Computer Support Forum

Malware Removal Request Form Per Instructed

Question: Malware Removal Request Form Per Instructed

Help still needed very badly,After finally eliminating AV Security Suite I still have problems with the computer Freezing, Hanging when opening normal programs, Extreme Scrolling problems, Removing programs, Getting online and a lot of other headaches that didn't exist before. I have enclosed both DDS Logs and the GMER or ark.txt as it was instructed. I couldn't get my WinZip program to rezip the file for posting, it froze. I hope they are the correct log files. I also really hope they will allow someone to help me get my computer working again. Thanks to all again. Sincerely,TQUADDDS (Ver_09-02-01.01) - NTFSx86 Run by TOM at 16:13:50.85 on Sat 02/21/2009Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_03Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.218 [GMT -6:00]AV: CA Anti-Virus *On-access scanning enabled* (Updated)============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Seagate\Schedule2\schedul2.exeC:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exeC:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exeC:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Java\jre1.6.0_03\bin\jusched.exeC:\WINDOWS\system32\RunDll32.exeC:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exeC:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Logitech\SetPoint\SetPoint.exeC:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exeC:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exeC:\Program Files\NETGEAR\WPNT121\WPNT121.exeC:\Program Files\CA\CA Internet Security Suite\ccprovsp.exeC:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXEC:\Program Files\Mozilla Firefox\firefox.exeC:\My Documents\Compsound3\dds(4).scr============== Pseudo HJT Report ===============uStart Page = hxxp://www.google.com/BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dllBHO: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dllBHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dllTB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dlluRun: [ctfmon.exe] c:\windows\system32\ctfmon.exeuRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /backgroundmRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartupmRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_03\bin\jusched.exe"mRun: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWndmRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXEmRun: [cctray] "c:\program files\ca\ca internet security suite\cctray\cctray.exe"mRun: [CAVRID] "c:\program files\ca\ca internet security suite\ca anti-virus\CAVRID.exe"StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exeStartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wpnt121\WPNT121.exeIE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.htmlIE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.htmlIE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.htmlIE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.htmlIE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.htmlIE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.htmlIE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.htmlIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLLLSP: c:\windows\system32\VetRedir.dllDPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cabDPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CABDPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189269032250DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cabDPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1193272300734DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabTCP: {89BABCDF-1944-4C3E-B8CC-698E445BAFF3} = 207.250.248.10 207.250.248.9Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dllLSA: Authentication Packages = msv1_0 relog_ap================= FIREFOX ===================FF - ProfilePath - c:\docume~1\tom\applic~1\mozilla\firefox\profiles\[email protected]\FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/FF - plugin: c:\program files\mozilla firefox\plugins\NPSFDMGR.dll============= SERVICES / DRIVERS ===============R1 VET-FILT;VET File System Filter;c:\windows\system32\drivers\vet-filt.sys [2009-1-17 26376]R1 VET-REC;VET File System Recognizer;c:\windows\system32\drivers\vet-rec.sys [2009-1-17 21128]R1 VETEFILE;VET File Scan Engine;c:\windows\system32\drivers\vetefile.sys [2009-1-17 880560]R1 VETFDDNT;VET Floppy Boot Sector Monitor;c:\windows\system32\drivers\vetfddnt.sys [2009-1-17 21512]R1 VETMONNT;VET File Monitor;c:\windows\system32\drivers\vetmonnt.sys [2009-1-17 32264]R2 CAISafe;CAISafe;c:\program files\ca\ca internet security suite\ca anti-virus\isafe.exe [2009-1-17 144960]R2 VETMSGNT;VET Message Service;c:\program files\ca\ca internet security suite\ca anti-virus\vetmsg.exe [2009-1-17 242952]R3 PPCtlPriv;PPCtlPriv;c:\program files\ca\ca internet security suite\ca anti-spyware\PPCtlPriv.exe [2007-8-16 189704]R3 VETEBOOT;VET Boot Scan Engine;c:\windows\system32\drivers\veteboot.sys [2009-1-17 108368]S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;\??\c:\windows\system32\drivers\nsdriver.sys --> c:\windows\system32\drivers\NSDriver.sys [?]S3 Airgo3U;NETGEAR RangeMax™ 240 Wireless USB 2.0 Adapter WPNT121;c:\windows\system32\drivers\TMIMO31U.sys [2006-3-6 722432]=============== Created Last 30 ================2009-02-21 00:16 <DIR> --d----- c:\windows\CAVTemp==================== Find3M ====================2009-02-21 15:31 7,304 a------- c:\windows\TMP0001.TMP2009-02-21 15:29 3,578 a------- c:\program files\i_view32.ini2009-01-17 16:49 880,560 a------- c:\windows\system32\drivers\vetefile.sys2009-01-17 16:49 108,368 a------- c:\windows\system32\drivers\veteboot.sys2008-12-05 20:35 233,494 a------- c:\program files\i_view32.chm2008-12-05 20:35 67,852 a------- c:\program files\i_changes.txt2008-12-05 20:35 29,184 a------- c:\program files\iv_uninstall.exe2008-12-05 20:35 14,047 a------- c:\program files\i_options.txt2008-12-05 20:35 11,945 a------- c:\program files\i_plugins.txt2008-12-05 20:35 2,351 a------- c:\program files\i_about.txt2008-12-05 20:35 765 a------- c:\program files\i_languages.txt2008-12-05 20:35 470,016 a------- c:\program files\i_view32.exe2008-07-25 11:35 31,430 a---h--- c:\program files\i_view32.GID2007-10-24 16:23 206,436 a------- c:\program files\i_view32.hlp2007-10-24 16:23 5,811 a------- c:\program files\i_view32.cnt2007-10-24 16:23 661 a------- c:\program files\i_view32.exe.manifest2008-11-14 01:33 16,384 a--sh--- c:\windows\temp\cookies\index.dat2008-11-14 01:33 32,768 a--sh--- c:\windows\temp\temporary internet files\content.ie5\index.dat============= FINISH: 16:14:25.78 ===============UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH ITDDS (Ver_09-02-01.01)Microsoft Windows XP ProfessionalBoot Device: \Device\HarddiskVolume1Install Date: 9/8/2007 11:11:46 AMSystem Uptime: 2/21/2009 3:31:03 PM (1 hours ago)Motherboard: ASUSTeK Computer INC. | | A8V-VM SEProcessor: AMD Athlon™ 64 Processor 3500+ | CPU 1 | 2194/200mhz==== Disk Partitions =========================A: is RemovableC: is FIXED (NTFS) - 233 GiB total, 97.665 GiB free.D: is FIXED (NTFS) - 38 GiB total, 10.443 GiB free.E: is CDROM ()F: is CDROM ()G: is FIXED (NTFS) - 466 GiB total, 357.851 GiB free.==== Disabled Device Manager Items =============Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}Description: Realtek High Definition AudioDevice ID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0861&SUBSYS_1043C601&REV_1003\5&1C6A08EA&0&0001Manufacturer: RealtekName: Realtek High Definition AudioPNP Device ID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0861&SUBSYS_1043C601&REV_1003\5&1C6A08EA&0&0001Service: IntcAzAudAddService==== System Restore Points ===================RP464: 11/24/2008 3:06:25 AM - System CheckpointRP465: 11/25/2008 4:40:41 AM - System CheckpointRP466: 11/26/2008 5:18:11 AM - System CheckpointRP467: 11/27/2008 6:02:04 AM - System CheckpointRP468: 11/28/2008 6:15:39 AM - System CheckpointRP469: 11/29/2008 7:10:13 AM - System CheckpointRP470: 11/30/2008 7:25:23 AM - System CheckpointRP471: 12/1/2008 7:56:02 AM - System CheckpointRP472: 12/2/2008 8:49:02 AM - System CheckpointRP473: 12/3/2008 9:02:58 AM - System CheckpointRP474: 12/4/2008 9:05:06 AM - System CheckpointRP475: 12/5/2008 9:36:34 AM - System CheckpointRP476: 12/6/2008 10:01:46 AM - System CheckpointRP477: 12/7/2008 11:02:52 AM - System CheckpointRP478: 12/8/2008 11:10:31 AM - System CheckpointRP479: 12/9/2008 12:04:30 PM - System CheckpointRP480: 12/10/2008 1:01:47 PM - System CheckpointRP481: 12/11/2008 2:01:46 PM - System CheckpointRP482: 12/12/2008 3:01:45 PM - System CheckpointRP483: 12/13/2008 4:01:45 PM - System CheckpointRP484: 12/14/2008 5:01:45 PM - System CheckpointRP485: 12/15/2008 6:11:51 PM - System CheckpointRP486: 12/16/2008 6:31:20 PM - System CheckpointRP487: 12/17/2008 7:01:44 PM - System CheckpointRP488: 12/18/2008 7:52:43 PM - System CheckpointRP489: 12/19/2008 8:45:45 PM - System CheckpointRP490: 12/20/2008 10:48:53 PM - System CheckpointRP491: 12/21/2008 10:51:44 PM - System CheckpointRP492: 12/23/2008 12:35:52 AM - System CheckpointRP493: 12/24/2008 1:31:21 AM - System CheckpointRP494: 12/25/2008 2:31:22 AM - System CheckpointRP495: 12/26/2008 3:31:23 AM - System CheckpointRP496: 12/27/2008 4:31:25 AM - System CheckpointRP497: 12/28/2008 5:40:37 AM - System CheckpointRP498: 12/29/2008 6:31:23 AM - System CheckpointRP499: 12/30/2008 7:31:22 AM - System CheckpointRP500: 12/31/2008 8:31:21 AM - System CheckpointRP501: 1/1/2009 9:32:27 AM - System CheckpointRP502: 1/2/2009 10:43:21 AM - System CheckpointRP503: 1/3/2009 11:31:20 AM - System CheckpointRP504: 1/4/2009 12:43:22 PM - System CheckpointRP505: 1/5/2009 1:54:36 PM - System CheckpointRP506: 1/6/2009 1:56:45 PM - System CheckpointRP507: 1/7/2009 8:37:12 PM - Restore OperationRP508: 1/7/2009 9:11:56 PM - Restore OperationRP509: 1/7/2009 9:16:07 PM - Restore OperationRP510: 1/7/2009 9:24:49 PM - Restore OperationRP511: 1/7/2009 9:40:53 PM - Restore OperationRP512: 1/8/2009 9:44:16 PM - System CheckpointRP513: 1/9/2009 9:56:36 PM - System CheckpointRP514: 1/10/2009 11:12:39 PM - System CheckpointRP515: 1/12/2009 1:43:49 AM - System CheckpointRP516: 1/13/2009 1:56:35 AM - System CheckpointRP517: 1/14/2009 3:03:42 AM - System CheckpointRP518: 1/15/2009 3:57:36 AM - System CheckpointRP519: 1/16/2009 4:21:55 AM - System CheckpointRP520: 1/17/2009 4:58:16 AM - System CheckpointRP521: 1/17/2009 2:02:25 PM - Removed Ad-Aware 2007RP522: 1/17/2009 2:03:42 PM - Removed AVG 7.5RP523: 1/17/2009 2:05:03 PM - Installed AVG 7.5RP524: 1/17/2009 2:05:31 PM - Avira AntiVir Personal - 1/17/2009 14:05RP525: 1/18/2009 4:56:27 PM - System CheckpointRP526: 1/19/2009 5:16:53 PM - System CheckpointRP527: 1/20/2009 6:40:16 PM - System CheckpointRP528: 1/21/2009 6:56:32 PM - System CheckpointRP529: 1/22/2009 8:40:55 PM - System CheckpointRP530: 1/23/2009 9:12:21 PM - System CheckpointRP531: 1/24/2009 9:56:33 PM - System CheckpointRP532: 1/25/2009 10:01:49 PM - System CheckpointRP533: 1/26/2009 11:15:06 PM - System CheckpointRP534: 1/27/2009 11:55:28 PM - System CheckpointRP535: 1/28/2009 11:56:35 PM - System CheckpointRP536: 1/30/2009 12:53:31 AM - System CheckpointRP537: 1/31/2009 4:34:56 AM - System CheckpointRP538: 2/1/2009 4:55:30 AM - System CheckpointRP539: 2/2/2009 5:55:30 AM - System CheckpointRP540: 2/3/2009 6:55:27 AM - System CheckpointRP541: 2/4/2009 7:55:27 AM - System CheckpointRP542: 2/5/2009 8:55:27 AM - System CheckpointRP543: 2/6/2009 9:51:08 AM - System CheckpointRP544: 2/6/2009 6:14:50 PM - Restore OperationRP545: 2/7/2009 6:29:07 PM - System CheckpointRP546: 2/8/2009 6:47:27 PM - System CheckpointRP547: 2/9/2009 6:52:31 PM - System CheckpointRP548: 2/10/2009 8:21:46 PM - System CheckpointRP549: 2/11/2009 9:31:16 PM - System CheckpointRP550: 2/12/2009 9:45:55 PM - System CheckpointRP551: 2/13/2009 10:29:07 PM - System CheckpointRP552: 2/14/2009 10:45:53 PM - System CheckpointRP553: 2/15/2009 11:45:54 PM - System CheckpointRP554: 2/17/2009 1:01:11 AM - System CheckpointRP555: 2/18/2009 2:22:42 AM - System CheckpointRP556: 2/19/2009 2:58:48 AM - System CheckpointRP557: 2/20/2009 3:02:30 AM - System CheckpointRP558: 2/20/2009 2:52:27 PM - Restore OperationRP559: 2/20/2009 3:06:45 PM - Restore Operation==== Installed Programs ======================Adobe Audition 1.5Adobe Reader 8.1.1AI RoboForm (All Users)Athlon 64 Processor DriverAudacity 1.2.3Belarc Advisor 7.2CA Anti-SpamCA Anti-SpywareCA Anti-VirusCA Internet Security SuiteCCleaner (remove only)CDDRV_InstallerDiskeeper Professional Premier EditionExpress BurnHigh Definition Audio Driver Package - KB888111HijackThis 2.0.0Hotfix for Microsoft .NET Framework 3.0 (KB932471)Hotfix for Windows Media Format 11 SDK (KB929399)Hotfix for Windows Media Format SDK (KB902344)Hotfix for Windows Media Player 11 (KB939683)Hotfix for Windows XP (KB896344)Hotfix for Windows XP (KB914440)Hotfix for Windows XP (KB926239)Hotfix for Windows XP (KB935448)Hotfix for Windows XP (KB952287)IrfanView (remove only)Java™ 6 Update 3Kensington MouseWorksKhalInstallWrapperLogitech SetPointMicrosoft .NET Framework 1.1Microsoft .NET Framework 1.1 Hotfix (KB928366)Microsoft .NET Framework 2.0Microsoft .NET Framework 3.0Microsoft Base Smart Card Cryptographic Service Provider PackageMicrosoft Compression Client Pack 1.0 for Windows XPMicrosoft Kernel-Mode Driver Framework Feature Pack 1.5Microsoft Office FrontPage 2003Microsoft Office Professional Edition 2003Microsoft User-Mode Driver Framework Feature Pack 1.0Microsoft Visual C++ 2005 RedistributableMozilla Firefox (3.0.5)MSXML 4.0 SP2 (KB936181)MSXML 6.0 Parser (KB933579)NaTCH SigJenny v0.989Nero 7 Ultra EditionneroxmlNETGEAR RangeMax™ 240 Wireless USB 2.0 Adapter WPNT121NVIDIA DriversPCI SoftV92 ModemPlatformQuartz Studio EvalRealtek High Definition Audio DriverSC Audio DJ Mixer 2.4.0.0Seagate?DiscWizardSecurity Update for Microsoft .NET Framework 2.0 (KB928365)Security Update for Windows Internet Explorer 7 (KB937143)Security Update for Windows Internet Explorer 7 (KB938127)Security Update for Windows Internet Explorer 7 (KB939653)Security Update for Windows Internet Explorer 7 (KB942615)Security Update for Windows Internet Explorer 7 (KB944533)Security Update for Windows Internet Explorer 7 (KB953838)Security Update for Windows Media Player (KB911564)Security Update for Windows Media Player 11 (KB936782)Security Update for Windows Media Player 11 (KB954154)Security Update for Windows Media Player 6.4 (KB925398)Security Update for Windows Media Player 9 (KB936782)Security Update for Windows XP (KB890046)Security Update for Windows XP (KB893756)Security Update for Windows XP (KB896358)Security Update for Windows XP (KB896423)Security Update for Windows XP (KB896428)Security Update for Windows XP (KB899587)Security Update for Windows XP (KB899591)Security Update for Windows XP (KB900725)Security Update for Windows XP (KB901017)Security Update for Windows XP (KB901214)Security Update for Windows XP (KB902400)Security Update for Windows XP (KB904706)Security Update for Windows XP (KB905414)Security Update for Windows XP (KB905749)Security Update for Windows XP (KB908519)Security Update for Windows XP (KB911562)Security Update for Windows XP (KB911927)Security Update for Windows XP (KB913580)Security Update for Windows XP (KB914388)Security Update for Windows XP (KB914389)Security Update for Windows XP (KB917344)Security Update for Windows XP (KB917953)Security Update for Windows XP (KB918118)Security Update for Windows XP (KB918439)Security Update for Windows XP (KB919007)Security Update for Windows XP (KB920213)Security Update for Windows XP (KB920670)Security Update for Windows XP (KB920683)Security Update for Windows XP (KB920685)Security Update for Windows XP (KB921503)Security Update for Windows XP (KB922819)Security Update for Windows XP (KB923191)Security Update for Windows XP (KB923414)Security Update for Windows XP (KB923689)Security Update for Windows XP (KB923789)Security Update for Windows XP (KB923980)Security Update for Windows XP (KB924270)Security Update for Windows XP (KB924496)Security Update for Windows XP (KB924667)Security Update for Windows XP (KB925902)Security Update for Windows XP (KB926255)Security Update for Windows XP (KB926436)Security Update for Windows XP (KB927779)Security Update for Windows XP (KB927802)Security Update for Windows XP (KB928255)Security Update for Windows XP (KB928843)Security Update for Windows XP (KB929123)Security Update for Windows XP (KB930178)Security Update for Windows XP (KB931261)Security Update for Windows XP (KB931784)Security Update for Windows XP (KB932168)Security Update for Windows XP (KB933729)Security Update for Windows XP (KB935839)Security Update for Windows XP (KB935840)Security Update for Windows XP (KB936021)Security Update for Windows XP (KB937143)Security Update for Windows XP (KB937894)Security Update for Windows XP (KB938127)Security Update for Windows XP (KB938464)Security Update for Windows XP (KB938829)Security Update for Windows XP (KB941202)Security Update for Windows XP (KB941568)Security Update for Windows XP (KB941569)Security Update for Windows XP (KB941644)Security Update for Windows XP (KB943055)Security Update for Windows XP (KB943460)Security Update for Windows XP (KB943485)Security Update for Windows XP (KB944653)Security Update for Windows XP (KB946026)Security Update for Windows XP (KB946648)Security Update for Windows XP (KB950749)Security Update for Windows XP (KB950762)Security Update for Windows XP (KB950974)Security Update for Windows XP (KB951066)Security Update for Windows XP (KB951376-v2)Security Update for Windows XP (KB951698)Security Update for Windows XP (KB951748)Security Update for Windows XP (KB952954)Security Update for Windows XP (KB953839)SimSynth™ 2.x DEMOSIW version 1.73System Requirements LabUpdate for Windows XP (KB894391)Update for Windows XP (KB898461)Update for Windows XP (KB900485)Update for Windows XP (KB904942)Update for Windows XP (KB908531)Update for Windows XP (KB910437)Update for Windows XP (KB911280)Update for Windows XP (KB916595)Update for Windows XP (KB920342)Update for Windows XP (KB920872)Update for Windows XP (KB922582)Update for Windows XP (KB925720)Update for Windows XP (KB925876)Update for Windows XP (KB927891)Update for Windows XP (KB930916)Update for Windows XP (KB932823-v3)Update for Windows XP (KB933360)Update for Windows XP (KB938828)Update for Windows XP (KB942763)Update for Windows XP (KB951072-v2)VC 9.0 RuntimeVIA Platform Device ManagerVIA Rhine-Family Fast-Ethernet AdapterWebFldrs XPWindows Communication FoundationWindows Genuine Advantage Notifications (KB905474)Windows Genuine Advantage Validation Tool (KB892130)Windows Imaging ComponentWindows Installer 3.1 (KB893803)Windows Internet Explorer 7Windows Media Format 11 runtimeWindows Media Format SDK Hotfix - KB891122Windows Media Player 11Windows Presentation FoundationWindows Workflow FoundationWindows XP Hotfix - KB873339Windows XP Hotfix - KB885835Windows XP Hotfix - KB885836Windows XP Hotfix - KB886185Windows XP Hotfix - KB887472Windows XP Hotfix - KB888302Windows XP Hotfix - KB890859Windows XP Hotfix - KB891781WinRAR archiverWinZipXML Paper Specification Shared Components Pack 1.0Xtreme Sound PCI==== Event Viewer Messages From Past Week ========2/18/2009 4:44:56 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\windows nt\dialer.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.2180.==== End Of File ===========================GMER 1.0.15.15281 - http://www.gmer.netRootkit scan 2010-06-26 03:37:51Windows 5.1.2600 Service Pack 3Running: gmer.exe; Driver: C:\DOCUME~1\TOM\LOCALS~1\Temp\awpirkod.sys---- System - GMER 1.0.15 ----SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xF412BC7A]SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwConnectPort [0xF43B1FC0]SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateFile [0xF43AEC80]SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xF412BB36]SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreatePort [0xF43B2580]SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcess [0xF43C6900]SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0xF43C6B10]SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateSection [0xF43CAB10]SSDT F8C7B11C ZwCreateThreadSSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xF43B2670]SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xF43AF210]SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteKey [0xF412C0EA]SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xF412C014]SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0xF43C6280]SSDT F8C7B13A ZwLoadKeySSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xF43C9F90]SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenFile [0xF43AF070]SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xF412BC10]SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenProcess [0xF43C8180]SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenThread [0xF43C7F40]SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xF412BD30]SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRenameKey [0xF412C1B8]SSDT F8C7B144 ZwReplaceKeySSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xF43B1BE0]SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xF412BCF0]SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0xF43B2190]SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xF43AF440]SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xF412BE70]SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0xF43C7200]SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0xF43C7080]Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xF4138A24]Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObjectCode \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject---- Kernel code sections - GMER 1.0.15 ----.text ntkrnlpa.exe!ZwCallbackReturn + 2424 80501C5C 12 Bytes [80, 25, 3B, F4, 00, 69, 3C, ...] {AND BYTE [0x6900f43b], 0x3c; HLT ; ADC [EBX+0x3c], CH; HLT }PAGE ntkrnlpa.exe!ZwLoadDriver 805795FA 7 Bytes JMP F4138A28 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805B1CE0 5 Bytes JMP F4134536 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)PAGE ntkrnlpa.exe!ObInsertObject 805B8B58 5 Bytes JMP F4135EC2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)? srescan.sys The system cannot find the file specified. !.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF753E380, 0x2FF527, 0xE8000020]---- User code sections - GMER 1.0.15 ----.text C:\Program Files\Mozilla Firefox\firefox.exe[4076] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)---- Devices - GMER 1.0.15 ----Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)AttachedDevice \Driver\Tcpip \Device\Tcp aswRdr.SYS (avast! TDI RDR Driver/ALWIL Software)AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis)AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 snapman.sys (Acronis Snapshot API/Acronis)Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)AttachedDevice \Driver\Tcpip \Device\Udp aswRdr.SYS (avast! TDI RDR Driver/ALWIL Software)Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)AttachedDevice \Driver\Tcpip \Device\RawIp aswRdr.SYS (avast! TDI RDR Driver/ALWIL Software)AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)---- EOF - GMER 1.0.15 ----EDIT: Moved from XP to Malware Removal Logs forum ~ Hamluis.

