of now, it looks like ive lost almost all my pictures. i am not very tech savy so any help is appreciated, i believe i attached the logs the correct way but i can also copy and paste them just in case? let me know. thanks for your help

Answer:Malware Removal Logs

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer. 1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.2. The fixes are specific to your problem and should only be used for this issue on this machine.3. If you don't know or understand something, please don't hesitate to ask.4. Please DO NOT run any other tools or scans while I am helping you.5. It is important that you reply to this thread. Do not start a new topic.6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.7. Absence of symptoms does not mean that everything is clear.If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line. *************************************************************************Please do not attach your logs unless absolutely necessary. Copy and paste them in your reply(ies)One or more of the iden... Read more

14 more replies
Relevance 66.01%

# AdwCleaner v3.207 - Report created 09/05/2014 at 13:21:23# Updated 05/05/2014 by Xplode# Operating System : Windows 8.1  (64 bits)# Username : Valued Customer - VALUEDCUSTOMER# Running from : C:\Users\Valued Customer\Downloads\adwcleaner(3).exe# Option : Clean***** [ Services ] ********** [ Files / Folders ] *****Folder Deleted : C:\ProgramData\ParetoLogicFolder Deleted : C:\ProgramData\PC Optimizer ProFolder Deleted : C:\ProgramData\StarAppFolder Deleted : C:\ProgramData\ssafe  saoveiFolder Deleted : C:\Program Files (x86)\LinkSwiftFolder Deleted : C:\Program Files (x86)\MyPC BackupFolder Deleted : C:\Program Files (x86)\SearchProtectFolder Deleted : C:\Users\Valued Customer\AppData\Local\Bundled software uninstallerFolder Deleted : C:\Users\Valued Customer\AppData\Local\DefineExtFolder Deleted : C:\Users\Valued Customer\AppData\Local\PackageAwareFolder Deleted : C:\Users\Valued Customer\AppData\LocalLow\ssafe  saoveiFolder Deleted : C:\Users\Valued Customer\AppData\Roaming\ParetoLogicFile Deleted : C:\ENDFile Deleted : C:\WINDOWS\System32\Tasks\SMupdate1File Deleted : C:\WINDOWS\System32\Tasks\SomotoUpdateCheckerAutoStart***** [ Shortcuts ] ********** [ Registry ] *****Key Deleted : HKLM\SOFTWARE\Classes\jZip.fileKey Deleted : HKLM\SOFTWARE\Classes\Prod.capKey Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E... Read more

Answer:First Logs for malware removal

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer. 1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.2. The fixes are specific to your problem and should only be used for this issue on this machine.3. If you don't know or understand something, please don't hesitate to ask.4. Please DO NOT run any other tools or scans while I am helping you.5. It is important that you reply to this thread. Do not start a new topic.6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.7. Absence of symptoms does not mean that everything is clear.If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line. *************************************************************************The log shows that you have two Anti-virus programs on your computer. Windows 8 comes with its own AV called Windows Defe... Read more

11 more replies
Relevance 66.01%

Im hoping that i did this correctly, but my computer was hit with some crazy virus, i looked online as to how to delete it, but i wasnt sure if it had gotten rid of the virus completely.  I have not had any other issues or pop ups from the virus since i followed the youtube videos direction of deleting it a few weeks ago.  the issue im having now is with my pictures.  the virus seemed to wipe out most of my pictures, however, i can still see the thubnail of each picture (although i dont get to see my actual photo, its the default jpeg or whatever) and whenever i click on a picture, i see that it still has a file size.  I try double clicking it to open it up in my photo viewer, and it just basically tells me the picture cant be found and that its in an incorrect format, which i never had a problem with before the virus.  so as of now, it looks like ive lost almost all my pictures. i am not very tech savy so any help is appreciated, i believe i attached the logs the correct way but i can also copy and paste them just in case? let me know. thanks for your help

Answer:Malware Removal Logs

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer. 1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.2. The fixes are specific to your problem and should only be used for this issue on this machine.3. If you don't know or understand something, please don't hesitate to ask.4. Please DO NOT run any other tools or scans while I am helping you.5. It is important that you reply to this thread. Do not start a new topic.6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.7. Absence of symptoms does not mean that everything is clear.If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line. *************************************************************************Please do not attach your logs unless absolutely necessary. Copy and paste them in your reply(ies)One or more of the iden... Read more

14 more replies
Relevance 66.01%

Hi,

Things seem to all be back to normal after doing the Malware Removal, I thought i would still attach the logs just to be on the safe side incase there's anything im missing, my PC has quietened down too buts still making random rumbles
Thankyou for taking the time to make all this Malware Removal possible :wave

Do i still need all of the programmes i have downloaded from here? as if not i shall remove them, I have AVG 8.0 which i think covers all adaware,spyware etc.

