Computer Support Forum

malware agents/koobface,spyware protect removal

Question: malware agents/koobface,spyware protect removal

Hi, i'm having a problem with my web browser since using the malwarebytes anti-malware scan. Before I ran the scan and removed the infections it found, I was able to open webpages and go to sites although when i would try to search it would redirect the page. After I ran the scan and deleted the infections, I tried to open a webpage and it said it couldn't display it although I was connected to the internet. One of the things the scan found said "adware.mywebsearch" I would assume that was the reason it was redirecting the page. As of right now, I have done a system restore to a point before i removed the infections so i could display a webpage to get help. If someone can please help me, I would be very grateful.

DDS (Ver_09-03-16.01) - NTFSx86
Run by Leslie at 14:54:14.01 on Wed 05/06/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.496 [GMT -4:00]

AV: CA Anti-Virus *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Airlink101\Airlink101 WLAN Monitor\WLANmon.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\CA\CA Internet Security Suite\casc.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.510\QOELoader.exe
C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\DL32.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CAGlobal.exe
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Light\CAGlobalLight.exe
C:\Documents and Settings\Leslie\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.myspace.com/
uInternet Settings,ProxyServer = http=localhost:7171
uInternet Settings,ProxyOverride = *.local;<local>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: CA Toolbar Helper: {fbf2401b-7447-4727-be5d-c19b2075ca84} - c:\program files\ca\ca internet security suite\ca website inspector\toolbar\CallingIDIE.dll
TB: CA Toolbar: {10134636-e7af-4ac5-a1dc-c7c44bb97d81} - c:\program files\ca\ca internet security suite\ca website inspector\toolbar\CallingIDIE.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [PhotoShow Deluxe Media Manager] c:\progra~1\ahead\neroph~1\data\xtras\mssysmgr.exe
uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [DL32] DL32
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickFinder Scheduler] "c:\program files\corel\wordperfect office 2002\programs\QFSCHD100.EXE"
mRun: [Airlink101 WLAN Monitor] c:\program files\airlink101\airlink101 wlan monitor\WLANmon.exe
mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [cctray] c:\program files\ca\ca internet security suite\casc.exe
mRun: [CAVRID] "c:\program files\ca\ca internet security suite\ca anti-virus\CAVRID.exe"
mRun: [CAPPActiveProtection] "c:\program files\ca\ca internet security suite\ca anti-spyware\CAPPActiveProtection.exe"
mRun: [QOELOADER] "c:\program files\ca\ca internet security suite\ca anti-spam\qsp-7.0.0.510\QOELoader.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
LSP: c:\windows\system32\VetRedir.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1197444521156
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1197483296000
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {95D88B35-A521-472B-A182-BB1A98356421} - hxxp://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} - hxxp://www.linksysfix.com/netcheck/67/install/gtdownls.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45}
DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} - hxxp://asp.mathxl.com/books/_Players/MathPlayer.cab
Notify: igfxcui - igfxdev.dll
Notify: PFW - UmxWnp.Dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: ShellHook Class: {1869181a-9f50-4fcf-8bff-1b8588ecb85c} - c:\program files\ca\ca internet security suite\ca website inspector\linkadvisor\CIDLinkAdvisor.dll

============= SERVICES / DRIVERS ===============

R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [2008-10-21 107000]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2008-8-6 72184]
R1 VET-FILT;VET File System Filter;c:\windows\system32\drivers\vet-filt.sys [2009-1-14 26352]
R1 VET-REC;VET File System Recognizer;c:\windows\system32\drivers\vet-rec.sys [2009-1-14 21104]
R1 VETEFILE;VET File Scan Engine;c:\windows\system32\drivers\vetefile.sys [2009-1-14 880560]
R1 VETFDDNT;VET Floppy Boot Sector Monitor;c:\windows\system32\drivers\vetfddnt.sys [2009-1-14 21488]
R1 VETMONNT;VET File Monitor;c:\windows\system32\drivers\vetmonnt.sys [2009-1-14 161008]
R2 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2007-10-29 587096]
R2 CAISafe;CAISafe;c:\program files\ca\ca internet security suite\ca anti-virus\isafe.exe [2009-1-14 144696]
R2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\ca\ca internet security suite\ccschedulersvc.exe [2009-1-14 128240]
R2 UmxAgent;HIPS Event Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxAgent.exe [2008-9-10 1141240]
R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\ca\sharedcomponents\hipsengine\UmxCfg.exe [2008-10-21 801272]
R2 UmxPol;HIPS Policy Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxPol.exe [2008-9-2 289272]
R2 VETMSGNT;VET Message Service;c:\program files\ca\ca internet security suite\ca anti-virus\vetmsg.exe [2009-1-14 292080]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2008-10-21 203768]
R3 N5SG;Airlink101 SuperG Wireless Network Adapter Service;c:\windows\system32\drivers\N5SG.sys [2006-11-3 467040]
R3 PPCtlPriv;PPCtlPriv;c:\program files\ca\ca internet security suite\ca anti-spyware\PPCtlPriv.exe [2009-1-14 222448]
R3 VETEBOOT;VET Boot Scan Engine;c:\windows\system32\drivers\veteboot.sys [2009-1-14 108368]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-5-6 38496]

=============== Created Last 30 ================

2009-05-06 14:28 <DIR> --d----- c:\program files\VnrPack
2009-05-06 13:22 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-05-06 13:22 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-06 12:58 <DIR> --d----- c:\windows\system32\KB905474
2009-05-05 18:35 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-05 14:12 <DIR> --d----- c:\docume~1\leslie\applic~1\Malwarebytes
2009-05-05 14:12 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-05-04 17:49 14,348 a------- c:\windows\st_1241469908.exe
2009-05-04 05:16 16,896 a------- c:\windows\system32\DL32.exe
2009-05-03 05:13 33,792 ----h--- c:\windows\freddy42.exe
2009-05-02 09:19 1,118 ----h--- c:\windows\ms49f4d98.dat
2009-05-01 20:48 27,136 ----h--- c:\windows\mstre18.exe
2009-04-17 05:26 284,160 -c------ c:\windows\system32\dllcache\pdh.dll
2009-04-17 05:26 729,088 -c------ c:\windows\system32\dllcache\lsasrv.dll
2009-04-17 05:26 714,752 -c------ c:\windows\system32\dllcache\ntdll.dll
2009-04-17 05:26 617,472 -c------ c:\windows\system32\dllcache\advapi32.dll
2009-04-17 05:26 473,600 -c------ c:\windows\system32\dllcache\fastprox.dll
2009-04-17 05:26 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-17 05:26 401,408 -c------ c:\windows\system32\dllcache\rpcss.dll
2009-04-17 05:26 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe
2009-04-17 05:26 110,592 -c------ c:\windows\system32\dllcache\services.exe
2009-04-17 05:24 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-17 05:24 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-04-17 05:24 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-04-16 19:20 <DIR> --d----- c:\program files\Lavasoft
2009-04-16 19:20 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-04-13 21:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Lavasoft(3)
2009-04-13 21:13 7,680 a------- c:\windows\system32\lsdelete.exe
2009-04-13 20:34 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-13 20:34 <DIR> --d----- c:\program files\Lavasoft(2)
2009-04-13 20:34 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Lavasoft(2)

==================== Find3M ====================

2009-03-06 10:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-02 20:18 826,368 a------- c:\windows\system32\wininet.dll
2009-02-28 00:25 111,856 a------- c:\windows\system32\isafprod.dll
2009-02-20 14:09 78,336 a------- c:\windows\system32\ieencode.dll
2009-02-09 08:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 08:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 08:10 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-09 08:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 07:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-06 07:11 110,592 a------- c:\windows\system32\services.exe
2009-02-06 07:06 2,145,280 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 06:39 35,328 a------- c:\windows\system32\sc.exe
2009-02-06 06:32 2,023,936 a------- c:\windows\system32\ntkrnlpa.exe
2009-01-30 12:10 27,328 a------- c:\docume~1\leslie\applic~1\GDIPFONTCACHEV1.DAT
2008-08-27 15:57 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082720080828\index.dat

============= FINISH: 14:54:39.84 ===============

Relevance 100%
Preferred Solution: malware agents/koobface,spyware protect removal

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: malware agents/koobface,spyware protect removal

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERER,K

2 more replies
Relevance 75.03%

So somewhere I got the Spyware Protect 2009 virus/trojan. I have tried Malwarebytes, ComboFix, AVG 8.0, and tired to install Hijack This!!!! I did this all while in SafeMode and no luck. I click on the install, and the hourglass shows up, and then after awhile it disappears. I even renamed Malwarebytes etc. What do I do besides get the gasoline can ready?

Answer:Infected with Spyware Protect 2009...Can't install any spyware removal tools

Let's see if any of these help.Some types of malware will disable MBAM and other security tools. If MBAM will not install, try renaming it. Right-click on the mbam-setup.exe file and change the .exe extension to .bat, .com, .pif, or .scr and then double-click on it to run.If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files, right-click on mbam.exe and change the .exe as noted above. Then double-click on it to run..***Another work around is by not using the mouse to install it, Just use the arrow keys, tab, and enter keys.If you cannot use the Internet,you will need access to another computer that has a connection.From there save mbam-setup.exe to a flash,usb,jump drive or CD. Now transfer it to the infected machine, then install and run the program. If you cannot transfer to or install on the infected machine, try running the setup (installation) file directly from the flash drive or CD by double-clicking on mbam-setup.exe so it will install on the hard drive.Manually Downloading Updates: Manually download them from HERE and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.

11 more replies
Relevance 71.75%

i somehow got spyware protect 2009 on my computer, and i'm having trouble getting super anti spyware or malware bytes to open. i've tried a couple other scanners and they say i'm clean.
DDS (Ver_09-03-16.01) - NTFSx86 NETWORK
Run by Warehouse at 10:19:05.40 on Thu 04/02/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.759.527 [GMT -4:00]

AV: Eset NOD32 antivirus system 2.50 *On-access scanning enabled* (Outdated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\Iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Warehouse\Desktop\dds.scr
C:\WINDOWS\System32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = ie... Read more

Answer:Spyware protect removal

that scan was done in safe mode.... just wanted to throw that out there in case it makes a difference.

i've been doing everything in safe mode because there are so many sites i can't get to when i boot up normally

17 more replies
Relevance 70.93%

I have a laptop in our company which caught the antivirus 2009 last year but was successfully removed but now it has got spyware protect 2009 malware which is a nightmare.

The machine now has a intermittent pop up saying it is infected with numerous viruses etc and need to use antispyware to get rid of and doesn't allow me to download anything and redirects with a fake 'Microsoft this site is untrusted' page . It has disabled the avast! virus protection and task manager and has completely crippled the speed of the machine to a point where it just freezes.

I went in via Safe mode and disabled system restore and downloaded and run CCleaner to get rid of any temp files and then downloaded MalwareBytes but am unable to install at all to run a scan to try and get rid of. Is there any other programs or ideas out there?

Many thanks
 

Answer:Help on Spyware Protect 2009 Removal?

Welcome to Major Geeks!

Please follow the instructions in the below link and attach the requested logs when you finish these instructions.


If you have problems where no tools seem to run, please try following the steps given in the below and then continue on no matter what you find. You only need to try the TDSSserv steps if having problems getting scans in the Read & Run Me First.
TDSSserv Non-Plug & Play Driver Disable

If something does not run, write down the info to explain to us later but keep on going.
Do not assume that because one step does not work that they all will not.
READ & RUN ME FIRST. Malware Removal Guide

Notes:


If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode. You can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware, Malwarebytes and Spybot ( links are given in the READ & RUN ME) onto another PC and burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes, you could use a flash drive too but flash drives are writeable and infections can spread to them.
To avoid additional delay in getting a response, it is advised that... Read more

1 more replies
Relevance 70.93%

Computer has been noticeably slow and sluggish for the past month. I have AVG (free version) as my main anti-virus program and also frequently run Spybot, Malwarebytes and Ad-Aware.

Last week things started getting worse. I ran a remote scan from Bit Defender's website and it reported to find viruses on both my operating hard drive and my old hard drive (which I knew to be infected with a virus that I'm slaving off the main hard drive). Bit Defender reported to have removed the viruses off the main hard drive, but it also reported that it was unable to remove some of the viruses off the older slaved hard drive. I'm not necessarily concerned about the older infected slaved hard drive as I simply use it to pull off old files such as MS Word docs, Excel docs and pictures and music.

After running the Bit Defender remote scan and seeing the report, I thought everything would be good again but in fact things took a turn for the worst. Immediately after the Bit Defender scan I started getting the following pop up message in the lower right hand corner of my screen:

"Windows reports that computer is infected. Antivirus software helps to protect your computer against viruses and other security threats. Click here for the scan your computer. Your system might be at risk now." Note the poor grammar. Dead giveaway in my opinion that this is some type of bogus spyware.

Additionally, I'm unable to run any of my anti-virus/malware programs. When I try to... Read more

Answer:Need help with removal of Spyware Protect 2009

8 more replies
Relevance 70.93%

I have had spyware protect 2009 pop up twice recently on my computer. I tried the Combo Fix, okay I know I shouldn't have but didn't read about it in the forum until too late. Fortunately computer still runs. Anyway Spyware protect came back but I'm not sure now if I still have it. Also my Norton says I have the Brisv.A!inf virus and recommends manual removal. I tried using their directions but it didn't work. I've run the DDS and GMER, reports attached. Any help greatly appreciated.