Relevance 100%
Preferred Solution: Malware Removal Request Form Per Instructed

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Malware Removal Request Form Per Instructed

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HEREWe also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:Why we request you disable CD Emulation when receiving Malware Removal AdviceThen create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:How to create a GMER logCasey

2 more replies
Relevance 84.05%

I followed the instructions to the letter. I have attached the logs.CheersJAH[attachment deleted by admin]

More replies
Relevance 72.98%

Am still using Access 2000. Have a form that (among many other fields) contains fields for Lastname, Firstname, Middle and Sufx. I want it to sort that way when opened. In the Properties, I have the "Order by" set exactly that way (with commas separating each of the fields). It ignores the sort order, and instead, orders the records by ID, which is the primary key. I have tried sorting the table that is the data source (not a query) by those fields, but it does not good; form still orders by the primary key.

Have designed many databases, and none of the others ignore the "Order by". What am I missing?
 

Answer:Solved: Form refuses to sort as instructed

Don, I can't help you much with this one as I never use the Form's "sort by", but I would break down the problem.
Check the Record Source.
If it is OK try sorting on one field, if that works add another one and so on.
I have always used a Query for the Record Source and do the sorting in the Query.
 

2 more replies
Relevance 68.47%

I don't know what type of virus it is and the first time I tried to do the gmer scan it aborted. Computer is Compaq nc6000 laptop running windows xp professional. Here are all the logs that I got following the Prepartion Guide For Malware Removal. I tried to run on online scan through microsoft.com but it would not let me run it.DDS (Ver_10-03-17.01) - NTFSx86 Run by debbie at 15:17:01.78 on Mon 01/07/1980Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.186 [GMT -8:00]AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\IFXTCS.exesvchost.exesvchost.exeC:\Program Files\Alwil Software\Avast5\AvastSvc.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\AGRSMMSG.exeC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\PROGRA~1\ALWILS~1\Avast5\avastUI.exeC:\PROGRA~1\Ahead\Ahead\data\xtras\mssysmgr.exeC:\WINDOWS\system32\ctfmon.exeC:�... Read more

Answer:Malware Removal Request

Hello, Don't knowWelcome to the Bleeping Computer Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.If you do not make a reply in 5 days, we will have to close your topic.You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.Please take note of some guidelines for this fix:Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.Please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if th... Read more

17 more replies
Relevance 68.47%

hi there! just another case of malware i'm afraid.

have followed thrpugh the first 7 steps of your read me first
and gladly attach the logs for your expert eye in this and the following post.
the scans mention trojans and other scary names...

like another user in this forum i keep getting system alerts which link up to firefox and eventually a spyware site for removal.

can you advise?
greetings, elisabetta
 

Answer:malware removal... request help

and the remaining logs...

cheers, eli
 

8 more replies
Relevance 68.47%

Hello,

I've done under Win 7 (SP1) malfunction since a couple of weeks.
basic symptoms are high hard disk usage, (there's almost no memory swaps) and momentary freezes (3 to 10 seconds) in all the applications.

I'm attaching logs of every application indicated.

The equipment data is:

HP Pavilion dv6 Laptop
Windows 7 64 bit - SP1 Home Premium
6 Gb Ram
AMD Phenom II N640 Dual Core processor 2.9 Ghz

Thanks in advance for your help

regards
 

Answer:malware removal help request

Not seeing any malware at all. You can post in the software forum if you wish.

If you are not having any other malware problems, it is time to do our final steps:
We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
Press and hold the Windows key and then press the letter R on your keyboard. This opens the Run dialog box.
Copy and paste the below into the Run box and then click OK. Note the quotes are required
"%userprofile%\Desktop\combofix" /uninstall
Notes: The space between the combofix" and the /uninstall, it must be there.
This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
Go back to step 4 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
If running Vista or Win 7, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
Goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and... Read more

3 more replies
Relevance 68.47%

I have followed the steps outlined in the preparation guide, that is up to the point of running gmer.exe. When I run gmer.exe as specified in the setup guide - it starts the scan process and then windows blue screen a few minutes into the process. I have attached the two previous log files and am looking for some professional advice. The initial message from the GMER.exe process indicates a rootkit infection.DDS (Ver_10-03-17.01) - NTFSx86 Run by Administrator at 0:12:51.92 on Sat 08/28/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3046.1933 [GMT -5:00]============== Running Processes ===============C:\WINDOWS\system32\ibmpmsvc.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exeC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\system32\svchost.exe -k netsvcssvchost.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\system32\spoolsv.exeC:\Canon\Accessor\Accessor.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exeC:\Program Files\Bonjour\mDNSR... Read more

Answer:Malware removal request

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

3 more replies
Relevance 68.47%

My wife clicked on an email link a while ago that has royally screwed us up. It seems randomly, yet frequently, Google searches are redirected to a variety of sites such as wuddy.com and others that I can't recall at the moment. Any time I hibernate or Shut Down causes a "Force program shut down" and then a "Windows did not shut down properly last time..." prompt on start up. I've checked the programs/processes that are running and cannot find anything out of the ordinary so I am presuming there is a relationship to the malware. I've done a malwarebytes scan, trend scan, AVG scan, NOD32, Ad Aware, CCLeaner, PC Tools Security, and Spybot and still the malware persists. I presently have PC Tools Spyware on and almost every time I'm in a browser I am warned of sites that have been blocked. So when I am redirected I suspect these are just sites that got through.

