Over 1 million tech questions and answers.

Lions, viruses and bears...oh my!

Q: Lions, viruses and bears...oh my!

Helping a friend with an infection of his desktop.  It has lots of viruses.  Attached is the logs from my most recent scans in Safe Mode.  Scans are coming up clean but I don't trust it.  What should I do next?
 
Automated Cleanup Engine
Starting Cleanup at 02/05/2015 - 21:19:25 GMT
 
Starting Routine> Removing c:\windows\apppatch\apppatch64\vcldr64.dll...#(PX5: E4B272B01063651C3B4804FD469D2C00ADF24910 - MD5: B6C1C50ADBE12000B62866D662A24230)...
Deleting File> c:\windows\apppatch\apppatch64\vcldr64.dll
Starting Routine> Removing c:\program files (x86)\cinemaplus-3.2cv24.04\utils.exe...#(PX5: B8B3A8A5EEE14F4D04211B2C27945E00FB44C658 - MD5: CC95BCFC967B1E5097038AD1B94AE09C)...
Deleting File> c:\program files (x86)\cinemaplus-3.2cv24.04\utils.exe
Starting Routine> Removing c:\users\shadowreaperx2\appdata\local\temp\nsi65e0.tmp...#(PX5: 7BDC821BE6ADC4FA1A5301EF10ECCF0015E16639 - MD5: 41FF7A7A605DB143C289655232FED377)...
Deleting File> c:\users\shadowreaperx2\appdata\local\temp\nsi65e0.tmp
Deleting File> C:\Users\ShadowReaperX2\AppData\Local\Temp\nsw9370.tmp
Deleting File> C:\Users\SHADOW~1\AppData\Local\Temp\nsg92C3.tmp
Deleting File> C:\Users\SHADOW~1\AppData\Local\Temp\nsg92C3.tmp
Starting Routine> Removing c:\users\shadowreaperx2\appdata\local\temp\nsr9610.tmp...#(PX5: 51158FEF2E7002E2652204E1AAC5D900FED317EC - MD5: E56E2D0E9996AFA45F6D0A72294604D8)...
Deleting File> c:\users\shadowreaperx2\appdata\local\temp\nsr9610.tmp
Starting Routine> Removing c:\users\shadowreaperx2\appdata\local\temp\mvo27de.exe...#(PX5: 1DAF4F740085F997A85D0423141E2A00F9127605 - MD5: BDBDC4B1CB2D530048E31736D68D47E8)...
Deleting File> c:\users\shadowreaperx2\appdata\local\temp\mvo27de.exe
Starting Routine> Removing c:\users\shadowreaperx2\appdata\local\temp\nsb1f37.tmp...#(PX5: 64CB41D1C8970DE008E1084CB6468700AC4BEF9A - MD5: 6EEFFC36C55EAD6CD6D6FCCBC4CD8973)...
Deleting File> c:\users\shadowreaperx2\appdata\local\temp\nsb1f37.tmp
Deleting File> C:\Users\ShadowReaperX2\AppData\Local\Microsoft\Windows\INetCache\IE\TVV9RHFW\OfferInstaller_dotnet4[1].exe
Starting Routine> Removing c:\$recycle.bin\s-1-5-21-729944068-2918999288-2085728056-1002\$rf7ti53\[hentai 3d] affect3d - girlfriends 4 ever [eng-full].exe...#(PX5: 2EEF1F5F0083C9B9187307B122F4B5007B72C2B3 - MD5: F6F6F7C44C123908533C9FDFEF83F4DC)...
Deleting File> c:\$recycle.bin\s-1-5-21-729944068-2918999288-2085728056-1002\$rf7ti53\[hentai 3d] affect3d - girlfriends 4 ever [eng-full].exe
Starting Routine> Removing c:\users\shadowreaperx2\appdata\local\temp\a6b8\temp\[hentai 3d] affect3d - girlfriends 4 ever [eng-full].exe...#(PX5: 2EEF1F5F0083C9B9187307B122F4B5007B72C2B3 - MD5: F6F6F7C44C123908533C9FDFEF83F4DC)...
Deleting File> c:\users\shadowreaperx2\appdata\local\temp\a6b8\temp\[hentai 3d] affect3d - girlfriends 4 ever [eng-full].exe
Starting Routine> Removing c:\program files (x86)\searchprotect\main\bin\cltmngsvc.exe...#(PX5: 75C9B41610D6F8BAB73C32FFA455D9002562B9F9 - MD5: 3351370D5B910610D85D3A13C8429BD7)...
Deleting File> c:\program files (x86)\searchprotect\main\bin\cltmngsvc.exe
Writing Registry Value> HKLM\System\CurrentControlSet\Services\CltMngSvc - ImagePath
Deleting Registry Value> HKLM\System\CurrentControlSet\Services\CltMngSvc - ImagePath
Writing Registry Value> HKLM\SYSTEM\ControlSet002\Services\CltMngSvc - ImagePath
Deleting Registry Value> HKLM\SYSTEM\ControlSet002\Services\CltMngSvc - ImagePath
Starting Routine> Removing c:\users\shadowreaperx2\appdata\local\avaavbxvba\avaavbxvba.exe...#(PX5: B979FC94008FAD70A8C62134C643B700EFFE0808 - MD5: E584CA6DACE0210A4C4B7715E5FA7C7F)...
Deleting File> c:\users\shadowreaperx2\appdata\local\avaavbxvba\avaavbxvba.exe
Deleting File> C:\Users\ShadowReaperX2\AppData\Local\avaavbxvba\qokvxfk
Deleting File> C:\Users\ShadowReaperX2\AppData\Local\avaavbxvba\ycfvxfk
Deleting File> C:\Users\ShadowReaperX2\AppData\Local\avaavbxvba\bahvxfk
Deleting File> C:\Users\ShadowReaperX2\AppData\Local\avaavbxvba\rfobmlpfqlovvawq
Deleting File> C:\Users\ShadowReaperX2\AppData\Local\avaavbxvba\rpboobmlpfqlovvawq
Deleting File> C:\Users\ShadowReaperX2\AppData\Local\avaavbxvba\pvpqbjobmlpfqlovvawq
Starting Routine> Removing c:\program files (x86)\searchprotect\searchprotect\bin\cltmng.exe...#(PX5: 8673025410FD9748474345C9EEAB8600B09C2CAB - MD5: 210BA6684D535E0664AED1F278DC2733)...
Deleting File> c:\program files (x86)\searchprotect\searchprotect\bin\cltmng.exe
Starting Routine> Removing c:\program files (x86)\searchprotect\searchprotect\bin\vc32loader.dll...#(PX5: 51035C8710202AF18F7403C87900AA00D56E4197 - MD5: B319453CD6E82F9290870F2ED023D79B)...
Deleting File> c:\program files (x86)\searchprotect\searchprotect\bin\vc32loader.dll
Writing Registry Value> HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows - appinit_dlls
Deleting Registry Value> HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows - appinit_dlls
Starting Routine> Removing c:\program files (x86)\searchprotect\searchprotect\bin\vc64loader.dll...#(PX5: E4B272B01063651C3B4804FD469D2C00ADF24910 - MD5: B6C1C50ADBE12000B62866D662A24230)...
Deleting File> c:\program files (x86)\searchprotect\searchprotect\bin\vc64loader.dll
Writing Registry Value> HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows - AppInit_DLLs
Deleting Registry Value> HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows - AppInit_DLLs
Starting Routine> Removing c:\program files (x86)\searchprotect\ui\bin\cltmngui.exe...#(PX5: A8A40BFC10C6D499F9483203F4BADD0032CD7B8C - MD5: FCEA7C183E0310E728D70B1FECD55A17)...
Deleting File> c:\program files (x86)\searchprotect\ui\bin\cltmngui.exe
Starting Routine> Removing c:\users\shadowreaperx2\appdata\local\smartweb\smartwebapp.exe...#(PX5: E4B52F75209694D980A5085916AE9E00CDF0ECA1 - MD5: 44069C2AC699C8DAD80A96FB1C8DFE57)...
Deleting File> c:\users\shadowreaperx2\appdata\local\smartweb\smartwebapp.exe
Starting Routine> Removing c:\users\shadowreaperx2\appdata\local\smartweb\swhk.dll...#(PX5: A3366F602071B837A062012CE52EB700549B2B42 - MD5: BCE139E3D1B13AB38B58E645ABE30679)...
Deleting File> c:\users\shadowreaperx2\appdata\local\smartweb\swhk.dll
Starting Routine> Removing c:\users\shadowreaperx2\appdata\local\smartweb\smartwebhelper.exe...#(PX5: 76CD84FE20438B2620DB042E9F53E30032FF7A2D - MD5: 153F088DFDB3F940AD9DAEB04A3ACC4D)...
Deleting File> c:\users\shadowreaperx2\appdata\local\smartweb\smartwebhelper.exe
Writing Registry Value> HKLM\Software\Microsoft\Windows\CurrentVersion\run - SmartWeb
Deleting Registry Value> HKLM\Software\Microsoft\Windows\CurrentVersion\run - SmartWeb
Starting Routine> Removing c:\users\shadowreaperx2\appdata\local\temp\is-i30uj.tmp\solun.exe...#(PX5: D0FEEB5DD05E65BF160B08F5411DE3000246FDE1 - MD5: 9F17407FF8FCA1654DD65DC68FE287EB)...
Deleting File> c:\users\shadowreaperx2\appdata\local\temp\is-i30uj.tmp\solun.exe
Starting Routine> Removing c:\program files (x86)\orbtr\orbiter.dll...#(PX5: 87591EEBD0E3AF0D85CB08B7E834FE00FEF21EDE - MD5: 82FC4EAFF4156DDB621FADDC0741011D)...
Deleting File> c:\program files (x86)\orbtr\orbiter.dll
Writing Registry Value> HKLM\SYSTEM\ControlSet002\Services\Orbiter\Parameters - ServiceDll
Deleting Registry Value> HKLM\SYSTEM\ControlSet002\Services\Orbiter\Parameters - ServiceDll
Starting Routine> Removing c:\users\shadowreaperx2\appdata\local\temp\is-i30uj.tmp\tutobun.exe...#(PX5: 14A6205A800DF26C1D0D0E68785FCA0056DF38E7 - MD5: 47977FE2950778BA80A242F58AE6D43B)...
Deleting File> c:\users\shadowreaperx2\appdata\local\temp\is-i30uj.tmp\tutobun.exe
Writing Registry Value> HKU\S-1-5-21-729944068-2918999288-2085728056-1002\Software\Microsoft\RestartManager\Session0001 - SessionHash
Deleting Registry Value> HKU\S-1-5-21-729944068-2918999288-2085728056-1002\Software\Microsoft\RestartManager\Session0001 - SessionHash
Writing Registry Value> HKU\S-1-5-21-729944068-2918999288-2085728056-1002\Software\Microsoft\RestartManager\Session0001 - Owner
Deleting Registry Value> HKU\S-1-5-21-729944068-2918999288-2085728056-1002\Software\Microsoft\RestartManager\Session0001 - Owner
Deleting File> C:\Users\ShadowReaperX2\AppData\Local\Temp\is-HECJA.tmp\isskin.dll
Writing Registry Value> HKU\S-1-5-21-729944068-2918999288-2085728056-1002\Software\Microsoft\RestartManager\Session0001 - Sequence
Deleting Registry Value> HKU\S-1-5-21-729944068-2918999288-2085728056-1002\Software\Microsoft\RestartManager\Session0001 - Sequence
Writing Registry Value> HKU\S-1-5-21-729944068-2918999288-2085728056-1002\Software\Microsoft\RestartManager\Session0001 - SessionHash
Deleting Registry Value> HKU\S-1-5-21-729944068-2918999288-2085728056-1002\Software\Microsoft\RestartManager\Session0001 - SessionHash
Writing Registry Value> HKU\S-1-5-21-729944068-2918999288-2085728056-1002\Software\Microsoft\RestartManager\Session0001 - Owner
Deleting Registry Value> HKU\S-1-5-21-729944068-2918999288-2085728056-1002\Software\Microsoft\RestartManager\Session0001 - Owner
Deleting File> C:\Users\ShadowReaperX2\AppData\Local\Temp\is-HECJA.tmp\_isetup\_shfoldr.dll
Deleting File> C:\Users\ShadowReaperX2\AppData\Local\Temp\is-HECJA.tmp\_isetup\_setup64.tmp
Starting Routine> Removing c:\windows\xiz.exe...#(PX5: 59E924B900D32A291C47089092792500A09E31F8 - MD5: 2834FB6DE6C1D2742083B3E9BD3F1A11)...
Deleting File> c:\windows\xiz.exe
Writing Registry Value> HKLM\System\CurrentControlSet\Services\xiz - ImagePath
Deleting Registry Value> HKLM\System\CurrentControlSet\Services\xiz - ImagePath
Writing Registry Value> HKLM\SYSTEM\ControlSet002\Services\xiz - ImagePath
Deleting Registry Value> HKLM\SYSTEM\ControlSet002\Services\xiz - ImagePath
Starting Routine> Removing c:\users\shadowreaperx2\appdata\roaming\03de0294-1429872842-057f-6406-0e0700080009\vnsvb41e.tmp...#(PX5: 7BDC821BCDADC4FADC5304EF10ECCF00E5C646B3 - MD5: EE37FE0A3CA472B8BE3739086C7F17DD)...
Deleting File> c:\users\shadowreaperx2\appdata\roaming\03de0294-1429872842-057f-6406-0e0700080009\vnsvb41e.tmp
Starting Routine> Removing c:\users\shadowreaperx2\appdata\roaming\03de0294-1429872842-057f-6406-0e0700080009\nsg112f.tmp...#(PX5: 2F4DD7BB0028A462826F022D3C33CC006E1A2E08 - MD5: 329C5067B10660F6E4E2EB1A181FEE88)...