Thankyou
 

Answer:Malware Removal Logs

Is this the right log?
 

12 more replies
Relevance 66.01%

Hi,

My laptop had the "z-connect" problem and an error message regarding windows explorer on startup. I completed all the instructions in your READ & RUN ME FIRST and I have attached the logs to this (and the following) post.

The problem seems to have been solved. Thanks a million for your step by step instructions.

Just one query: I didn't have .NET installed, which lead to an error (Error Message Type 4 i.e. process DLL.exe - Application Error) while running MGTools. I continued with the process as instructed and didn't repeat it. I have now installed .NET Software. Should I run MGTools again or leave it be?

Thanks for your help.

Shilpa.
 

Answer:Logs after removal of Malware

Remaining Logs

The remaining two logs.

Shilpa.
 

4 more replies
Relevance 66.01%

Hi I noticed having a lot of uploads in the past months. So scan for malware and found your site. I followed all instructions and here are my logs:

TDSSKILLER did not find anything so I don't have any log.

Thank You for your help.
 

Answer:My Logs For Malware removal

Double-click RogueKiller.exe to run. (Vista/7 right-click and select Run as Administrator)
When it opens, press the Scan button
Now click the Registry tab and locate these detections:
[RUN][NOTFOUND] HKLM\[...]\Run : RunDLLEntry_THXCfg (C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64) -> TROUVÉ
[RUN][NOTFOUND] HKLM\[...]\Run : RunDLLEntry_EptMon (C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64) -> TROUVÉ
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\Run : UpdReg (C:\Windows\Updreg.EXE) -> TROUVÉ
[Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7} (C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl) -> TROUVÉ
[Services][ROGUE ST] HKLM\[...]\ControlSet002\Services\{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7} (C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl) -> TROUVÉ
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> TROUVÉ
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> TROUVÉ
[HJ] HKLM\[...]\System : EnableLUA (0) -> TROUVÉ
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> TROUVÉ
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> TROUVÉ
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> TROUVÉ
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> TROUVÉ
[HJ DESK] HKCU\[...]\NewStart... Read more

9 more replies
Relevance 66.01%

Each time i had malware ive just formated my pc now im sick of this and i found ur forum with a big hope for help!
I know from where this infection came if you need the adress just tell me that!

First i though that would help - that an Screen Shot that includes the virus name + hes location after full PC scan: http://img353.imageshack.us/my.php?i...3265565gi0.jpg

Second thing that i wanna say its that im not using anything except spyware doctor and Ad Aware cuz ive tried nod32 its slowing my PC to hell!
So just let you know that.

Now here Pandas log:

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-06-24 23:35:20
PROTECTIONS: 0
MALWARE: 0
SUSPECTS: 1
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
;===================================================================================================================================================================================
MALWARE
Id D... Read more

Answer:Malware removal help - with logs

Hi Ramije,

Sorry for the delay in looking into your log, as we are extremely busy in this section of the forums. If you still require assistance and are not seeking help elsewhere, then please carry out my instructions.

Please subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Add Subscription.

--------------------------------------------------------------

Please download HijackThis. This program will help us determine if there are any spyware/malware on your computer. Double-click on the file you just downloaded. Click on the "Install" button.
--------------------------------------------------------------

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
Please attach extra.txt to your post.
To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from ... Read more

3 more replies
Relevance 66.01%

The problem on my computer is the ads on the websites show women in underwear. It probably started a few weeks ago when my son and his friend were on my computer.

I also just got a message saying I needed to update java. Should I go ahead and do this now?

I know my windows update isn't up to date because I have not been able to update them. I can click some individual updates and the pc runs fine. Othertimes I update windows and startup will lock up which then turns into a vicious cycle that never gets completed. I may need to get help with this step from a computer store.

I really appreciate the help.
 

Answer:Malware Removal - Here are my logs

I strongly advise you to cleanup your Desktop. Remove eveything but links to run programs. Do not download and save programs here and defintely do not use it for long term storage. A cluttered Desktop is malware's playground and it can also cause performance degradation especially when you start saving large files here like you are doing. And you are even saving multiple versions of the same programs here. You need to stop downloading to the Desktop!!!!!!