I bought this Dell XPS L502X in May 2011 so it is fairly new but of course my tech support has run out already because I did not go for the extra (d'oh). It is Windows 7 Home Premium 64 bit (SP1) with 6 GB RAM, i7 2.00 GHZ processor.

I've attached a hijackthis log as well as a DDS log and can attach the "Attach" doc if requested. As you can well imagine, I am at my wit's end with this. I don't have the Windows 7 recovery disk (it didn't come with the dell) and my System Recovery disks that I made at the outset seem to not work, which forces me to solve ... Read more

Answer:Malware removal request

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

18 more replies
Relevance 68.47%

I ran Combofix and I wonder now if I should have waited. However, it is done. I am having trouble with the Google Re-Direct malware. I have the Combofix log, I have attached it herein (I hope).
I look forward to any and all help.

Answer:Malware removal request

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

3 more replies
Relevance 68.47%

I've got a Windows XP HE machine, SP2 with P4 @ 2.40GHz, 512MB RAM, 80GB HD. All latest Windows updates have been installed.

The Symptoms:

Pop ups and redirects, hindered performance, and ultimately loss of control of the browser. Pop ups occur even when not using a browser.

The Suspects:

My scans have detected SurfSideKick, Command Service, PSHost, and several trojans such as Trojan.KillAV.ABN, Trojan.Agent.RL, and Trojan.Dropper.Agent.HL.

My Actions so far:
I've gone through all steps in "READ & RUN ME FIRST Before Asking for Support". Here's a brief summary:
0: Preliminary House Cleaning: Did not find any obvious malware to uninstall, specifically looked for SurfSideKick, SurfSideKick 2, and SurfSideKick 3.

1: Will wait until I'm running a clean system before disabling System Restore. Message understood and will disable and enable once all problems are gone.

2: Enabled viewing of hidden system files, system files, and extensions.

3: As mentioned above, using only McAfee viruscan.

4: Downloaded and installed all referenced SW per instructions - Ad-Aware SE, SpyBot S&D, & CounterSpy already on system & up to date.

5: Physicall unplugged Internet access and did the following:

Ran CCleaner on all user accounts, then ran it on admin acct in safe mode
Downloaded MS Mal SW Removal Tool, but did not receive a rpt
Ran Ad-Aware SE in safe mode in full scan mode and fixed all identified probs
Ran SpyBot S... Read more

Answer:Malware Removal Help Request

Rob11 said:



Ran Panda ActiveScan in safe mode and found 2 viruses & 10 spyware occurrences, but could NOT find any way to save a report. Note: the only choice I could find was to purchase and download Panda ActiveScan. Unless I missed it, and I looked far and wide for a report selection, Panda is limiting what you can do until you pay???Click to expand...

Click the link that gives more details on using PandaActiveScan. It is given in step 6. I need this log even if you have to do it in normal boot mode.

Is your copy of CounterSpy a free trial or paid version? If free you should uninstall it because it expires in 15 days and is of no use afterwards. Also you have Windows Defender install and you only want one such realtime blocker installed. If CounterSpy is a paid version that you keep up to date, then uninstall Windows Defender.

You have a bunch of malware problems. One includes a Qoologic infection.

Let's get started.

First run this: Qoologic Removal Procedure



Start by downloading two tools we will need

- Process Explorer

- Pocket KillBox

Extract them to their own folder somewhere that you will be able to locate them later.

IMPORTANT: You should print or save the below locally, so you can refer to them while offline. You must exit all browsers before running the below steps and it would be best if you actually physically unplug your cable to the internet, reboot, and do not run anything but what I give you to do. Also it wou... Read more

15 more replies
Relevance 68.47%

Referred from: http://www.bleepingcomputer.com/forums/t/249455/malware/ ~ OBHere is the DDS Log for my computer. The RootRepeal program would not run so I do not have a log for that one. When I tried to install it gave me the following error message. "Mismatch between the kernel reported by Windows and the one by a hardware scan. Do you want to use the kernel reported by windows Y/N." If I select Y or N it gives the same error message "decompression error 5". Here is the a DDS log. DDS (Ver_09-07-30.01) - FAT32 Run by Administrator at 17:30:36.95 on Fri 08/28/2009Internet Explorer: 6.0.2900.2180============== Pseudo HJT Report ===============uStart Page = hxxp://www.google.comuDefault_Page_URL = about:blankmWinlogon: Shell=preshell.exeEB: Media Band: {32683183-48a0-441b-a342-7c2a440a9478} - %SystemRoot%\System32\browseui.dlluPolicies-explorer: NoFileAssociate = 0 (0x0)uPolicies-explorer: NoInstrumentation = 1 (0x1)uPolicies-explorer: NoSMHelp = 1 (0x1)uPolicies-explorer: NoSMMyDocs = 1 (0x1)uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)uPolicies-explorer: NoThemesTab = 1 (0x1)uPolicies-system: NoDispAppearancePage = 1 (0x1)uPolicies-system: NoColorChoice = 0 (0x0)uPolicies-system: NoSizeChoice = 0 (0x0)uPolicies-system: NoDispSettingsPage = 0 (0x0)uPolicies-system: NoVisualStyleChoice = 0 (0x0)dPolicies-explorer: NoFileAssociate = 0 (0x0)dPolicies-explorer: NoInstrumentation = 1 (0x1)dPolicies-explorer: NoSMHelp = 1 (0x1)dPolicies-explorer: NoSMMyDocs = 1 (0x1)dPolic... Read more

Answer:Malware Removal Request

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

5 more replies
Relevance 68.47%

I've noticed pop-ups and my pc really slowing down. This all started within the last couple of days. I tried some of the auto-scans online with hijackthis, as well as scans with spybot, and ad-aware, but was unable to remove it all. Computer seems to be getting worse and worse-- any help with finding and then removing malicious software would be greatly appreciated. Thanks in advance!
Specifically, I've noticed that I have Virus Remover 2008
but I'm fairly sure I have more than that.
DDS (Ver_09-03-16.01) - NTFSx86
Run by Greg at 22:34:35.12 on Thu 04/02/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: N/A: {0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2} - c:\program files\asksbar\srchastt\1.bin\A2SRCHAS.DLL
mURLSearchHooks: AOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
mURLSearchHooks: N/A: {0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2} - c:\program files\asksbar\srchastt\1.bin\A2SRCHAS.DLL
BHO: Ask Search Assistant BHO: {0579b4b1-0293-4d73-b02d-5ebb0ba0f0a2} - c:\program files\asksbar\srchastt\1.bin\A2SRCHAS.DLL
BHO: Java™ Plug... Read more

Answer:Malware removal help request

Hello.I see a lot of malicious files and probably more on your computer. Please do the following.Download and Run ComboFix (Rename Before Saving)Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.Link 1Link 2 Link 3Refer to the page below for further instructions on running ComboFix. This includes installing the Recovery Console. Note that you do not need your Windows XP disk to install it. Refer to this page if you are unsure how.Double click on Combo-Fix.exe & follow the prompts. When finished, it will produce a open a report for you. Post back with it. It is at C:\ComboFix.txt.Do not mouseclick the ComboFix window while it's running. That may cause it to stall.With Regards,Extremeboy

6 more replies
Relevance 68.47%

DDS (Ver_10-03-17.01) - NTFSx86 Run by Owner at 9:25:20.73 on Mon 08/16/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.802 [GMT -4:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exesvchost.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEsvchost.exeC:\Program Files\LSI SoftModem\agrsmsvc.exeC:\Program Files\AVG\AVG9\avgwdsvc.exeC:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exeC:\Program Files\AVG\AVG9\avgnsx.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\Motive\McciCMService.exeC:\Program Files\CDBurnerXP\NMSAccessU.exeC:\WINDOWS\system32\HPZipm12.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\Program Files\MySoftware\MyInvoices\tracker.exeC:\PROGRA~1\AVG\AVG9\avgtray.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\system32\wuauclt.exeC:&#... Read more

Answer:Malware Removal Request

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

3 more replies
Relevance 68.47%

So lately, I've noticed a lot of slowness on my computer as well as google search results being hijacked and redirected. I also got the BSOD yesterday. My logs are attached.
Also I have the Windows Security infection.

DDS Log:
DDS (Ver_10-12-12.02) - NTFSx86
Run by Administrator at 12:07:06.46 on Sun 02/27/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_18
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1983.823 [GMT -5:00]

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:... Read more

Answer:Malware Removal Request

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!These instru... Read more

2 more replies
Relevance 68.47%

Hello,

A few weeks back I got hit with some sort of virus/malware. I was on the website OKCupid.com with the Firefox browser. My cursor scrolled over one of the sidebar ads, at which point my anti-virus kicked in. I'm running Avast.

Avast informed me that it had blocked a harmful file or connection. However, at the same time, the Windows security center popped up. It was clearly part of the virus, because all of the text was in Cyrillic. I had to force quit the program to get it to go away (clicking on the red X was not working).

Firefox started opening up a bunch of windows to random sites. I force-quited my way out of the program, got a frozen desktop and soft rebooted. After the reboot, I was unable to run .exe files or connect to the internet. I managed to open firefix by "opening with" firefox itself. My internet had been reset to an unknown proxy connection. I set it to auto-detect my network, and managed to get some internet functionality back.

I googled the problem with the .exe files and downloaded, installed and ran a file called "exefix_xp.com" from http://windowsxp.mvps.org/exefile.htm

That fixed the .exe problem. I then ran a boot scan with avast and it found and removed three files. I did an ad aware scan and removed several others.

However, problems persist:

Google was redirecting to a google mirror site: [link removed] - I've since manually reset the home page in firefox to google.ca

Google occasionally gave me a page t... Read more

Answer:Malware removal request

Hi and welcome to Major Geeks, Rob604!

First, please uninstall one of the follow antivirus programs:

avast! Free Antivirus
Ad-Aware
Ad-Aware Security Toolbar <-- Uninstall this too if you chose to remove Ad-Aware
I want you to read and follow these instructions: TDSSKiller - How to run
Please download MBRCheck by clicking here and save it to your desktop.
Double-click on the file to run it. (Vista/7 right-click and select Run as Administrator)
A window will open on your desktop.
If an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
If nothing unusual is found just press Enter.
A .txt file named MBRCheck_mm.dd.yy_hh.mm.txt should appear on your desktop.
Attach this file to your next message. (How to attach)

 

8 more replies
Relevance 68.47%

I am submitting a request for malware removal from my computer. I have prepared all the information and logs as described in the preparation guide.

My Computer specs:
WE: Windows Visa Home Premium sp2
Processor: AMD Athlon IIx4 635 Processor 2.90 GHz
Memory: 2.00 GB
System Type: 32 Bit

My computer running slow and intermittent connection to internet, Linksys wireless adapter kept flashing in the system tray that it needed to be reconnected. I tried to go into task manager to check processes and applications and I couldn't access task manager. Then I knew something was up. Windows security wouldn't run properly, constantly stating that my computer is at risk.

Was able to finally get to the internet and downloaded the malwarebytes program, but I think it was too late. It ran but detected no virus or malware. This morning was able to boot pc but it's slow and windows security still stating that my pc is at risk. below are the results from the logs requested in the preparation guide, thank you in advance for any help you can provide.

1. Downloaded ran the defogger

2. Downloaded and ran the DDS Tool below is the dds.txt, I attached the 'attach.zip' and 'ark.txt':
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Owner at 9:04:07 on 2012-02-28
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.1790.796 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {... Read more

Answer:Malware Removal Request

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===Please DownloadTDSSKiller.zip>>> Double-click on TDSSKiller.exe to run the application.Click on the Start Scan button and wait for the scan and disinfection process to be over.If an infected file is detected, the default action will be Cure, click on Continue
If a suspicious file is detected, the default action will be Skip, click on Continue
If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it Click the "Scan" button to start scan. Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANTPlease post the contents of that log in your next reply.There shall also be a file on your desktop named MBR.dat. Righ... Read more

9 more replies
Relevance 68.47%

My laptop may well be beyond help, so this is my last-ditch effort before reformatting. I've been running all sorts of scans, from ewido to trend micro to the standard ad-aware, spybot, etc. They all find things, but my computer keeps getting worse. I've been infected for a few weeks now. Today my boot drive was corrupted, so I found my XP CD and reinstalled that, and I (just as I was coming to this website) lost my internet access. I'm working from my PC now, since the laptop won't connect to the internet.

I went to the "Read Me" website (http://forums.majorgeeks.com/showthread.php?t=35407) but I couldn't do a lot of the steps. I'll go through what I did in order though:

Step 0 - Completed
Step 1 - N/A
Step 2 - Completed
Step 3 - Uninstalled McAfee and installed AVG a couple weeks ago
Step 4/5 - I lost my internet access, and all my CD-Rs, so I only have parts of this step done. I don't have CC Cleaner, so I didn't run that. Ad-Aware cannot finish a scan. It freezes deep scanning at the same place each time. Spybot ran successfully. Windows Defender won't run, although I'm pretty sure I have SP2 installed. The Windows Malicious Software Removal Tool - I'm pretty sure I ran.
Step 5 - I am currently in safe mode on my laptop.
Step 6 - With no internet, I could not complete this.

My HijackThis log is attached.

Basically my problem started with my computer running VERY slowly. It took Windows abou... Read more

Answer:Request for Malware Removal Help

Any ideas?
 