Deleting File> c:\users\shadowreaperx2\appdata\roaming\03de0294-1429872842-057f-6406-0e0700080009\nsg112f.tmp
Writing Registry Value> HKLM\System\CurrentControlSet\Services\gecyqyji - ImagePath
Deleting Registry Value> HKLM\System\CurrentControlSet\Services\gecyqyji - ImagePath
Writing Registry Value> HKLM\SYSTEM\ControlSet002\Services\gecyqyji - ImagePath
Deleting Registry Value> HKLM\SYSTEM\ControlSet002\Services\gecyqyji - ImagePath
Starting Routine> Removing c:\users\shadowreaperx2\appdata\local\temp\jue3ad4.exe...#(PX5: 8664206600B97313C0852D76E5D6FF001A334BE2 - MD5: 62BE2F8AD70E13DD8259CDD27F5553F6)...
Deleting File> c:\users\shadowreaperx2\appdata\local\temp\jue3ad4.exe
Starting Routine> Removing c:\users\shadowreaperx2\appdata\local\temp\nsw5124.tmp...#(PX5: 64CB41D1C8970DE008E1084CB6468700AC4BEF9A - MD5: 6EEFFC36C55EAD6CD6D6FCCBC4CD8973)...
Deleting File> c:\users\shadowreaperx2\appdata\local\temp\nsw5124.tmp
Starting Routine> Removing c:\windows\mxiz.exe...#(PX5: 8DF5C1DD00CADF69FC85077176167600F51B7D89 - MD5: A60D96C54CE218C5F878A688E3493B95)...
Deleting File> c:\windows\mxiz.exe
Writing Registry Value> HKLM\System\CurrentControlSet\Services\mxiz - ImagePath
Deleting Registry Value> HKLM\System\CurrentControlSet\Services\mxiz - ImagePath
Writing Registry Value> HKLM\SYSTEM\ControlSet002\Services\mxiz - ImagePath
Deleting Registry Value> HKLM\SYSTEM\ControlSet002\Services\mxiz - ImagePath
Starting Routine> Removing c:\users\shadowreaperx2\appdata\local\temp\f9626892-7a78-3199-abd2-97bbce96297b\extracted\adv_35.exe...#(PX5: B6B7B4F140420B22039E019A0AB6BF0064889E10 - MD5: 9FB9D49C2DB7EDD1084AB765D619F5C6)...
Deleting File> c:\users\shadowreaperx2\appdata\local\temp\f9626892-7a78-3199-abd2-97bbce96297b\extracted\adv_35.exe
Deleting File> C:\Users\ShadowReaperX2\AppData\Local\Temp\nss3D8B.exe
Deleting File> C:\Users\ShadowReaperX2\AppData\Local\Microsoft\Windows\INetCache\IE\MDNMYKGE\spstub[1].exe
Deleting File> C:\Users\SHADOW~1\AppData\Local\Temp\nsc3B0A.tmp
Deleting File> C:\Users\SHADOW~1\AppData\Local\Temp\nsc3B0A.tmp
Starting Routine> Removing c:\program files (x86)\maxcomputercleaner\maxcomputercleanersetup_silent.exe...#(PX5: 7E4DFD1B50D863C193485936DB3F36003858420C - MD5: D51CA23E6760D494C24C6100270F5EF3)...
Deleting File> c:\program files (x86)\maxcomputercleaner\maxcomputercleanersetup_silent.exe
Deleting File> C:\Users\ShadowReaperX2\AppData\Roaming\Max Computer Cleaner\Max Computer Cleaner 2.6.9\install\DEE6785\Splash.exe.config
Deleting File> C:\Users\ShadowReaperX2\AppData\Roaming\Max Computer Cleaner\Max Computer Cleaner 2.6.9\install\DEE6785\Setup.dll.config
Deleting File> C:\Users\ShadowReaperX2\AppData\Roaming\Max Computer Cleaner\Max Computer Cleaner 2.6.9\install\DEE6785\MaxComputerCleaner.exe.config
Deleting File> C:\Users\ShadowReaperX2\AppData\Roaming\Max Computer Cleaner\Max Computer Cleaner 2.6.9\install\DEE6785\Logging.dll.config
Deleting File> C:\Users\ShadowReaperX2\AppData\Roaming\Max Computer Cleaner\Max Computer Cleaner 2.6.9\install\DEE6785\InstAct.exe.config
Deleting File> C:\Users\ShadowReaperX2\AppData\Roaming\Max Computer Cleaner\Max Computer Cleaner 2.6.9\install\DEE6785\sr-Latn-RS\Splash.resources.dll
Deleting File> C:\Users\ShadowReaperX2\AppData\Roaming\Max Computer Cleaner\Max Computer Cleaner 2.6.9\install\DEE6785\sr-Cyrl-RS\Splash.resources.dll
Deleting File> C:\Users\ShadowReaperX2\AppData\Roaming\Max Computer Cleaner\Max Computer Cleaner 2.6.9\install\DEE6785\se-FI\Splash.resources.dll
Deleting File> C:\Users\ShadowReaperX2\AppData\Roaming\Max Computer Cleaner\Max Computer Cleaner 2.6.9\install\DEE6785\ru\Splash.resources.dll
Deleting File> C:\Users\ShadowReaperX2\AppData\Roaming\Max Computer Cleaner\Max Computer Cleaner 2.6.9\install\DEE6785\pt\Splash.resources.dll
Deleting File> C:\Users\ShadowReaperX2\AppData\Roaming\Max Computer Cleaner\Max Computer Cleaner 2.6.9\install\DEE6785\no\Splash.resources.dll
Deleting File> C:\Users\ShadowReaperX2\AppData\Roaming\Max Computer Cleaner\Max Computer Cleaner 2.6.9\install\DEE6785\nl\Splash.resources.dll
Deleting File> C:\Users\ShadowReaperX2\AppData\Roaming\Max Computer Cleaner\Max Computer Cleaner 2.6.9\install\DEE6785\ja\Splash.resources.dll
Deleting File> C:\Users\ShadowReaperX2\AppData\Roaming\Max Computer Cleaner\Max Computer Cleaner 2.6.9\install\DEE6785\it\Splash.resources.dll
Deleting File> C:\Users\ShadowReaperX2\AppData\Roaming\Max Computer Cleaner\Max Computer Cleaner 2.6.9\install\DEE6785\hr-HR\Splash.resources.dll
Deleting File> C:\Users\ShadowReaperX2\AppData\Roaming\Max Computer Cleaner\Max Computer Cleaner 2.6.9\install\DEE6785\he\Splash.resources.dll
Deleting File> C:\Users\ShadowReaperX2\AppData\Roaming\Max Computer Cleaner\Max Computer Cleaner 2.6.9\install\DEE6785\fr\Splash.resources.dll
Deleting File> C:\Users\ShadowReaperX2\AppData\Roaming\Max Computer Cleaner\Max Computer Cleaner 2.6.9\install\DEE6785\fil-PH\Splash.resources.dll
Deleting File> C:\Users\ShadowReaperX2\AppData\Roaming\Max Computer Cleaner\Max Computer Cleaner 2.6.9\install\DEE6785\es\Splash.resources.dll
Deleting File> C:\Users\ShadowReaperX2\AppData\Roaming\Max Computer Cleaner\Max Computer Cleaner 2.6.9\install\DEE6785\de\Splash.resources.dll
Deleting File> C:\Users\ShadowReaperX2\AppData\Roaming\Max Computer Cleaner\Max Computer Cleaner 2.6.9\install\DEE6785\da\Splash.resources.dll
Deleting File> C:\Users\ShadowReaperX2\AppData\Roaming\Max Computer Cleaner\Max Computer Cleaner 2.6.9\install\DEE6785\bs-Latn-BA\Splash.resources.dll
Deleting File> C:\Users\ShadowReaperX2\AppData\Roaming\Max Computer Cleaner\Max Computer Cleaner 2.6.9\install\DEE6785\bs-Cyrl-BA\Splash.resources.dll
Deleting File> C:\Users\ShadowReaperX2\AppData\Roaming\Max Computer Cleaner\Max Computer Cleaner 2.6.9\install\DEE6785\ar\Splash.resources.dll
Deleting File> C:\Users\ShadowReaperX2\AppData\Roaming\Max Computer Cleaner\Max Computer Cleaner 2.6.9\install\DEE6785\Setup.dll
Deleting File> C:\Users\ShadowReaperX2\AppData\Roaming\Max Computer Cleaner\Max Computer Cleaner 2.6.9\install\DEE6785\Microsoft.Win32.TaskScheduler.dll
Deleting File> C:\Users\ShadowReaperX2\AppData\Roaming\Max Computer Cleaner\Max Computer Cleaner 2.6.9\install\DEE6785\Microsoft.Deployment.WindowsInstaller.dll
Deleting File> C:\Users\ShadowReaperX2\AppData\Roaming\Max Computer Cleaner\Max Computer Cleaner 2.6.9\install\DEE6785\tr-TR\MaxComputerCleaner.resources.dll
Deleting File> C:\Users\ShadowReaperX2\AppData\Roaming\Max Computer Cleaner\Max Computer Cleaner 2.6.9\install\DEE6785\th-TH\MaxComputerCleaner.resources.dll
Deleting File> C:\Users\ShadowReaperX2\AppData\Roaming\Max Computer Cleaner\Max Computer Cleaner 2.6.9\install\DEE6785\sv\MaxComputerCleaner.resources.dll
Deleting File> C:\Users\ShadowReaperX2\AppData\Roaming\Max Computer Cleaner\Max Computer Cleaner 2.6.9\install\DEE6785\sr-Latn-RS\MaxComputerCleaner.resources.dll
Deleting File> C:\Users\ShadowReaperX2\AppData\Roaming\Max Computer Cleaner\Max Computer Cleaner 2.6.9\install\DEE6785\sr-Cyrl-RS\MaxComputerCleaner.resources.dll
Deleting File> C:\Users\ShadowReaperX2\AppData\Roaming\Max Computer Cleaner\Max Computer Cleaner 2.6.9\install\DEE6785\se-FI\MaxComputerCleaner.resources.dll
Deleting File> C:\Users\ShadowReaperX2\AppData\Roaming\Max Computer Cleaner\Max Computer Cleaner 2.6.9\install\DEE6785\ru\MaxComputerCleaner.resources.dll
Deleting File> C:\Users\ShadowReaperX2\AppData\Roaming\Max Computer Cleaner\Max Computer Cleaner 2.6.9\install\DEE6785\pt\MaxComputerCleaner.resources.dll
Deleting File> C:\Users\ShadowReaperX2\AppData\Roaming\Max Computer Cleaner\Max Computer Cleaner 2.6.9\install\DEE6785\no\MaxComputerCleaner.resources.dll
Deleting File> C:\Users\ShadowReaperX2\AppData\Roaming\Max Computer Cleaner\Max Computer Cleaner 2.6.9\install\DEE6785\nl\MaxComputerCleaner.resources.dll
Deleting File> C:\Users\ShadowReaperX2\AppData\Roaming\Max Computer Cleaner\Max Computer Cleaner 2.6.9\install\DEE6785\ja\MaxComputerCleaner.resources.dll
Deleting File> C:\Users\ShadowReaperX2\AppData\Roaming\Max Computer Cleaner\Max Computer Cleaner 2.6.9\install\DEE6785\it\MaxComputerCleaner.resources.dll
Deleting File> C:\Users\ShadowReaperX2\AppData\Roaming\Max Computer Cleaner\Max Computer Cleaner 2.6.9\install\DEE6785\hr-HR\MaxComputerCleaner.resources.dll
Deleting File> C:\Users\ShadowReaperX2\AppData\Roaming\Max Computer Cleaner\Max Computer Cleaner 2.6.9\install\DEE6785\he\MaxComputerCleaner.resources.dll
Deleting File> C:\Users\ShadowReaperX2\AppData\Roaming\Max Computer Cleaner\Max Computer Cleaner 2.6.9\install\DEE6785\fr\MaxComputerCleaner.resources.dll
Deleting File> C:\Users\ShadowReaperX2\AppData\Roaming\Max Computer Cleaner\Max Computer Cleaner 2.6.9\install\DEE6785\fil-PH\MaxComputerCleaner.resources.dll
Deleting File> C:\Users\ShadowReaperX2\AppData\Roaming\Max Computer Cleaner\Max Computer Cleaner 2.6.9\install\DEE6785\es\MaxComputerCleaner.resources.dll
Deleting File> C:\Users\ShadowReaperX2\AppData\Roaming\Max Computer Cleaner\Max Computer Cleaner 2.6.9\install\DEE6785\de\MaxComputerCleaner.resources.dll
Deleting File> C:\Users\ShadowReaperX2\AppData\Roaming\Max Computer Cleaner\Max Computer Cleaner 2.6.9\install\DEE6785\da\MaxComputerCleaner.resources.dll
Deleting File> C:\Users\ShadowReaperX2\AppData\Roaming\Max Computer Cleaner\Max Computer Cleaner 2.6.9\install\DEE6785\bs-Latn-BA\MaxComputerCleaner.resources.dll
Deleting File> C:\Users\ShadowReaperX2\AppData\Roaming\Max Computer Cleaner\Max Computer Cleaner 2.6.9\install\DEE6785\bs-Cyrl-BA\MaxComputerCleaner.resources.dll
Deleting File> C:\Users\ShadowReaperX2\AppData\Roaming\Max Computer Cleaner\Max Computer Cleaner 2.6.9\install\DEE6785\ar\MaxComputerCleaner.resources.dll
Deleting File> C:\Users\ShadowReaperX2\AppData\Roaming\Max Computer Cleaner\Max Computer Cleaner 2.6.9\install\DEE6785\Logging.dll
Deleting File> C:\Users\ShadowReaperX2\AppData\Roaming\Max Computer Cleaner\Max Computer Cleaner 2.6.9\install\DEE6785\Interop.Shell32.dll
Deleting File> C:\Users\ShadowReaperX2\AppData\Roaming\Max Computer Cleaner\Max Computer Cleaner 2.6.9\install\DEE6785\Interop.IWshRuntimeLibrary.dll