DDS (Ver_09-03-16.01) - NTFSx86
Run by Owner at 17:32:44.35 on Thu 04/30/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.479.125 [GMT -4:00]

AV: Norton Internet Security *On-access scanning enabled* (Updated)
FW: Norton AntiVirus *enabled*
FW: Norton Internet Security *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\SnoopFreeUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C... Read more

Answer:Spyware Protect 2009 removal

Quote:




I tried the Combo Fix, okay I know I shouldn't have but didn't read about it in the forum until too late.




Did you not read the Disclaimer you had to OK in order to run the tool?

It clearly states that it should not be run in an unsupervised environment.



I'll need to review the C:\ComboFix.txt. Please post the contents in your next reply along with a fresh dds.txt

1 more replies
Relevance 69.29%

Trying to get some help removing spyware and malware. I am pretty sure I have Spyware Protect 2009 on my system as I keep getting pop-ups for this.

I have downloaded HiJackThis and have run. The results of the log are shown below. Please advise on what I need to do.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:54:22 PM, on 4/24/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PRO... Read more

More replies
Relevance 69.29%

Spyware Protect 2009 - I am having trouble removing this malicious program. I installed and updated Malewarebytes Anti-Malware program and at first glance it seems to remove the program only for the virus to pop up in the taskbar a few minutes later.I also installed and ran the updated Spyware Hunter program to no avail. It detects and removes several things but not Spyware Protect 2009.What else can i do? Thanks for any help!Here is the log file, although something tells me it is not telling the whole story:Malwarebytes' Anti-Malware 1.33Database version: 1740Windows 5.1.2600 Service Pack 22/9/2009 10:27:07mbam-log-2009-02-09 (10-27-07).txtScan type: Quick ScanObjects scanned: 57750Time elapsed: 6 minute(s), 33 second(s)Memory Processes Infected: 1Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 1Registry Data Items Infected: 0Folders Infected: 0Files Infected: 1Memory Processes Infected:C:\WINDOWS\sysguard.exe (Trojan.FakeAlert) -> Unloaded process successfully.Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysguard (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:C:\WINDOWS\sysguard.exe (Trojan.FakeAlert.H) -&... Read more

Answer:Spyware Protect 2009 removal help - log file included

This is the log from the initial scan i did on the PC:Malwarebytes' Anti-Malware 1.33Database version: 1740Windows 5.1.2600 Service Pack 22/9/2009 07:34:20mbam-log-2009-02-09 (07-34-20).txtScan type: Quick ScanObjects scanned: 72471Time elapsed: 13 minute(s), 17 second(s)Memory Processes Infected: 1Memory Modules Infected: 0Registry Keys Infected: 18Registry Values Infected: 1Registry Data Items Infected: 1Folders Infected: 8Files Infected: 10Memory Processes Infected:C:\WINDOWS\sysguard.exe (Trojan.FakeAlert) -> Unloaded process successfully.Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_CLASSES_ROOT\bho_myjavacore.mjcore (Trojan.BHO) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\bho_myjavacore.mjcore.1 (Trojan.BHO) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\testcpv6.bho (Trojan.Agent) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\testcpv6.bho.1 (Trojan.Agent) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{17e44256-51e0-4d46-a0c8-44e80ab4ba5b} (Trojan.BHO) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{2e4a04a1-a24d-45ae-aca4-949778400813} (Trojan.BHO) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Typelib\{e0f01490-dcf3-4357-95aa-169a8c2b2190} (Trojan.BHO) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Typelib\{63334394-3da3-4b29-a041-035359... Read more

3 more replies
Relevance 69.29%

Hi, Im running Windows XP, on a Gateway 600YGR laptop.

I too had the infamous Spyware Protect 2009. I looked up the files/programs that may have been causing the infections from another site and deleted just one ".exe" file (I think it was sysguard.exe file under C:Windows) using HJT.

The pop-ups from my task bar disappeared and so did the re-direction to SpywareProtect2009 websites and popups.

BUT after a reboot, i recieved a message from my task bar saying my firewall was down, AVG anti-virus email scanner down and i was no longer able to connect to my wireless network, or access the internet in general even when directly connecting to my modem. I recieve "Insufficient systen resources exist to complete the requested service" quite often.

The laptops performance became slower in general with frequent freezes.

It was a crucial hit... from myself. Is there anything i can do?

Much appreciated.
 

Answer:Removal of Spyware Protect 2009 caused Problems

System Restore! and back to normal.
 

1 more replies
Relevance 68.06%

I am getting three screens that come up when ever I try to do work on any program. (1) Windows Security alert (2) Spyware Protect 2009 alert (3) Spyware Alert

DDS (Ver_09-02-01.01) - NTFSx86
Run by Kim at 10:54:20.07 on Thu 02/19/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2430.1853 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)

============== Running Processes ===============

J:\WINDOWS\system32\Ati2evxx.exe
J:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
J:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
J:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
J:\WINDOWS\system32\Ati2evxx.exe
J:\WINDOWS\Explorer.EXE
J:\WINDOWS\system32\spoolsv.exe
J:\Program Files\McAfee.com\Agent\mcagent.exe
J:\WINDOWS\svcho.exe
J:\Program Files\AIM6\aim6.exe
J:\Program Files\Windows Live\Messenger\msnmsgr.exe
J:\Program Files\Messenger\msmsgs.exe
J:\WINDOWS\sysguard.exe
J:\Program Files\AIM6\aolsoftware.exe
J:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
j:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
j:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
J:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
J:\Program Files&... Read more

Answer:Spyware Protect 2009 malware

Hi,

Sorry for delayed response. Forums have been really busy. If you still need help with this post a fresh dds log, please.

2 more replies
Relevance 67.24%

Hi

I was just wanting to know the reason why Spybot S&D was removed from the "How to Protect yourself from malware!" sticky.

I am using version 1.6.2 since I found the newer v2 to be quite bloated and annoying. Should I still be using 1.6.2 since it still downloads the lastest malware signatures? Or is there an important reason why it was removed as a recommended antispyware tool?

Cheers
Sam
 

Answer:Reason for Spybot S&D removal from How to Protect yourself from malware thread?

Just not that useful anymore and as you noted V2 is too bloated. We also never liked Teatimer.

You can still use the old version and make use of the bad download blocker and hosts file protection if you wish but I would not use Teatimer. Modern antivirus programs already included antispyware too.
 

1 more replies
Relevance 67.24%

Hello. My kid's PC -- an HP (Model M7567C, with 2, 260 GB hard disks and 2 GB RAM) is infected by "Spyware Protect 2009" malware. The malware repeatedly displays at least 3 different pop-ups saying there's a spyware infection and offers to sell a fix; the program also prevents Explorer from working properly. There are no obvious programs/processes to shut down from the control panel. The machine has Zone Alarm Security Suite installed - I'm not sure if my kids ignored a warning or if the software mistakenly let something in. Zone Alarm technical support said to try running Malwarebytes' Anti-Malware automated removal tool, but the program doesn't seem to run (nothing happens after the program is downloaded and launched). I tried running Zone Alarm virus and spyware scans, but the program runs slowly and eventually hangs (I think I ran the Zone Alarm scan in the Windows Safe mode). I can boot the PC in Windows Safe mode, but unfortunately there is no useful restore point. I can boot the PC in the normal Windows mode but it takes 2 or 3 cold starts. I can use Microsoft Explorer (through a wireless LAN connection), but in the normal Windows mode Spyware keeps hi-jacking Explorer and displaying its rouge messages.

Before I give up and reformat the hard disk and re-imaging the disk from the backup system disks, I would like to try a less time consuming solution. Any suggestions are welcome! Thanks!

I ran the DSS scan as instructed. Here are the res... Read more

Answer:"Spyware Protect 2009" malware problem

I wanted to add some new information to my original posting that seems to be related to my problem.

When my spyware infected PC boots, I get the following messages:

"The application or DLL c:\windows\system32\digeste.dll is not a valid windows image."

"View Manager has encountered a problem and needs to close."

"Error loading c:\windows\griwapaxim.dll. The specified module could not be found."

I noticed that there was a Windows update available today (the February update of Microsoft's anti-spyware program). I installed this application; after this, Zone Alarm Suite was then able to run (up to now, it just hung up), and 2 items were quarintined: WIN32.SYSGUARD adn WIN32.TROJAN.FAKEALERT.IEH

However, there are still problems with my PC. I still can't get Malwarebytes' program to run, even when I rename the *.exe file to *.bat. It seems like whatever is still injecting my PC interferes with any anti-spyware/malware program from running properly and interferes with the operation of Explorer.

Thanks.

4 more replies
Relevance 67.24%

My computer is infected with a malware program called "Spyware Protect 2009" how do I get rid of it? I followed instructions and have copied DDS and Attach files below. popup windows keep appearing saying my computer is infected with a virus and I need to install their software.
DDS (Ver_09-03-16.01) - NTFSx86
Run by John Schlatterer at 2:44:20.15 on Mon 03/16/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.254.96 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\WINDOWS\kdx\KHost.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files&... Read more

Answer:remove malware, Spyware Protect 2009

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any scri... Read more

2 more replies
Relevance 65.6%

Hi Guys,
Can I begin by saying a MASSIVE thank you to you all-I'd be totally lost without your help
Ok, down to business-I've done as the guide suggests, performed the XP clean up, ran the programs and I've got all the logs which are hopefully attached. The problems started a almost a week ago when the dreaded "spyware protect 2009" screen started popping up and the icon lodged itself in my system tray and I got suspicious when there was no option to get rid of it-it's disabled my windows firewall, is blocking/redirecting my IE browser with it's phony msgs etc. If you need any more info or if I've somehow left something out/attached the wrong logs just let me know-it's purely out of ignorance and not laziness if that's the case!!!:-o

Thanks again- Cheree :wave
 

Answer:vundo/spyware protect 2009 malware-logs attached

here's the last log
 

6 more replies
Relevance 65.19%

Hello,Please help!!! I only have a couple of days to fix this comp before I leave!!!I am receiving security popups, Spyware Protect 2009 (I did not download) is in my task bar and keeps popping up with infiltration alerts, and IE keeps redirecting to http://browser-security.microsoft.com/blocked.php?r=21.0 displaying "Internet Explorer Warning - visiting this web site may harm your computer!" Then offering to link me to Purchase Spyware Protect 2009.Here is my DDS Log file and attachment.Thanks!!!peace.b.DDS (Ver_09-03-16.01) - NTFSx86 Run by John at 9:11:09.81 on Sun 03/22/2009Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.223.43 [GMT -5:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\VTTimer.exeC:\WINDOWS\system32\VTtrayp.exeC:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exeC:\Program Files\Analog Devices\SoundMAX\Smax4.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\QuickTime\qttask.exeC:\PROGRA~1\Nero\data\Xtras\... Read more

Answer:Unkown Malware/Rootkit security popups - Protect Spyware 2009

thank you! topic is resolved through off-post email reply.

Malware-bytes removal is the best!

peace.b.

2 more replies
Relevance 64.78%

no specific sites coming up so unable to provide any more specific information - sorry!!
DDS (Ver_09-02-01.01) - NTFSx86
Run by Vince at 23:14:04.04 on 06/02/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.250 [GMT 0:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\Samsung�... Read more

Answer:Malware/Spyware Problem - webpages being redirected + unable to download AVG updates, spyware removal etc

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until instruc... Read more

10 more replies
Relevance 62.32%

Greetings --I am a web developer -- late tuesday night, it appears that my computer was attacked on an open port. All of the sites that I had saved in CuteFTP were attacked - usernames/passwords were grabbed from my FTP client (which I had thought was encrypted) and an iframe injection attack occurred on those sites. I have modified those sites using another computer.ESET and malwarebytes discovered a number of issues on my computer -- I have run malwarebytes in safe mode. I am not a geek indicated that C:\WINDOWS\system32\ctfmon.exe might be an issue.I had backed up all my data to an external hard drive, but a worm ate all of the data. I have now backed up everything to DVDs.Do I need to reformat my computer or is this savable? How can I tell when the machine is totally clear?Any help/guidance is appreciated! (FYI, I had IE6 for testing purposes -- my main browser is FF3)see the following log from HijackthisLogfile of Trend Micro HijackThis v2.0.2Scan saved at 12:00:49 AM, on 6/6/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\... Read more

Answer:infected with multiple trojan agents, malware

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 60.68%
Question: Koobface Removal

First indicator something was wrong was when I clicked into a form field on a website and got a popup warning of a trojan being found and quarantined, then computer force restarted. Then this morning I've been getting drastic slowdowns, Norton's being shut down on its own, and something keeps trying to connect to porn sites every few minutes (stopped after I turned on my firewall). Have seen pp06 and ld08 running in task manager. DDS logfile is below.
DDS (Ver_09-03-16.01) - NTFSx86
Run by rogle at 13:07:41.40 on Thu 05/07/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2037.1361 [GMT -7:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Common F... Read more

Answer:Koobface Removal

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resul... Read more

2 more replies
Relevance 60.27%

Hello i think i have a form of malware that takes me to different websites infected with more viruses. If I type in the google search bar and search about every five links i click on would take me to a unwanted site. I have noticed that a picture of a green globe would appear next to the webadress in my adressbar when it would hijack my search. I have ran spyware doctor and other antispyware removal programs but nothing seems to work. Any ones help would greatly be appreciated thank you.