31 more replies
Relevance 68.47%

Whenever I start an application I get the message: "This application has failed to start because netrarwcq.dll was not found. Reinstalling the application may fix this problem."
DDS (Ver_09-10-13.01) - NTFSx86
Run by Administrator at 23:55:45.09 on Sun 10/18/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.247 [GMT -5:00]

AV: avast! antivirus 4.8.1351 [VPS 091018-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINNT\system32\svchost -k DcomLaunch
svchost.exe
C:\WINNT\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dantz\Client\Remotsvc.exe
C:\Program Files\Dantz\Client\retroclient.exe
C:\Program Files\Laplink Everywhere\ServerProxyService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\system32�... Read more

Answer:Malware removal request

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No inp... Read more

2 more replies
Relevance 68.47%

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-07-2016
Ran by Doug (2016-07-27 13:42:41)
Running from C:\Users\Doug\Downloads
Windows 7 Professional Service Pack 1 (X64) (2016-05-17 01:31:12)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3314079872-3879865770-2092099990-500 - Administrator - Disabled)
Doug (S-1-5-21-3314079872-3879865770-2092099990-1000 - Administrator - Enabled) => C:\Users\Doug
Guest (S-1-5-21-3314079872-3879865770-2092099990-501 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: ESET NOD32 Antivirus 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET NOD32 Antivirus 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
2.8.1.1006 (HKLM-x32\...\{22CD9EDF-E9D7-4B34-811D-4E1B0B165919}_is1) (Version:  - )
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.00.15.58233 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.00.15.58233 - ABBYY) Hidden
Adobe AIR (HKLM-x32\..... Read more

More replies
Relevance 68.47%

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable a... Read more

Answer:Malware Removal Request

DDS (Version 1.1.0) - NTFSx86
Run by Michael at 21:01:36.86 on Tue 12/30/2008
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.482 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:... Read more

18 more replies
Relevance 68.47%

Hello,I ahve been hit with a redirect virus and I ahve tried several options. I have used malwarebytes, superantispyware, spybot, spywareblaster and Aviara antivirus. Everytime some malware gets detected and quarantined but the problem resurfaces. I would appreciate any help I can get. Thanks.here is are is the DDS.txt log:DDS (Ver_10-03-17.01) - NTFSx86 Run by Andre at 2:43:08.29 on Fri 08/13/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3006.2334 [GMT -7:00]AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}============== Running Processes ===============D:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeD:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeD:\WINDOWS\system32\spoolsv.exeD:\Program Files\Avira\AntiVir Desktop\sched.exesvchost.exeD:\Program Files\Avira\AntiVir Desktop\avguard.exeD:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeD:\Program Files\Bonjour\mDNSResponder.exeD:\WINDOWS\eHome\ehRecvr.exeD:\WINDOWS\eHome\ehSched.exeD:\Program Files\Avira\AntiVir Desktop\avshadow.exeD:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeD:\Program Files\Java\jre6\bin\jqs.exeD:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXED:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exeD:\WINDOWS\system32\nvsvc32.exeD:\WINDOWS\system32\IoctlSvc.exeD:\WINDOWS\system32\HP... Read more

Answer:malware removal request help

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other... Read more

39 more replies
Relevance 68.47%

Good Day,Unfortunately I have been nominated to clean a friend's machine. When I got the machine it was pretty bad. SuperAntispyware cleaned up most of the mess, but I am left with somethings I can't seem to get shed of.Here is the mbam log, a full scan doesn't come up with anything more than the quick scan at this point:Malwarebytes' Anti-Malware 1.42Database version: 3322Windows 5.1.2600 Service Pack 3Internet Explorer 7.0.5730.1312/8/2009 11:36:09 AMmbam-log-2009-12-08 (11-36-02).txtScan type: Quick ScanObjects scanned: 118932Time elapsed: 10 minute(s), 33 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 2Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:C:\WINDOWS\rundll.exe (Trojan.Agent) -> No action taken.C:\WINDOWS\rundll32.exe (Backdoor.Bot) -> No action taken.Here is the DDS log:DDS (Ver_09-12-01.01) - NTFSx86 Run by User1 at 12:12:07.31 on Tue 12/08/2009Internet Explorer: 7.0.5730.13Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.767.301 [GMT -8:00]AV: avast! antivirus 4.8.1368 [VPS 091208-1] *On-access scanning en... Read more

Answer:Malware Removal Request

Hi,My name is Extremeboy (or EB for short), and I will be helping you with your log.We apologize for the delay of response. If you still require assistance we would like to see the current condition of your system so please post a new set of DDS Logs as well as a RootRepeal log and a description of any remaining problems or symptoms you may still have please.If for any reason you did not post a DDS log or RootRepeal log please refer to this page and in step #6 and Step #7 for further instructions on downloading and running DDS & RootRepeal. If you have any problems just let me know in your next reply or simply post a Hijackthis log.For your next reply I would like to see:-The DDS logs---DDS.txt and Attach logs-RootRepeal logs-Description of any remaining problems you may still have.Thanks again and we apologize for the delay.With Regards,Extremeboy

2 more replies
Relevance 68.47%

 dds.txt   11.06KB
  2 downloads
 Ark.txt   34KB
  0 downloads
 attach.txt   11.07KB
  1 downloadsI've followed the preparation for malware removal and requesting help..added attachments if i have left anything out please let me know thanks.

Answer:Malware removal request

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

40 more replies
Relevance 68.47%

My laptop was recently infected with, I think, a trojan virus. As a result, Windows Vista cannot load properly and I can only use the laptop on safe mode. I ran the Hijackthis program and the log is pasted below. I don't know too much about computers so help would be very very much appreciated. Thank you!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:34:54 PM, on 6/7/2009Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18226)Boot mode: Safe mode with network supportRunning processes:C:\Windows\Explorer.EXEC:\Windows\system32\wbem\unsecapp.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\AIM6\aim6.exeC:\Program Files\AIM6\aolsoftware.exeC:\Users\Jasmine\Desktop\HiJackThis.exeC:\Program Files\Internet Explorer\Iexplore.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Inte... Read more

Answer:Request malware removal

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 68.47%

Good Afternoon Guys,I am a newbie, once upon a time if I thought I had a virus I would simply format and reinstall my OS, I'm now on a my work's laptop which has a great deal on data on it.Here's my dilemma.....I have recently experienced some problems following, i believe, a Windows Media Player codec download. Whenever I use google now it opens links in a new window and sometimes to another search engine, normally yahoo. I have checked the advanced options within google's settings and the box is unchecked for links opening in new windows. Certain pages I cannot open at all however, most pages do open correctly, albeit in a new window, on the second time of clicking. Results2 appears at the beginning of the url for a short period of time prior to redirecting. It has just now started sending me to maxnetfinder. I just search for maxnetfinder and managed to find a forum where the problem had been identified, my DNS server address had been changed. Google now operates correctly but I doubt that I am free from unwanted files on my laptop, please could someone have a butchers for me.I've attached the documentation as required in the tutorial.Many thanks,Chris

Answer:Malware Removal Request

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

5 more replies
Relevance 68.47%

Hello,

My computer became infected with a virus/malware about two weeks ago. The first sign was a box on my desktop that read "Warning:Spyware Detected on your Computer." This was followed by bugs that were literally eating the icons and browser, etcetera.

I also got repeated warnings that the computer was infected and 'spyware removal was necessary.'

Often times, the internet connection would disconnect for about a minute, then connect, and so on.

I did nothing for about two weeks, until today when I followed the steps requested.

I hope this is enough information.

I am attaching the logs.

I appreciate any assistance possible.
 

Answer:Malware Removal Request

Here is the last file:
 

8 more replies
Relevance 68.47%

Hello,
I've been at this for the past couples days without avail. If anybody can shed some light into this it would be great.

I'm on a Toshiba laptop (specs below) and I keep getting a "[app name] - bad image" "the application or DLL [various dll names] is not a valid Windows image. Please check this against your installation diskette."

This happens with every program I try to use.

I've read numerous entries on this online but cannot seem to fix it with the same methods. I've ran AVG, Spybot, and Malwarebyte's Anti-malware, and now Hijackthis (log attached).

If anybody can help me with this, it would be much appreciated. Thanks in advance.

Toshiba Laptop
Windows XP Pro SP2
 

Answer:Malware Removal help request

Welcome! to MajorGeeks.com!

Please follow the instructions in the READ & RUN ME FIRST link given further down and attach the requested logs when you finish these instructions.

If you have problems where no tools seem to run, please try following the steps given in the below and then continue on no matter what you find. You only need to try the TDSSserv steps if having problems getting scans in the Read & Run Me First.
TDSSserv Non-Plug & Play Driver Disable

If something does not run, write down the info to explain to us later but keep on going.
Do not assume that because one step does not work that they all will not.
READ & RUN ME FIRST. Malware Removal Guide


Helpful Notes:


If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in Safe Mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware, Malwarebytes and Spybot ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
To avoid additional delay i... Read more

3 more replies
Relevance 68.47%

Ok .. I have some kind Of Virus that Redirects the F*** Out of My Computer If Im Clicking Links Or not It just decides Oh well You should Look at this or oh let me open a new tab and Look at this fake Virus scan ECT you guys Im sure know what Im talking about Also .. Its Way Choking Down My Net .. My Light Stays Pegged almost 24/7 Now Its Either Screwing with My Cursur Or its Just loading my CPU to the point of Lag .. It will Just randomly Freeze( this Has Just started to happen today) Or It Will BSOD (also Just started that today ) ( Ive been Fighting It for a few days Now ) It also Seems to be bringing In Trojans But that could I asume also Be from the redirects?? ... AVG Full Does Not Find It ... Spyware Terminator Does NOT find It .. I can NOT Find It ... Google-Fu Did Not help .. Maybe Someone Can Help ? Google Brought Me Here After 4-5 random BS links B4 Finally Working Lol.. I find It almost funny cause its driving Me Insane .. Not had One stump me like this In a very long time ThanxFollowing Directions I received From Previous Post >>HereDDS Log >>DDS (Ver_11-03-05.01) - NTFSx86 Run by Pammie Sue at 2:36:18.39 on Mon 04/11/2011Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.767.141 [GMT -4:00].AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}AV: Norton AntiVirus *Disabled/Outdated* {B5510F6F-87E1-47F7-A411-360BC453007C}.============== Running Processes =======... Read more

Answer:New* malware removal request..

Looks as you've caught a Bootkit infection.Let's begin like this.Please read carefully and follow these steps. Download TDSSKiller and save it to your Desktop.Extract its contents to your desktop.Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


If an infected file is detected, the default action will be Cure, click on Continue.


If a suspicious file is detected, the default action will be Skip, click on Continue.


It may ask you to reboot the computer to complete the process. Click on Reboot Now.


If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.Then update MBAM and run a Quickscan and post the content of the log.How is your computer running after those steps?

16 more replies
Relevance 68.47%

We have an annoying Window screen at startup: Open File: Security Warning - if we leave it alone - things seem to be fine. If we open it - or try to close it - a variety of scans/popups and request for antivirus occur.
Attached are my DDS logs. Gmer scan showed no issues.
Any help is appreciated. Thanks!

Answer:Malware Removal Request

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

3 more replies
Relevance 68.47%

I completed all of the steps on this thread:
http://forums.majorgeeks.com/showthread.php?t=139313

and I'm wondering if someone would be willing to look at these logs.

I'm pretty sure everything is fixed but I don't really know what I'm doing so I would appreciate an expert opinion.

The problem started when I did an IQ test following a link in Facebook. I don't remember if I was using Firefox or IE 6 at the time.

attached are three of the logs ... I can't seem to find the SPybot search and destroy, but will try to attach that one seperately.
 

Answer:Request help with malware removal

I can't find the remaining log - I was having a lot of trouble getting combofix to run, so I may have deleted the log accidentally. Should I repeat some or all of the steps?
 

11 more replies
Relevance 68.47%

Hello. My computer has recently become infected with some malware. I found this site while searching and trying to solve my problem. I have followed the instructions up to this point and it now suggests I post this thread.

Possibly relevant information:
- 64 bit Windows Vista service pack 2
- Dual Monitor computer
- typically run Avast, usually quite up to date.
- Upon starting the computer a screen opens up that states the FBI has seized my CPU and I need to pay $200 for copyright infringement fines in order to regain access.
- at the moment I am unable to use the browse button in this forum (haven't worked out why just yet), as soon as I have I will attach file as instructed.
.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_31
Run by Hobbit at 12:30:10 on 2012-08-01
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.4093.3176 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k Lo... Read more

Answer:$200 FBI malware Removal Request

Here is requested attachment. Once I used Chrome to view forums attachment button worked properly.

3 more replies
Relevance 68.47%

Hello,

please help with direction to fix my niece's malware infected PC,

how come the host was redirect to a lot of anti-malware publisher sites?

There was also 2 entries in the Trusted Zone which I have immediately removed them.

Thanks
I attach the some files and following is the content of DDS.txt file:
DDS (Ver_10-12-12.02) - NTFSx86
Run by Nancy at 18:56:52.39 on Fri 02/25/2011
Internet Explorer: 6.0.2800.1106
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.256.82 [GMT -5:00]
============== Running Processes ===============

C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\sw-ad\Malware Removal_Help\dds.scr

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d... Read more

Answer:XP PC malware removal help request

Good evening. Download MGADiag from here and save it to your Desktop. Double click it to run it. Click Continue. Once the scan has completed, click Copy - this will transfer the results to your clipboard. Paste them into your next reply.

2 more replies
Relevance 68.47%

I have been having some trouble...here are my Hijackthis logsDeckard's System Scanner v20071014.68Run by UW2KSR5 on 2008-06-26 18:12:18Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 4 Restore Point(s) --4: 2008-06-27 01:12:27 UTC - RP4 - Deckard's System Scanner Restore Point3: 2008-06-26 19:51:44 UTC - RP3 - System Checkpoint2: 2008-06-24 23:17:45 UTC - RP2 - System Checkpoint1: 2008-06-23 21:04:28 UTC - RP1 - System CheckpointBacked up registry hives.Performed disk cleanup.-- HijackThis (run as UW2KSR5.exe) ---------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:16:25 PM, on 06/26/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Lavasof... Read more

Answer:Malware Removal Help Request

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please post a brand new HijackThis log, along with a description of any problems you are experiencing. If we do not hear back from you within a couple of days we will need to close your topic.When posting your logs please post them directly into the reply. Do not attach them.Thank you for your patience.

3 more replies
Relevance 68.47%

hello.posting this from another computer, as my infected PC slows to a jello crawl after a few minutes.Problem started as signs antispywaremaster was on my system, with massive number of popups. cant find antispywaremaster now, but popups continue, and system resources eaten up to 100% with largest resource in control panel being HOSTPK which I cannot stop.I will await instructions and offer any other details you like. here is the hijackthis! log I was able to get off the computer........from a version of Hijackthis I quickly found on it's sytem (from a problem long ago)thank you for your assistance...~ EmixxaryLogfile of Trend Micro HijackThis v2.0.2Scan saved at 4:11:59 PM, on 4/11/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16608)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Ahead\InCD\InCDsrv.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exeC:\Program Files ... Read more

Answer:Malware Removal Request - Please Help

Hello emixxary,Welcome to Bleeping Computer This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.1. Download this file - combofix.exe http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe2. Double click combofix.exe & follow the prompts.3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.Note:Do not mouseclick combofix's window while it's running. That may cause it to stall.Thanks,tea

33 more replies
Relevance 68.47%

Hi,

When I started my partner's laptop up this morning I found the background of the desktop had changed to bright red with a biohazard image and a message that read 'your privacy is at risk'. Am quite concerned as it has all his PhD work on! So I checked this forum and found we're not the only one with the problem (fortunately we have still been able to access the internet, although computer kleeps crashing). I followed the SDFix advice provided for another member and the background has now changed back to normal. However, I wasn't clear whether this means the problem is fixed or whether I need to do something further to ensure the problem doesn't reoccur. I'd be really grateful if anyone could help. Following restarting the computer, the message from the SDFix read:

SDFix: Version 1.99

Run by Nasar on 19/08/2007 at 14:00

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\DOCUME~1\Nasar\Desktop\SDFix

Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Default IE HomePage
Restoring Default Desktop Components Value

Rebooting...
Normal Mode:
Checking Files:

Trojan Files Found:

C:\Documents and Settings\Nasar\Desktop\Error Cleaner.url - Deleted
C:\Documents and Settings\Nasar\Favorites\Error Cleaner.url - Deleted
C:\Documents and Settings\Nasar\Desktop\Privacy Protector.url - Deleted
C:\Documents and Settings\Nasar\Favorites\Privacy Protector.url - Deleted
C:\Docum... Read more

Answer:Malware removal request for help

11 more replies
Relevance 68.47%

I don't know if my pc needs malware removal or not. I did read the Prep Guide. Sorry I'm a newby looking for assitance. Over a year ago my attempt to uninstall ad-aware se didn't complete and it continues to appear in my add remove directory and when I click on it WISE uninstall says it could not open the install log file. No suprize I cant install the new ad-aware aniversary ed. So I captured the hyjack file which is attached. I also ran DDS.scr and attached it's report but it doesnt look anything like the example. Also the RootRepeal report. Thank you for your help. Bill

Answer:malware removal request - please help

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

3 more replies
Relevance 68.47%

Hi,my sisters computer has some malware on it. I successfully removed 2 of 4 of them by myself. I got rid of aother by following the READ & RUN thread but there seems to be one left after I ran panda (the part before asking for help in the READ & RUN thread) and was hoping for some help. This is my first time ever removing something other than spyware (in the Malware category). Here are the logs also for whoever helps me.
 