Deleting File> C:\Users\ShadowReaperX2\AppData\Roaming\Max Computer Cleaner\Max Computer Cleaner 2.6.9\install\DEE6785\Helper.dll
Deleting File> C:\Users\ShadowReaperX2\AppData\Roaming\Max Computer Cleaner\Max Computer Cleaner 2.6.9\install\DEE6785\ComponentFactory.Krypton.Toolkit.dll
Deleting File> C:\Users\ShadowReaperX2\AppData\Roaming\Max Computer Cleaner\Max Computer Cleaner 2.6.9\install\DEE6785\bo.dll
Deleting File> C:\Users\ShadowReaperX2\AppData\Roaming\Max Computer Cleaner\Max Computer Cleaner 2.6.9\install\DEE6785\updater.exe
Deleting File> C:\Users\ShadowReaperX2\AppData\Roaming\Max Computer Cleaner\Max Computer Cleaner 2.6.9\install\DEE6785\Splash.exe
Deleting File> C:\Users\ShadowReaperX2\AppData\Roaming\Max Computer Cleaner\Max Computer Cleaner 2.6.9\install\DEE6785\MaxComputerCleaner.exe
Deleting File> C:\Users\ShadowReaperX2\AppData\Roaming\Max Computer Cleaner\Max Computer Cleaner 2.6.9\install\DEE6785\InstAct.exe
Deleting File> C:\Users\ShadowReaperX2\AppData\Roaming\Max Computer Cleaner\Max Computer Cleaner 2.6.9\install\DEE6785\Helper.dll.config
Deleting File> C:\Users\ShadowReaperX2\AppData\Roaming\Max Computer Cleaner\Max Computer Cleaner 2.6.9\install\DEE6785\bo.dll.config
Deleting File> C:\Users\ShadowReaperX2\AppData\Roaming\Max Computer Cleaner\Max Computer Cleaner 2.6.9\install\DEE6785\tr-TR\Uninst000.resources.dll
Deleting File> C:\Users\ShadowReaperX2\AppData\Roaming\Max Computer Cleaner\Max Computer Cleaner 2.6.9\install\DEE6785\th-TH\Uninst000.resources.dll
Deleting File> C:\Users\ShadowReaperX2\AppData\Roaming\Max Computer Cleaner\Max Computer Cleaner 2.6.9\install\DEE6785\sv\Uninst000.resources.dll
Deleting File> C:\Users\ShadowReaperX2\AppData\Roaming\Max Computer Cleaner\Max Computer Cleaner 2.6.9\install\DEE6785\sr-Latn-RS\Uninst000.resources.dll
Deleting File> C:\Users\ShadowReaperX2\AppData\Roaming\Max Computer Cleaner\Max Computer Cleaner 2.6.9\install\DEE6785\sr-Cyrl-RS\Uninst000.resources.dll
Deleting File> C:\Users\ShadowReaperX2\AppData\Roaming\Max Computer Cleaner\Max Computer Cleaner 2.6.9\install\DEE6785\se-FI\Uninst000.resources.dll
Deleting File> C:\Users\ShadowReaperX2\AppData\Roaming\Max Computer Cleaner\Max Computer Cleaner 2.6.9\install\DEE6785\ru\Uninst000.resources.dll
Deleting File> C:\Users\ShadowReaperX2\AppData\Roaming\Max Computer Cleaner\Max Computer Cleaner 2.6.9\install\DEE6785\pt\Uninst000.resources.dll
Deleting File> C:\Users\ShadowReaperX2\AppData\Roaming\Max Computer Cleaner\Max Computer Cleaner 2.6.9\install\DEE6785\no\Uninst000.resources.dll
Deleting File> C:\Users\ShadowReaperX2\AppData\Roaming\Max Computer Cleaner\Max Computer Cleaner 2.6.9\install\DEE6785\nl\Uninst000.resources.dll
Deleting File> C:\Users\ShadowReaperX2\AppData\Roaming\Max Computer Cleaner\Max Computer Cleaner 2.6.9\install\DEE6785\ja\Uninst000.resources.dll
Deleting File> C:\Users\ShadowReaperX2\AppData\Roaming\Max Computer Cleaner\Max Computer Cleaner 2.6.9\install\DEE6785\it\Uninst000.resources.dll
Deleting File> C:\Users\ShadowReaperX2\AppData\Roaming\Max Computer Cleaner\Max Computer Cleaner 2.6.9\install\DEE6785\hr-HR\Uninst000.resources.dll
Deleting File> C:\Users\ShadowReaperX2\AppData\Roaming\Max Computer Cleaner\Max Computer Cleaner 2.6.9\install\DEE6785\he\Uninst000.resources.dll
Deleting File> C:\Users\ShadowReaperX2\AppData\Roaming\Max Computer Cleaner\Max Computer Cleaner 2.6.9\install\DEE6785\fr\Uninst000.resources.dll
Deleting File> C:\Users\ShadowReaperX2\AppData\Roaming\Max Computer Cleaner\Max Computer Cleaner 2.6.9\install\DEE6785\fil-PH\Uninst000.resources.dll
Deleting File> C:\Users\ShadowReaperX2\AppData\Roaming\Max Computer Cleaner\Max Computer Cleaner 2.6.9\install\DEE6785\es\Uninst000.resources.dll
Deleting File> C:\Users\ShadowReaperX2\AppData\Roaming\Max Computer Cleaner\Max Computer Cleaner 2.6.9\install\DEE6785\de\Uninst000.resources.dll
Deleting File> C:\Users\ShadowReaperX2\AppData\Roaming\Max Computer Cleaner\Max Computer Cleaner 2.6.9\install\DEE6785\da\Uninst000.resources.dll
Deleting File> C:\Users\ShadowReaperX2\AppData\Roaming\Max Computer Cleaner\Max Computer Cleaner 2.6.9\install\DEE6785\bs-Latn-BA\Uninst000.resources.dll
Deleting File> C:\Users\ShadowReaperX2\AppData\Roaming\Max Computer Cleaner\Max Computer Cleaner 2.6.9\install\DEE6785\bs-Cyrl-BA\Uninst000.resources.dll
Deleting File> C:\Users\ShadowReaperX2\AppData\Roaming\Max Computer Cleaner\Max Computer Cleaner 2.6.9\install\DEE6785\ar\Uninst000.resources.dll
Deleting File> C:\Users\ShadowReaperX2\AppData\Roaming\Max Computer Cleaner\Max Computer Cleaner 2.6.9\install\DEE6785\Uninst000.dll
Deleting File> C:\Users\ShadowReaperX2\AppData\Roaming\Max Computer Cleaner\Max Computer Cleaner 2.6.9\install\DEE6785\Uninst000.CA.dll
Deleting File> C:\Users\ShadowReaperX2\AppData\Roaming\Max Computer Cleaner\Max Computer Cleaner 2.6.9\install\DEE6785\tr-TR\Splash.resources.dll
Deleting File> C:\Users\ShadowReaperX2\AppData\Roaming\Max Computer Cleaner\Max Computer Cleaner 2.6.9\install\DEE6785\th-TH\Splash.resources.dll
Deleting File> C:\Users\ShadowReaperX2\AppData\Roaming\Max Computer Cleaner\Max Computer Cleaner 2.6.9\install\DEE6785\sv\Splash.resources.dll
Deleting File> C:\Users\ShadowReaperX2\AppData\Roaming\Max Computer Cleaner\Max Computer Cleaner 2.6.9\install\DEE6785\MaxComputerCleaner.msi
Deleting File> C:\Users\ShadowReaperX2\AppData\Roaming\Max Computer Cleaner\Max Computer Cleaner 2.6.9\install\decoder.dll
Starting Routine> Removing c:\users\shadowreaperx2\appdata\roaming\03de0294-1429872842-057f-6406-0e0700080009\rnscec1f.exe...#(PX5: EA19B55F00BB00BD5078015BAE93900015155C79 - MD5: A10ADBEE8ACB6C06DCC69514B6725A3C)...
Deleting File> c:\users\shadowreaperx2\appdata\roaming\03de0294-1429872842-057f-6406-0e0700080009\rnscec1f.exe
Starting Routine> Removing c:\users\shadowreaperx2\appdata\local\temp\juecf0a.exe...#(PX5: 8664206600B97313C0852D76E5D6FF001A334BE2 - MD5: 62BE2F8AD70E13DD8259CDD27F5553F6)...
Deleting File> c:\users\shadowreaperx2\appdata\local\temp\juecf0a.exe
Starting Routine> Removing c:\users\shadowreaperx2\appdata\roaming\03de0294-1429872842-057f-6406-0e0700080009\jnsof059.tmp...#(PX5: 84A2988300692677E4D3015506957100C330A133 - MD5: D1BAC480641374F7FA604B4B53E9B607)...
Deleting File> c:\users\shadowreaperx2\appdata\roaming\03de0294-1429872842-057f-6406-0e0700080009\jnsof059.tmp
Writing Registry Value> HKLM\System\CurrentControlSet\Services\tuhurunu - ImagePath
Deleting Registry Value> HKLM\System\CurrentControlSet\Services\tuhurunu - ImagePath
Writing Registry Value> HKLM\SYSTEM\ControlSet002\Services\tuhurunu - ImagePath
Deleting Registry Value> HKLM\SYSTEM\ControlSet002\Services\tuhurunu - ImagePath
Starting Routine> Removing c:\program files (x86)\cinema_plus_i2v24.04\utils.exe...#(PX5: B8B3A8A5BFE14F4DFF211E2C27945E002FE90B52 - MD5: 86C341C95C8937B26CC5A354411462CE)...
Deleting File> c:\program files (x86)\cinema_plus_i2v24.04\utils.exe
Starting Routine> Removing c:\users\shadowreaperx2\appdata\roaming\wvd8ow3ikloqil.exe...#(PX5: 94A1D54B00EA98391AB0181243C7F400F45AD186 - MD5: 3A1D89B89C9D62951957F0839578DD9B)...
Deleting File> c:\users\shadowreaperx2\appdata\roaming\wvd8ow3ikloqil.exe
Deleting File> C:\WINDOWS\Tasks\wvD8ow3ikLOQIL.job
Starting Routine> Removing c:\users\shadowreaperx2\appdata\roaming\xevuepvqxllezm1phblhsj.exe...#(PX5: 94A1D54B00EA98391AB0181243C7F400F45AD186 - MD5: 3A1D89B89C9D62951957F0839578DD9B)...
Deleting File> c:\users\shadowreaperx2\appdata\roaming\xevuepvqxllezm1phblhsj.exe
Deleting File> C:\WINDOWS\Tasks\xEvUePVQxLLEzm1PhBlHSJ.job
Starting Routine> Removing c:\users\shadowreaperx2\appdata\local\temp\mvo58b1.exe...#(PX5: 1DAF4F740085F997A85D0423141E2A00F9127605 - MD5: BDBDC4B1CB2D530048E31736D68D47E8)...
Deleting File> c:\users\shadowreaperx2\appdata\local\temp\mvo58b1.exe
Starting Routine> Removing c:\users\shadowreaperx2\appdata\roaming\max computer cleaner\max computer cleaner 2.6.9\install\dee6785\maxcomputercleaner.exe...#(PX5: B671421BC0E8186A1EBE4805898905003DFD520A - MD5: 19DAE7F40F031709E44C317C64FBF6C6)...
Deleting File> c:\users\shadowreaperx2\appdata\roaming\max computer cleaner\max computer cleaner 2.6.9\install\dee6785\maxcomputercleaner.exe
Starting Routine> Removing c:\program files\shopperz\grunt.exe...#(PX5: EAA42A0E787747484FB304BB99003F00FF0A0D26 - MD5: E62B469BEB4D387328B99E191C4A9310)...
Deleting File> c:\program files\shopperz\grunt.exe
Writing Registry Value> HKLM\System\CurrentControlSet\Services\70F4EEDB-1367-4b4f-8247-3133551A7415 - ImagePath
Deleting Registry Value> HKLM\System\CurrentControlSet\Services\70F4EEDB-1367-4b4f-8247-3133551A7415 - ImagePath
Starting Routine> Removing c:\users\shadowreaperx2\appdata\local\temp\n3296\s3296.exe...#(PX5: 048CED6BD81E3FDE0651047571769E00D23C61EC - MD5: F7297B524C90EE566EDAC325B4873F96)...
Deleting File> c:\users\shadowreaperx2\appdata\local\temp\n3296\s3296.exe
Deleting File> C:\Users\ShadowReaperX2\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8E4E510F44A56B8C8ECFEC352907C373_AED1C072984E29DBDF0A6D9594E1FCB8
Deleting File> C:\Users\ShadowReaperX2\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8E4E510F44A56B8C8ECFEC352907C373_AED1C072984E29DBDF0A6D9594E1FCB8
Starting Routine> Removing c:\program files\shopperz\mseff32.dll...#(PX5: E2086F65786F58C4B1020298C8227E004CBCC3DC - MD5: 766554E52BB6039102616744C08927A5)...
Deleting File> c:\program files\shopperz\mseff32.dll
Starting Routine> Removing c:\program files (x86)\maxcomputercleaner_v17.333\maxcomputercleaner_maintenance.exe...#(PX5: 93E627A4C8F0C8907E130078AB866100CDDBAB90 - MD5: 25398A90E9AF9994A216300338D67B8C)...
Deleting File> c:\program files (x86)\maxcomputercleaner_v17.333\maxcomputercleaner_maintenance.exe
Starting Routine> Removing c:\program files\shopperz\kasumi32.dll...#(PX5: 1B98984978CD751BB7FC04F63A0891009800BB09 - MD5: 27CAED38F9CAD32DAB8658F163F7336F)...
Deleting File> c:\program files\shopperz\kasumi32.dll
Starting Routine> Removing c:\users\shadowreaperx2\appdata\roaming\max computer cleaner\max computer cleaner 2.6.9\install\dee6785\instact.exe...#(PX5: B2806645C0E565CF4053000C36528600C64CDB81 - MD5: C4C3F56EFD3A02AC1C2007C8B31D5359)...
Deleting File> c:\users\shadowreaperx2\appdata\roaming\max computer cleaner\max computer cleaner 2.6.9\install\dee6785\instact.exe