Uninstall the below programs. If you do not find any of them or they will not uninstall, just keep going on.
BrowserProtect
Homepage Protection
SafeSaver 1.74
soafuE sauve

Please download OTM by Old Timer and save it to your Desktop.

Run OTM.exe by double clicking on it (Note: if using Vista, Win7 or Win8, don't double click, use right click and select Run As Administrator).
Copy the lines from the below codebox to the clipboard by highlighting ALL of them and pressing CTRL + C
(or, after highlighting, right-click and choose Copy): Do not include the word Code: which is just a title line of
the code box

Code:

:Processes
explorer.exe

:Services
BrowserProtect

:Files
C:\Users\Dogcat\Desktop\ComboFix.exe
C:\Program Files (x86)\Common Files\Homepage Protection
C:\ProgramData\soafuE sauve
C:\ProgramData\BrowserProtect\2.6.1040.25\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
C:\ProgramData\Babylon
C:\ProgramData\BrowserProtect
C:\Users\Dogcat\AppData\Roaming\Microsoft\Windows\Start Menu\... Read more

7 more replies
Relevance 66.01%

Hello... This is my brothers machine, so im not exactly sure how it got infected. I had some blue screen issues when running SAS, but other than that I believe the removal prossess went fairly smoothly. Below are the attached logs as per request. Thanks in advance for you help.
 

Answer:Malware Removal Logs

(logs cont.)
 

2 more replies
Relevance 66.01%

 dds.zip   7.8KB
  3 downloads
 attach.zip   7.8KB
  1 downloads

Answer:Malware Removal Logs

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator&#... Read more

3 more replies
Relevance 66.01%

my lap top is brand new and i know i have a virus or Malware because it has slowed down consistently and also the command prompt always pops up with gombzo updating or something along those line i have tired to delete the software that i believe was malware or a virus and it just keeps poping up so now im working on malware removal and need these log reviewed if i understand correctly
 

Answer:Malware removal Logs Please Help!

Re run Hitman Pro and have it remove all that it finds.



Fix items using RogueKiller.

Double-click RogueKiller.exe to run. (Vista/7/8 right-click and select Run as Administrator)
When it opens, press the Scan button
Now click the Registry tab and locate these detections:


[Suspicious.Path] Rocket Updater.job -- C:\Users\equil\AppData\Roaming\ROCKET~1\UPDATE~1\UPDATE~1.EXE (/Check) -> FOUND
[Suspicious.Path] \\EnergoTech Update -- C:\ProgramData\EnergoTech\update.exe -> FOUND
[Suspicious.Path] \\Rocket Updater -- C:\Users\equil\AppData\Roaming\ROCKET~1\UPDATE~1\UPDATE~1.EXE (/Check) -> FOUND
Place a checkmark next to each of these items, leave the others unchecked.
Now press the Delete button.
When it is finished, there will be a log on your desktop called: RKreport[2].txt
Attach RKreport[2].txt to your next message. (How to attach)
Reboot the machine.


Download and run OTM.

Download OTM by Old Timer and save it to your Desktop.


Right-click OTM.exe And select " Run as administrator " to run it.
Paste the following code under the area. Do not include the word Code.


Code:

:Files
C:\Users\equil\AppData\Local\nsx306D.tmp
C:\Users\equil\AppData\Local\proxy.log
C:\ProgramData\3002.abs
C:\ProgramData\3002.xml
C:\Users\equil\AppData\Roaming\ROCKET~1
C:\ProgramData\EnergoTech

:Commands
[emptytemp]
[Reboot]

Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and ... Read more

5 more replies
Relevance 66.01%

Hi these are my malware removal logs. Please Help.

This is the order the logs are in. Thankyou

RougeKiller

Malwarebytes

TDSS Killer

Hitman Pro

MG Tools
 

Answer:My Malware Removal Logs Please Help

What issues are you having, as I am not finding any malware in your logs.
 

6 more replies
Relevance 66.01%

here are the logs for the malware removal, not sure if it has found anything still having problems with paltalk, so please any help would be nice, i was told to do this before anybody would help me to find out why paltalk. won't let me click on link and things!
 

Answer:logs for malware removal

arnie4 said:





here are the logs for the malware removal, not sure if it has found anything still having problems with paltalk, so please any help would be nice, i was told to do this before anybody would help me to find out why paltalk. won't let me click on link and things!Click to expand...

here is the last log to post!!
 