Answer:Help request for Malware removal

The other Logs are here now except counterspy, I need to redo that one.
 

23 more replies
Relevance 68.47%

Hi there. I have run through all the steps in READ AND RUN ME FIRST and attach the first three resulting reports in this post and the remaining reports in the next post.

Issues:
1. Internet Explorer will close itself automatically when I go to certain websites. Ex: www.analyzemath.com/expfunction/expfunction.html

2. During the BitDefender scan I received the following McAfee alert:

File: tmp002403fa
Virus Name: New Poly Win32
File Path: C:\Documents and Settings\Rif Haffar\Local Setttings\Temp\tmp00001bbd
McAfee was unable to clean, quarantine or delete the file and, each time after I asked it to do so, it would come back with a different file, for example: tmp00557092 and tmp0055b401

3. BitDefender reported four issues. Two of these were Disabled Microsoft Virus Scan and Disabled Microsoft Firewall. I unchecked these so they would not be fixed because I am running McAfee Virus Scan and Firewall and did not want to create a conflict.

4. Despite your excellent instructions, I saved the BitDefender report in the default html version generated by the program. I did not save as txt as you instruct, merely because at that stage of the process I had become numb and stupid. Then, when I tried to upload it, I received an error message that the log file was invalid. So I changed the extension to txt and re-uploaded it successfully. If this is a problem I will repeat the scan and generate a txt file.

Thanks for your attention and, regardless of my own minor issue... Read more

Answer:Request for Help with Malware Removal

Re: Request for Help with Malware Removal (Add'l Reports)

Panda Active Scan and ShowNew reports attached.

One more point: I had to run BitDefender in Normal Mode since it would not proceed while in Safe Mode without downloading updates and I did not know enough to get around that.

Best regards,

Rif
 

3 more replies
Relevance 68.47%

Here are my logs. I have completed all the steps. All is explanatory in the logs. I have .dll files that I'm pretty sure are causing the problems. winmyy32.dll , kznfabi.dll , ooawuui.dll gebyy.dll , and related to those are yybeg.bak1 , yybeg.tmp , yybeg.ini , yybeg.ini2 , yybeg.bak2 , egnamtdk.exe . A trojan or multiple have been downloading .exe files into my temporary internet folder. Also while doing the Spybot scan, it found a Smitfraud-c in the registry. I'm not sure what is locate.com which is an ms-dos application. It may not show up in my newfiles.txt
 

Answer:Request Malware Removal Help

Here are the rest...
 

3 more replies
Relevance 68.47%

Hello All,

I'm yet another victim of the "search engine redirecting" malware. Only Bing and Yahoo searches are being affect at the moment, Google seems to be ok. The issue is occuring in both IE and Firefox. I also cannot access the Windows Update site. I do have my Windows Install Disc, if needed. The dds log is below.

Any and all help is much appreciated! Thanks!!


DDS (Ver_10-03-17.01) - NTFSx86
Run by rupal at 21:18:42.96 on Thu 09/30/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.76 [GMT -5:00]
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WI... Read more

Answer:Another malware removal help request

Hi -

I'd like to run a different rootkit scanner, to try to help identify the infection.

Scan With RootKitUnHooker
Please Download Rootkit Unhooker Save it to your desktop.
Now double-click on RKUnhookerLE.exe to run it.
Click the Report tab, then click Scan.
Check (Tick) Drivers, Stealth. Uncheck the rest. then Click OK.
Wait till the scanner has finished and then click File, Save Report.
Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get the following warning, just click OK and continue.

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

3 more replies
Relevance 68.47%

Ok, computer started acting strange. Noticed it would re-direct to Google if I tried to go to Windows update site. Also, I had Malwarebyte's Anti-malware program installed and it would no longer run. I downloaded and installed Ad-aware, but then it would not connect to it's update server. I ran a scan and it did not find anything. Running HijackThis I notice that there were registry settings that listed DNS servers that I was unfamiliar with. I had it remove those. When the problem did not go away, I logged into my router and noticed the DNS servers were manually set to something different, but not my ISP's DNS servers. I changed that to obtain automatically & re-set the router password. Now, I was able to get to windows update and update Ad-aware. I was still unable to run Malwarebyte's Antimalware. I downloaded Spybot S&D, it seemed to install OK, but the GUI will never come up.

So, although everything else appears to work OK, I am afraid something is there that is being missed.

Here is the info requested. Any help would be appreciated.....

DDS.txt
DDS (Ver_09-05-14.01) - NTFSx86
Run by Owner at 18:34:12.65 on Thu 05/28/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.382.137 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:&... Read more

Answer:Malware Removal Help Request

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 68.47%

Hi,
I kindly ask you to help me remove the malware that's infected all browsers (got IE, Chrome and Mozilla installed) and causes pop-ups all the time it's so irritating!!! URL's that the pop-ups lead to or redirect to are e.g. track.adform.net, tral.ib.adnxs.com and cdn.sharedaddomain.com. I do not know the name of the malware/virus or how to remove it. Thanks in advance for your assistance.
Kind regards,
Patrone Ignista
 

 attach.txt   9.73KB
  0 downloads

 dds.txt   22.43KB
  1 downloads

Answer:Request malware removal

Hello PatroneIgnista,my name is Jo and I will help you with your computer problems.Please follow these guidelines:Logs can take a while to research, so please be patient.Read and follow the instructions in the sequence they are posted.print or copy & save instructions.back up all your private data / important files on another (external) drive before using our tools.Do not install / uninstall any applications, unless otherwise instructed.Use only that tools you have been instructed to use.Copy and Paste the log files inside your post, unless otherwise instructed.Ask for clarification, if you have any questions. Stay with this topic til you get the all clean post.My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.***1. Download Security Check by screen317 from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.Vista / Windows 7/8 users right-click and select Run As Administrator.A Notepad document should open automatically called checkup.txt; please post the contents of that document.***2. Download OTL to your desktop.Double click on the icon to run it.Vista / Windows 7/8 users right-click and select Run As Administrator.Make sure all other windows are closed and to let it run uninterrupted.When the window appears, underneath Output at the top change it to Minimal Output.Check the boxes beside LOP Check and Purity ... Read more

25 more replies
Relevance 67.65%

Hi,
This might come across as a strange request - I have been long time member (an infrequent poster!) and I have matured in my approach to viruses & security.

I am a secondary teacher and I created a unit about security, encryption and safety around hacking etc

I am seeking KNOWN viruses, trojans, malware, adware etc so that I can install them on to a Virtual Drive. The students then have to clean the drive.

Any help in the form of a link or a installation that is embedded with adware / search bars etc would be great!

Help Chaslang, you're my only hope!
 

Answer:Not A Removal Request, Need Malware / Viruses Etc

I have found:
Conduit
FLV Player
Babylon toolbar
pdf setup
freepdfreader
 

2 more replies
Relevance 67.65%

Almost everytime I do a search on Google, I get redirected to another search engine. I tried using other malware removal tools, Spybot, Avira, Malwarebytes, but they don't work.Finally I found myself on your Preparation Guide. Hopefully you will be able to help. When I run Gmer however my computer crashes. So here is the data I'm able to send you. Please help. Thanks.DDS (Ver_10-03-17.01) - FAT32x86 Run by Gateway User at 11:23:43.19 on Mon 06/14/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.575.119 [GMT -7:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchSVCHOST.EXEC:\WINDOWS\System32\svchost.exe -k netsvcsSVCHOST.EXESVCHOST.EXEC:\WINDOWS\system32\spoolsv.exeSVCHOST.EXEC:\Program Files\Microsoft LifeCam\MSCamS32.exeC:\Program Files\Soluto\SolutoService.exeC:\WINDOWS\System32\svchost.exe -k imgsvcC:\Program Files\Soluto\soluto.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\svchost.exe -k HTTPFilterC:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exeC:\WINDOWS\system32\InetCntrl\InetCntrl.exeC:\Documents and Settings\Gateway User\Application Data\Google\Update\GoogleUpdate.exeC:\Program Files\System Explorer\SystemExplo... Read more

Answer:Redirect (?) Malware Removal Request

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Do not Attach logs unless I ask you to.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.Note** If you are having problems posting the complete log into this thread upload them here http://www.rapidshare.com/ and post the links in this thread Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Gmer is the best but can be hard to get a log lets try this and see what we get.Scan With RKUnHookerPlease Download Rootkit Unhooker Save it to your desktop.Now double-click on RKUnhookerLE.exe to run it.Click the Report tab, then click Scan.Check (Tick) Drivers, Stealth. Uncheck the rest. then Click OK.Wait till the scanner has finished and then click File, Sa... Read more

15 more replies
Relevance 67.65%

I have a laptop that appears to have a malware infection(s). There are some strange registry entries likeO4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu572.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C88332017491394661A64DB7C8F0287E55E246220D9E728F9FC17D446BC57D5375FB0FB68AD6O4 - HKLM\..\Run: [c052660a] rundll32.exe "C:\WINDOWS\system32\otrvfban.dll",bHere are the full DSS logs:########################## main.txt ##########################Deckard's System Scanner v20071014.68Run by Rebecca on 2008-04-16 11:39:01Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore ---------------------------------------------------------------- Last 5 Restore Point(s) --49: 2008-03-16 17:35:59 UTC - RP478 - Deckard's System Scanner Restore Point48: 2008-04-15 16:09:33 UTC - RP477 - System Checkpoint47: 2008-04-13 22:58:58 UTC - RP476 - System Checkpoint46: 2008-04-12 17:35:51 UTC - RP475 - Last known good configuration45: 2008-04-12 17:35:41 UTC - RP474 - System Checkpoint-- First Restore Point -- 1: 2008-04-12 17:35:26 UTC - RP430 - System CheckpointBacked up registry hives.Performed disk cleanup.-- HijackThis (run as Rebecca.exe) ---------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:41:26 AM, on 4/16/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16640)Boot mode: No... Read more

Answer:Malware(unknown) Removal Help Request

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Upgrading Java:Download the latest version of Java Runtime Environment (JRE) 6 Update 6.Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".Click the "Download" button to the right.Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".Click on Continue.Click on the link to download Windows Offline Installation (jre-6u6-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..Close any programs you may have running - especially your web browser.Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.Check any item with Java Runtime Environment (JRE or J2SE) in the name.Click the Remove or Change/Remove button.Repeat as many times as necessary to remove each Java version.Reboot your computer once all Java components are removed.Then from your desktop double-click on the download to install the newest version.================Please download ComboFix and save it to your desktop.Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.Double click combofix.exe and follow the prompts.When it's done running it will produce a log for you. Please post that log in your next reply.Important Note - Do not mouseclick combofix's window ... Read more

3 more replies
Relevance 67.65%

I have done battle with win 7 antivirus 2011 before so when it popped up I rand the reg fix and process killers so I could scan and remove it with malwarebytes. A large number of things were found and removed. 24 hours later the bogus antivirus is back has borked MSE after I reinstalled and I am back to square one. Any assistance would be very helpful.
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_26
Run by Chris at 15:17:00 on 2011-12-19
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7928.6381 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\... Read more

Answer:Malware removal assistance request

Win 7 antivirus has not come back yet but things still are not right.

27 more replies
Relevance 67.65%

I recently removed the Antimalware Doctor Virus from my computer, and Antimalware Bytes was still trying to block outgoing attempts from my computer. I was able to remove the virus using RKIll and then updating Antimalware Bytes. I believe there may be a rootkit hidden within my files trying to reach out to malicious sites. I need help removing it and was hoping for some help or advice. I rand the DDS for my computer which confirmed my fears that something has lingered. How do I get rid of it?
Thank YOU

DDS Log
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Rigel at 17:52:03.88 on Sun 04/03/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1267 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Fil... Read more

Answer:Malware Removal Request (rootkit)

You may be infected with a backdoor trojan. I would suggest you backup your important documents before proceeding.Please read carefully and follow these steps. Download TDSSKiller and save it to your Desktop.Extract its contents to your desktop.Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


If an infected file is detected, the default action will be Cure, click on Continue.


If a suspicious file is detected, the default action will be Skip, click on Continue.


It may ask you to reboot the computer to complete the process. Click on Reboot Now.