More replies
Relevance 60.27%

Tech Support Guy System Info Utility version 1.0.0.1
OS Version: Microsoft Windows 7 Home Premium , Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i5 CPU M 430 @ 2.27GHz, Intel64 Family 6 Model 37 Stepping 2
Processor Count: 4
RAM: 3894 Mb
Graphics Card: Intel(R) Graphics Media Accelerator HD, 1723 Mb
Hard Drives: C: Total - 467737 MB, Free - 387574 MB; F: Total - 238289 MB, Free - 198598 MB;
Motherboard: TOSHIBA, Portable PC, Base Board Version, Base Board Serial Number
Antivirus: Microsoft Security Essentials, Updated and Enabled

Hi, Seem to have gotten spyware/malware from somewhere. It was showing up infrequently & I had been able to remove by doing Microsoft system restore to a previous point. Now that doesn't work. As soon as windows starts, something called "Personal Security" (looks like bogus protection program (that I never downloaded or installed)) starts to run & stops everything else except for shutdown. I'm currently running in safe mode. Posted below are the results of the scans. Except GMER, which ran for a long time, concluded w/ message "no modifications found". I saved the log file, but it seems to be blank. Will run again if necessary. Thanks for help.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:51:28 PM, on 9/8/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Safe mode with network support
Running processes:
C:\Program Files (x86)\Internet ... Read more

More replies
Relevance 60.27%

Need assistance in removing any further spyware that may still be on my system. I have followed other instructions to remove Spyaxe etc by running Smitrem in Safe Mode.Can you please identify any further problems as my system is running slow and hard drive appears to run overtime when I try and run IE. Also having difficulty in locating default homepage when loading IE.I have run Spybot S & D and MS Anti spyware to clear anything else that may be causing the problem but I had trouble downloading ad aware and the Mcfee programs. Logfile of HijackThis v1.99.1Scan saved at 11:17:03 PM, on 9/01/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\CA\eTrust\InoculateIT\InoRpc.exeC:\Program Files\CA\eTrust\InoculateIT\InoRT.exeC:\Program Files\CA\eTrust\InoculateIT\InoTask.exeC:\Lotus\Notes\ntmulti.exeC:\WINDOWS\Explorer.EXEC:\Program Files\CA\eTrust\InoculateIT\realmon.exeC:\PROGRA~1\A4Tech\Mouse\Amoumain.exeC:\Program Files\Java\... Read more

Answer:Spyware / Malware Removal

It appears I have also been infected with some sought of dial out logger. I'm not sure how to deal with this as my system now seems to have a mind of its own. Please help.

Thanks.

2 more replies
Relevance 60.27%

I have been unable to clean up my home computer. Running XP-pro -- default browser is firefox. Became infected with something called spysheriff which took over my desktop and gave constant popups even when browser was not on. Downloaded multi AV scanner (kapersky, McAfee, Sophous and Trends) and mcaffee clean and ran all of these in safe mode. Foumd a number of trojans and they were supposedly removed. Ran spybot and adaware and removed whatever was found. Notedly, the scanners all indicate a number of password protected files that cannot be scanned -- what are these?All of this gave me back the desktop but still have the popup situation. Each time I run spybot (1.4) I find the malware back again. One different one is something called "Command Service" which again always comes back.Latest try was to purchase Xoftspy -- and have it scan -- found one trojan and removed as well as some 70 suspect files -- all removed as well as registry fixed (supposedly).Still to no avail -- same popup situation. I am copying the hijackthis log to message. I am especially suspecious of the 020 line O20 - Winlogon Notify: SystemFileProtection - C:\WINDOWS\system32\o4pq0e75eh.dll. I had initially posted a hijack this log on a microsoft bulletin board and they had pointed to the dll on this line -- I note that this dll changes name everytime I boot and removing does not help -- I just have another name the next time. Would really appreciate some help as I am cl... Read more

Answer:Malware/spyware Removal Help

Download L2mfix from one of these two locations:http://www.atribune.org/downloads/l2mfix.exehttp://www.downloads.subratam.org/l2mfix.exeSave the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!* Note: If you receive an error while running option #1 like: ''C:\windows\system32\cmd.exeC:\windows\system32\autoexec.nt the system file is not suitable for running ms-dos and microsoft windows applications, choose close to terminate the application.."...then do one of the following:1: Click on the l2mfix.bat again and choose option # 5 for Fix Autoexec.nt/cmd.exe error.2: Alternatively, you can click the fixautont.html link in the l2mfix folder and follow the directions there to fix it manually.Do not run the fix portion without fixing the error first.After you have performed the procedures to fix the error, repeat the steps above to run option #1 for Run Find Log.

3 more replies
Relevance 60.27%

The other day I clicked on a file in my facebook and ever since then my internet has not worked well. Everytime I try and google soemthing it redirects me, then yesterday it started working okay, and then today we are back to not working correctly and it keeps kicking me off saying that it is not connected to my network but everything else, phones laptop and such that is connected to the network are working fine. Please help me. Below are my root report, dds, and attach reports. THanks.Root Repeal ReportROOTREPEAL © AD, 2007-2009==================================================Scan Start Time: 2009/11/22 14:36Program Version: Version 1.3.5.0Windows Version: Windows XP SP3==================================================Drivers-------------------Name: dump_atapi.sysImage Path: C:\WINDOWS\System32\Drivers\dump_atapi.sysAddress: 0xEF0F0000 Size: 98304 File Visible: No Signed: -Status: -Name: dump_WMILIB.SYSImage Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYSAddress: 0xF8BBA000 Size: 8192 File Visible: No Signed: -Status: -Name: SYMDS.SYSImage Path: SYMDS.SYSAddress: 0xF8545000 Size: 352256 File Visible: No Signed: -Status: -Name: SYMEFA.SYSImage Path: SYMEFA.SYSAddress: 0xF8507000 Size: 180224 File Visible: No Signed: -Status: -SSDT-------------------#: 012 Function Name: NtAlertResumeThreadStatus: Hooked by "<unknown>" at address 0x82c38318#: 013 Function Name: NtAlertThreadStatus: Hooked by "<unkn... Read more

Answer:Spyware?Malware? HELP with Removal

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 60.27%

I believe I have spyware or malware on my computer that is causing multiple instances of iexplore to run. At startup everything is fine, but after browsing the web for awhile the browser will freeze. After checking the task manager, I noticed I had multiple instances on iexplore running. I ran the hijackthis scan and have attached the log file. Please tell me which to delete.

Answer:Spyware and Malware removal

Hi,Please do the following:Please download DDS from either of these linksLINK 1 LINK 2and save it to your desktop.Disable any script blocking protection Double click dds to run the tool. When done, two DDS.txt's will open. Save both reports to your desktop.---------------------------------------------------Please include the contents of the following in your next reply:DDS.txtAttach.txt. NEXTDownload GMER Rootkit Scanner from here to your desktop. It will be a randomly named executable. Double click the exe file. If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan.
Click the image to enlarge it
In the right panel, you will see several boxes that have been checked. Ensure the following are unchecked IAT/EAT Drives/Partition other than Systemdrive (typically C:\) Show All (don't miss this one) Then click the Scan button & wait for it to finish. Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop, and attach it in reply.**Caution**Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

8 more replies
Relevance 60.27%

My computer is running a little bit slow & my computer locks up when i try 2 use anydvd. Also when I'm surfing the new another page will pop up asking me to take a quick survey about yahoo or whateva page I'm on at the time. I do have my windows install disc.


DDS (Ver_09-12-01.01) - NTFSx86
Run by J at 21:58:21.00 on Sun 01/10/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.173 [GMT -6:00]

AV: avast! antivirus 4.8.1368 [VPS 100110-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
C:\Program Files\Viewpoint\C... Read more

Answer:I need Malware/Spyware Removal Help

Bump, please.

16 more replies
Relevance 60.27%

Hello tech-types. A friend asked me for some advice concerning problems they were having with their PC. They are fairly non-techy, even less than myself, so I thought I'd have a go but I can't get anywhere so I'm here for some advice.
They generally connect to the net with AOL but whilst AOL will connect to the net they were getting completely blank webpages that they couldn't do anything with. As a result they were connecting with AOL and then using IE6 for browsing. An automatic update downloaded IE7 (which I'm using with no problems) but the installation failed - no idea why. Since then IE looks like v6 but, going to help>about shows a v7 number. The address bar and most links now bring up an error message with words to the effect that 'the lookup key [something or other] context'. Sorry, I can't actually remember the actual wording and I don't have their PC in front on me. The Google homepage will load and the search bar from that will show results. Links from there can be clicked and loaded but after moving a couple of pages on, or trying any download, the same message appears. I suggested getting Firefox to at least be able to browse and see if others were experiencing the same problem. He couldn't download it so I emailed it to him [yes, email is working], along with the standalone IE7 package. He tried installing IE7 that way but with no joy. I told him to run HJT and send me the logfile and run Kaspersky and send that log. He can now get to the page... Read more

Answer:Spyware/ Malware Removal

Hello, and welcome to the HijackThis Help Forum.

Apologies for any delay in replying, but we have been rather busy lately.

Since it has been a few days since you first posted, please post a fresh HijackThis Log if you still need assistance.

Thank you.

19 more replies
Relevance 60.27%

Thank you Tech Guy. Your SDFix worked! What a relief!
Here is the Report.txt generated at the finish:
Mon 10 Sep 2007 0 A.SH. --- "C:\Documents and Settings\All

Users\DRM\Cache\Indiv01.tmp"
Wed 8 Aug 2007 400 A..H. --- "C:\Program Files\Common Files\Symantec

Shared\COH\COH32LU.reg"
Wed 8 Aug 2007 403 A..H. --- "C:\Program Files\Common Files\Symantec

Shared\COH\COHDLU.reg"
Wed 12 Dec 2007 0 A..H. ---

"C:\WINDOWS\SoftwareDistribution\Download\0a67b6c406b1d7e0f5c1e6f6d44a3f6e\BITF.tmp"
Wed 12 Dec 2007 0 A..H. ---

"C:\WINDOWS\SoftwareDistribution\Download\26924cbc8132a10b438ce6e2b49d4652\BITC.tmp"
Wed 12 Dec 2007 0 A..H. ---

"C:\WINDOWS\SoftwareDistribution\Download\2769b111678c52099a3b3123b12f2325\BIT11.tmp"
Fri 25 Jan 2008 0 A..H. ---

"C:\WINDOWS\SoftwareDistribution\Download\585dc2612ebcefc90e7dee4c276ee95e\BITE.tmp"
Wed 12 Dec 2007 0 A..H. ---

"C:\WINDOWS\SoftwareDistribution\Download\b69c46c5109d0f8b0dee9fab84906813\BIT10.tmp"
Fri 25 Jan 2008 0 A..H. ---

"C:\WINDOWS\SoftwareDistribution\Download\bc066f3f60df1b38218903dd0d40ce98\BIT10.tmp"
Tue 18 Sep 2007 0 A..H. ---

"C:\WINDOWS\SoftwareDistribution\Download\cf7ced0e70c80a1e476f1abf49afecb1\BITE.tmp"
Wed 12 Dec 2007 0 A..H. ---

"C:\WINDOWS\SoftwareDistribution\Download\d77b9b5b8fed23dd91f50d167cce60d3\BIT12.tmp"
Wed 12 Dec 2007 0 A..H. ---

"C:\WINDOWS\SoftwareDistribution\Download\fa6c916... Read more

More replies
Relevance 60.27%

Please help! I have run every spyware/malware removal tool and cannot get rid of this nasty thing. These programs find things and gets rid of them but it is still there. It keeps redirecting me to ads sites. I don't know what else to do.Here's the log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:19:24 AM, on 4/26/2010Platform: Windows Vista SP2 (WinNT 6.00.1906)MSIE: Internet Explorer v8.00 (8.00.6001.18882)Boot mode: NormalRunning processes:C:\Windows\System32\smss.exeC:\Windows\system32\csrss.exeC:\Windows\system32\wininit.exeC:\Windows\system32\csrss.exeC:\Windows\system32\services.exeC:\Windows\system32\lsass.exeC:\Windows\system32\lsm.exeC:\Windows\system32\winlogon.exeC:\Windows\system32\svchost.exeC:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exeC:\Windows\system32\svchost.exeC:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exeC:\Windows\system32\SLsvc.exeC:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exeC:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent... Read more

Answer:Malware/Spyware Removal

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 60.27%

I have some trojans, spyware, malware or something on my computer. I ran Hijack This and was hoping to get some help figuring out what to delete. The following is the log file:

Logfile of HijackThis v1.99.1
Scan saved at 9:57:32 PM, on 3/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Video Access ActiveX Object\isamntr.exe
C:\Program Files\Video Access ActiveX Object\pmsnrr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\InterVideo\Common\Bin\WinRemote.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\... Read more

Answer:spyware malware removal

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Next, please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

A text file will appear onscreen, with results from the cleaning pr... Read more

1 more replies
Relevance 60.27%

I would just like to say a big thanks to all you guys on the forum who put up the instructions on how to remove spyware using the ccleaner then spybot, and counterspy etc etc, you made it all easy to understand and have cleared my laptop of all those horrible nasty little pop ups.
Again a very big thanks, i am a qualified accountant and would be lost without my laptop, if any of you tech guys need any accounting advice just drop me a line.
again thanks
Steve:cool
 

Answer:MAlware / Spyware removal

You are more than welcome .....don't be a stranger to the forums!
 