10 more replies
Relevance 66.01%

Hi. Have run through all the recommended processes for malware detection and removal as per your READ & RUN ME FIRST. Am hoping to attach the logs and get some feedback on what problem I may have, if any. Have run them on my PC and Laptop, both with differnt operating systems (XP and Win 7 Pro resp).

The attachments to this email are off the laptop. None of the searches on either machine turned up anything overtly scary (not that I'd know any different!) but maybe the logs will turn up something. I did find the program Snadboy Revelation 2 when doing a manual search through programs, which alerted me to maybe something being astray. I removed it before doing the malware probing. Any help much appreciated anyway. :wave
 

Answer:Malware removal logs

I seperated the other logs you posted for the other machine into a thread of it's own. Far too confusing to merge the two combined.

What brought you to us in the first place? Just a routine check? The logs look great, not seeing any malware. Are you having any problems relating to malware?
 

5 more replies
Relevance 66.01%

Hello,
Here are all the logs from the scans I did, I couldn't find one for malwarebytes. there is no 'log' folder created in the malwarebytes folder under program files. When I ran it, nothing was found - most likely because my husband had run it already without keeping a log? Not sure.

Anyway, any help would be appreciated, computer seems to be working great for the time being.

Thank you,
Naomi
 

Answer:Malware Removal Logs Win 7

Those logs are clean.

If you are not having any other malware problems, it is time to do our final steps:
We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
"%userprofile%\Desktop\combofix" /uninstall
Notes: The space between the combofix" and the /uninstall, it must be there.
This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
Go back to step 6 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
Go to add/remove programs and uninstall HijackThis.
Goto the C:\MGtools folder and find the MGclean.bat file. Double click on th... Read more

1 more replies
Relevance 66.01%

I have malware ads on my computer. I've attached the logs.
What do I do now?

Thanks a lot for the help!
KBI
 

Answer:Malware Removal - logs

Re run Hitman and have it delete all of the Potential Unwanted Programs.



Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Attach JRT.txt to your next message.


Delete this:
C:\ProgramData\BitGuard



Re run RogueKiller, just a scan and attach the log.


Now run the C:\MGtools\GetLogs.bat file by double clicking on it. (Right click and run as admin if using Vista, Windows7 or Win8) Then attach the new C:\MGlogs.zip file that will be created by running this.

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!
 

49 more replies
Relevance 66.01%

It appears that my computer has been hijacked by coupon mountain and maybe a few others. The following it the DDS.txt log and attached is the attached.txt zip file.Thanks!Mark--------------------------DDS (Ver_09-02-01.01) - NTFSx86 Run by DellUser at 12:53:51.45 on Mon 03/09/2009Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.651 [GMT -4:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Nexon\Mabinogi\npkcmsvc.exeC:\WINDOWS\system32\nvsvc32.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\PROGRA~1\AVG\AVG8\avgemc.exeC:\Program Files\AVG\AVG8\avgcsrvx.exeC:\PROGRA~1\AVG\AVG8\avgnsx.exeC:\WINDOWS\Explorer.EXEC... Read more

Answer:Malware removal / DDS logs etc

Hello mmauerman,Please download Malwarebytes' Anti-Malware from Here or Here Double Click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Full Scan", then click Scan. The scan may take some time to finish, so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy and Paste the entire Malwarebytes' Anti-Malware report in your next reply along with a fresh HijackThis log. Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediatly. If you encounter this message:"c:\program files\malwarebytes' Anti-Malware\mbamext.dll Unable to register the dll/ocx: RegSvr32 failed with exit code 0x5" Click on ignore mbamext.dll

2 more replies
Relevance 66.01%

I'm posting the logs I have from following your Windows XP malware removal/cleaning procedure.

Everything seems good except Privatefirewall keeps asking me to block/accept this: user_feed_synchronization-{8f514c19-b8ef-4685-8bcb-0725ecb0b51d}.job. Is this a problem?
 

Answer:Malware removal logs

Welcome to Major Geeks!

You need to attach the C:\MGlogs.zip file from MGtools as requested.






jbuchs said:





user_feed_synchronization-{8f514c19-b8ef-4685-8bcb-0725ecb0b51d}.job. Is this a problem?Click to expand...

No!
 