If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

1 more replies
Relevance 67.65%

I seem to have a google redirect virus.  I am running vista and firefox and using trend micro.  I've run scans from microsoft one care, trend micro and malwarebytes to no avail and updated Java. Hope someone can help. Thanks so much!I've downloaded hijack this, named it and here is the log:  Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:39:29 PM, on 1/9/2010Platform: Windows Vista  (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16945)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\HP\QuickPlay\QPService.exeC:\Program Files\HP\HP Software Update\hpwuSchd2.exeC:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exeC:\Program Files\Mouse Driver\StartAutorun.exeC:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exeC:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Windows\ehome\ehtray.exeC:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exeC:\Windows\System32\rundll32.exeC:\Program Files\Mouse Driver\KMConfig.exeC:\Windows\ehome\ehmsas.exeC:\Program Files\Mouse Driver\KMProcess.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\system32\wuauclt.exeC:\Program Files\Trend Micro\HijackThis\sniper.exe.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Sea... Read more

Answer:Request for malware removal assistance

Please go to this link and follow the directions and post the required logs. We really need SAS and MBAM followed by HJT

14 more replies
Relevance 67.65%

I recently came into contact with a program that behaved like malware, yet didn't trigger either MSE, nor MBAM. The only software that even alerted me it was messing around was Comodo's Defense+. I noticed it added a startup entry to a 'rundll32 .exe' in my user folder and modified a registry key. I ran several scans (MSE, MBAM, Avira Antivir manual scan with MSE and MBAM running active guard) and I believe I managed to remove all traces of it. However, I would like a second opinion, since I'm not really adept at interpreting the DDS and HijackThis logs.
.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by TechDevout at 14:38:21.83 on Wed 05/11/2011
Internet Explorer: 8.0.7601.17514
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4095.2540 [GMT 3:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Defense+ *Enabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RP... Read more

Answer:Post-Malware Removal Help Request

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Please take note:If you have since resolved the original problem you were having, we would appreciate you letting us know. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available.If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply'... Read more

7 more replies
Relevance 67.65%

Hi Guys,I think I picked this bug up after downloading from P2P software and it is very difficult to remove, and hides well from all antivirus software I have tried (Malwarebyte,Spybot,Superantispyware,AVG,Norton 360,Kaspersky).IE and Firefox both redirect me to other websites from a google search. Currently it sends me to sites via blueseek.com but earlier today it was essearch.net.The common thread is a Chinese symbol that appears left of the URL in the address bar or either browser.I have attached the required logs...My DDS log is:DDS (Ver_09-12-01.01) - NTFSx86 Run by michael at 23:00:07.73 on Sun 07/02/2010Internet Explorer: 8.0.7600.16385Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.3063.1803 [GMT 10:00]SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Windows\system32\lsm.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:... Read more

Answer:Malware/Hijacker removal request

Spybot has detected this as Virtumonde.dll . It can remove it, but it recurs upon reboot. I'm desperate for help!!!!!Thanks.

4 more replies
Relevance 67.65%

DDS (Ver_09-02-01.01) - NTFSx86
Run by Emin at 13:43:15.64 on Fri 02/20/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_02
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.478 [GMT -8:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\ThreatFire\TFService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Emin\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar ... Read more

Answer:Trojan/Malware Removal Request

Please visit this webpage for download links, and instructions for running combofix:

http://www.bleepingcomputer.com/comb...o-use-combofix


* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

18 more replies
Relevance 67.65%

Hi

I have recently downloaded something and after installing it, I got a warning from avast antivirus to delete msxm71.dll. Even though I have click "delete", I am still getting the same pop up asking me to delete msxm71.dll. I have downloaded Malwarebytes' Anti-Malware and I am no longer getting the pop up from avast antivirus. However, I am not sure if msxm71.dll has been removed completed.

I'd really appreciate some help. Thanks so much!
DDS (Ver_09-07-30.01) - FAT32x86
Run by Ida at 23:00:04.00 on Thu 27/08/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.64.1033.18.2038.1147 [GMT 12:00]

AV: avast! antivirus 4.8.1351 [VPS 090826-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
SVCHOST.EXE
SVCHOST.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
SVCHOST.EXE
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Lenovo\OneKey App\System Repair\Up... Read more

Answer:malware removal request: msxml71.dll

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 67.65%

Good afternoon.

This morning when I got to the office one of my employees greeted me with the announcement that "something" was wrong with his computer.

There is a program running called "SpyEraser" that causes pop-ups every few minutes warning of the dire consequences the user faces if they don't "Register Now." The app runs continuously in the system tray and has no uninstall, etc. option. This is not a program that the employee installed. He picked it up somewhere in the wilds of the internet and I cannot, for the life of me, get rid of it.

Initially I tried running Malwarebyte's Anti-Malware as I've had good luck with this in the past. It found nearly 300 infected items which I removed and then rebooted the machine. SpyEraser lived on, however. I ran a complete sdan using Anti-Malware and it found an additional 7 or so items that I also removed. Still, SpyEraser persisted.

Upon boot, I also get the following error - (it is a RUNDLL error):

Error loading C:\PROGRA~1\MYWEBS~1\bar\1.bin\F3SCRCTR.DLL

At this point, I sought advice from my more tech-savvy friends and they directed me here. I have followed the malware removal steps and have logs to upload. The only thing I could not do was run ComboFix as I got an error stating that it was not currently available for download.

Thanks in advance. I'll attach the first two logs to this post and the other two to the next.
 

Answer:Malware Removal Assistance Request

Here are the other two logs. Thank you again in advance.
 

4 more replies
Relevance 67.65%

Hello and thanks for reading this...To be honest, I have no idea what I am infected with, but I would greatly appreciate any help offered. What has been happening most is every 5 seconds, the lower Windows Nav bar disappears and then reappears. Thank you so much for your help!DDS (Ver_09-03-16.01) - NTFSx86 Run by Karen at 23:44:17.97 on Mon 04/20/2009Internet Explorer: 7.0.5730.13Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.502.79 [GMT -7:00]AV: Norton Internet Security 2006 *On-access scanning enabled* (Updated)FW: Norton Internet Security 2006 *disabled*============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exec:\Program Files\Common Files\Symantec Shared\ccSetMgr.exec:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exec:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exeC:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exec:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exeC:\Program Files\Common Files\Symantec Shared\... Read more

Answer:General Malware removal request...

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resul... Read more

2 more replies
Relevance 67.65%
Relevance 67.65%

Opening new topic per instructions from Orange Blossom , Link to previous Thread: http://www.bleepingcomputer.com/forums/topic321540.htmlMy desktop got infected with rootkit virus a week ago. After a lot of pain, I was able to remove the fake security pop ups but it kept coming back in different form. It has hijacked my IE and Firefox and it opens pop-ups on it's own and takes me to some strange sites. Now it has completely disabled my internet connection and sound card. I can not start various services such as Windows Firewall or as simple as Help & Support service of XP.Malware Byte's scan with defn as of 6/1/2010 DB version 4161 scan completes successfully.PC Details: Windows XP Pro SP3Here is the DDS Log from infected machine:DDS (Ver_10-03-17.01) - NTFSx86 Run by malgaonr at 9:45:22.09 on Mon 06/07/2010Internet Explorer: 6.0.2900.5512Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3567.2997 [GMT -5:00]AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Outdated) {FB06448E-52B8-493A-90F3-E43226D3305C}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\SPBBC&#... Read more

Answer:Rootkit/Malware Removal Request

Hi and welcome to the Virus/Trojan/Spyware/Malware Removal forum,I am thcbytes and I am here to help you!I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Please perform all steps in the order received and do not proceed if you need clarification.Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it. When your computer is clean I will alert you of such. I will also provide you with detailed suggestions for prevention.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.After 5 days if your topic is not replied I we assume it has been abandoned and I will close it.I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!Again I would like to remind you to make no further changes to your computer unless I direct... Read more

12 more replies
Relevance 67.65%

Hi,A few months ago my computer got infected and i did my best to remove any virus/malware. Since then I have downloaded Norton as my anti-virus and I still have the following problem:Computer suddenly get slowBeing attackedInternet and wireless get shot downSometimes unable to shutdown the computerSites get re-directed.I am attaching the DDS and Attach file, hope I can get help.Thank you,

Answer:virus and Malware removal request

Hi,A few months ago my computer got infected and i did my best to remove any virus/malware. Since then I have downloaded Norton as my anti-virus and I still have the following problem:Computer suddenly get slowBeing attackedInternet and wireless get shot down and freezeSometimes unable to shutdown the computer, just manuallySites get re-directed.I am attaching the Attach file, hope I can get help. Somehow after running the gmer my computer screen freeze and i can not save the file. Any recommendationPlease help and advise.Here is the DDS:========================DDS (Ver_10-03-17.01) - NTFSx86 Run by AZ at 21:31:14.95 on Mon 09/13/2010Internet Explorer: 7.0.5730.13Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.322 [GMT -7:00]AV: Norton Security Suite *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}AV: McAfee VirusScan *On-access scanning enabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}FW: Norton Security Suite *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exesvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Intel\Intel Matrix... Read more

25 more replies
Relevance 66.83%

explorer.exe has been acting funny.. as of right now its using 88,000 K, when it should be using just 20,000 to 25,000.. so i have put in a request to help with malware removal assistance..
here is the original thread..
>>>> snip>>>>>>>
think im INFECTED but it appears to only affect on account.. other user accounts seem to be ok.. as far as i can tell..
i think i may be infected by a Trojan or some sorta virus.. the computer is acting very sluggish even though i have 3meg of mem and a 2 core AMD 3.2 GHZ running in vista OS.. i have done a number of virus scans, Panda, and Avast. and in the process of running a full scan in safe mode with Malwarebytes... so far no virus detected, i do notice that in safe mode i dont get near the hit on the resources as i would in regular logon..
i have HijackThis installed if you need that information... other then that im pretty well stuck, have Google all i can on the possible explorer.exe process and it says its legit, helps with display of icons and graphics in windows vista..

by Resources i mean CPU usage.
symptoms -- sluggish computer all web browsing or any application just slows to a crawl..
when i start the computer and log on i check my resource manager and its any where from 76% to 100% CPU usage..
no virus detected with any Anti Virus i have tried including MS Anti Virus Security,, the computer is just not preforming like it did a even a few days ago.. not sure what else to add but i suspect the... Read more

Answer:explorer.exe is acting odd.. using 100% cpu.. Malware removal request

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

2 more replies
Relevance 66.83%

I downloaded a file which turned out to be tvshowname.mkv _lots_of_spaces_ something.exe and opened it by accident (I don't know the name of that original file, I deleted it shortly after opening it). It ran a window which closed, then opened up IE and attempted to download a PNG file while I was furiously trying to shut down all the processes and cursing my carelessness. Now when I reboot my computer my startup folder contains a file named PaulCunningham.exe (my primary account on the computer is Paul Cunningham). I ran MalwareBytes with updated definitions, and attempted to install Avast but I was unable to get the engine to start running. A single instance of the PaulCunningham.exe process appears in my task manager at first. By the time I ran HJT and the rest below, 2 more instances spawned and were using 100% of my CPU power until I manually killed the 3 processes via task manager. Further, my browsers are all set to Startpage.com as the home screen, and it is also the only search provider available even when I explicitly try to select Google. I also noticed a file called infocon.exe pop up under processes, and I can't find any information on it from an English-language site so I'm sure that's another load of fun.
I found it in C:\Users\Paul Cunningham\AppData\Roaming\infocon.exe and C:\Windows\Prefetch\INFOCON.EXE-26FD2AA7.pf
I ran Hijack This and the contents of the log file are below:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:56:... Read more

Answer:Username.exe startpage.com malware removal help request

Welcome.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

1 more replies
Relevance 66.83%

Hello and thank you for taking the time to read my post. I'm helping my elderly neighbor fix his PC problems. While I have a technical background, he does not.

Symptoms: PC takes very long to start. This has gotten progressively worse over the past few months. In addition PC will randomly freeze for a minute and then free itself. The PC does run better when it's not connected to the internet vs. when it's connected.

Operating System: Windows Vista Home Premium SP2 64-bit Dell Inspiron 5305 with 4GB of memory.

I ran CCleaner as instructed on the READ & RUN ME FIRST Malware Removal Guide (incl. spyware, virus, trojan, hijacker) post.

The Recovery Partition is full and I need to clean that up.

Malwarebytes found plenty of threats. All of which are now quarantined as instructed.

One item that I found did not match the instructions for Roguekiller is as follows. The instructions stated the following: "When it is finished, there will be a log on your desktop called RKreport[1].txt" It did not automatically create this file. I clicked on Export/Save and it's attached as RKreport_SCN_01152015_181402.log. I hope that is ok?

Log files are attached.
 

Answer:Suspected Malware and Virus Removal Request

Uninstall the below:

ShopAtHome.com Helper
ShopAtHome.com Toolbar


Fix items using RogueKiller.

Double-click RogueKiller.exe to run. (Vista/7/8 right-click and select Run as Administrator)
When it opens, press the Scan button
Now click the Registry tab and locate these detections:


[Suspicious.Path] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | ShopAtHomeWatcher : C:\Users\AddisonP\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe -> Found
[Suspicious.Path] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce | SpUninstallDeleteDir : rmdir /s /q "C:\Windows\system32\config\systemprofile\AppData\Roaming\SearchProtect" -> Found
[Suspicious.Path] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce | SpUninstallDeleteDir : rmdir /s /q "C:\Windows\system32\config\systemprofile\AppData\Roaming\SearchProtect" -> Found
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce | SpUninstallDeleteDir : rmdir /s /q "C:\Windows\system32\config\systemprofile\AppData\Roaming\SearchProtect" -> Found
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce | SpUninstallDeleteDir : rmdir /s /q "C:\Windows\system32\config\systemprofile\AppData\Roaming\SearchProtect" -> Found
[Hj.RegVal] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_D_E7C2\Microsoft\Windows NT\Current... Read more

6 more replies
Relevance 66.83%

Having MAJOR issues again with more intensive programs slowing down or not working altogether (iTunes while watching a movie, Photoshop, etc).

My indicator light on the Computer Tower that shows when the computer is "thinking" is almost ALWAYS on and I can hear it constantly searching or doing something with the HDD.

I've recently removed 100GB of Photos to help the computer run faster (was down to 20GB free and it got slower), and tried to run a Defrag last night, but had to cancel after 10 hours and it still wasn't completed. Right now I am removing the INDEXING feature of Vista.

HERE is the DDS log and attach.txt is attached.
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by RMThompson at 9:33:47 on 2012-03-09
.
============== Running Processes ===============
.
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Users\RMThompson\AppData\Local\Google�... Read more

Answer:LOTS of slowdown, request for Malware Removal?

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the r... Read more

25 more replies
Relevance 66.83%

Hello and thanks in advance for your help,

My computer seems to be infected by some kind of malware that creates hyperlinks to ads by hyperlinking words on random sites, you think it is a link to f.e. extra information while it brings you to an advertisement page. says: click to continue by: text enhance.

I followed the instructions on the preparation guide after trying to find a similar problem in the solve-it-yourself-at-home-topic. Computer couldn't finish the DSS scan, computer stops at threequarter of the scan and crashes, i.e. freezes.

thnks!

Here the GMER log
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-09-18 13:13:09
Windows 5.1.2600 Service Pack 2
Running: tofj7v1j.exe; Driver: I:\DOCUME~1\JOCHEM~1\LOCALS~1\Temp\uxtdypod.sys
---- Kernel code sections - GMER 1.0.15 ----

.text I:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB97A9380, 0x566465, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text I:\Program Files\Spotify\spotify.exe[2108] ntdll.dll!DbgBreakPoint 7C90120E 1 Byte [C3]
.text I:\Program Files\Spotify\spotify.exe[2108] ntdll.dll!DbgUiRemoteBreakin ... Read more

Answer:text enhance malware removal request

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

25 more replies
Relevance 66.83%

Hello,
 
Please help, I can’t use my computer. I keep getting hijacked, pop ups...
 