1 more replies
Relevance 60.27%

Hey gang, I've been here before and you helped me quite a bit. I'm in a similar predicament with spyware/malware and could use help again. I am attaching the requested logs. Please let me know if I have missed something.

Thanks!
Andy
 

Answer:Need Help with spyware/malware removal

Additional logs...

Thanks!
Andy
 

11 more replies
Relevance 60.27%

I am trying to clean off a friend's laptop that had tons of junk on it. I have followed all the steps in the "DO NOT POST UNTIL YOU HAVE READ THIS" thread and still have a recurring spyware program that pops up when IE is started. I run all the cleaners over and over, but it still remains. I believe it to be a VX2 variant that Ad-Aware cannot clean even with the VX2 cleaner plugin.

Any help would be greatly appreciated.
 

Answer:Spyware/Malware Removal Help - VX2?

Please follow the steps below exactly as written:

- Download HijackThis 1.99.1

- Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

- Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

- Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

- Run HijackThis and save your log file.

- Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).
 

13 more replies
Relevance 60.27%

I'm trying to help a co-worker rid her home computer of what looks like a whole bunch of bad stuff. She has Win XP home and used IE6 to surf. The browser won't display any pages at all. She does have a connection to the internet, I can ping her DNS server. I ran adaware and with the VX2 plugin. The VX2 scan cam back clean. I ran microsoft beta spyware whatever thay call it (what used to be Giant) and it shows 37 different bad things including BargainBuddy. Here is the Hijackthis log:(moderator edit: split off reply and moved post to the team forum for review and help. jgweed)Logfile of HijackThis v1.99.1Scan saved at 6:12:19 PM, on 8/30/2005Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Hijackthis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.comR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo... Read more

Answer:Spyware/malware removal help

Welcome monsoon to Bleeping Computer.We need to disable your Microsoft AntiSpyware Real-time Protection as it may interfere with the fixes that we need to make.Open Microsoft AntiSpyware.Click on Tools, Settings.In the left pane, click on Real-time Protection.Under Startup Options uncheck Enable the Microsoft AntiSpyware Security Agents on startup (recommended).Under Real-time spyware threat protection uncheck Enable real-time spyware threat protection (recommended).After you uncheck these, click on the Save button and close Microsoft AntiSpyware.Right click on the Microsoft AntiSpyware icon on the taskbar and select Shutdown Microsoft AntiSpyware.Reverse the process when you?ve carried out the advise.***Please disable SpybotSD?s protection, as it may hinder the removal of the infection. You can enable it after you're clean.Open Spybot and click on Mode and check Advanced ModeCheck yes to next window.Click on Tools in bottom left hand corner.Click on Resident icon.Uncheck Teatimer box and/or Uncheck Resident.Close Spybot.***Download, install, and update Ewido Security SuiteInstall ewido security suiteLaunch ewido, there should be a big E icon on your desktop, double-click it.The program will prompt you to update click the OK buttonThe program will now go to the main screenYou will need to update ewido to the latest definition files.On the left hand side of the main screen click updateClick on StartThe update will start and a progress bar will show the updates being installed.... Read more

7 more replies
Relevance 60.27%

The other day I selected a link in an email from a friend (I know, dumb huh?), and now my browser has been hijacked! Every time I attempt to search using google or bing or yahoo, a separate page opens and the title bar displays the word "Jumping". The result is a website called info.com and/or www.wa-search.com. Eventually, if I attempt to navigate around the issue, I start getting 404 or 401 errors indicating that yahoo is no longer avaialbe and/or DNS is not responding.Any assitance would be greatly appreicated. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:13:16 PM, on 6/5/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16827)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.exe... Read more

Answer:Spyware/Malware Removal (help!)

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 60.27%

Picked up some type of "certoko.dll" malware on a machine. I saw a post about this so I tried some of the items listed to remove it. Steps taken; > ran rkill > ran SUPERAntiSpyware - in "safe mode" (F8) - all items removed > ran Eset Online Antivirus check - reported no virus After doing these things when I started the machine I then ran MalwareBytes "full scan", it reports;Files Infected:C:\System Volume Information\_restore{24E5C141-F9B5-4787-B892-86443FEA6A5A}\RP38\A0012015.dll (Worm.Koobface) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{24E5C141-F9B5-4787-B892-86443FEA6A5A}\RP38\A0012021.sys (Worm.Koobface) -> Quarantined and deleted successfully. So then I found / read the "Preperation guide for use before using malware remooval tools and requesting help" (sorry, I should have started here first). So I have performed steps 1-8 (of the guide) and am posting the request for help here / now. Here is the DDS report:DDS (Ver_10-03-17.01) - NTFSx86 Run by Terri at 7:52:59.92 on Mon 04/12/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1676 [GMT -7:00]AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}FW: ZoneAlarm Security Suite Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}============== Running Processe... Read more

Answer:Worm.Koobface - Removal Help

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you let... Read more

16 more replies
Relevance 60.27%

I have a very slow computer that opens several web pages and a lot of adds will pop up, this is a new computer that I just bought for my office. I called Microsoft according to the web page that popped in red stating I needed to call Microsoft once I did this I was told I had a Koobface malware I have ran AVG and no solution Please help me thanks. 

Answer:Help with koobface removal from windows 8

Greetings samson77 and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.If you would allow me to call you by your first name I would prefer to do that. ===================================================Ground Rules:First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter prob... Read more

38 more replies
Relevance 59.86%

The volunteer helping me on the "Am I infected" forum recommended I move my problem over here to this part of the site. I'm not sure if I'm at the point where I should reformat my computer, hope someone can help.Here's my original problems and the logs and help I've received so far: http://www.bleepingcomputer.com/forums/t/208885/ms-antivirus-2009-which-turned-into-another-one-and-now-its-that-nfrdll-error-and-malarebytes-and-superantispy-got-their-butts-kicked/I assume that you'll probably get a better explanation from my problems there, but here's the quick and dirty:Dell Laptop, currently disconnected from the Internet. (It was unable to access the bleeping computer forum anyway--just this site specifically, sites like Google, blogs, those kinds of things worked fine.)The problems started with the MS Antivirus 2009 fake spyware stuff, than the browser hijacks (I shut off proxy servers before coming to the forums), and then I got the Spyware Protect 2009 version of malware, and was only able to get Malwarebyte's to run by changing the extension to .bat after reading it here. Since I started working on these forums with DaChew, I've only followed his instructions.Currently working off my wife's computer, a Mac. Using a USB flash drive that DaChew had me immunize so that I can download the programs on this Mac and transfer them over to the infected Dell. Than I copy the logs onto the flash and move them here.Here's my DDS file, i've changed my name on it to USER.DDS (Ver... Read more

Answer:Serious Malware Infection, started with MS Antivirus 2009, Spyware Protect 2009, nfr.dll

Hello Thefactualopinion and welcome to Bleeping Computer,1. Please download GooredFix and save it to your Desktop.Select "2. Fix Goored" by typing 2 and pressing Enter. Make sure all instances of Firefox are closed at this point. Type y at the prompt and press Enter again. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).Note: If you receive a message saying that GooredFix needs your system to be restarted, please close all applications and reboot your system. Please also allow any registry changes that may be prompted by any of your security programs.2. Please read this tutorial carefully to download ComboFix from one of the locations specified, and save it to your Desktop.Double click the ComboFix icon to run it.If ComboFix askes you to install the Recovery Console, please do so..The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you.Once the Recovery Console is installed, continue with the malware scan.Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. If you have any questions along the way, STOP and ask them before proceeding !!Greetings,Thunder

6 more replies
Relevance 59.45%

hi,
*EDIT*
I have a laptop toshiba processor windows XP home edition service pack 2.

I am not sure if I still have malware but my pc is running slow and sometimes when I open IE i get pop ups. I just want to make sure I got rid of all the spyware/viruses/adware in my system. Thanks in advance.

Here is my combofix log

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\ssqrp.dll
C:\WINDOWS\clear.bat
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\cersprzw.dllbox
C:\WINDOWS\system32\dekpcqwq.ini
C:\WINDOWS\system32\erqmybwn.dll
C:\WINDOWS\system32\fhewdjyb.dll
C:\WINDOWS\system32\fhrjhkrx.ini
C:\WINDOWS\system32\gihpcbii.ini
C:\WINDOWS\system32\gjqndpiq.dll
C:\WINDOWS\system32\gvwkmsor.dll
C:\WINDOWS\system32\ihkmp.ini
C:\WINDOWS\system32\ihkmp.ini2
C:\WINDOWS\system32\joynnclb.dll
C:\WINDOWS\system32\kffurlux.ini
C:\WINDOWS\system32\kseybvex.dll
C:\WINDOWS\system32\kynnajml.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nalrmjtk.ini
C:\WINDOWS\system32\prqss.ini
C:\WINDOWS\system32\prqss.ini2
C:\WINDOWS\system32\qipdnqjg.ini
C:\WINDOWS\system32\srylklbo.dllbox
C:\WINDOWS\system32\ssqrp.dll
C:\WINDOWS\system32\tgowwwco.dll
C:\WINDOWS\system32\wvweoglm.dll
C:\WINDOWS\system32\xulruffk.dll
.
---- Previous Run -------
.
C:\WINDOWS\clear.bat
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\cersprzw.dllbox
C:\WINDOWS\system32\dekpcqwq.ini
C:\WINDOWS\system32\erqmybwn.dll
C:\WINDOWS\system32\fhewdjyb.dll
C:\... Read more

More replies
Relevance 59.45%

I have follow all the four steps on my post previously that you recommend me to do but i still cannot fix my computer. Spywares, trojan and malware are still present. I was not able to do Panda online scanning because my computer who was infected don't have it's internet access. I guess those threats disabled my connection.. I did all my best but still my computer is not working properly.. Below is the log derive from dekcard system scanner. Please find current hijack this log below. Any help would be appreciated. Thank so so much..


jerald

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) D CPU 3.00GHz
CPU 1: Intel(R) Pentium(R) D CPU 3.00GHz
Percentage of Memory in Use: 73%
Physical Memory (total/avail): 503.23 MiB / 134.06 MiB
Pagefile Memory (total/avail): 1227.36 MiB / 793.91 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1945.84 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 39.06 GiB total, 19.84 GiB free.
D: is Fixed (NTFS) - 35.47 GiB total, 27.15 GiB free.
E: is CDROM (CDFS)
F: is Removable (FAT)

\\.\PHYSICALDRIVE0 - ST380013AS - 74.53 GiB - 2 partitions
\PARTITION0 (bootable) - Installable Fi... Read more

Answer:Malware, spyware and trojan removal log

Hello and welcome to TSF.

Sorry for the delayed response. If you have not received help elsewhere and still need help please post a fresh extra.txt produced by the Deckard's System Scanner, as it has been a while since you posted.

1 more replies
Relevance 59.45%

Good day,
I have included a HiJack This log file (below) in hopes that I can get some assistence on my computer problem. Any and all help that you can give would be greatly appreciated.

Thanks

Logfile of HijackThis v1.99.1
Scan saved at 10:02:35 AM, on 12/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\svchosts.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jusched.ex... Read more

Answer:Need Help With Spyware/malware Removal (don't Know Which Apps)

Hello and welcome Please print these instructions out, or write them down, as you can't read them during the fix.Before we get started I need you to disable AdWatch as it might interfere with the fixes.Right-click on the Ad-Watch icon in the system tray.At the bottom of the screen there will be two checkable items called "Active" and "Automatic".Active: This will turn Ad-Watch On\Off without closing itAutomatic: Suspicious activity will be blocked automatically.Uncheck both of those boxes and close Ad-Watch.==1. Please download AVG Anti-Spyware and save that file to your desktop.This is a 30 day trial of the programOnce you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the setup program.Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.On the main screen select the icon "Update" then select the "Update now" link.Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.If you aren't able to finish the update within AVG Anti-Spyware for a reason or another, you can install the manual updates here.Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.Once in the Settings screen click on "Recommended actions" and then select "Quarantine".Under "Re... Read more

15 more replies
Relevance 59.45%

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:09:21 PM, on 11/5/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16544)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exec:\progra~1\mcafee\mcafee antispyware\massrv.exeC:\Program Files\Video Add-on\icthis.exeC:\Program Files\Video Add-on\isfmntr.exeC:\Program Files\Digital Media Reader\shwiconem.exeC:\Program Files\Video Add-on\icmntr.exeC:\Program Files\CyberLink\PowerDVD\PDVDServ.exeC:\WINDOWS\system32\VTTimer.exeC:\Program Files\Video Add-on\isfmm.exeC:\WINDOWS\SOUNDMAN.EXEC:\PROGRA~1\mcafee.com\agent\mcagent.exec:\program files\mcafee.com\agent\mcdetect.exec:\PROGRA~1\mcafee.com\agent\mctskshd.exeC:\Program Files\Java\jre1.6.0_03\bin\jusched.exeC:\progra~1\mcafee�... Read more

Answer:Spyware/malware/grayware Removal

Hello spongebry,NOTE: If you have downloaded SmitfraudFix previously please delete that version and download it again! Please download SmitfraudFix You should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site. Please reboot your computer in Safe Mode by doing the following :Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; Instead of Windows loading as normal, a menu with options should appear; Select the first option, to run Windows in Safe Mode, then press "Enter". Choose your usual account.Once in Safe Mode, double-click SmitfraudFix.exe Select option #2 - Clean by typing 2 and press "Enter" to delete infected files. You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection. The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter". The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart anyway into normal Windows. A text file will appear onscreen, with results from the cleaning process... Read more

2 more replies
Relevance 59.45%

Exactly ~.~ i don't know what i did i also cannot go to web pages having to do with any of those topics it closes out all of my web browsers curently running
 

Answer:Help, can't run SpyWare/Malware removal programs

16 more replies
Relevance 59.45%

i dont know anything about the removal. ive run a few spyware programs and its come back undetected. from what i understand it can hide itself. i did a hijackthis scan and heres the results (sorry, i tried to upload the txt attachment, but it gave me an error)
I clicked the boxes with the files missing or an error and tried to fix them.. the pc restarted and then i ran another scan and they are still there. any suggestions?