1 more replies
Relevance 66.01%

Hi,
I have a problem where I cannot run any virus or malware removal tools. I have tried them in safe mode and I have tried renaming them. I am able to load them and update them and I can start them momentarily. Then they stop and I can not restart them. I get an error that they are not available or that I do not have permission. I have tried to run online scans and they also fail to load. I also have a problem with iexplorer and firefox being hijacked and loading various web sites I am not intending on going to. Not bad sites just not the ones I am trying to get to. Let me know what you want me to try. I work on computers daily and have not run into anything like this. Thanks in advance for you help.
 

Answer:Cannot load any virus or malware removal tools

I am able to run MGtools.exe and I have attached the log.
 

29 more replies
Relevance 66.01%

Hello

I've followed all instructions in "Read & Run Me First". I have the following results downloading and attempting to run the suggested tools for Windows XP operating system:

SUPERAntiSpyware: downloaded but unable to run. No log created. While attempting to run, received the following message: Windows cannot access the specified device, path or files. You many not have appropriate permission to access item. (note - I am setup as administrator).

Malwarebytes Anti-Malware: downloaded bu unable to run. No log created. While attempting to run, received the following message: Windows cannot access the specified device, path or files. You many not have appropriate permission to access item. (note - I am setup as administrator).

combofix.exe: downloaded and ran, but did not complete. No log created. When attempting to run, I got a far as the blue screen C:\ ComboFix is preparing to run. I sat in that condition for 2.5 hours. I finally closed out.

RootRepeal: downloaded and ran. It was basically a flash on the screen. Log generated but empty. See attached.

MGTools: downloaded and ran. Log attached.

My problem started 1 week ago when my Antivirus Program (F-Secure) stopped auto-updating the Antivirus and Malware components. I uninstalled and attempted to re-install (per F-secure's support) and was unable to install completely. I suspect the virus is preventing the install. I am currently do NOT have any Antiv... Read more

Answer:Virus Unable to Run Malware Removal Tools

Java(TM) 6 Update 26 <--- uninstall outdated Java.



Download and run Win32kDiag per the below instructions:

Download this Win32kDiag and save to C:\Win32kDiag.exe. You must save it here!!!!
Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please attach this log
C:\win32kdiag.exe -f -r




Now we need to scan the system with this special tool.

Please download Junction.zip and save it to your root folder (C:\Junction.zip)
Unzip it and put junction.exe in the root folder (C:\junction.exe)
Now click Start => Run... => Copy and paste the following command in the run box and click OK:
cmd /c junction -s c:\ >C:\log.txt

A command prompt window opens and also a license agreement from SysInternals will appear.
Accept the license agreement and the scan will begin.
Wait until a log file opens. Attach this C:\log.txt when it finishes (the command prompt window will close when it finishes). (How to attach items to your post)
NOTE: It scans your whole hard disk so if can take a long time. Be patient and don't do anything else while it is scanning.



Download and run OTM.

Download OTM by Old Timer and save it to your Desktop.


Right-click OTM.exe And select " Run as administrator " to run it.
Paste the following code under the area. Do not include the word Code.

... Read more

8 more replies
Relevance 65.6%

This Sunday, I got hit on my desktop with something virusy, at first I thought it was just a ransomeware, but when I went to search up how to get rid of it, it became apparent that I'd been hit with a browser redirecter too. I ran Spybot and rkill then MBAM in Safe Mode and caught a dozen reds, all relating to the ransomware. I found 4 or 5 associated associated registries and removed them. Reboot, the ransomware's gone, no problems on startup anymore, but when I go onto firefox or IE, I'm still getting redirected and really horrid browsing speed, and this is after fixing the proxy server setting the ransomware put on. I tried safe mode, rkill, scan again to no effect. So I came here, on my antiquated Mac laptop (it's the only thing that I can browse with), read the instructions, removed Daemontools Lite and Bittorrent on the desktop, then DLed the first two DDS links and the former GMER link. Copied them to the desktop via the USB, and tried to run. Tried to run them normally and via Run... DDS.com and GMER.com, nothing happened, a blank DOS style command line window just showed up momentarily then disappeared. When I try to run DDS.scr it says that dds.scr "is not a valid Win32 Application. My poor afflicted desktop is running on Windows XP SP3. Sorry that I don't have any logs to post, it goes without saying that I would if I could. Thanks in advance for your help.
-Dave

Answer:Browser Redirect Malware (cannot run First Steps tools)

Hello Dave,

Have you tried to run either of them from Safe Mode? If they still won't run, see if these will for you..

Download rsit.exe and save it to your desktop.Double click on RSIT.exe to run it.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
If you do not see the info.txt you can find it in the C:\rsit folder. Please attach that .txt

============================

Delete your existing gmer.exe and download it again from here.