Thank you so much for your hard work.
 
Results of screen317's Security Check version 1.00 
 
   x64 (UAC is enabled) 
 
Internet Explorer 11 
 
``````````````Antivirus/Firewall Check:``````````````


 
Windows Firewall Enabled! 
 
Windows Defender  
 
WMI entry may not exist for antivirus; attempting automatic update.
 
`````````Anti-malware/Other Utilities Check:`````````


 
Java 7 Update 45 
 
Java version 32-bit out of Date!
 
Adobe Flash Player  17.0.0.169 
 
Adobe Reader XI 
 
Mozilla Firefox (37.0.1)
 
````````Process Check: objlist.exe by Laurent```````` 


 
Windows Defender MSMpEng.exe
 
Ger Desktop Remove virus SecurityCheck.exe
 
`````````````````System Health check`````````````````


 
Total Fragmentation on Drive C:  %
 
````````````````````End of Log``````````````````````


 
 
Farbar Service Scanner Version: 17-01-2015
 
Ran by Ger (administrator) on 21-04-2015 at 10:44:07
 
Running from "C:\Users\Ger\AppData\Local\Microsoft\Windows\INetCache\IE\CYIMHV62"
 
Microsoft Windows 8.1  (X64)
 
Boot Mode: Normal
 
****************************************************************
 
 
Internet Services:
 
====... Read more

Answer:Virus and/or Malware removal assistance request

Welcome aboard
 
You posted "protection" log from MBAM instead of "scan" log.

3 more replies
Relevance 66.83%

Recently been attacked ? with what, I am not sure. I know I was left with a limping PC with a bunch of malfunctioning software programs. My PC is a built PC.

First I noticed I had a redirect problem and followed the instructions from this thread Fixing Google Redirection/hijacking and other redirection problems to the best of my ability.

Second, I completed the Read and Run Me First Malware Removal Guide, which I didn?t know about till I completed the Redirection Removal. Then I followed the directions listed in thread titled Malware Removal for my specific operating system, (XP-32bit)

My Pc is 99.9 percent better thanks to this forum but I would like if you all could review the logs that were created.

Note: Malwarebytes has two log files one that was created before I visited this site and read through the instructions and another after and modified its settings.

Thank you in advance?.
 

Answer:Lactrain - Malware Removal Log Review (Request)

These are the logs from GooredFIx, TDSSkiller and MBRcheck per the instructions listed on the Fixing Google Redirection/Hijacking and other Redirection Problems thread
 

17 more replies
Relevance 66.83%

I am currently having an issue where I cannot access update.microsoft.com or download.microsoft.com, or any variations of the two. Any attempt, even in safe mode is instantly redirected to google.com. Malwarebytes.org and safer-networking.org are also directed to Google. I am also getting popup adds on many sites, despite my best efforts to remove any form of spyware/adware/etc. I am currently using Symantec Anti-Virus, after having multiple issues with McAfee, so I am turning to the professionals.

GMER instantly pointed out gaopdxserv.sys, which is a fairly well known trojan, and I'm confident I could remove it on my own, but at this point I'd rather be aware of any and all threats currently on my computer, and remove them.


Thank you for any help you guys have to offer!

DDS.txt results:


DDS (Ver_09-02-01.01) - NTFSx86
Run by Luke at 20:00:15.03 on Sun 02/22/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1395 [GMT -7:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS... Read more

Answer:Malware/Rootkit removal assistance request

Howdy there and welcome to TSF Forums

I'm Steve and I will be helping you thoughout this fix.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. It is IMPORTANT that you don't miss a step. Please perform everything in the correct order/sequence.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription

Please note that the forum is very busy and if I don't hear from you within three days from this initial post then thread will be closed.

Please follow these directions in the order they are set out for you.

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

9 more replies
Relevance 66.83%

Hello,
Please help, I can’t use my computer. I keep getting hijacked, pop ups...
Thank you so much for your hard work.
Results of screen317's Security Check version 1.00 
   x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````


 Windows Firewall Enabled! 
Windows Defender  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````


 Java 7 Update 45 
 Java version 32-bit out of Date!
 Adobe Flash Player        17.0.0.169 
 Adobe Reader XI 
 Mozilla Firefox (37.0.1)
````````Process Check: objlist.exe by Laurent```````` 