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:45:54 AM, on 10/11/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Users\Home\AppData\Local\ucqxmtipwe.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft... Read more

Answer:spyware-secure malware removal help

well i ran a dss scan and this is what i got:
Deckard's System Scanner v20070905.67
Run by Home on 2007-10-11 13:34:45
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
10: 2007-10-11 10:19:14 UTC - RP197 - Installed SUPERAntiSpyware Free Edition
9: 2007-10-11 09:26:24 UTC - RP196 - Spyware Terminator - restore point
8: 2007-10-11 08:43:55 UTC - RP194 - Windows Update
7: 2007-10-09 20:32:45 UTC - RP191 - Windows Update
6: 2007-10-09 09:52:49 UTC - RP190 - Scheduled Checkpoint


-- First Restore Point --
1: 2007-10-04 08:03:15 UTC - RP185 - Scheduled Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 503 MiB (1024 MiB recommended).


-- HijackThis (run as Home.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:37:45 PM, on 10/11/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Users\Home\AppData\Local\ucqxm... Read more

3 more replies
Relevance 59.45%

I went through your recommended steps for removing spyware/adware/malware and I am still having problems. I get pop up windows that start off as loadingwebsite.com then change to web sites relavent to what I have been doing. I have also had many other problems but I believe that going through that list may have solved them.

Thank you in advance for your help.
 

Answer:Help with spyware/adware/malware removal

Hi

This site has alot of good tools for cleaning up your computer. It's very important that the first thing you do is the following:

First, please follow ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal.
If you already have any of the programs linked in the tutorial please double check your version to make sure you have the latest one and that you have any/all updates for the programs.

NOTE: In order to resolve the issues you are having it is very important that you at least try to perform all the steps as outlined. If you have any difficulty please post back letting us know what steps you have completed, what you found while doing the scans if anything and details about any problems you have encountered in completing the steps. The more details you can provide the better.

Try this... you may find it's all you need. If not post your results and I am sure one of the PROS can help you. These guys are quite busy, as you can see by the number of posts, so hang in there. Good Luck!!

After doing ALL of the above if you still have a problem:

Make sure you have HijackThis 1.99 and follow the guidelines on where to install it and how to post a log as an attachment. This is all covered in the sticky thread NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

Now post a HijackThis log as an attachment to your message (Do not post the log inline). All runni... Read more

1 more replies
Relevance 59.45%

Hello recently I d/l a game and unfortunately there was something attached to it that has given me pop ups and internet problems. i have run ccleaner, adware, spybot killer, and windows defender no have worked. I have ran hjackthis and found a certain .dll and .dat file that runs on start up, found it and deleted i right from the registry but after reboot its back again. Also when I first start up the computer a box pops up asking me if i wuld like to work offline meaning it is also connected to my network files I believe. Thanks in advance

dds report

DDS (Ver_09-02-01.01) - NTFSx86
Run by Justin Gilbert at 17:07:31.93 on Tue 02/17/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.675 [GMT -5:00]
============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Ap... Read more

Answer:Need help with removal of spyware, trojan, malware

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for p... Read more

2 more replies
Relevance 59.45%

Dear software tech experts,Like many others, I get the screen message :"Warning! Spyware detected on your computer..." upon starting in normal mode. Safemode does not have the screen message.I noticed a few affected users who received help through forums like this one. They were asked to post the log result from "Highjack this".You will find the log result, copied below.Note: I have scanned and attempted to remove the problem files using SUperAntiSpyware and Avast 4.8. Both found all sorts of infections: Trojan, Rookit, worms. But none of the two have been able to kill or fix this warning screen. The malignant software has also tempered with the system restore functionality: Cannot go back in time to find a previous known safe restore point. Also, my screensaver and desktop menus are gone. I don't go directly on the internet anymore with this computer but, while all this was new to me, I would be bombarded with several unwanted sites when asking for a totally different site.Can you help in leading me through the proper steps to cleanup this laptop mess?Also note: It is possible that I have deleted some infected system files when prompted by Avast. Thus I might need to find ways to restore files as well.Thanks a millionRichardLOG RESULTS:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:06:00 AM, on 8/27/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS... Read more

Answer:Highjack This - Malware/spyware Removal

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. We aim to provide the valuable service known to come from BC to every member we can, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We need to create an OTViewIt ReportPlease download OTViewIt by OldTimer.Save it to your desktop.Double click on the OTViewIT icon on your desktop.Click the "Scan All Users" checkbox.Click on the Run Scan button.Two reports will open, copy and paste them in a reply here:OTViewIt.txt <-- Will be openedExtra.txt <-- Will be minimizedIf you have not downloaded HiJackThis yet:Click here to download HJTInstall.exeSave HJTInstall.exe to your desktop.Doubleclick on the HJTInstall.exe icon on your desktop.By default it will in... Read more

2 more replies
Relevance 59.45%

My computer has started going bonkers... Whenever I perform a search in google, yahoo (any search engine really) if I click on any result, it opens a new window from "yourfindhome.com." The trouble only starts here though. I tried to run Spybot search & destroy but it gave me the error reporting dialog box. I tried the same with Super antispyware with the same result. I can't run any removal program except Ad-aware, which keeps finding Trojan Backdoor Agent and Trojan SpyBanker even after I have removed them.

I am running a Dell Dimension DE051 with a 2.66 GHz processor (Celeron). 512 of RAM with Windows XP Home SP3.

We downloaded PC-Cillin from Trend Micro at the beginning of the summer as well. Ordinarily, I like Trend Micro, but it seems that it is not helping at all. It starts up and freezes. So, I've tried to disable its startup protocol to keep my computer from freezing.

I have been trying to access all of the logs that I need in order to fix my computer problems, but I cannot run GMER.exe. I run it, but nothing opens... at all...

I have tried downloading from both portals, but I cannot get the program to run on my computer. DDS worked fine, and I hope that someone can help me with just the DDS.txt and Attach.txt

Thanks

Here is DDS.txt


DDS (Ver_09-07-30.01) - NTFSx86
Run by Gorman at 21:18:38.29 on Fri 09/04/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.137 [GMT -5:00] ... Read more

Answer:Possible Malware/Cannot run spyware removal or GMER

Alright. I was able to find another portal (thanks, tetonbob). I shall now attach my ZIP file with each of the required logs.

I hope someone can help me out!

18 more replies
Relevance 59.45%

I've had this "alien" in my computer since last April. I've spent over $1500 taking my computer to people getting it "cleaned", new versions of Windows, etc., can't take it anymore. He, she or it has complete control over it now. Has their own Windows, own Netscape, own everything. I can't download ANYTHING. He, she or it DESTROYS it. The last guy who really did get rid of it for a couple of days made me the user instead of the administrator. So, of course, they made themselves administrator through the network. Then, remarkably, today, I get on, and now, I am the administrator. But, I still can't do anything. I've been trying to install the internet connection firewall I saw on this website. There's no box in front of where I'm supposed to check. Or, I still wasn't in the right mode. I ran SmitFraud for the last time and here's what I got: SharedTaskScheduler's.dll, VacFix, Winsock2 Fix, GenericRenosFix, IEDFix, Agent.OMZFix, 404Fix, RK, DNS, Winlogon.system, RK.2. Before it finished, it was slashed by the alien. So nothing got fixed. All this is still on. And I don't know how to run anything anymore without it being compromised. Please help!

Answer:Spyware/Malware Removal/Virus

Welcome to BCLet's see if we can get you startedRunning this tool should allow you to complete the suggested scansPlease download Rkill by Grinler and save it to your desktop.Link 2Link 3Link 4Double-click on the Rkill desktop icon to run the tool.If using Vista, right-click on it and Run As Administrator.A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.If not, delete the file, then download and use the one provided in Link 2.If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.If the tool does not run from any of the links provided, please let me know.Any time the computer restarts you will need to run the application again===========================Step2:Some types of malware will disable Malwarebytes Anti-Malware and other security tools. If MBAM will not install, try renaming it first.Right-click on the mbam-setup.exe file file and rename it to mysetup.exe.Double-click on mysetup.exe to start the installation.If that did not work, then try renaming and changing the file extension. click this link if you do not see the file extensionRight-click on the mbam-setup.exe file, rename it to mysetup and change the .exe extension to .scr, .com, .pif, or .bat.Then double-click on mysetup.scr (or whatever extension you renamed it) to begin installation.If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files.Right-click o... Read more

1 more replies
Relevance 59.45%

ok, ive followed every step in the DO THIS FIRST post. THe only thing i couldnt do was run the GETKEY.zip (it said access denied and then prompted me 90 times when i clicked the batch file.. even as administrator)
im on vista 32 and ive run, spybot s&d, spyhunter, avg spyware remover, hjt, and some others that i cant remember.
ive emptied everything with cc cleaner.

i ran spyhunter, and it showed me that i had a trojan.vundo in an hkey.. but it was the free version, so im not sure if it was just a false positive to make me buy the software (and its the only scan that i ran that found anything)
i ran a google on the vundo trojan, and it showed me that it would cause the same symptoms as im having.. pop up boxes and windows explorer stops responding.
Ive asked various other forums, but havent received any answers, hopefully this will be my last stop.
And most forums say not to restore anything, but i had too, my windows wouldnt load at all after a program download.. i wouldnt even mind restoring everything with the disc i made awhile back, but i have a 40 gig file that took me 2 months to download, and i try to back it up, and windows stops responding halfway through the disc burn.
 

Answer:Malware removal help!!-spyware-secure

i think i resolved the issue.
i removed the stllssvr.exe and ucqxmtipwe.exe.. no more pop ups for the last 3 hours.
 

5 more replies
Relevance 59.45%

i have tried everything to remove viruses/malware from my pc. (malaware bytes mostly). we are trying a shop next? if my software cant do it, how will they be able to do it?

Answer:Virus,spyware, malware removal!!

What have you tried so far and how?

8 more replies
Relevance 59.45%

Computer is having problems. When I run an "superantivirus" scan computer reboots itself before completing. I also ran the "advanced windows cleaner", and it detects and can resolve problems, except when it gets to the registry. It stays ther for over 30min and never finishes. I closed it, reboot, and it does the same thing again. It never finishes. I'm thinking my problem is possible malware, could maybe also be something going on in the registry or the operating system. I hope I didn't have something deleted incorrectly...Scan is below:Deckard's System Scanner v20071014.68Run by Administrator on 2008-04-27 00:36:20Computer is in Normal Mode.---------------------------------------------------------------------------------- HijackThis (run as Administrator.exe) ---------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 00:37, on 2008-04-27Platform: Windows 2000 SP4 (WinNT 5.00.2195)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Boot mode: NormalRunning processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\system32\svchost.exeC:\WINNT\System32\svchost.exeC:\WINNT\system32\spoolsv.exeC:\WINNT\system32\pctspk.exeC:\WINNT\System32\WBEM\WinMgmt.exeC:\WINNT\system32\svchost.exeC:\Program File... Read more

Answer:Log Posted For Possible Spyware/malware Removal

May need to install the recovery console too. Anyone have a suggestion?

3 more replies
Relevance 59.45%

I was on a PC in my office yesterday and got a popup about a malicious files being associated with Boss Everyware, picture.exe, and . I performed scans with PrevexCSI, ScanSpyware, AdAware-SE, and cleaned the 400+ files that teh three programs identified. I then ran a HijackThis log which I will post below. After looking at the log, I am not sure that I have gotten everything. Can someone tell me if anything remaining looks suspicious?

This is an older machine running Win2000, and is acessible to a few people via the LAN and WAN.

Thanks in advance.
==============

Logfile of HijackThis v1.99.1
Scan saved at 10:40:50 AM, on 9/9/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\TightVNC\WinVNC.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32... Read more

Answer:Solved: Help With Spyware / Malware Removal

keyser.soze said:


I was on a PC in my office yesterday and got a popup about a malicious files being associated with Boss Everyware, picture.exe, and .Click to expand...

In the previous quote, I left out the third indication I received of spyware. The file that should appear after the "and" above is wmpirvse.exe.
 