Try again to run the scan as outlined in our pre-posting topic:
An initial scan will automatically begin.
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

In the right panel, you will see several boxes that have been checked. Uncheck the following ...
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)

Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.

Save it where you can easily find it, such as your desktop


**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Please attach the ark.txt in your next reply

14 more replies
Relevance 65.19%

Hello Thank you in advance for your help!Here is my situation...Other than the known Google redirect problem (google results aren't what they seem to be) that I've been experiencing in the past few days, I also seem to have a problem with loading google products/services such as Gmail, google maps, google reader, iGoogle, and google translate in Firefox. I don't know if the Google redirect virus is somehow related to this problem. These Google services I've mentioned simply won't load for me. In Gmail, the login screen appears fine but when I enter my username and password, it takes me to the "Loading [email protected]" and just tries to load it for a very long time until finally it says that I have a network problem. Also, I noticed that when I click the "Sign In" button on the Gmail login screen, the status bar on the bottom says: "Transferring data from secariadna.com..." which looks very suspicious to me (I can provide a screenshot of this if requested). The other services (maps, reader, translate) just won't load. For example, when I open a new tab and click on my google maps bookmark (for example) the window remains white and it keeps displaying: "Transferring data from maps.google.com" in the status bar. Sometimes after a long time of loading, the map would eventually manage to load. I also have to note that picasaweb loads without a problem in FF, although it also displays "Transferring dat... Read more

Answer:Google redirect virus + possible additional malware that prevents from Google services to load

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEmsconfigsafebootminimalactivexdrivers32netsvcs%SYSTEMDRIVE%\*.exe/md5st... Read more

19 more replies
Relevance 65.19%

Can anyone help?

Done all the malware removal, but no progress.
The problem is intermittent seizing of the computer, for just a few seconds, perhaps every 30 seconds. This started in the last week. I did a system restore but this did not fix the problem.

Help please!
 

Answer:Malware removal - logs attached

Here are the logs, can anyone help?

Intermittent stalling, about 1-2 secs every 30 secs to 1 minute

Help please!
 

2 more replies
Relevance 65.19%

I did all of the scans and ran all the programs and the guide said to upload the logs. I'm just making sure that everything is alright.
 

Answer:Help with logs from Malware removal guide

and heres the last one...
 

4 more replies
Relevance 65.19%

I followed the steps in the "Read here before..." thread and here are my logs:=========================================================HijackThis=========================================================Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:03:36 PM, on 5/30/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\crypserv.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\WINDOWS\system32\HPZipm12.exeC:\WINDOWS\system32\RioMSC.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\WINDOWS\system32\ZuneBusEnum.exeC:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\DSentry.exeC:\Program Files\USBToolbox\Res.EXEC:\Program Files\Zune\ZuneLauncher.exeC:\Program Files\ATI Technologies\ATI.ACE\cli.exeC:\Program Files\Windows... Read more

Answer:Tommypauly-Malware Removal-(Logs)

Open HijackThis and select Do a system scan only.Place a check mark next to the following entries: (if there) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sb/*http://www.yahoo.com/search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*http://www.yahoo.com O16 - DPF: {1C955F3B-5B32-4393-A05D-24B4970CD2A1} - http://streamp.babenet.com/cabs/videox.cab .Important: Close all windows except for HijackThis and then click Fix checked.Exit HijackThis. ----------You have Viewpoint installed.Viewpoint Media Player/Manager/Toolbar is considered as Foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".More information: ViewMgr.exe - UselessViewpoint to Plunge Into Adware.It is suggested to remove the program now.Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present. Viewpoint Viewpoint Manager Viewpoint Media Player Viewpoint Toolbar Viewpoint Experience Technology.----------Malwarebytes and SUPERAntispyware are way out of date on the version numbers.Open Malwarebytes' Anti-Malware.Click the Update tab.Click Check for UpdatesIf an update is found, it will download and install.Click the Scanner tab.Select "Perform Quick Scan", then click Scan.The scan may take some time to ... Read more

1 more replies
Relevance 65.19%

Hi, Guys. I started having a problem with my laptop computer about 3 weeks ago. I was not doing anything in particular and don't recall downloading anything other than an Adobe file occasionally. I suddenly had a small window popping up. It was constantly blinking. The IE page behind it was blinking also. Across the top I was able to see something like the words Windows Program Developer Tools. I think the name of the IE page preceded those words. In the body of the page were some tabs across the page, such as HTML. I constantly tried closing it to no avail. I couldn't close or minimize any page without clicking for several minutes. I couldn't open any links by clicking. I had to right click and open everything as a new page. I tried rebooting. shutting down completely. I checked all the connections. Everytime I logged onto IE, the page would pop up. I googled the name and learned it is a legitimate program in Windows. Finally, after a few days, I minimized it, and it stayed minimized. When I closed IE, it disappeared and I haven't seen it since. However, the webpages on IE still constantly blink, and I have all the other problems as well.