Writing Registry Value> HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\InstAct_RASMANCS - FileDirectory
Deleting Registry Value> HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\InstAct_RASMANCS - FileDirectory
Writing Registry Value> HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\InstAct_RASMANCS - MaxFileSize
Deleting Registry Value> HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\InstAct_RASMANCS - MaxFileSize
Writing Registry Value> HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\InstAct_RASMANCS - ConsoleTracingMask
Deleting Registry Value> HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\InstAct_RASMANCS - ConsoleTracingMask
Writing Registry Value> HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\InstAct_RASMANCS - FileTracingMask
Deleting Registry Value> HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\InstAct_RASMANCS - FileTracingMask
Writing Registry Value> HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\InstAct_RASMANCS - EnableConsoleTracing
Deleting Registry Value> HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\InstAct_RASMANCS - EnableConsoleTracing
Writing Registry Value> HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\InstAct_RASMANCS - EnableAutoFileTracing
Deleting Registry Value> HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\InstAct_RASMANCS - EnableAutoFileTracing
Writing Registry Value> HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\InstAct_RASMANCS - EnableFileTracing
Deleting Registry Value> HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\InstAct_RASMANCS - EnableFileTracing
Writing Registry Value> HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\InstAct_RASAPI32 - FileDirectory
Deleting Registry Value> HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\InstAct_RASAPI32 - FileDirectory
Writing Registry Value> HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\InstAct_RASAPI32 - MaxFileSize
Deleting Registry Value> HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\InstAct_RASAPI32 - MaxFileSize
Writing Registry Value> HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\InstAct_RASAPI32 - ConsoleTracingMask
Deleting Registry Value> HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\InstAct_RASAPI32 - ConsoleTracingMask
Writing Registry Value> HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\InstAct_RASAPI32 - FileTracingMask
Deleting Registry Value> HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\InstAct_RASAPI32 - FileTracingMask
Writing Registry Value> HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\InstAct_RASAPI32 - EnableConsoleTracing
Deleting Registry Value> HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\InstAct_RASAPI32 - EnableConsoleTracing
Writing Registry Value> HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\InstAct_RASAPI32 - EnableAutoFileTracing
Deleting Registry Value> HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\InstAct_RASAPI32 - EnableAutoFileTracing
Writing Registry Value> HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\InstAct_RASAPI32 - EnableFileTracing
Deleting Registry Value> HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\InstAct_RASAPI32 - EnableFileTracing
Starting Routine> Removing c:\program files\shopperz\liara64.dll...#(PX5: DE62591478BD4C2E2D9004D456280E0078A7ADE9 - MD5: 5F173912E2249C5843E0E8D46F54FAE4)...
Deleting File> c:\program files\shopperz\liara64.dll
Starting Routine> Removing c:\program files (x86)\cinemaplus-3.2cv24.04\63885667-f87a-499e-8abf-d95e913c287e.dll...#(PX5: B9B6BBB600FF823FC27C022770FD8C0020AC91C3 - MD5: 4827947731E8AB1CF03F0F8FD09EAEE6)...
Deleting File> c:\program files (x86)\cinemaplus-3.2cv24.04\63885667-f87a-499e-8abf-d95e913c287e.dll
Starting Routine> Removing c:\$recycle.bin\s-1-5-21-729944068-2918999288-2085728056-1002\$rjxoqzx\[hentai 3d] affect3d - girlfriends 4 ever [eng-full].exe...#(PX5: 2EEF1F5F0083C9B9187307B122F4B5007B72C2B3 - MD5: F6F6F7C44C123908533C9FDFEF83F4DC)...
Deleting File> c:\$recycle.bin\s-1-5-21-729944068-2918999288-2085728056-1002\$rjxoqzx\[hentai 3d] affect3d - girlfriends 4 ever [eng-full].exe
Starting Routine> Removing c:\users\shadowreaperx2\appdata\roaming\riot games\googleupd.exe...#(PX5: 701211E4005136021E5F033792FC280076EBA174 - MD5: 53AEE08AFCB91D08AB6055DC91BF9716)...
Deleting File> c:\users\shadowreaperx2\appdata\roaming\riot games\googleupd.exe
Starting Routine> Removing c:\windows\apppatch\nbin\vc32loader.dll...#(PX5: 51035C8710202AF18F7403C87900AA00D56E4197 - MD5: B319453CD6E82F9290870F2ED023D79B)...
Deleting File> c:\windows\apppatch\nbin\vc32loader.dll
Starting Routine> Removing c:\users\shadowreaperx2\appdata\local\temp\a7d0\temp\[hentai 3d] affect3d - girlfriends 4 ever [eng-full].exe...#(PX5: 2EEF1F5F0083C9B9187307B122F4B5007B72C2B3 - MD5: F6F6F7C44C123908533C9FDFEF83F4DC)...
Deleting File> c:\users\shadowreaperx2\appdata\local\temp\a7d0\temp\[hentai 3d] affect3d - girlfriends 4 ever [eng-full].exe
Starting Routine> Removing c:\program files (x86)\max computer cleaner\instact.exe...#(PX5: B2806645C0E565CF4053000C36528600C64CDB81 - MD5: C4C3F56EFD3A02AC1C2007C8B31D5359)...
Deleting File> c:\program files (x86)\max computer cleaner\instact.exe
Writing Registry Value> HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\InstAct_RASMANCS - MaxFileSize
Deleting Registry Value> HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\InstAct_RASMANCS - MaxFileSize
Writing Registry Value> HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\InstAct_RASMANCS - ConsoleTracingMask
Deleting Registry Value> HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\InstAct_RASMANCS - ConsoleTracingMask
Writing Registry Value> HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\InstAct_RASMANCS - FileTracingMask
Deleting Registry Value> HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\InstAct_RASMANCS - FileTracingMask
Writing Registry Value> HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\InstAct_RASMANCS - EnableConsoleTracing
Deleting Registry Value> HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\InstAct_RASMANCS - EnableConsoleTracing
Writing Registry Value> HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\InstAct_RASMANCS - EnableAutoFileTracing
Deleting Registry Value> HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\InstAct_RASMANCS - EnableAutoFileTracing
Writing Registry Value> HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\InstAct_RASMANCS - EnableFileTracing
Deleting Registry Value> HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\InstAct_RASMANCS - EnableFileTracing
Writing Registry Value> HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\InstAct_RASAPI32 - FileDirectory
Deleting Registry Value> HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\InstAct_RASAPI32 - FileDirectory
Writing Registry Value> HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\InstAct_RASAPI32 - MaxFileSize
Deleting Registry Value> HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\InstAct_RASAPI32 - MaxFileSize
Writing Registry Value> HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\InstAct_RASAPI32 - ConsoleTracingMask
Deleting Registry Value> HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\InstAct_RASAPI32 - ConsoleTracingMask
Writing Registry Value> HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\InstAct_RASAPI32 - FileTracingMask
Deleting Registry Value> HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\InstAct_RASAPI32 - FileTracingMask
Writing Registry Value> HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\InstAct_RASAPI32 - EnableConsoleTracing
Deleting Registry Value> HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\InstAct_RASAPI32 - EnableConsoleTracing
Writing Registry Value> HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\InstAct_RASAPI32 - EnableAutoFileTracing
Deleting Registry Value> HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\InstAct_RASAPI32 - EnableAutoFileTracing
Writing Registry Value> HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\InstAct_RASAPI32 - EnableFileTracing
Deleting Registry Value> HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\InstAct_RASAPI32 - EnableFileTracing
Starting Routine> Removing c:\program files\shopperz\nseven.exe...#(PX5: 393768B77899829C99B8022B01C86300A2E76D32 - MD5: 43814F44E5E9CBE35A18020A510F68F6)...
Deleting File> c:\program files\shopperz\nseven.exe
Writing Registry Value> HKLM\System\CurrentControlSet\Services\shopperz Updater - ImagePath
Deleting Registry Value> HKLM\System\CurrentControlSet\Services\shopperz Updater - ImagePath
Writing Registry Value> HKLM\SYSTEM\ControlSet002\Services\shopperz Updater - ImagePath
Deleting Registry Value> HKLM\SYSTEM\ControlSet002\Services\shopperz Updater - ImagePath
Starting Routine> Removing c:\programdata\flashbeat\rfndnsis.dll...#(PX5: DA7540B300E1095CD6DA040EC300C800848DA896 - MD5: 6DDAE0826EC130C680735F786493E99E)...
Deleting File> c:\programdata\flashbeat\rfndnsis.dll
Starting Routine> Removing c:\program files\shopperz\krios64.dll...#(PX5: D313BE147817EE277FC904934F40CF00C9491314 - MD5: FC768CB2FA826B5EAEF69696E8D9DFCA)...
Deleting File> c:\program files\shopperz\krios64.dll
Starting Routine> Removing c:\users\shadowreaperx2\appdata\local\temp\2442015170728\bubble dock uninstall.exe...#(PX5: 7BDC821BA0ADC4FAEB530AEF10ECCF00CD01AA6E - MD5: F93B710D571A7982636162A29D30F3D9)...
Deleting File> c:\users\shadowreaperx2\appdata\local\temp\2442015170728\bubble dock uninstall.exe
Starting Routine> Removing c:\program files\shopperz\wrex64.exe...#(PX5: DF8E5D8078F562F4095C0709A4876500A8AB4F86 - MD5: 0D884256B0284CDDD1C8426BF39BAD32)...
Deleting File> c:\program files\shopperz\wrex64.exe
Writing Registry Value> HKLM\Software\Microsoft\Windows\CurrentVersion\run - shopperz64
Deleting Registry Value> HKLM\Software\Microsoft\Windows\CurrentVersion\run - shopperz64
Writing Registry Value> HKLM\Software\Microsoft\Windows\CurrentVersion\Run - shopperz64
Deleting Registry Value> HKLM\Software\Microsoft\Windows\CurrentVersion\Run - shopperz64