 Windows Defender MSMpEng.exe
 Ger Desktop Remove virus SecurityCheck.exe
`````````````````System Health check`````````````````


 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````


 
Farbar Service Scanner Version: 17-01-2015
Ran by Ger (administrator) on 21-04-2015 at 10:44:07
Running from "C:\Users\Ger\AppData\Local\Microsoft\Windows\INetCache\IE\CYIMHV62"
Microsoft Windows 8.1  (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is acc... Read more

Answer:Virus and/or Malware removal assistance request

Hi & to Bleeping Computer Forums!My name is Jürgen and I will be assisting you with your Malware related problems. Before we move on, please read the following points carefully: My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.Perform everything in the correct order. Sometimes one step requires the previous one.If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.If I don't reply within 24 hours please PM me!Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.Step 1Please run a FRST scan. This will help us diagnose your problem.Please download Farbar Recovery... Read more

20 more replies
Relevance 66.01%

Like many of the other users on these forums, I too am having problems with my browser being redirected to a web page other than that which I had originally clicked (most often through google search links). I have attempted to diagnose a specific problem that is wrong with my pc, but I just don't know what it is. These pop ups seem to be more annoying than malicious, but I have a strong feeling that if I don't do anything soon the problem will get worse. The reason that I say this is because I tried to start my computer in safe mode and Windows refuses to boot properly (I was given an error message that told me that Windows failed to initialize in safe mode). I know that the problem is not SmitFraud because I have had experience with that before. As I stated, these pop-ups are the result of redirected google searches and are not happening when I am not browsing the web.

Some of the websites that I have been getting redirected to include:

green-insulation.net
zanuga.com
freewareplus.com
searchfindsite.com
innatpenn.com
search27.info.com
iwa-spain.com
mylocalhero.com
online-scaner-software.net
nyas.com

...and many, MANY more.

The only other clue that I have which might help to lead to a solution is that almost every single redirect site uses the same exact logo on the browser tab next to the name of the website. I have attached a small .jpg file which shows the logo that I am speaking about. (a second logo of a wire frame green sphere appears less often but still of... Read more

Answer:malware removal request : google redirect problem

hi dgwozdz,

Sorry for the delay. If you still need help with the redirects simply reply to my post.

11 more replies
Relevance 66.01%

I am currently rerunning FRST in safe mode but it appears to be erroring with 'Getting Application errors: 20740'. Is there another tool you would prefer for me to run or should I let FRST continue?

Stopped FRST after 1.5 hours (still at same error). Including results from both (incomplete) scans.
 

Answer:Another Malware Removal Request - Fake Google Chrome

Files included here. I accidentally uploaded these twice.
 

5 more replies
Relevance 66.01%

Please see
"Windows Live mail won't open - Win 7 64 bits" topic for details.
 
 
I uninstalled Avira anti-virus and Malwarebytes (it wouldn't open, anyway), in safe mode. Now, I am able to go to my Firefox home page. But all my other problems are still there.  ESET still stops half-way through the scan (it has identified 12 threats that are still there), and F-secure doesn't open.  
 
Windows IE doesn't open.
 
I sometimes get "Windows Explorer has stopped working" and sometimes programs don't open.
 
All my problems started after I installed Baidu anti-virus. So, I tried to uninstall it, but couldn't find in "Uninstall or change a program." Do you know how to uninstall it? I believe we need to uninstall Baidu before we go to the next steps.
 
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.25.2
Run by Danny at 11:05:23 on 2013-12-09
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6131.3790 [GMT -8:00]
.
AV: Baidu Antivirus *Enabled/Updated* {10616E6C-0E20-8594-D377-A7D03F6128A6}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Baidu Antivirus *Enabled/Updated* {AB008F88-281A-8A1A-E9C7-9CA244E6621B}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCP... Read more

Answer:New malware removal request (re: Win Live mail won't open et al)

Hi Konadan
 
I will be handling your computer issues to help you get up and running again. Please give me some time to look over your situation and I will get back to you as soon as possible.
Thanks for your patience.
polskamachina

75 more replies
Relevance 66.01%

This is my first time to post so I hope I am doing it right. I have Windows XP Pro, Svc pack 3, with Kaspersky Internet Security. About a week ago my Kaspersky console just disappeared. It show to still be active when I look in my Windows Security folder but I cannot access Kaspersky from anywhere on my computer, cannot run the Combofix program, cannot access my system restore, my computer sometimes freezes, sometimes tells me my keyboard is not working properly but I am using it obviously, so what to do? Below I have copied and pasted the DDS log. Would kindly appreciate any help offered! Thanks so much!
DDS (Ver_09-05-14.01) - NTFSx86
Run by HP at 14:58:38.73 on Tue 06/09/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.134 [GMT -5:00]

AV: Kaspersky Internet Security *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE... Read more

Answer:unknown infection/virus/malware removal request

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 66.01%

The malwarebytes antivirus did not remove the winweb pop up security alert. When I run the scan it does not detect any malicious items. The only malware quarantined was from the vendor Adware.Zango. The item is very long. I would cut and paste it here but can't seem to do that. It starts with HKEY_CURRENT_USER. This was the only one found in the registry of malware antivirus. There are many other items in the winweb security alert like trojans and others. should I write these down in the postings? The pop up Lsas.keylogger keeps coming up too.I did switch to firefox. Before winweb was on my screen I used Internet explorer. I'm not sure if the browser matters. I've used firefox eversince winweb has been popping up. Also, I could not run kapernsky's free scan for some reason. I did download the new runtime JAva but I still couldn't get a scan.I will cut and paste the reports from RSITLogfile of random's system information tool 1.04 (written by random/random)Run by sam pratt at 2008-12-03 10:43:54Microsoft Windows XP Home Edition Service Pack 3System drive C: has 258 MB (3%) free of 8 GBTotal RAM: 254 MB (27% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:44:46 AM, on 12/3/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS&... Read more

Answer:Malware removal request( winweb security alert)

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable ... Read more

3 more replies
Relevance 65.19%

Why we request you disable CD Emulation when receiving Malware Removal Advice

As rootkit infections are becoming more and more commonplace, BleepingComputer.com has decided to make a rootkit scan using GMER part of our preperation steps for posting a malware removal request. Unfortunately, though, some CD Emulation programs use a hidden driver that may be seen as a rootkit or that will interfere with the proper operation of the anti-rootkit scanner. Another issue that may appear from having these programs installed are errors that appear when installing certain Windows updates. An example of this incompatibility can be found here.Due to these reasons we request that all CD Emulation programs be disabled before requesting malware removal help. To make it easier for our users who may want to continue using these tools, we will use a tool called Defogger. Defogger is a tool created by jpshortstuff that allows you to temporarily disable these drivers so that they do not interfere with our help. Then when your topic has been reviewed, or you no longer need our services, you can simply run the DeFogger program again to reenable the drivers so that you can properly use your CD Emulation programs again.We have included instructions below on how to disable and enable CD Emulation programs using DeFogger. All that we ask is that while we are working with you on your malware removal topic, please do not enable the CD Emulation programs. Instead please wait till we are f... Read more

More replies
Relevance 65.19%

Why we request you disable CD Emulation when receiving Malware Removal Advice

As rootkit infections are becoming more and more commonplace, BleepingComputer.com has decided to make a rootkit scan using GMER part of our preperation steps for posting a malware removal request. Unfortunately, though, some CD Emulation programs use a hidden driver that may be seen as a rootkit or that will interfere with the proper operation of the anti-rootkit scanner. Another issue that may appear from having these programs installed are errors that appear when installing certain Windows updates. An example of this incompatibility can be found here.Due to these reasons we request that all CD Emulation programs be disabled before requesting malware removal help. To make it easier for our users who may want to continue using these tools, we will use a tool called Defogger. Defogger is a tool created by jpshortstuff that allows you to temporarily disable these drivers so that they do not interfere with our help. Then when your topic has been reviewed, or you no longer need our services, you can simply run the DeFogger program again to reenable the drivers so that you can properly use your CD Emulation programs again.We have included instructions below on how to disable and enable CD Emulation programs using DeFogger. All that we ask is that while we are working with you on your malware removal topic, please do not enable the CD Emulation programs. Instead please wait till we are f... Read more

More replies
Relevance 65.19%

Hello folks,

I'm here to request assistance in removing some Malware and/or Virus from my Windows 7 64-bit Ultimate PC.

A few days ago my wife was online and apparently browsed to a website that triggered some malware - I suspect this since we immediately received popups on the screen regarding potential threats on the PC and asking if we wanted to clear them up. Thankfully she's been well trained to always ask me before doing anything on the computer of this nature - but sadly it seems it was too late already. The popups wouldn't go away without a reboot and when the system came back online my virus protection software (Trend Micro Titanium Internet Security - Version: 5.2.1035) was stopped and when it was restarted it constantly complains about needing to be on the Internet to Verify and do an update - even though I was clearly online at this time.

Windows Defender and the Firewall are inoperative, they will not start up. System restore is also disabled. The virus software constantly reports Web threats being blocked - up over 3200 now and climbing, but I believe those are false positives.

I do not know the name of the Malware that is on this machine, but it seems to be protecting itself very effectively. I'm currently in Safe Mode and have tried to run RKill (including the iexplore version) and they are unable to complete due to Access Denied errors when I run them. I have Malwarebytes Anti Malware running currently, but so far it hasn't detected a... Read more

Answer:Request for Malware/Virus removal assistance - Windpw 7 64-Bit Ultimate

Hello and Welcome to Bleeping Computer!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE:... Read more

48 more replies
Relevance 64.37%

I've got the 3 files. But the explore.exe crashes wont allow me to zip the two files. So here is the DDS.


DDS (Ver_09-05-14.01) - NTFSx86
Run by Russell at 17:05:27.21 on Mon 05/25/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.767.398 [GMT -7:00]

AV: avast! antivirus 4.8.1335 [VPS 090525-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\maplestory62\xDreamerMS.exe
C:\Documents and Settings\Russell\Desktop\dds.scr

============== Pseudo HJT Report ===============

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows l... Read more

Answer:Instructed Malware just in case.

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Just copy/paste the other two logs in your next reply as you did DDS.txt.

------------------------------------------------------

2 more replies
Relevance 61.91%

Log files attached. Various redirects and pop ups whilst browsing.

Cheers,
 

Answer:User's Google Account Compromised - Instructed To Do A Malware Scan

Rerun RogueKiller and have it remove these items:
[RUN][SUSP PATH] HKCU\[...]\Run : PprKjbtu (C:\Users\JULIE\AppData\Local\hmaxyxke\pprkjbtu.exe [x]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-2030968110-4071869114-4025464302-1000\[...]\Run : PprKjbtu (C:\Users\JULIE\AppData\Local\hmaxyxke\pprkjbtu.exe [x]) -> FOUND
Then rerun Hitman and have it remove all the PUP's/

Please download Junkware Removal Tool to your desktop.
Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Attach JRT.txt to your next message.
Reboot and rescan with both RogueKiller and Hitman and attack the new logs.

Tell me how things are running.
 

3 more replies
Relevance 58.63%

Additionally the new tab that pops open has a text box that opens:

"Critical Security Warning!

Your PC may have been infected with a malicious virus due to recent internet activities."

etc etc
 

Answer:"ADs by info", Malware Removal Request

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

3 more replies
Relevance 56.99%

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows XP Professional, Service Pack 3, 32 bit
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz, x86 Family 15 Model 4 Stepping 1
Processor Count: 1
RAM: 1015 Mb
Graphics Card: Intel(R) 82865G Graphics Controller, 96 Mb
Hard Drives: C: Total - 38154 MB, Free - 24078 MB;
Motherboard: Hewlett-Packard, 090Ch
Antivirus: Kaspersky Anti-Virus, Updated: No, On-Demand Scanner: Enabled
______________________________________________________________________________________________________
HI
this is my first request with you guys, hope im getting it right,

I work for a delivery company and we got a new client that would like a simple request form with all of their clients prepopulated
in the form and a simple way to email it. I used adobe acrobat and got a nice form. everything works except when we email it all I get on my end is a blank form with no information and the format has changed to *.fdf. I made the form on my imac at home and the computers at work only have the free version of adobe reader. everything is great until its emaied. So now im doing one in html and its good but im still having trouble with the email part. they can fill the form out on their end but cant get it to attach with one click of the submit button and it also comes blank. So now im thinking maybe if I can just have them print it to my printer but we are not on the same network. Any suggestion on a simple fix with any of this. I just n... Read more

More replies
Relevance 56.17%

I'm looking for something that can help me create the following.

I want a form that a user can fill out with a series of pulldown menu selections. It is pretty much an IT request permissions for user form.

Like lets say we hire a new employee. I want it so the manager can go to this form and they can can click the pulldown menu and it will have selections like "New Hire" or "Need access to folder"

If they click "New Hire" below that area where it WAS blank there is now a box where they can now have access to a pulldown bar that has a list of all job positions. But lets say instead of click "New Hire" they click "Need access to folder" instead. Well Now in the blank area under the form you get a box where a user can type in information such as "z:\payroll" or something.

I pretty much want what shows up on the document to change depending on what selection the user has made

I would prefer free software but I am open to paid.
 

More replies
Relevance 56.17%

I've been tasked with creating a form to have people fill out requesting local admin rights on the XP pc's. I'm curious if anyone out there has one at their place I could template from? Any of you Desktop Support/Data Security guys and gals have anything?
 

Answer:Local Administrator request form?

My first answer would be no. As part of our enterprise security policy, users are not allowed to have local admin rights. It takes some time to make sure everything works, but saves you trouble in the long run (viruses etc.).
 

10 more replies
Relevance 55.76%

I am a low tech user... I would like to create a work order form that when opened will automatically assign a unique reference number. Is this possible? Simple instructions appreciated!! Thanks!
 

More replies
Relevance 55.76%

i am having trouble creating this file to work the way i want it to. i was wondering if someone is willing to lend a hand or at least tell me what the problem is. now i am not a big programmer i'm more of a hardware person, and someone wanted me to program this and i can't get any code right to what i am doing and i keep getting this message (shown as an attachment) and i can't figure out what to do
 

Answer:Outlook Task Request Custom Form

That error message is quite generic and its hard to see what the problem is.

What exactly are you trying to do?

Can you post the code that you have written so far?
 

4 more replies
Relevance 54.94%

Hi,

I have just started my own PC/Mac Repair Business.

Is there any way to get a free copy to edit of the fallowing forms or do y'all have any examples that you can send to me to use as an example?

In-Shop PC/Mac Service/Repair Work Order Request Form
Onsite PC/Mac Service/Repair Work Order Request Form
Remote Support Session PC/Mac Service/Repair Work Order Request Form
Data Backup/Recovery Service Request Form/Agreement
Diagnostic and Repair Technician Checklist
Custom Desktop PC Build Service Order Request Form
Labor/Sales Invoice/Receipt Form

Can someone please help me?
 

More replies
Relevance 52.48%

Initial post was First prob was redirect and pop up - now worse... in Malware

Initially I had a redirect problem... I followed the read and run me first and CC cleaner deleted part of my AVG this caused a whole new set of problems.

I had an issue with this before.

Part of my AVG got partially deleted in the past and it was a 2 week process getting my computer fixed. It took forever to find hidden files to delete, avg remover tool wouldnt work. I believe it was Tim that was helping me here... I accidently stumbled upon a file and just started deleting all AVG files that it would let me and finally things started working again and I reinstalled and everything fell into place. Problem is this time. I cant find any of these files. BUT the problem is the same.

I can not execute any exe files in standard mode.

I dont know why CC cleaner deleted part of my AVG but I was directed not to change any settings in the instructions. So I assumed it was a residual file and let it do it's thing.

According to the Maleware host that problem is cleared up. Now we are just trying to get my permissions fixed and that is a software issue. For the time being, Im able to get online on IE... this is an intermittant thing. Sometimes after an instruction and a reboot, I will try to get on IE and I get a blank screen and IE will not load.

Before all this I was unable to use IE and Firefox was the only browser I could use. Now it gives me the same error that exe files give me ... Read more

Answer:First post in malware now instructed to post here

It was and still is Kestrel that is helping you in malware.

Have you tried doing the below:
http://www.dougknox.com/xp/file_assoc.htm --> scroll down to the ninth file fix.
 

14 more replies
Relevance 52.07%

Hi, I recently got suckered into receiving and falling for the 'fake facebook friend request' malware email (hxxttp://www.net-security.org/malware_news.php?id=1813) and am not sure if I have been infected or not. In the email, I clicked on the link and it brought me to facebook but nothing seemed amiss - however I realized immediately after that it was probably some sort of virus and that, wow, I really am guillible to fall for something like that. In researching about the malware I noticed that a prompt was expected to come up and ask me to download the latest version of Macromedia Flash - but it didn't. So I am uncertain if I've contracted something. Anyway, I haven't noticed any major issues with my computer but I will admit that I'm a little green when it comes to these things so I'm unsure of what to look for - if it's something dangerous running in the backround, how would I know, etc.? So I followed the instructions on here and have a few logs. Problem is I don't really understand the language, so to say. What's good or bad. Really I am wondering if someone can take a peek at the logs and tell me if I have a real issue and if it's something I need to address. I'm wary of using this computer in case it's something serious.

Oh, and my computer is running Windows Vista.

Any help is appreciated, thanks.

------------------

DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19048 BrowserJavaVers... Read more

Answer:Don't know if I have malware/trojan/rootkit problem - fake facebook friend request malware.

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/429204 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

8 more replies
Relevance 50.43%

Hi

I've been reading plenty of previous posts and tried resolving this myself using the following tools (in safe & normal modes - where possible)
Malwarebytes antimalware
ATF Cleaner
Super Antispyware
ICESword
I've even gone into the registry and C:\windows\system32 and manually deleted keys & files

No matter what I do it always comes back
XP Home SP3
MBAM LOG
Scan type: Quick Scan
Objects scanned: 53883
Time elapsed: 3 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 3
Registry Values Infected: 1
Registry Data Items Infected: 3
Folders Infected: 1
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\garopudu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\gukuyesa.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b2530985-4b45-465a-92ea-6b52d08f97a3} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b2530985-4b45-465a-92ea-6b52d08f97a3} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\M... Read more

Answer:Help with removal request

Fixed - just perservered and ran them all multiple times and eventually it (seems to have) went away

2 more replies
Relevance 50.02%

Hi,
I am a novice in rootkit.
My Kaspersky antivirus reports a rootkit in the (disk sector) device\harddisk1\dr1 so i have to run rootkit for further identification since kaspersky inform the found rootkit can't be disinfected.
The log file created and various files are stated in the scan result window. Now, actually I don't know which to fix as a warning appears after checking all and clicking fix button and been instructed to submit the log file to the forum for help...
Below is the scan result:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:59:53 PM, on 11/17/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\rootkit tools\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ki/... Read more

Answer:Request help on Rootkit removal

Hi,Please do the following:Please download DDS from either of these linksLINK 1 LINK 2and save it to your desktop.Disable any script blocking protection Double click dds to run the tool. When done, two DDS.txt's will open. Save both reports to your desktop.---------------------------------------------------Please include the contents of the following in your next reply:DDS.txtAttach.txt. NEXTPlease download aswMBR to your desktop.Double click the aswMBR.exe icon to run itWhen asked if you want to download Avast's virus definitions please select Yes.Click the Scan button to start the scanOn completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

12 more replies
Relevance 50.02%

I have 2 computers infected - this is the info for my second one.

Windows XP Professional, Service Pack 2

My AVG antivirus was reporting an infection but was not allowing me to remove or quarantine. I was only allowed to view the problem, and it was originating from an IP address. Unfortunately, I can't make this happen again and I didn't write it down but it was enough for me to think that i had a rootkit problem. The computer is exhibiting no suspicious behavior at this time, but I know it's only a matter of time before AVG reports the problem again.

I hope you guys can help. thanks.

DDS.txt
-----

DDS (Ver_09-07-30.01) - NTFSx86
Run by aalvarez at 14:26:59.51 on Thu 09/24/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1278.420 [GMT -7:00]

AV: AVG Anti-Virus Network Edition *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Microsoft\S... Read more

Answer:Another rootkit removal help request

hi.

I am sorry to inform you that one or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
-----------------------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.
--------------------------------------------------------------------------

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform ev... Read more

11 more replies
Relevance 50.02%

I have run Ad-Aware SE, Spy Sweeper and have not been successful in the removal of CWS_NS3. I have run the HIJACKTHIS tool and the log is below. However, I am not comfortable in interpreting this as I am a novice at this. Need assistance.LOG:Logfile of HijackThis v1.99.1Scan saved at 1:58:32 AM, on 3/31/2005Platform: Windows 98 SE (Win9x 4.10.2222A)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\SYSTEM\KERNEL32.DLLC:\WINDOWS\SYSTEM\MSGSRV32.EXEC:\WINDOWS\SYSTEM\MPREXE.EXEC:\WINDOWS\EXPLORER.EXEC:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXEC:\WINDOWS\SYSTEM\RNAAPP.EXEC:\WINDOWS\SYSTEM\TAPISRV.EXEC:\TEMP\ADAWARE\HIJACKTH.EXER1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blankR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.netscape.com/keyword/%sR3 - Default URLSearchHook is missingN1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.tamu.edu"); (C:\apps\Netscape\Users\common\prefs.js)O2 - BHO: Class - {A3F9FD31-3DFB-13C1-8E7D-BCEAF75A15DA} - C:\WINDOWS\APPSR.DLLO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCXO4 - HKLM\..\Run: [SystemTray] SysTray.ExeO4 - HKLM\..\Run: [Load... Read more

Answer:Help Request : Removal of CWS_NS3

Print out these instructions and then close all windows including Internet Explorer.Reboot your computer into Safe ModeThen I want you to fix some of those entries. Please do the following:Please make sure that you can view all hidden files. Instructions on how to do this can be found here:How to see hidden files in WindowsRun Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix button:R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blankR3 - Default URLSearchHook is missingO2 - BHO: Class - {A3F9FD31-3DFB-13C1-8E7D-BCEAF75A15DA} - C:\WINDOWS\APPSR.DLLO4 - HKLM\..\Run: [SYSYT.EXE] C:\WINDOWS\SYSYT.EXEO4 - HKLM\..\RunServices: [D3SF32.EXE] C:\WINDOWS\SYSTEM\D3SF32.EXEO13 - WWW. Prefix: http://Then delete these files or directories (Do not be concerned if they do not exist)C:\WINDOWS\APPSR.DLLC:\WINDOWS\SYSYT.EXEC:\WINDOWS\SYSTEM\D3SF32.EXEReboot your computer to go back to normal mode and post a new log.

14 more replies
Relevance 50.02%

I have not experienced pop-ups but I see that i have the Arcade Yum garbage installed on my Windows 10 machine.  I mainly use Chrome, but other browsers used also.  I read through all of the related forum posts in an effort to remove it on my own.  After a bit of consideration I have decided its better to request instructions from the start as opposed to making things harder than need be.  Thanks in advance for your assistance.  BC is a great tool.
 
Thanks

Answer:Arcade Yum removal help request

Hi djkea My name is Aura and I'll be assisting you with your issue. Follow the instructions below please.MiniToolBoxDownload MiniToolBox and move the executable file to your Desktop;Right-click on MiniToolBox.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);Check the following options:Flush DNS;Report IE Proxy Settings;Reset IE Proxy Settings;Report FF Proxy Settings;Reset FF Proxy Settings;List content of Hosts;List IP Configuration;List Last 10 Event Viewer Errors;List Installed Programs;List Devices - Only Problems;List Users, Partitions and Memory size;Once this is done, click on Go and wait for the scan to complete;Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;

3 more replies
Relevance 50.02%

I've contracted PersonalGuard.exe bogus program. Luckily I didn't fall for the fake windows alert or run a "scan" but it's there and I cannot get rid of it for the life of me. Please help! ~ McAfee won't load my quartined files. It just locks up. My whole system is running super slow.

**UPDATED** Keeps turning off my McAfee. As of now, I've been able to restart it. Hopefully that holds. I ran a virus scan & it ran for 20 mins & then the monitor went blank, but I can still see my mouse pointer. I tried searching for the personalguard.exe file in "search" & it ran for about 15 mins & then blanked my monitor again approx. 8 - 10 mins after locating the file. I can still start my computer and given enough time, I can open programs, but its taking 20 - 30 mins to open taskmanager and McAfee still isn't working correctly. I'm on my husbands work laptop.
 

Answer:2nd Request - Please help - PersonalGuard Removal

Please do not create multiple posts for the same problem.

Continue here: http://forums.techguy.org/malware-removal-hijackthis-logs/874966-had-vundo-now-personal-guard.html
 

1 more replies