2 more replies
Relevance 59.45%

Hello im new here, and after reading around i hope someone can help, i have no idea what do do, Ive ran my norton 360, downloaded and ran S&D but no luck. I get the same annoying pop up. I downloaded HiJackThis, but i have no clue what im doing so i ran it as a system scan only and here is my logI have downloaded the free spy sweeper, but i cannot fix the problems listed becasue i do not have a subscription.Thansk for all your helpHere are screenshots of whats popping up!!Shock

Answer:"c:\windows\wml.exe", Need Help With Malware/spyware Removal

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please post a brand new HijackThis log, along with a description of any problems you are experiencing. If we do not hear back from you within a couple of days we will need to close your topic.When posting your logs please post them directly into the reply. Do not attach them.Thank you for your patience.

1 more replies
Relevance 59.45%

Hi, I have Norton Internet Security 2006 installed, and run liveupdates. There is a fake virus warning in the taskbar, and is giving me multiple popups under internet explorer, when i am not surfing the web. The message reads

"Your computer is infected! Critcal system error! System has detected virus activites. They may cause critical system failure. Please, use antimalware software to clean and protect your sytem from parasite programs. Click here to get all available software"

In the task manager under processes, there is a process named "dcomcfg.exe" that will not close. I have run Ad-Aware, and Norton and still havent come up with a solution! I have included a screenshot of the problems.

Also, the popups, do not appear to be actual popups, they seem to be an imitation of internet explorer, as there is no title in the taskbar.
(Sorry about the poor image quality, due to the file size limit)
 

Answer:spyware and malware removal problems

9 more replies
Relevance 59.45%

I'm lookin fora recommendation on a spyware/malware removal tool. Thing is i want one that is freeware that also comes with an active guard tool. Seems all the freewares require u to buy the plus/pro version or w/e they want to call it, in order to get any form of active defence.

thanks in advance for the help,
-kyle
 

Answer:recommended malware/spyware removal

This is covered in the sticky threads if you take the time to read them:


How to Protect yourself from malware!

 

1 more replies
Relevance 59.45%

I haven't seen anyone post about this solution, so here goes from the newbie who just beat Koobface.

I finally got rid of the Koobface virus I picked up via facebook. It is very sneaky. The ONLY thing I found that works is MS Windows Defender. Norton, Trend Micro PC-cillan, and Adaware/Lavasoft didn't even find it! Kaspersky and the MS malicious software removal tool both found it, but couldn't do anything with it. MS Windows Defender is the only program that found it (a total of 3 Trojan Downloaders) and was able to destroy it. I re-started my computer and Defender found another Trojan and destroyed it. All seems back to normal now. Very relieved.
 

More replies
Relevance 59.45%

I was able to remove the Koobface worm but now I get a random website that trys to load but is unable to load because IE says it cant be found so it's just a blank screen with the HTTP 404 error. So each time a site tries to load I take the name and put it in my blocked sites list but it just makes a new one. I've done this 7 times and it just keeps making a new site to try and load. The sites are not .COM sites they end in .cn except for the first one I blocked which was yourtoolscheap.com. As I said before none of the sites ever load they just come up as a blank white screen with the blue bar at the top with the HTTP 404 error
below are some of the sites that it loads after I block them
moored2009.cn
disorganization0000.cn
plate-tracery.cn
yourtoolscheap.com

Answer:Koobface.worm removal aftermath

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

1 more replies
Relevance 59.04%

Uh... hi. I'm normally pretty good against spyware and malware removal... I have a few different anti-spyware progs on my comp, as well as CleanUp, and Hijack this. But, I have run into 2 objects that just won't go away... and so far, through searching for it myself... it will cost me 30$ to buy a program that can get rid of it. Normally my Microsoft Anti-Spyware does pretty good, but this E2Give and Prutect will not go away... Could anyone help me out and find a tool or a prog I could use that will permenantly get rid of these pests?

¥Omicron~
 

Answer:E2Give and Prutect Spyware/Malware Removal

Download and run these. Click on the highlighted words to download.

CCLEANER

CWSHREDDER

RUN THIS ONLINE SCAN
 

2 more replies
Relevance 59.04%

I was infected with Spyware Removal 2009 Malware. so I had the Spyware Removal 2009 malware somehow got installed on my computer. As some forums said I installed malwarebytes to remove it. I think I got most of it out but I thought I had it all removed before and it came back. So here is my hijackthis file to see if everything is off.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:53:33 PM, on 3/8/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\agrsmsvc.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exeC:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exec:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS... Read more

Answer:Infected with Spyware Removal 2009 Malware.

Hello pdeals917,This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.1. Download this file - combofix.exe http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe2. Double click combofix.exe & follow the prompts.3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.Note:Do not mouseclick combofix's window while it's running. That may cause it to stall.Thanks,tea

4 more replies
Relevance 59.04%

MY SEARCHES GO ELSEWHERE WHEN I SEARCH IN GOOGLE....

HERE IS THE LOG

Answer:Virus/Trojan/Spyware/Malware Removal

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until instruc... Read more

2 more replies
Relevance 59.04%

I've heard of a Linux based OS that can fit on a USB stick and has a whole suite of anti-malware/anti-spyware/anti-virus software built in. Anyone remember what that was?
 

Answer:USB stick OS made for spyware/malware removal?

curious too...googling though might help
 

2 more replies
Relevance 59.04%

 Hijack Analysis Report.txt   4.03KB
  3 downloads

Answer:My Virus,trojan,spyware and malware removal log

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

4 more replies
Relevance 59.04%

Ok, going through the Malware removal guide, will post logs as requested.

Thanks.

Win7 x64
 

Answer:Malware / Spyware removal (will include logs)

Got the logs??
 

1 more replies
Relevance 59.04%

Hello all,

My first post here, although I've searched the forums for help plenty of times. I just had a bout with the Dio Cleaner worm et al, and went though all the cleaning steps advised by MG. I was just wondering if someone could look over my logs to make sure that it's gone, and the steps to go through cleaning up the files (deleting MG, etc). Thanks in advance!
 

Answer:Is my System Clean? (spyware/malware removal)

You will need to install SP2 when we know you are clean!

Please use add/remove programs to uninstall:
Viewpoint Media Player

Download and install:
Java Runtime 6

Please disable all anti-virus and anti-spyware programs while we do the following:

Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:




R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [crlu32.exe] C:\WINNT\crlu32.exe
O4 - HKLM\..\Run: [troy44] C:\WINNT\troy44.exe
O4 - HKLM\..\Run: [troy44 ] C:\WINNT\troy44 .exe
O4 - HKLM\..\RunOnce: [SpybotDeletingA1908] command /c del "C:\WINNT\qajab.txt:waweln:$DATA"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8863] cmd /c del "C:\WINNT\qajab.txt:waweln:$DATA"
O4 - HKCU\..\Run: [Rurm] "C:\PROGRA~1\MCROSO~1\logonui.exe" -vt yazb
O4 - HKCU\..\Run: [Gnwtha] "C:\Documents and Settings\Administrator\My Document... Read more

19 more replies
Relevance 59.04%

i was going through the rea dna d run me thread and notice he said to post a thread if u had any questions/issus so i am.

anyway i is about part 4. were it says to open them in windows explorer. i was just hopeing some one could tell me how to do that. cuz i dont know.

thx in advanced.
 

Answer:extra explaining on malware/spyware removal

Welcome to Majorgeeks!

In step 4 you are just downloading and installing! You are not running anything.

But is your question about how to open Windows Explorer? If so, there are many ways. One way is to right click Start and select Explore. The window that comes up is Windows Explorer and it allows you to navigate around to all the files and folders on your PC. It is simply a file manager and it is also what is commonly called your Windows Shell.
 

16 more replies
Relevance 59.04%

I did it - the dreaded mistake of opening an email attachment that I thought was safe. It brought a virus I am guessing. Have done avg scan/adaware scan/ca frontier scan (from my isp) to no avail. Getting constant things coming up saying my computer is at risk and I have a virus blah blah blah - cannot make them stop. Any ideas or tips would be appreciated. Need the computer for work TONIGHT LOL - Thanks :)

Answer:virus/malware/spyware removal warnings

http://www.techsupportforum.com/secu...oval-help.html

4 more replies
Relevance 59.04%

I seem to have run into a mutating virus/malware/spyware. After trying 5 or 6 anti virus programs it seems to be popping back up on the computer. It seems to be tamed to a point now where it seems only to be giving some pop up ads when surfing however not all functions of the computer are acting as they should. A few instances:

- I'm trying to remove a trial version of a virus scanner and before it removes it seems to undue the uninstall
- it is taking an unusually long time to power down when I choose that option
- it is not displaying the task box when I depress CTRL, ALT, & DEL key
- seems to work with Firefox but when attempting to run IE it hijacks the searches to some other site of its choosing
- I have Firefox set to save the downloaded file until I decide to remove it from the display box but it is not functioning like that anymore
- some tasks which used to run rather quickly now seem to take a fairly long time

I did some reading on how to go about posting for help so here are the files that were requested with this post:

DDS.TXT


DDS (Ver_09-02-01.01) - NTFSx86
Run by The Parente's at 16:20:11.20 on 18/02/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_11
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.2.1033.18.2941.1561 [GMT -5:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Mic... Read more

Answer:Help requested for malware/virus/spyware removal

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

One or more of the identified infections is a backdoor trojan.

This type of infection allows hackers to remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Please read this: How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?

------------------------------------------------------

It appears that you have three antivirus programs installed and/or running, avast!, AVG, and Norton 360. While this may seem like better protection, they can actually conflict with one another and cause system instability or even system hangs. Please choose one to keep and uninstall the others via Add or Remove Programs in your Contro... Read more

19 more replies
Relevance 59.04%

Need a little help on this one. Im trying to fix a friends computer and i cant seem to get ride of all this crap. Heres a fresh HJT scan. I know it has winantispyware2007 and some other stuff. One of them is trying to change the home page but IE7 keeps detecting it and telling me.

Thanks.

Logfile of HijackThis v1.99.1
Scan saved at 12:03:50 AM, on 8/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1137206098\ee\AOLHostManager.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\AOL\1137206098\ee\AOLServiceHost.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program File... Read more

Answer:Solved: spyware/adware/malware removal

10 more replies
Relevance 59.04%

For whatever reason SUPERAntiSpyware Free has stopped finding Tracking Cookies for me using their Quick Scan. I know all about tracking cookies and how they fit in to computer security. I want to be able to identify tracking cookies and remove them. Unfortunately SAS, a program I used for quite a long time, will no longer do this for me.

I am looking for recommendations for Spyware/Malware removal programs. I have used both Ad Aware and Spybot S&D in the past but had moved to SAS based on advice from sites like this. I see they are no longer recommended. So what else is available besides SAS? I use MSE as my antivirus and also have MBAM installed but still would like an additional scanner available that I can use specifically to find tracking cookies. I prefer a free program as well.

Answer:Spyware/Malware Removal program recommendations

Hi,For whatever reason SUPERAntiSpyware Free has stopped finding Tracking Cookies for me using their Quick Scan. I know all about tracking cookies and how they fit in to computer security. I want to be able to identify tracking cookies and remove them. Unfortunately SAS, a program I used for quite a long time, will no longer do this for me.Do you get an error upon scanning? I would suggest a simple cleaner, such as CCleaner as an alternative. It gets rid of Temporary Files and cookies, though it will not be as detailed compared to SUPERAntiSpyware. Another good program would be OldTimer's Temp File Cleaner (TFC), which can be downloaded 'here'. Malwarebytes' Anti-Malware does remove cookies as well. However, the best thing that can prevent the appearance of such files would have to be a properly configured web browser.I am looking for recommendations for Spyware/Malware removal programs. I have used both Ad Aware and Spybot S&D in the past but had moved to SAS based on advice from sites like this. I see they are no longer recommended. So what else is available besides SAS? I use MSE as my antivirus and also have MBAM installed but still would like an additional scanner available that I can use specifically to find tracking cookies. I prefer a free program as well.I would like to inform you that though security programs might make you feel secure on the Internet (they contribute to it), having too many of these installed at once will result to a conflic... Read more

10 more replies
Relevance 59.04%

Recently I have noticed I cannot open any antispyware/malware programs and my google searches will often redirect to random stuff that is not even close to what I googled. Here is my dds logs. If I did anything wrong please let me know.
DDS (Ver_09-06-26.01) - NTFSx86
Run by Gablen at 1:11:32.01 on Sat 07/25/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.674 [GMT -4:00]
============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\System32\WLTRAY.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\wscntfy.exe
C:&#... Read more

Answer:I cannot open ANY spyware/malware removal programs!

Go HERE and download SysProt AntiRootkit. Unzip it to your DesktopRun SysProt >> Click on the Log tab Tick ALL the boxes at the "Write to log" section (Do NOT tick the "Hidden Objects Only" options)Hit the Create Log buttonWhen it asked for scanning option, choose Scanning all drives >> Hit Start button (Do NOT hit "Ok" button)Let it scan until finishFind the log.txt inside the SysProt folder and attach the log here.

6 more replies
Relevance 59.04%

When browsing earlier today Firefox suddenly crashed and I was inundated by various warnings and error messages stating my PC was infected by various viruses and spyware and offering to sell me security software. Since then my PC has crashed 3 times as well as frozen a number of times. I have been unable to reboot using Ctrl Alt Delete and have had to switch off the PC at the socket before restarting.
I have followed the advice in the Preparation Guide and run the DDS files which are copied below.
I have also tried to run the GMER scan but the PC has frozen before completing this so I am unable to attach this log.
Thanks very much in advance for your assistance.