Starting Routine> Removing c:\users\shadowreaperx2\appdata\local\temp\a1f0\temp\hpds_setup.exe...#(PX5: 272E6A3500F9021390AA10F86337730033B6F4A8 - MD5: 71C2EA2B936BA80F4BAD80937B369ADF)...
Deleting File> c:\users\shadowreaperx2\appdata\local\temp\a1f0\temp\hpds_setup.exe
Starting Routine> Removing c:\users\shadowreaperx2\appdata\local\temp\a1f0\temp\affect3d - girlfriends 4 ever (2014) pc game.exe...#(PX5: EE750FAB00CD47D3182907E4DA40B800B40535B1 - MD5: 452956411A0B808DAD95C2E83F3C217E)...
Deleting File> c:\users\shadowreaperx2\appdata\local\temp\a1f0\temp\affect3d - girlfriends 4 ever (2014) pc game.exe
Starting Routine> Removing c:\users\shadowreaperx2\appdata\local\temp\89f8\temp\affect3d - girlfriends 4 ever (2014) pc game.exe...#(PX5: EE750FAB00CD47D3182907E4DA40B800B40535B1 - MD5: 452956411A0B808DAD95C2E83F3C217E)...
Deleting File> c:\users\shadowreaperx2\appdata\local\temp\89f8\temp\affect3d - girlfriends 4 ever (2014) pc game.exe
Starting Routine> Removing c:\users\shadowreaperx2\appdata\local\temp\abc8\temp\[hentai 3d] affect3d - girlfriends 4 ever [eng-full].exe...#(PX5: 2EEF1F5F0083C9B9187307B122F4B5007B72C2B3 - MD5: F6F6F7C44C123908533C9FDFEF83F4DC)...
Deleting File> c:\users\shadowreaperx2\appdata\local\temp\abc8\temp\[hentai 3d] affect3d - girlfriends 4 ever [eng-full].exe
Starting Routine> Removing c:\program files\shopperz\mseff64.dll...#(PX5: B5ABA1EA78ECA18949B00390343857009BE389D3 - MD5: 54786316CB151E577B033D00B248AA61)...
Deleting File> c:\program files\shopperz\mseff64.dll
Deleting Registry Key> HKLM\Software\Classes\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5081D2D4-1637-404c-B74F-50526718257D}\
Deleting Registry Key> HKLM\Software\Classes\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5081D2D4-1637-404c-B74F-50526718257D}\
Deleting Registry Key> HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5081D2D4-1637-404c-B74F-50526718257D}\
Deleting Registry Key> HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5081D2D4-1637-404c-B74F-50526718257D}\
Deleting Registry Key> HKLM\Software\Classes\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5081D2D4-1637-404c-B74F-50526718257D}\
Deleting Registry Key> HKLM\Software\Classes\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5081D2D4-1637-404c-B74F-50526718257D}\
Deleting Registry Key> HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5081D2D4-1637-404c-B74F-50526718257D}\
Deleting Registry Key> HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5081D2D4-1637-404c-B74F-50526718257D}\
Deleting Registry Key> HKLM\Software\Classes\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5081D2D4-1637-404c-B74F-50526718257D}\
Deleting Registry Key> HKLM\Software\Classes\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5081D2D4-1637-404c-B74F-50526718257D}\
Deleting Registry Key> HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5081D2D4-1637-404c-B74F-50526718257D}\
Deleting Registry Key> HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5081D2D4-1637-404c-B74F-50526718257D}\
Deleting Registry Key> HKLM\Software\Classes\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5081D2D4-1637-404c-B74F-50526718257D}\
Deleting Registry Key> HKLM\Software\Classes\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5081D2D4-1637-404c-B74F-50526718257D}\
Deleting Registry Key> HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5081D2D4-1637-404c-B74F-50526718257D}\
Deleting Registry Key> HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5081D2D4-1637-404c-B74F-50526718257D}\
Deleting Registry Key> HKLM\Software\Classes\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5081D2D4-1637-404c-B74F-50526718257D}\
Deleting Registry Key> HKLM\Software\Classes\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5081D2D4-1637-404c-B74F-50526718257D}\
Deleting Registry Key> HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5081D2D4-1637-404c-B74F-50526718257D}\
Deleting Registry Key> HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5081D2D4-1637-404c-B74F-50526718257D}\
Deleting Registry Key> HKLM\Software\Classes\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5081D2D4-1637-404c-B74F-50526718257D}\
Deleting Registry Key> HKLM\Software\Classes\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5081D2D4-1637-404c-B74F-50526718257D}\
Deleting Registry Key> HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5081D2D4-1637-404c-B74F-50526718257D}\
Deleting Registry Key> HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5081D2D4-1637-404c-B74F-50526718257D}\
Deleting Registry Key> HKLM\Software\Classes\CLSID\{5081D2D4-1637-404c-B74F-50526718257D}\
Deleting Registry Key> HKLM\Software\Classes\CLSID\{5081D2D4-1637-404c-B74F-50526718257D}\
Deleting Registry Key> HKLM\Software\Classes\CLSID\{5081D2D4-1637-404c-B74F-50526718257D}\InprocServer32\
Deleting Registry Key> HKLM\Software\Classes\CLSID\{5081D2D4-1637-404c-B74F-50526718257D}\
Deleting Registry Key> HKLM\Software\Classes\CLSID\{5081D2D4-1637-404c-B74F-50526718257D}\
Starting Routine> Removing c:\program files\shopperz\nfregdrv64.exe...#(PX5: 6B9627597847AC80E54C01614FD549007389477A - MD5: 43152FF1890F40A4ED941C29FDDEF754)...
Deleting File> c:\program files\shopperz\nfregdrv64.exe
Writing Registry Value> HKLM\SYSTEM\ControlSet002\Services\cherimoya - Tag
Deleting Registry Value> HKLM\SYSTEM\ControlSet002\Services\cherimoya - Tag
Writing Registry Value> HKLM\SYSTEM\ControlSet002\Control\GroupOrderList - PNP_TDI
Writing Registry Value> HKLM\SYSTEM\ControlSet002\Services\cherimoya - Tag
Deleting Registry Value> HKLM\SYSTEM\ControlSet002\Services\cherimoya - Tag
Starting Routine> Removing c:\$recycle.bin\s-1-5-21-729944068-2918999288-2085728056-1002\$r6cqhci\377e9329-363f-4ba4-8c1f-372d36d4fb34.dll...#(PX5: B9B6BBB600FF823FC27C022770FD8C0020AC91C3 - MD5: 4827947731E8AB1CF03F0F8FD09EAEE6)...
Deleting File> c:\$recycle.bin\s-1-5-21-729944068-2918999288-2085728056-1002\$r6cqhci\377e9329-363f-4ba4-8c1f-372d36d4fb34.dll
Starting Routine> Removing c:\$recycle.bin\s-1-5-21-729944068-2918999288-2085728056-1002\$rom6unx\affect3d - girlfriends 4 ever (2014) pc game.exe...#(PX5: EE750FAB00CD47D3182907E4DA40B800B40535B1 - MD5: 452956411A0B808DAD95C2E83F3C217E)...
Deleting File> c:\$recycle.bin\s-1-5-21-729944068-2918999288-2085728056-1002\$rom6unx\affect3d - girlfriends 4 ever (2014) pc game.exe
Starting Routine> Removing c:\$recycle.bin\s-1-5-21-729944068-2918999288-2085728056-1002\$riytftm\rfndnsis.dll...#(PX5: DA7540B300E1095CD6DA040EC300C800848DA896 - MD5: 6DDAE0826EC130C680735F786493E99E)...
Deleting File> c:\$recycle.bin\s-1-5-21-729944068-2918999288-2085728056-1002\$riytftm\rfndnsis.dll
Starting Routine> Removing c:\users\shadowreaperx2\appdata\local\temp\a7d0\temp\hpds_setup.exe...#(PX5: 272E6A3500F9021390AA10F86337730033B6F4A8 - MD5: 71C2EA2B936BA80F4BAD80937B369ADF)...
Deleting File> c:\users\shadowreaperx2\appdata\local\temp\a7d0\temp\hpds_setup.exe
Starting Routine> Removing c:\users\shadowreaperx2\appdata\local\temp\89f8\temp\hpds_setup.exe...#(PX5: 272E6A3500F9021390AA10F86337730033B6F4A8 - MD5: 71C2EA2B936BA80F4BAD80937B369ADF)...
Deleting File> c:\users\shadowreaperx2\appdata\local\temp\89f8\temp\hpds_setup.exe
Starting Routine> Removing c:\users\shadowreaperx2\appdata\roaming\steam\reversed\steam.exe...#(PX5: 08B89F633140D6865D5E093C0253CA00B684F51C - MD5: 1F30A912C2BE2C57A0A5846EDE469973)...
Deleting File> c:\users\shadowreaperx2\appdata\roaming\steam\reversed\steam.exe
Starting Routine> Removing c:\program files\shopperz\liara.dll...#(PX5: 4542319F78212628A53B036776224D00E43B4608 - MD5: 09BB1EAF848882633D353FC70C70C72E)...
Deleting File> c:\program files\shopperz\liara.dll
Starting Routine> Removing c:\users\shadowreaperx2\appdata\local\temp\a7d0\temp\ezdownloader_setup.exe...#(PX5: 51A3E322D515E25A48A61AB236D71B00721469E1 - MD5: 71F784969D24240764D5E5D752D55A41)...
Deleting File> c:\users\shadowreaperx2\appdata\local\temp\a7d0\temp\ezdownloader_setup.exe
Starting Routine> Removing c:\program files\shopperz\kasumi64.dll...#(PX5: 7B542B5B785ECDE617CC051CA5D68F001CF8DD23 - MD5: F08D623BDC1C2CFFD4312F0A8F6D7FF2)...
Deleting File> c:\program files\shopperz\kasumi64.dll
Starting Routine> Removing c:\program files\shopperz\krios.dll...#(PX5: DC1417597879F55767C004E36385BD00835B5F20 - MD5: 758F7F00E180DAEADBF73490CD246F0D)...
Deleting File> c:\program files\shopperz\krios.dll
Starting Routine> Removing c:\users\shadowreaperx2\appdata\local\temp\a1f0\temp\grubcaravan.xyz...#(PX5: 14573CD90007D3FCA20D226A6536460047C5C1A8 - MD5: 5DD93D31BF913920765EBC8C53A97EAC)...
Deleting File> c:\users\shadowreaperx2\appdata\local\temp\a1f0\temp\grubcaravan.xyz
Starting Routine> Removing c:\users\shadowreaperx2\appdata\local\temp\a1f0\temp\ezdownloader_setup.exe...#(PX5: 51A3E322D515E25A48A61AB236D71B00721469E1 - MD5: 71F784969D24240764D5E5D752D55A41)...
Deleting File> c:\users\shadowreaperx2\appdata\local\temp\a1f0\temp\ezdownloader_setup.exe
Starting Routine> Removing c:\users\shadowreaperx2\appdata\local\temp\2442015170700\bubble dock uninstall.exe...#(PX5: 7BDC821BA0ADC4FAEB530AEF10ECCF00CD01AA6E - MD5: F93B710D571A7982636162A29D30F3D9)...
Deleting File> c:\users\shadowreaperx2\appdata\local\temp\2442015170700\bubble dock uninstall.exe
Starting Routine> Removing c:\program files (x86)\asus\c9911451-dc4b-4bce-9925-19968dab1375.dll...#(PX5: B9B6BBB600FF823FC27C022770FD8C0020AC91C3 - MD5: 4827947731E8AB1CF03F0F8FD09EAEE6)...
Deleting File> c:\program files (x86)\asus\c9911451-dc4b-4bce-9925-19968dab1375.dll
Starting Routine> Removing c:\program files (x86)\cinema_plus_i2v24.04\4474b2a7-52f1-402d-a4aa-b671b0f42006-3.exe...#(PX5: 7E92713C004F2F960A2F14696CA8EF0022C71BD0 - MD5: 6196F0932E6AEE2DB508CCA0D20E9528)...
Deleting File> c:\program files (x86)\cinema_plus_i2v24.04\4474b2a7-52f1-402d-a4aa-b671b0f42006-3.exe
Deleting File> C:\WINDOWS\Tasks\4474b2a7-52f1-402d-a4aa-b671b0f42006-3.job
Starting Routine> Removing c:\users\shadowreaperx2\appdata\local\temp\89f8\temp\ezdownloader_setup.exe...#(PX5: 51A3E322D515E25A48A61AB236D71B00721469E1 - MD5: 71F784969D24240764D5E5D752D55A41)...
Deleting File> c:\users\shadowreaperx2\appdata\local\temp\89f8\temp\ezdownloader_setup.exe