In the meantime, I have OpenOffice Word Processor, and that is not working properly. In my email and in my word processor, I can't drag my mouse over a selection of words to copy them. If I can select them at all, I have to start at one point, hold the shift key and go to the end point and place the curser there... Read more

Answer:Malware Removal Done, Logs Attached

I am not finding much in the way of malware in your logs. However, you have too many AV programs installed:
You had AVG and still have:
COMODO Internet Security
Norton Internet Security 2006 (Symantec Corporation)

Use windows explorer to find and delete:
C:\Documents and Settings\Elaine\Templates\kqxjax25212syk721811b172n8n71yg66c

Tell me what issues are remaining after removing all but one AV program.
 

13 more replies
Relevance 65.19%

Please can someone look at my logs, not sure if I got rid of all virus. I've run through the malware removal steps and here are my logs for superanti spyware/malwarebytes anti-malware/HJTSUPERAntiSpyware Scan Loghttp://www.superantispyware.comGenerated 12/07/2008 at 07:04 PMApplication Version : 4.21.1004Core Rules Database Version : 3665Trace Rules Database Version: 1645Scan type       : Complete ScanTotal Scan Time : 00:39:02Memory items scanned      : 313Memory threats detected   : 0Registry items scanned    : 5797Registry threats detected : 7File items scanned        : 22934File threats detected     : 12Adware.Tracking Cookie   C:\Documents and Settings\Matt & Ariana\Cookies\matt_&[email protected][1].txt   C:\Documents and Settings\Matt & Ariana\Cookies\matt_&[email protected][1].txt   C:\Documents and Settings\Matt & Ariana\Cookies\matt_&[email protected][2].txt   C:\Documents and Settings\Matt & Ariana\Cookies\matt_&[email protected][2].txt   C:\Documents and Settings\Matt & Ariana\Cookies\matt_&[email protected][2].txt   C:\Documents and Settings\Matt & Ariana\Cookies\matt_&[email protected][2].txt   C:\Documents and Settings\Matt & Ariana\Cookies\matt_&[email protected][1].txt ... Read more

Answer:Logs for following malware removal steps

Download ComboFix? by sUBs from one of the below links. Be sure top save it to the Desktop.Link #1Link #2**Note:  It is important that it is saved directly to your DesktopClose any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them. Double click combofix.exe & follow the prompts.For Windows XP Systems install the Recovery Console:- If you are using Windows XP and do not already have the Recovery Console installed, please ensure your Internet connection is active (if possible) and click Yes.- If for some reason your Internet is not working click No.- If you are not using Windows XP, you will not be prompted.- When prompted to accept the EULA click OK.- Accept Microsoft's EULA (Click Yes).- When you are told that the RC is installed correctly click YES to continue scanning for malware.When finished ComboFix will produce a log for you.Post the ComboFix log and a new HijackThis log in your next reply.Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

1 more replies
Relevance 65.19%

I went to a Volvo forum site yesterday and ignored a Mcafee warning. thought is was a false positive. I was infected with a program that was telling me my hard disk was failing with multiple pop up screens indicating read write errors and offering to sell me a fix for $85.

Programs did not show up in the start menu with the exception of IE. It ran very slow. Downloaded spybot and ran it a couple of times. I also ended up doing a system restore. IE continued to run poorly. Noticed that google searches were being redirected to other sites than the ones I chose.

I found your site and went through the instructions for Wndows 7. The only thing that I screwed up on was having Rogue Killer fix the problems found. I included the 1st log it generated and the 2nd one showing the fixed registry entries. Other than that, TDSS Killer would not run even after running TDSS fix. Other logs are attached.

Appreciate any help you can provide. Let me know if you have any questions or require additional info.

Many thanks,

John Montgomery
 

Answer:Need some help with Malware removal-logs are attavched

Your MGLogs were incomplete. Please run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator). Wait for it to tell you it is finished. Then attach the new C:\MGLogs.zip.
 