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by sally at 18:50:32.27 on 11/03/2011
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.254.104 [GMT 0:00]
.
AV: AVG Anti-Virus Free *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Prog... Read more

Answer:Virus, Trojan, spyware and malware removal

Hi,Please do the following:Download ComboFix from one of the following locations:Link 1 Link 2 VERY IMPORTANT !!! Save ComboFix.exe to your Desktop * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here Double click on ComboFix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.When finished, it shall produce a log for you. Please include the C:\C... Read more

2 more replies
Relevance 59.04%

I recently had someone else using my computer who somehow ran an undesirable executable causing an infestation on my computer. I've spent the past couple days removing what I could and think I've done a pretty thorough job however; I'm not as versed in the removal of spyware/malware/ or viruses as I would like to be and was hoping someone could take a look at my most recent Hijackthis logfile and let me know what (if anything) I've missed.

Logfile of HijackThis v1.99.1
Scan saved at 4:54:30 PM, on 8/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netflix.com/
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no n... Read more

Answer:help with removal of recent spyware/malware infestation.

Post hijack logs from normal mode
NOTE: If you have downloaded ComboFix previously please delete that version and download it again!

Download this file :

http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
or
http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe

Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log

Note:
Do not mouseclick combofix's window while its running. That may cause it to stall

=====================
Download Superantispyware (SAS) free home version

http://www.superantispyware.com/superantispywarefreevspro.html

Install it and double-click the icon on your desktop to run it.
· It will ask if you want to update the program definitions, click Yes.
· Under Configuration and Preferences, click the Preferences button.
· Click the Scanning Control tab.
· Under Scanner Options make sure the following are checked:
o Close browsers before scanning
o Scan for tracking cookies
o Terminate memory threats before quarantining.
o Please leave the others as they were.
o Click the Close button to leave the control center screen.
· On the main screen, under Scan for Harmful Software click Scan your computer.
· On the left check C:\Fixed Drive.
· On the right, under Complete Scan, choose Perform Complete Scan.
· Click Next to start the scan. Please be patient while it scans your computer.
· After the scan is complete a summary box will appear. Click OK.
· Make sure everythin... Read more

3 more replies
Relevance 59.04%

This may prompt a general discussion.
I try and look after some PC's for Senior Citizens on a voluntary basis. The usual complaint is that 'it has gone slow'. Inspection finds that there is some form of infection. I usually go through the process of running Avast 'Boot Scan' and then a full system scan, followed by scans with Malwarebytes, Superantispyware, Hitman Pro, AdwCleaner and JRT. I sometimes find that on completion of running the scans, to ensure the system is clean, I run them again. Problem is they keep showing some form of infection or another. I have just run these continually for three days on a laptop and still one or two show some issues. This leads me to take on a complete reformat and reinstall.
Even after this, questions arise. I ask people to back up their date before I look at their PC's. My question is, if they restore their backup, are they then not reloading possible infections?
My other question is when do you decide to give up on infection removal and go for full reformat?
Hope that's clear and would be interested in comments?

Answer:Virus, Malware, Spyware Removal. Best Way Forwards

Are any of the PC's you look after running an antivirus software programme ? Or a firewall ?
You may need to educate your Senior Citizens on running regular scans and on not just clicking 'YES' when a pop-up window appears.
CCleaner will remove many 'infections' plus do a registry clean but even that can leave a few problems.
Assume you have checked 'Task Manager' for any unwanted software running in background.
The problem is from my own experience 'you can lead a horse to water but .....'.
If you go for a full reformat you are giving yourself a great deal of extra work and the possibility of the complaint 'my PC does not look the same'.

5 more replies
Relevance 59.04%

Specs:
IBM R40 Notebook
MS Win XPP w/Serv. pk 1
Intel Pent M 1.3
597MHz
256MB RAM
40GB Hard Drive

Internet Providers:
AOL
Comcast Broadband


Good evening,
I am having problems with Malware and its apparent effects on my computer. I currently am running the latest McAfee AV (provided by AOL) with auto updates, as well as Zone Alarm (v 5.5 - free download version). I get random alerts with attempts to access my computer by .exe programs and .dll applications. Such examples include "xmlfont.exe, xmlanti.exe, dbdns.exe", etc. I have followed all suggested steps in the "How to: Spyware, Trojan and Virus Removal" guide, and I still have the following noticeable problems:
a.) I cannot access the following websites via my IE browser (using my Comcast Broadband wireless connection)
- google.com
- 53.com (Fifth Third Bank)
b.) I cannot access 53.com on either IE nor via my AOL web browser (although I can access google through the AOL browser)

c.) when I restart/turn off my computer, a warning message pops up saying " 'odbcras.exe - DLL INTIIALIZATION FAILED' The application failed to inizitialize..."

I have run the Killbox program, and have a log file created. I know it says not to post unless asked, so let me know if you would like me to send as attatchment.

Thanks for your help!

bmontana
 

Answer:Malware/Spyware/virus help - already done How to removal guide...

bmontana said:



I have run the Killbox program, and have a log file created. I know it says not to post unless asked, so let me know if you would like me to send as attatchment.Click to expand...

I believe you mean you have run HijackThis and created a log, not Killbox.

Make sure you have HijackThis 1.99 and follow the guidelines on where to install it and how to post a log as an attachment. This is all covered in the sticky thread NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

Now post a HijackThis log as an attachment to your message (Do not post the log inline). All running programs should be closed, including your web browser, e-mail. Close before running Hijack This!

To repeat: Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file. Place it in its own folder, for example C:\Program Files\HJT
 

46 more replies
Relevance 59.04%

Hi,

Could someone help me out?

I think I have been infected with malware/spyware. My computer has been running slow. Sometimes, when a webpage loads, it automatically clicks a link on that website and then loads that automatically clicked link. I didn't even click anything at all.
HJT Log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:44:24 PM, on 19/09/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS.XP\System32\smss.exe
C:\WINDOWS.XP\system32\winlogon.exe
C:\WINDOWS.XP\system32\services.exe
C:\WINDOWS.XP\system32\lsass.exe
C:\WINDOWS.XP\system32\svchost.exe
C:\WINDOWS.XP\System32\svchost.exe
C:\WINDOWS.XP\system32\ACS.exe
C:\WINDOWS.XP\system32\spoolsv.exe
C:\WINDOWS.XP\Explorer.EXE
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\WINDOWS.XP\SOUNDMAN.EXE
C:\WINDOWS.XP\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Atheros\ACU.exe
C:\WINDOWS.XP\system32\hkcmd.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware 2\mbamgui.exe
C:\WINDOWS.XP\system32\ctfmon.exe
C:\Program Files\Java\WindowsXP2\Java 6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware 2\mbamservice.exe
C:\Program Files\Norton 360\Engine\4.1.0.32\ccSvcHst.exe
C:\WINDOWS.XP\system32\svchost.exe
C:\WINDOW... Read more

Answer:Malware/Spyware Removal - Logs Included

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

If an infected file is detected, the default action will be Cure, click on Continue.

If a suspicious file is detected, the default action will be Skip, click on Continue.

It may ask you to reboot the computer to complete the process. Click on Reboot Now.

If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

 

3 more replies
Relevance 59.04%

Previous topic that was closed located here: http://www.bleepingcomputer.com/forums/t/293047/dns-changer-trojan/ This topic in response to the instructions in that topic. ~ OBHi there,Thanks so much for your advice, sorry it took me so long to do it, I'm a teacher so always so busy. Below is a copy of the log you requested in step 2 after combofix scan had run. i have not completed step 2 yet but will do this straight away after this.Thanks again ComboFix 10-02-11.04 - Laura 12/02/2010 16:51:29.2.1 - x86Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.44.1033.18.1015.275 [GMT 0:00]Running from: c:\users\Laura\Desktop\quackduck.exeAV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}.((((((((((((((((((((((((( Files Created from 2010-01-12 to 2010-02-12 ))))))))))))))))))))))))))))))).2010-02-12 17:08 . 2010-02-12 17:09 -------- d-----w- c:\users\Laura\AppData\Local\temp2010-02-12 17:08 . 2010-02-12 17:08 -------- d-----w- c:\users\Public\AppData\Local\temp2010-02-12 17:08 . 2010-02-12 17:08 -------- d-----w- c:\users\Default\AppData\Local\temp2010-02-12 11:43 . 2010-02-12 11:43 -------- d-----w- c:\programdata\SITEguard2010-02-12 11:40 . 2010-02-12 11:40 -------- d-----w- c:\program files\STOPzilla!2010-02-12 11:40 . 2010-02-12 11:40 -------- d-----w- c:\program files\Common Files\iS32010-02-12 11:40 . 2010-02-12 17:09 -------... Read more

Answer:trojan/spyware/malware removal - new thread

Hello and welcome to Bleeping Computer! We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Fo... Read more

2 more replies
Relevance 59.04%

Hi, I am very new to this spyware stuff and i want to completly remove it from my system, PLEASE I AM DESPERATE FOR SOME HELP. Thanks.

Mitesh
 

Answer:Complete Removal Of Spyware Malware adware etc

12 more replies
Relevance 59.04%

Here's the problem...

I've got a Gateway E-3600 with a 128 GB IDE boot drive and a SATA 300GB data drive and 1GB of RAM

I've set up a wireless network with two laptops and a desktop on the wireless network and the Gateway hardwired into the wireless router.

I picked up the Koobface worm by accidentally clicking on the damned "Update Flash Player" link on an e-mail from a friend. I didn't meant to do it and when I realized what it was doing I shut down the computer at the switch - but apparently not before it finished installing the worm.

I ran a MacAffee scan and Advanced System Care Pro scan but wasn't able to clear the worm. Downloaded Malwarebytes Anti-Malware tool. and did a scan. It eliminated a list of trojans related to the Koobface worm. When i rebooted everything seemed fine, but after a while, it started redirecting again.

I'm rerunning Malwarebytes again disconnected from the Internet. After I eliminate the reinstalled Trojans, I intend to reboot off-line and see if I can find the sneaky little program that keeps resetting the redirect worm on my browsers. I also have Emisoft Hijackfree and A2 Free hijack software, but don't know how to use them effectively. I plan to run Glary and Advanced System Care Pro's registry cleaners before rebooting. Don't know if that will work, but if you have any ideas about what I should do further let me know. I know there's some nasty little worm buried on my hard drive,... Read more

Answer:Browser Redirect / Koobface Worm Removal

Please download the TDSS Rootkit Removing Tool (TDSSKiller.zip) and save it to your Desktop. <-Important!!!Be sure to print out and follow all instructions for performing a scan or refer to these instructions with screenshots.Extract (unzip) the file to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the Desktop. Vista/Windows 7 users refer to these instructions if you're unsure how to unzip a file.If you don't have an extracting program, you can download TDSSKiller.exe and use that instead.Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.When the program opens, click the Start Scan button.Do not use the computer during the scanIf the scan completes with nothing found, click Close to exit.If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.Ensure Cure is selected, then click Continue > Reboot now to finish the cleaning process.<- Important!!
Note: If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection.A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).Copy and paste the contents of that file in your next reply.-- If TDSSKiller does not run, try ren... Read more

1 more replies
Relevance 59.04%

Hey, this is my first post here and I've looked around for an answer without a solution.

The computer in question is running Windows Vista Home Basic 6.0.6002 SP2. It is usually connected to the internet via a Verizon Broadband USB727 usb card modem but started having problems with connection on Monday.

The problem is that it will not connect to the internet (IE cannot display the webpage), even when the usb card says it is connected, or when it is connected to my router via ethernet. Usually the usb card will show an error in the taskbar saying that there is "limited connectivity", but sometimes it shows a solid connection and there is still no internet. In internet explorer, when trying to open a page like google or hotmail, I get an error message saying "Unable to open the search page". It will sometimes show "ieframe.dll" running in the corner. I've also tried running a portable version of google chrome and get an "Error 105 (net::ERR_NAME_NOT_RESOLVED): Unable to resolve to server's DNS address. This happens even when directly connected via ethernet.

What I've tried:
Pinging verizon's DNS for the card (8.8.8.8) results in a clean ping. But I am unable to ping www.google.com.
I've tried uninstalling the card's driver and reinstalling. But the fact that the card works with another computer makes me believe it is not the problem.
I've run mbam and pulled 4 results all connected to the koobface worm. Clea... Read more

Answer:No Internet Connectivity after Koobface Removal & Reg Cleanup

I've checked LAN Settings to be sure proxy settings weren't in place (however, by default, LAN settings are greyed out and I could only access it by changing a key in the registry. Within LAN settings, the "Use automatic configuration script" box is checked and the address reads: "http://127.0.0.1:2372/wpad.dat". Even if I remove this and uncheck it, it doesn't help and comes back on the next opening of IE, and the reg key is changed back)Not sure if this is your problem, but this should not be checked by default - The top box (Automatically detect settings) should be the only one check marked, although there may be a specified port (listed lower right side).Click APPLY at the bottom right if you do alter any settings in the Connections area -Try to ping 127.0.0.1 (yourself) and see what the result is - I assume you are not posting from the problem computer at this time - Tell us if you get an answer from Tech Support Guy 14-Oct-2012

3 more replies
Relevance 58.22%

Okay, so I am new to the forums and am so very grateful to have found you guys! I have been hit with Malware/Spyware that my Norton or Adaware will NOT remove. I have tried my best to get this crap off of my computer and need it gone!! I just can't seem to get it removed by myself. To make matters worse, I live in a rural area and am only allowed the "comfort" of dial-up and what ever is infecting my computer is making it move slower than it already is.