Starting Routine> Removing c:\program files\shopperz\gcpum.dll...#(PX5: E3F796F678B449F805F70119EE92FB00E73BCAC5 - MD5: 5CF22D10DB86E7960F4A139A666400E5)...
Deleting File> c:\program files\shopperz\gcpum.dll
Starting Routine> Removing c:\program files\shopperz\csrcc.exe...#(PX5: 73B823BA78C95614119816FC9279230084A5762C - MD5: A985A7E84F1EE0F807CB6D55A4617F66)...
Deleting File> c:\program files\shopperz\csrcc.exe
Writing Registry Value> HKLM\System\CurrentControlSet\Services\csrcc - ImagePath
Deleting Registry Value> HKLM\System\CurrentControlSet\Services\csrcc - ImagePath
Starting Routine> Removing c:\program files (x86)\crossbrowse\crossbrowse\application\39.4.2171.95\installer\setup.exe...#(PX5: 1A6661BB00D36D39F0260D882A4E0700C83AD1B3 - MD5: 41DB08DBCA47AF7C30CB427F3661BB6A)...
Deleting File> c:\program files (x86)\crossbrowse\crossbrowse\application\39.4.2171.95\installer\setup.exe
Writing Registry Value> HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Crossbrowse - UninstallString
Deleting Registry Value> HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Crossbrowse - UninstallString
Starting Routine> Removing c:\program files\shopperz\wrex.exe...#(PX5: D822A9587890DDE891DE068E9FF20200385B7983 - MD5: 77223F2502EE50C3B467DAF4C819994E)...
Deleting File> c:\program files\shopperz\wrex.exe
Writing Registry Value> HKLM\Software\Microsoft\Windows\CurrentVersion\run - shopperz
Deleting Registry Value> HKLM\Software\Microsoft\Windows\CurrentVersion\run - shopperz
Writing Registry Value> HKLM\Software\Microsoft\Windows\CurrentVersion\Run - shopperz
Deleting Registry Value> HKLM\Software\Microsoft\Windows\CurrentVersion\Run - shopperz
Starting Routine> Removing c:\users\shadowreaperx2\appdata\local\temp\2442015170915\selection tools uninstall.exe...#(PX5: 7BDC821BD0ADC4FAC05309EF10ECCF001807E3AD - MD5: E5BAC64BA775E376B66ED9A46C8DA270)...
Deleting File> c:\users\shadowreaperx2\appdata\local\temp\2442015170915\selection tools uninstall.exe
Starting Routine> Removing c:\users\shadowreaperx2\appdata\local\temp\89f8\temp\directreader.xyz...#(PX5: 14573CD90007D3FCA20D226A6536460047C5C1A8 - MD5: 5DD93D31BF913920765EBC8C53A97EAC)...
Deleting File> c:\users\shadowreaperx2\appdata\local\temp\89f8\temp\directreader.xyz
Starting Routine> Removing c:\users\shadowreaperx2\appdata\local\temp\a7d0\temp\subprogappend.xyz...#(PX5: 0A6FD04D004A5624B86526BDCACFE8002D7CD7F2 - MD5: 69DAEC5B82DA87761E755C9D9585B024)...
Deleting File> c:\users\shadowreaperx2\appdata\local\temp\a7d0\temp\subprogappend.xyz
Starting Routine> Removing c:\program files\shopperz\garrus.dll...#(PX5: E9DCE460784FD6CA7FCF0DA5DE5179005129E2A9 - MD5: 56EF111D64D7DBF71B89A2C3D45A51CD)...
Deleting File> c:\program files\shopperz\garrus.dll
Starting Routine> Removing c:\program files\shopperz\tsoni64.dll...#(PX5: 0C2B8F40783B3FD57B4109A51B892800195998AA - MD5: CCD163D42DE503BCE74F32230BE38FD8)...
Deleting File> c:\program files\shopperz\tsoni64.dll
Starting Routine> Removing c:\program files (x86)\cinema_plus_i2v24.04\4474b2a7-52f1-402d-a4aa-b671b0f42006-10.exe...#(PX5: 43D34CE60081C0D49202169EEE391800352FD31D - MD5: DD95E4FE8BF9B25775287702E23FC65A)...
Deleting File> c:\program files (x86)\cinema_plus_i2v24.04\4474b2a7-52f1-402d-a4aa-b671b0f42006-10.exe
Deleting File> C:\WINDOWS\Tasks\4474b2a7-52f1-402d-a4aa-b671b0f42006-10_user.job
Starting Routine> Removing c:\program files (x86)\crossbrowse\crossbrowse\application\39.4.2171.95\installer\chrmstp.exe...#(PX5: 1A6661BB00D36D39F0260D882A4E0700C83AD1B3 - MD5: 41DB08DBCA47AF7C30CB427F3661BB6A)...
Deleting File> c:\program files (x86)\crossbrowse\crossbrowse\application\39.4.2171.95\installer\chrmstp.exe
Writing Registry Value> HKLM\Software\Microsoft\Active Setup\Installed Components - StubPath
Deleting Registry Value> HKLM\Software\Microsoft\Active Setup\Installed Components - StubPath
Starting Routine> Removing c:\users\shadowreaperx2\appdata\local\gmsd_us_493\upgmsd_us_493.exe...#(PX5: 07F86BFBC8D2A4E577A43200D4D730006CDB23CA - MD5: 9CF66404F57364D9AA8FB7A68551335B)...
Deleting File> c:\users\shadowreaperx2\appdata\local\gmsd_us_493\upgmsd_us_493.exe
Starting Routine> Removing c:\users\shadowreaperx2\appdata\local\temp\2442015170854\selection tools uninstall.exe...#(PX5: 7BDC821BD0ADC4FAC05309EF10ECCF001807E3AD - MD5: E5BAC64BA775E376B66ED9A46C8DA270)...
Deleting File> c:\users\shadowreaperx2\appdata\local\temp\2442015170854\selection tools uninstall.exe
Starting Routine> Removing c:\program files (x86)\gmsd_us_493\gmsd_us_493.exe...#(PX5: B87E69FEC8F0420FBD093C68B33C410080B34A5A - MD5: FAC2086D6E2912AAFE0777675796EA1C)...
Deleting File> c:\program files (x86)\gmsd_us_493\gmsd_us_493.exe
Writing Registry Value> HKLM\Software\Microsoft\Windows\CurrentVersion\run - gmsd_us_493
Deleting Registry Value> HKLM\Software\Microsoft\Windows\CurrentVersion\run - gmsd_us_493
Starting Routine> Removing c:\program files (x86)\searchprotect\main\bin\sptool.dll...#(PX5: 81A4BA6A10AAA3EB19852F12F37F7B006B1D7FAA - MD5: B7AC6EC8F1D75D8FD539A90987E4264F)...
Deleting File> c:\program files (x86)\searchprotect\main\bin\sptool.dll
Starting Routine> Removing c:\users\shadowreaperx2\appdata\local\temp\2442015170700\solimba uninstaller.exe...#(PX5: 8BDE4FDBD07FD207240408FAEF1838007F2FB393 - MD5: 88FDE8C004E7944859A296CD697C8B1F)...
Deleting File> c:\users\shadowreaperx2\appdata\local\temp\2442015170700\solimba uninstaller.exe
Starting Routine> Removing c:\program files\shopperz\tsoni.dll...#(PX5: 8800DCCE78980CA253B609C4E16CA2006A93F9E2 - MD5: 5D81EDD24AC9E07CC8A0A1B3CBF95C90)...
Deleting File> c:\program files\shopperz\tsoni.dll
Starting Routine> Removing c:\users\shadowreaperx2\appdata\local\temp\credit card number generator downloader__3687_i1503738633_il956068.exe...#(PX5: 558A7D1B1030338140FE15D095C6C40041D4228E - MD5: 6EBA1D8D86A6AC193E48A6E86BF204DB)...
Deleting File> c:\users\shadowreaperx2\appdata\local\temp\credit card number generator downloader__3687_i1503738633_il956068.exe
Starting Routine> Removing c:\program files (x86)\max computer cleaner\maxcomputercleaner.exe...#(PX5: B671421BC0E8186A1EBE4805898905003DFD520A - MD5: 19DAE7F40F031709E44C317C64FBF6C6)...
Deleting File> c:\program files (x86)\max computer cleaner\maxcomputercleaner.exe
Deleting File> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Max Computer Cleaner\Max Computer Cleaner.lnk
Starting Routine> Removing c:\program files (x86)\cinema_plus_i2v24.04\4474b2a7-52f1-402d-a4aa-b671b0f42006-6.exe...#(PX5: EEA6CD7500B0D91136A61490A24B8C000F3A6E67 - MD5: 831152EC40F57FDA9F00DE9F75FB7B9F)...
Deleting File> c:\program files (x86)\cinema_plus_i2v24.04\4474b2a7-52f1-402d-a4aa-b671b0f42006-6.exe
Deleting File> C:\WINDOWS\Tasks\4474b2a7-52f1-402d-a4aa-b671b0f42006-6.job
Starting Routine> Removing c:\users\shadowreaperx2\appdata\local\temp\2442015170854\solimba uninstaller.exe...#(PX5: 72882138D89E07CC1097089BFAEA3E009822DE7E - MD5: AF8DEE4CD16648F741A62F40FC5405E8)...
Deleting File> c:\users\shadowreaperx2\appdata\local\temp\2442015170854\solimba uninstaller.exe
Starting Routine> Removing c:\program files (x86)\cinemaplus-3.2cv24.04\22903068-9bde-4746-93f7-25585eb3cce1-1-6.exe...#(PX5: 9A065EDE006CE41D7E26152E2DECB900ABFAB2E4 - MD5: EE7C607C26F5CFE77BB60555E14A0915)...
Deleting File> c:\program files (x86)\cinemaplus-3.2cv24.04\22903068-9bde-4746-93f7-25585eb3cce1-1-6.exe
Deleting File> C:\WINDOWS\Tasks\22903068-9bde-4746-93f7-25585eb3cce1-1-6.job
Starting Routine> Removing c:\program files (x86)\cinema_plus_i2v24.04\uninstallbrw.exe...#(PX5: 43D34CE60081C0D49202169EEE391800352FD31D - MD5: DD95E4FE8BF9B25775287702E23FC65A)...
Deleting File> c:\program files (x86)\cinema_plus_i2v24.04\uninstallbrw.exe
Starting Routine> Removing c:\$recycle.bin\s-1-5-21-729944068-2918999288-2085728056-1002\$rwaxj8n.exe...#(PX5: 558A7D1B1030338140FE15D095C6C40041D4228E - MD5: 6EBA1D8D86A6AC193E48A6E86BF204DB)...
Deleting File> c:\$recycle.bin\s-1-5-21-729944068-2918999288-2085728056-1002\$rwaxj8n.exe
Starting Routine> Removing c:\program files (x86)\cinema_plus_i2v24.04\4474b2a7-52f1-402d-a4aa-b671b0f42006-1-6.exe...#(PX5: 9A065EDE006CE41D7E26152E2DECB900ABFAB2E4 - MD5: 00688A31F9E6BDD109C35431F63F4DBC)...
Deleting File> c:\program files (x86)\cinema_plus_i2v24.04\4474b2a7-52f1-402d-a4aa-b671b0f42006-1-6.exe
Deleting File> C:\WINDOWS\Tasks\4474b2a7-52f1-402d-a4aa-b671b0f42006-1-6.job
Starting Routine> Removing c:\users\shadowreaperx2\appdata\local\temp\299.exe...#(PX5: A9F9BDD55874DE00B8E21B9F1E9C7100C70D239A - MD5: B5C4947FAC0ABE8C1E8A8BB27D25B8A7)...
Deleting File> c:\users\shadowreaperx2\appdata\local\temp\299.exe
Writing Registry Value> HKU\S-1-5-21-729944068-2918999288-2085728056-1002\Software\CrossBrowser - 
Deleting Registry Value> HKU\S-1-5-21-729944068-2918999288-2085728056-1002\Software\CrossBrowser - 
Deleting File> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Deleting File> C:\Users\ShadowReaperX2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Deleting File> C:\Users\Public\Desktop\Google Chrome.lnk
Starting Routine> Removing c:\users\shadowreaperx2\appdata\local\avaavbxvba\pbqrmvbub...#(PX5: B6B7B4F108420B222C9E849A0AB6BF00FDD52753 - MD5: 99110F874D68D0DC1E175D6289E4B1AE)...
Deleting File> c:\users\shadowreaperx2\appdata\local\avaavbxvba\pbqrmvbub
Deleting File> C:\Users\ShadowReaperX2\AppData\Local\Temp\nsl84B6.tmp
Deleting File> C:\Users\ShadowReaperX2\AppData\Local\Microsoft\Windows\INetCache\IE\CNNAZBP0\CT3333887[1].json
Deleting File> C:\Program Files (x86)\SearchProtect\Main\rep\SystemRepository.dat
Deleting File> C:\Users\SHADOW~1\AppData\Local\Temp\nsv82D1.tmp
Deleting File> C:\Users\SHADOW~1\AppData\Local\Temp\nsv82D1.tmp
Deleting File> C:\Users\SHADOW~1\AppData\Local\Temp\nsv82D1.tmp
Starting Routine> Removing threats - Please wait...#...
Writing Registry Value> HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings - ProxyServer
Deleting Registry Value> HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings - ProxyServer
Writing Registry Value> HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings - ProxyServer
Deleting Registry Value> HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings - ProxyServer
 