3 more replies
Relevance 65.19%

2 days ago my husband was on Amazon.com completing his check out of a purchase when he had a pop up dialog message indicating that there was a problem detected with his hard drive it had critical errors. If you clicked the OK button to remove the dialog it would just came back. After multiple pop ups another dialog appeared "Microsoft Repair Scan" my husband clicked the button to start scanning PC, and everything went downhill from there.

The icons on his desktop are light in color like they are hidden files, the start menu recent files icons are not associated with there application folders any longer, the all programs list is empty. Many features were disabled like the task manager, Norton anti virus, control panel and I was unable to run programs like TDSSK.exe. The programs I was able to run were Registry Mechanic, Registry Booster and Trojan remover. All programs had to be executed from there application folder C:\Program Files\filefolder\filename.exe. I was unable to run them from a command prompt, error message could not find the files. The only files I have in my All Programs now are files I had just recently installed on the PC. It feels like I have 2 explorers. I did notice when I was finally able to run Task Manager that there are 2 iexplorers loaded "even on start up without accessing IE". One runs around 20,244k memory usage staying pretty consistent with the number while the other is running at around 51,000k memory usage and constantl... Read more

Answer:Submitting Malware Removal Logs

Now download The Avenger by Swandog469, and save it to your Desktop.

* Extract+ avenger.exe from the Zip file and save it to your desktop

Please download and save the below to your Desktop or anywhere else you can find it ( if the Desktop is not showing )

http://download.bleepingcomputer.com/grinler/unhide.exe

Now run it. Now see if you can find your Programs and how are the icons on the Desktop looking?

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:




O4 - HKCU\..\Run: [UU9G4E9I4A9I4UXAKOTC] C:\pagess.sys\pagess.sys.exeClick to expand...

After clicking Fix, exit HJT.

Now copy just the bold text below to notepad (Do not include any space above the word REGEDIT). Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.




REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"UU9G4E9I4A9I4UXAKOTC"=-

Click to expand...

Make sure that you tell me if you receive a success message abo... Read more

5 more replies
Relevance 65.19%

I followed the instructions step by step, outlined in the "Malware Removal Guide". However I was not able to run the panda scan (in normal or safe modes)....

If someone could look over my logs I would be greatly appreciated :major ....Thanks!!


WB,
 

Answer:Malware removal..... Check my logs please....

More Logs....
 

5 more replies
Relevance 65.19%

Hi, I just ran through the steps in this guide http://forums.majorgeeks.com/showthread.php?t=35407

I need someone to view my logs. I'll post newfiles.txt, and my HJT log in my next post. Thanks.

BTW - I had some problems with Spybot. I am already familar with the program but I couldn't figure out how to run "SD Helper function," so I just did a normal scan (in safe mode) and then hit "Immunze."
 

Answer:Malware Removal - Someone to View Logs?

Here are my other attachments...
 

7 more replies
Relevance 65.19%

Ended up with record checker (I assume this is the culprit) on laptop, since then annoying pop ups, webpages etc, attached logs, TDSSkiller no threats found.
 

Answer:Followed the malware removal, logs posted

Could you attach the MGLogs.zip, too please?
 

5 more replies
Relevance 65.19%

I ran the 5 scans on my PC.

I have attached the logs.

I am having problems attaching the malwarebytes log. my results did not show any threats in the log but i still need to upload it but just cant.

Please direct me after this.

Thanks.
 

Answer:Malware Removal Snan Logs

Double-click RogueKiller.exe to run. (Vista/7 right-click and select Run as Administrator)
When it opens, press the Scan button
Now click the Registry tab and locate these detections:

[RUN][ROGUE ST] HKCU\[...]\Run : 39083 (C:\Documents and Settings\Nicolette Wilson\Application Data\2f1e2\39083.js) -> FOUND
[RUN][ROGUE ST] HKUS\S-1-5-21-854245398-651377827-1644491937-1003\[...]\Run : 39083 (C:\Documents and Settings\Nicolette Wilson\Application Data\2f1e2\39083.js) -> FOUND

Place a checkmark each of these items, leave the others unchecked.
Now press the Delete button.
When it is finished, there will be a log on your desktop called: RKreport[2].txt
Attach RKreport[2].txt to your next message. (How to attach)
Do not reboot your computer yet.

Please download Junkware Removal Tool to your desktop.
Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Attach JRT.txt to your next message.
Now reboot and rescan with RogueKiller and attach that new log as well.

Be sure to tell me how things are running now.
 

4 more replies