When I do a system restart, Norton detects the following: C:\windows\system32\wvuvuvv.dll and then I can't get Norton to stop notifing me of it. Then of course I get the usual triangle flashing at the bottom of the screen (by the clock) alerting me that I have something which then leads to pop ups advertising spyware removal programs.

Can someone please help??? I have "Hi-Jack This" log file along with my system info below.

THANK YOU TO ANYONE AND EVERYONE WHO CAN HELP ME!!!!
tchdbyngls


System info:

Microsoft Windows XP - Home Edition
Version 2002 - SP2

Intel (R) / Pentium (R) 4
CPU 2.20GHz
2.19GHz, 512 MB of RAM
 

Answer:C:\windows\system32\wvuvuvv.dll ???? SPYWARE/MALWARE REMOVAL!!!!

Okay, just read the post about not putting your log file on the message, so I just added it as an attatchment.
 

2 more replies
Relevance 58.22%

I posted logs and request for help 4 days ago in Virus, Trojan, Spyware, and Malware Removal Logs. I know the time is 5 days BUT am a little worried. Hundreds of other topics since I posted seemed to get picked up and get attention and fixing, while mine sits there unattended.
 
I don't understand how this works--is there an assignment process for that forum? Or do volunteers just pick what they want? Did I not write a "cool" enough description and title? Or use certain buzzwords???
 
Will it get looked at by tomorrow? What do I do if it doesn't? Is there some poor person who goes back and cleans up all the ones not looked at. Delete and re-post with keywords that get attention?
 
 I don't see the process to get helped for sure, and I do see some other poor little requests like mine that aren't being helped scattered in among those getting lots of attention.
 
Thanks for help and perspective!  

Answer:Will I eventually really get help in Virus, Trojan, Spyware, & Malware Removal?

Hello grfWhile we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large, as are other comparable sites that help members with malware issues. Although our Malware Response Team work on hundreds of requests each day, they are all volunteers who contribute to helping members as time permits. No one is paid by Bleeping Computer for their assistance to our members.New and more devious malware infections are released almost daily. It then takes time for our Team to investigate, analyze and test removal techniques before we can help members like yourself. Doing that means that we sacrifice speed of response for a quality response that will help remove the malware more effectively.Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Not all staff members have access to or are familiar with every type of operating system version...some may only have Windows XP as they cannot afford to upgrade while others may only have Vista or Windows 7.Although we try to take logs in order (starting with the oldest) but it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skil... Read more

3 more replies
Relevance 58.22%

Hello and welcome to Bleeping ComputerMy name is etavares and I will be working with you to fix your computer.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Please take note:If you have since resolved the original problem you were having, we would appreciate you letting us know. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available.If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting. If you will be unable to respond (e.g. vacation, travel, etc.), please let me know ahead of time.Please refrain from running tools or applying updates other than those w... Read more

Answer:Virus, Trojan, Spyware, and Malware Removal Logs

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

2 more replies
Relevance 58.22%

Hello and and Welcome to BleepingcomputerPlease note we are very busy, so if I don't hear from you within 5 days the topic will be closed, If you have since resolved your issues I would appreciate if you would let me no so I can close this topic.Please download Malwarebytes' Anti-Malware from HereNote: If you already have Malwarebytes' Anti-Malware, just update then run it.Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan (the scan may take some time to finish, so please be patient).When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy and Paste the entire report in your next reply .Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.Download random's system information tool (RSIT) by random/random from here... Read more

Answer:Infected virus, trojan , spyware , and malware removal

Thank you for your response.... here are the following logsLog:Logfile of random's system information tool 1.06 (written by random/random)Run by User at 2010-03-09 10:36:20Microsoft Windows XP Home Edition Service Pack 3System drive C: has 142 GB (93%) free of 153 GBTotal RAM: 510 MB (8% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:36:45 AM, on 3/9/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16981)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\svchost.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exec:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeC:\Program Files\McAfee\MPF\MPFSrv.exeC:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exeC:\Program Files\Apoint\Apoin... Read more

33 more replies
Relevance 58.22%

Anyways, sorry for the dramatics, I just need some help with this, and I hear this site is the place to look:

My taskmanager has something wrong with it:

-I cannot access it via ctrl +alt+del,

-I cannot access it by right-clicking onto the taskbar.

-I cannot access it through "run: taskmgr.exe"
When I try to use the run: program, it tells me

"another program is currently using this file"

I have called the tech-support people for my school, and they suggested I get something called "Hijack This v1.99.1" I did that, and I ran it. Now, I have a log file of all the programs it found. I would really like any and all available suggestions on what the spyware/malware in question is, and what I should delete. This is the log file:



Logfile of HijackThis v1.99.1
Scan saved at 12:33:47 PM, on 10/19/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\Documents and Settings\John E. Dell 2\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe


O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto


If any one could help, I would really, really appreciate it. It is messing with my other programs as well. I am having trouble running games, I am having difficulty with just about every regular program as a matter of fact. Thanks so much.

-Ungoliant
 

Answer:Please, Urgent Help Needed - SpyWare/MalWare Removal Problems

You should be locked away!
NO antivirus
NO firewall
NO service packs or updates

Follow these instructions EXACTLY and put HijackThis in e.g C:\Program Files\HJT and NOT in Temp or on the Desktop!.
Read: How to remove Begin2Search/Coolwebsearch and Other Nasties

Then Read: How to post your Hijackthis log-files as an attachment.
 

6 more replies
Relevance 58.22%

 ark.log   4.38KB
  4 downloads
 Attach.txt   15.9KB
  5 downloadsHello, I am requesting help with getting my computer rid of some pesky files I had on it. Last week I starting getting pop ups that said my pc was infected - blah, blah, blah to make a long story short I learned I had accepted (I assume) the av security suite program - (no idea how or where - perhaps allowing someone else to use it could be the culprit - since it lol)anyways, I read a few articles on how to find the files and remove them - problem is I didnt fully understand some of it and I think I messed things up because I have started to recieve error messages when I boot up something I have never had before and now it seems I cant use my printer which never gave me problems before. One of the error messages I got upon boot up after removing files that day was "Cant find script file" C:\users\monica~1\Appdata\local\temp\prpl_clean.vbs - I suspect this is from a file associated with bellsouth accelarator however an internet search for prpl_clean.vbs returned nothing except a website that the search engine claimed was a risky site so I didnt dare click on the link. Another error message I am getting says trayctl.exe - Unable to locate component - this application has failed to start because psystray.pyd was not found. Re-installing the application may fix this problem - I believe this probably concerns my printer - right? However I believe when I was dele... Read more

Answer:Virus, Trojan, Spyware, and Malware Removal Logs

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

11 more replies
Relevance 58.22%

I have no idea how I got this or how to get rid of it, I am constantly getting error messages and being directed to websites to buy MS Spyware Removal 09 Thanks for you helpLindaLogfile of Trend Micro HijackThis v2.0.2Scan saved at 7:05:38 PM, on 3/26/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16791)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\AVG\AVG8\avgrsx.exeC:\WINDOWS\system32\userinit.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Java\jre1.6.0_02\bin\jusched.exeC:\Program Files\CyberLink\PowerDVD\DVDLauncher.exeC:\Program Files\Dell\Media Experience\PCMService.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exeC:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exeC:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exeC:\WINDOWS\system32\hkcmd.exeC:\WIN... Read more

Answer:Unknown Malware- Microsoft 09 Spyware removal popups

Hello LindaF,Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.Thanks,tea

2 more replies
Relevance 58.22%

hye,i just downloaded the combofix and run it. and now, i really need help on what to do next. here's the log:ComboFix 10-05-03.06 - zahidah 05/04/2010 23:21:00.1.2 - x86Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.766.287 [GMT 8:00]Running from: c:\users\zahidah\Desktop\ComboFix.exe.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnkc:\users\Public\mds.sysc:\users\Public\mdt.sysc:\users\Public\winbrd.jpg.((((((((((((((((((((((((( Files Created from 2010-04-04 to 2010-05-04 ))))))))))))))))))))))))))))))).2010-05-04 15:30 . 2010-05-04 15:30 -------- d-----w- c:\users\Default\AppData\Local\temp2010-05-04 10:50 . 2009-12-14 09:52 607472 ----a-w- c:\programdata\Yahoo!\YUpdater\yupdater.exe2010-05-02 15:27 . 2010-05-02 15:27 -------- d-----w- c:\users\zahidah\AppData\Local\Yahoo!2010-05-02 03:37 . 2010-05-02 03:37 3280 ------w- C:\bootsqm.dat2010-05-01 02:18 . 2010-05-01 02:18 -------- d-----w- c:\users\zahidah\AppData\Local\Diagnostics2010-04-30 04:41 . 2010-04-30 04:52 -------- d-----w- c:\users\zahidah\AppData\Local\Ares2010-04-30 04:15 . 2010-04-30 04:15 -------- d-----w- c:\program files ... Read more

Answer:Beginners for virus,trojan,spyware and malware removal

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 58.22%

I had a ton of pop ups, error msgs, etc, so I ran all the antispyware/malwarevirus scans I have (adaware pro, spybot, avg), and after everything was taken care of, I restarted and my explorer (desktop, taskbar, clock) wwouldn't work... And when I started my browser, it would close after 2-3 seconds. I have been opening everything with the taskbar for over a week now. I tried a clean install of xp on my other hard drive, and then had no usb, audio or video drivers. The browser and explorer worked at first, but then later, the browser would give a "needs to close, sorry for the inconvenience" error msg and close. Keep in mind, the old hard drive was not plugged in when I did the clean install...so i'm not really sure what happened there. Today I downloaded firefox, and that has been working so far, no shutting down at all. Anyway, any help would be appreciated.

Jessica
Logfile of HijackThis v1.99.1
Scan saved at 11:43:18 PM, on 5/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe
C... Read more

Answer:Pretty much dead computer after spyware/malware removal (HJT log inc)

11 more replies
Relevance 58.22%

Please help!For the last few days I have been plagued by some form of virus/malware that has been stopping any of my malware cleaners from updating. It also redirects my search results and won't allow me to go to any sites like AVG.com, support.microsoft.com, or any other sites dedicated to malware removal. It has also apparantly corrupted my windows to the point where I cannot reliably get into windows in normal mode, only in safe mode. It tells me unauthorized changes have been made to windows and won't let me log in. If I run sfc scan i can get back into normal mode for one or two bootups and then i have to do another sfc scan in safemode.I have installed and run malwarebites, avg, hijackthis, and superantispyware. Malwarebites found vundo along with several other trojans, hijackthis found an iexplorer redirector, and superantispyware found a couple trojans. Even after taking care of all this, there are still problems. I still can't get into windows in normal mode very often, I can't go to any spyware removal sites, I get redirected search results, and there is something that keeps downloading the things I have removed.I'd appreciate any help.Thanks.Here is my current hijackthis log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:02:23 PM, on 7/7/2009Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18248)Boot mode: Safe mode with network supportRunning processes:C:\Windows\System32\smss.exeC:\Windows\... Read more

Answer:Malware stopping me from updating any spyware removal programs

Hello, my name is fenzodahl512 and welcome to Bleeping Computer.. Please do the following....Please download The Comedian.exe by Rorschach112 to your desktopPlease disable all of your antivirus/firewall before doing this step. Please visit HERE if you don't know how..Double click the program to run it. It will only take around several minutes to run.It will do a series of tasks and tell you when each one is finished.You will be prompted to press any key after each stepWhen it is done it will close and exit itself automatically.You can delete The_Comedian.exe once it is finishedSTOP! if you can't complete this step.. Tell me more about it..NEXTPlease download Malwarebytes' Anti-Malware from HERE or HERENote: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Full Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and ... Read more

2 more replies
Relevance 58.22%

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Administrator at 12:32:35.75 on Fri 04/22/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1789.899 [GMT -7:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\System32\svchost.exe -k Cognizance
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\WINDOWS\system32\svchost -k rpcss
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k eapsvcs
svchost.exe
C:\WINDOWS\System32\svchost.exe -k dot3svc
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\ActivIdentity\ActivClient\accoca.exe
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program... Read more

Answer:Virus, Trojan, Spyware, and Malware Removal Logs

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

3 more replies
Relevance 58.22%

All,

My laptop was being used by a member of my household. Browsing through facebook and opened a utube video request. Immediately the laptop was infected with the koobface virus. I searched the internet and found a post on bleeping computer with instructions on how to remove. Virus was not allowing me to go to most useful web sites. I logged PC up in safe mode. Downloaded and installed "rkill" and "mbam" After the software was installed I returned to normal mode. Ran tools and removed the koobface virus. All was well I thought.

I am now not able to update AVG virus protection, Spybot Search & Destroy updates are disabled. Even windows update will not go to correct internet site. The web site shows a message "Internet Explorer cannot display the webpage"
My dns is also being re-directed when I try to go to bleepingcomputer.com.
Any suggestions would be appreciated.

NealK

More replies