Automated Cleanup Engine
Starting Cleanup at 02/05/2015 - 21:52:05 GMT
 
Starting Routine> Removing c:\program files\common files\goobzo\gbupdate\smci64.dll...#(PX5: 2D4B0E5CB061227A67251AD18A17590011C6ED6D - MD5: 5A4B9730D39E71A75BD7889435EC64E5)...
Deleting File> c:\program files\common files\goobzo\gbupdate\smci64.dll
Starting Routine> Removing c:\program files (x86)\searchprotect\searchprotect\bin\sptool64.exe...#(PX5: A9C55B2F10F601561F021AE2D405BA00F0C643D6 - MD5: 254D87543931196293A5196DA4CBEFA4)...
Deleting File> c:\program files (x86)\searchprotect\searchprotect\bin\sptool64.exe
Starting Routine> Removing c:\program files (x86)\max computer cleaner\bo.dll...#(PX5: 627BE0D600EE503720A100CAC37D780073DA2B23 - MD5: 367685C9F48DCE8AC987E664FE49B0D7)...
Deleting File> c:\program files (x86)\max computer cleaner\bo.dll
Starting Routine> Removing c:\program files\common files\goobzo\gbupdate\smci32.dll...#(PX5: 1B1F5B51B0CFAFC96B20121DC2062E00929332F6 - MD5: 24795D5ED0764375F3231B9CE955B614)...
Deleting File> c:\program files\common files\goobzo\gbupdate\smci32.dll
Starting Routine> Removing c:\users\shadowreaperx2\appdata\local\temp\nstaf77.tmp...#(PX5: E20B8E2BCCD6E3B2EA27038F88523C000EB2A1D0 - MD5: 8DB71F23CD565ACAC24792C0A1576761)...
Deleting File> c:\users\shadowreaperx2\appdata\local\temp\nstaf77.tmp
Starting Routine> Removing c:\users\shadowreaperx2\appdata\local\temp\awh389b.tmp...#(PX5: 2FF9186270DA13EABA965AC979FF4000D195B02F - MD5: 34A8A3D87F0A049F605A6B741C146D8A)...
Deleting File> c:\users\shadowreaperx2\appdata\local\temp\awh389b.tmp
Starting Routine> Removing c:\program files (x86)\ytdownloader\ytduninstall.exe...#(PX5: 1CD0931828AEAB341FF80925D4FCBC00CE8BC7B8 - MD5: C0B182F1DC962B0244BBFA209EC012F9)...
Deleting File> c:\program files (x86)\ytdownloader\ytduninstall.exe
Writing Registry Value> HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\YTDownloader - UninstallString
Deleting Registry Value> HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\YTDownloader - UninstallString
Starting Routine> Removing c:\program files (x86)\searchprotect\searchprotect\bin\vc64.dll...#(PX5: B0279872101F54F5B7647993C48B8500F071B9E4 - MD5: AF192B956ECCAAF66EAC82DA5D5AACCD)...
Deleting File> c:\program files (x86)\searchprotect\searchprotect\bin\vc64.dll
Starting Routine> Removing c:\users\shadowreaperx2\appdata\local\temp\is-00ggi.tmp\382.exe...#(PX5: 14A6205A080DF26CE90D8268785FCA00C3EDB9F1 - MD5: DAAAC596CF9AAC501A052673BD67C54B)...
Deleting File> c:\users\shadowreaperx2\appdata\local\temp\is-00ggi.tmp\382.exe
Starting Routine> Removing c:\program files (x86)\system notifierv10.03\utils.exe...#(PX5: B8B3A8A5DCE14F4DA7211B2C27945E003B254214 - MD5: 580BFED8B79558A53B615A6C00387348)...
Deleting File> c:\program files (x86)\system notifierv10.03\utils.exe
Startin

RELEVANCY SCORE 200
Preferred Solution: Lions, viruses and bears...oh my!

I recommend downloading and running Outlook PST Repair. It's a PST repair tool that I've used it in the past to recover emails, contacts, tasks and notes from corrupt Outlook files that are damaged or inaccessible. Supports Outlook 2000, 2002, 2003, 2007, 2010 and 2013.

You can download it direct from this link http://goo.gl/1bjhSi. (This link will automatically start a download of Outlook PST Repair that you can save to your computer.)

A: Lions, viruses and bears...oh my!

Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeList Restore PointsClick Go and post the result. Please download Malwarebytes Anti-Malware (MBAM) to your desktop.NOTE. If you already have MBAM 2.0 installed scroll down.Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:

Launch Malwarebytes Anti-MalwareA 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
Click Finish.On the Dashboard, click the 'Update Now >>' linkAfter the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.If an update is available, click the Update Now button.
A Threat Scan will begin.When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.In most cases, a restart will be required.Wait for the prompt to restart the computer to appear, then click on Yes.If you already have MBAM 2.0 installed:On the Dashboard, click the 'Update Now >>' linkAfter the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.If an update is available, click the Update Now button.
A Threat Scan will begin.When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.In most cases, a restart will be required.Wait for the prompt to restart the computer to appear, then click on Yes.How to get logs:(Export log to save as txt)After the restart once you are back at your desktop, open MBAM once more.Click on the History tab > Application Logs.Double click on the Scan Log which shows the Date and time of the scan just performed.Click 'Export'.Click 'Text file (*.txt)'In the Save File dialog box which appears, click on Desktop.In the File name: box type a name for your scan log.A message box named 'File Saved' should appear stating "Your file has been successfully exported".Click OkAttach that saved log to your next reply.(Copy to clipboard for pasting into forum replies or tickets)After the restart once you are back at your desktop, open MBAM once more.Click on the History tab > Application Logs.Double click on the Scan Log which shows the Date and time of the scan just performed.Click 'Copy to Clipboard'Paste the contents of the clipboard into your reply.Download Malwarebytes Anti-Rootkit (MBAR) to your desktop.Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.Double click on downloaded file. OK self extracting prompt.MBAR will start. Click "Next" to continue.Click in the following screen "Update" to obtain the latest malware definitions.Once the update is complete select "Next" and click "Scan".When the scan is finished and no malware has been found select "Exit".If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
"mbar-log-{date} (xx-xx-xx).txt""system-log.txt"NOTE. If you see This version requires you to completely exit the Anti Malware application message right click on the Malwarebytes Anti-Malware icon in the system tray and click on Exit. Please download Rkill (courtesy of BleepingComputer.com) to your desktop.There are 2 different versions. If one of them won't run then download and try to run the other one.You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/Double-click on the Rkill desktop icon to run the tool.If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.If not, delete the file, then download and use the one provided in Link 2.Do not reboot until instructed.If the tool does not run from any of the links provided, please let me know.If normal mode still doesn't work, run the tool from safe mode.When the scan is done Notepad will open with rKill log.Post it in your next reply.NOTE. rKill.txt log will also be present on your desktop.NOTE Do NOT wrap your logs in "quote" or "code" brackets.Do NOT use spoilers.Do NOT edit your reply to post additional logs. Create new reply. I'll not get any email notifications about edits so I won't know you posted something new.

Read other 14 answers
RELEVANCY SCORE 75.6

Ok so I seem to have more infections than a hosiptal wing. I've tried doing the things I've seen in other threads but nothing seems to get cleaned at all. I've downloaded the following in my search for cleanliness:
Spybot Search and Destroy

Counter Spy
Ad Aware
Ewido Anti-Spyware
CleanUP!
Hijack This

I have ran all of these in normal mode and safe mode, and everything just keeps coming back. If I run the same one over and over it will always find something, it never comes back clean. I found this God send of a site by searching for the "Command Service Virus" and "TagASaurus virus" and tried to follow those streams. Nothing seems to be working so I thought I should start fresh and hope that you'll help me. Important note I've just installed a new hard drive and clean Windows XP before this happened. I have no data to lose if you think formatting my drive and reinstalling XP from the begining would do the trick I have no problem with that. But I've heard that doesn't always get rid of viruses.

Also I use Firefox as my browser.

Here is my Hijack this log file.

Logfile of HijackThis v1.99.1
Scan saved at 5:08:24 PM, on 9/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchos... Read more

A:Lions and Tigers and Viruses OH MY!

Read other 16 answers
RELEVANCY SCORE 74

o k guys im will try my best to help u guys help me by describing my problems best i can. the first time i encountered something was when the computer popped up a window suggesting i choose "yes or no" in order to clean up some trojans/viruses/spwares. it was the same window that displays fatal errors, but this time it looked a little off. i didn't think too much of it, but the next day internet explorer kept sprouting up with random and crude looking spyware sites. i don't even use internet explorer. IE has a weird toolbar on it "security toolbar 7.1" and if oft time goes to "www.savetheinformation.com" with the title safety center or security center. does www.htepo.com ring a bell also? Also it automatically installs "online security" and "live safety center" onto my desktop which when clicked leads to www.htepo.com. i've had ad-adware, spybot, windows defender, stinger, and even the windows malicious virus detector and i never ran into this before, but now its crazy. windows defender found win32/fotomo. i kno there are a lot of nasties and even when i feel like i get rid of a lot of them they come back. thx for ur help. p.s. my norton has been expired for a while now, but this was never a issue before.

Deckard's System Scanner v20071014.68
Run by user on 2007-11-09 13:19:00
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore ---------------... Read more

A:spywares, malwares, viruses, rootkits, lions oh my. :(

"BUMP"! please i beg u guys to help me. i will listen to anything u guys tell me. pls tell me if any of my steps were mixed up.

Read other 2 answers
RELEVANCY SCORE 51.2

Hello all,

So I'll get right down to the pertinent details and try to be as clear and concise as I can.

This is the first computer I have attempted to build on my own without semi-professional help. I bought all the parts and assembled them, and through much toil, sweat, and troubleshooting, my creation came to life. (I got Windows 7 installed and booting.)

I have had what I believe to be several separate issues that I have resolved one at a time, until this last and glaring problem of random restarts. I will be playing a game, or doing some other task on the computer and the screen will black for an instant and then present me with multicolored scrambles and the audio will stutter on a loop of the last sound. (duration ~.3 sec) The computer will then reboot.

I do have auto restarts disabled, but it usually does not present a blue screen or create a minidump. I have gotten to a blue screen occasionally and gotten a dump out of it and they are attached. All I get out of the Event Viewer is Kernel Error 41 bugcheckcode 0.

Let me tell you what I have done:

Made sure all of my drivers were up to date. (using driver cleaners to make sure the old ones were out)
Up to date BIOS.
Disabled the AMD power save equivalent on the processor. (Cool&Quiet, I think) I had heard this could sometimes cause trouble.
Scanned for viruses and malware.
Ran the memory through 20 memtest extensive cycles, no errors.
Ran checkdisk several times, no problems.
Ran sfc ... Read more

A:Restarts and crashes and bears, oh my

I have no clue but if I had no guess I'd say it's your video card. Do you have any secondary sets of hardware to test with?

Read other 6 answers
RELEVANCY SCORE 51.2

My buddy is try to get rid of the Lions Search page from come up on his browser
he has Windows XP and use IE Exploer
please help and I will be doing the work for him
thank you
 

A:help getting rid of Lions Search page

Go into Control Panel>Internet Options and set the default page away from the Lions page to another, or to about.blank. Click Apply and OK before you close the form.
 

Read other 3 answers
RELEVANCY SCORE 51.2

Alright, no bears. I visited a website sent from a friend whose account was hijacked. Help! As soon as I clicked it I killed my Wi-Fi connection, but it was too late.Symptoms:- Random browser popups (IE) pointing to an IP address with a 404.- SpyBot reveals Virtumundo, among others, but can't remove it, even upon reboot.- Malware Bytes reveals same issue, but can't seem to remove it, even upon reboot.- After running above, I get RundDLL errors, where it claims that a dll is not a valid windows image. Incidentally, that dll was itemized by Spybot.- Upon reboot, I tend to have to repeat the above.What I've done:- SpyBot, with latest updates - Malware Bytes, with latest updates- ComboFix - one run, with reboot.See ComboFix log below:ComboFix 09-05-31.06 - steven.landers 2009-06-01 14:03.2 - NTFSx86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2883 [GMT -4:00]Running from: c:\documents and settings\Steven.Landers\Desktop\ComboFix.exe.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\documents and settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\c.cgmc:\documents and settings\NetworkService\Application Data\qqlhgjmmc:\documents and settings\NetworkService\Application Data\qqlhgjmm\profiles.inic:\documents and settings\NetworkService\Application Da... Read more

A:Virtumundo - Spyware - and Bears, oh my

ComboFix logs should not to be posted or discussed outside the HijackThis forums. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.Please create a new topic in the Am I Infected forum.http://www.bleepingcomputer.com/forums/f/103/am-i-infected-what-do-i-do/Explain the nature of your problem. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.If needed, we will direct you to our HJT Preparation Guide.This topic is now closed. The BC Staff

Read other 1 answers
RELEVANCY SCORE 48.4

https://www.shopforcollfootball.com/LSU-Derek-Stingley-Jr

Baylor has suspended all football-related activities, saying it needs to evaluate recent positive tests for COVID-19 and perform contact tracing.
The Bears have a bye week, but their homecoming game is planned for Oct. 17 in Waco, Texas.
"We are taking all possible precautions and our focus remains playing the scheduled game with Oklahoma State at McLane Stadium," Baylor athletic director Mack B. Rhoades said.
Baylor previously had to postpone its game against Houston on Sept. 19 after Baylor did not meet the Big 12 Conference COVID-19 thresholds for playing. One of Baylor's position groups did not meet the thresholds for competition, sources said.
The Bears are 1-1 after a win over Kansas on Sept. 26 and a 27-21 loss to West Virginia on Oct. 3
More site:shopforcollfootball.com

Read other answers
RELEVANCY SCORE 35.6

Dear tech,
I have run a BitDefender deep scan and several scans with AVG, Advanced System Care Pro, and IOBit Security 360 and still cannot get my puter to run as it should. I cleaned out several hundred photos and removed from hard drive and lost disk space rather than gained. Also was attacked by the GreenAV or GreenVA thing. That is when the problem really started.
I have a lot of programs that are running that I don't need but I don't know what is necessary and what is not. It seems that the CPU usage has increased unnecessarily and too many programs are loading at startup. I prefer Firefox browser but lately it is using a lot of cpu usage and causes puter to run very loud and interferes with my gaming and browsing. Puter freezes up a lot.
I have mcafee site advisor and for the most part I am careful even with the research sites I open. I am getting very frustrated with my puter. I do use Game Booster recently to help with gaming freezes, but I should not need to use it if puter were running properly. Should I seriously consider reinstalling Windows? I have been trying to remove the photos a few at a time which takes so long to burn on CD's as I am out of practice. As I have aged I find it more difficult to relearn my software.
I truly appreciate all the help you can give me and will follow your advice explicitly.
Thank you so much

A:Infected with Generic Trojan,2 Backdoor viruses, and 2 worm viruses

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 30 answers
RELEVANCY SCORE 35.6

I have run AVG and removed anything suspicious and then run Ad Aware and found 2 trojans and other less worrying items.
I have then run Hijackthis. Could a guru please have a look and see if they can see anything un toward please and any advice would be very much appreciated.
Thank you
Les

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:07:11, on 27/07/2009
Platform: Windows XP SP3, v.3264 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\i... Read more

A:Rootkit viruses - reformat Hard disk or find viruses?

Read other 16 answers
RELEVANCY SCORE 35.6

Logfile of HijackThis v1.99.1
Scan saved at 5:21:42 PM, on 7/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\LTMSG.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\mstc.exe
C:\Program Files\LogMeIn\LogMeInSystray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\LogMeIn\RaMaint.exe
C:\Program Files\LogMeIn\LogMeIn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\LogMeIn\LogMeIn.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main... Read more

A:AIM spreading viruses and over 2000 viruses/spyware cleaned.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Download and install Ewido http://www.ewido.net/en/download/
Double-click the Ewido icon on your desktop to run it.
On the top of the main screen click Shield. Click the word active to change it to inactive.
On the top of the main screen click 'Update'. Then click on 'Start update'. The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can get the manual update at http://download.ewido.net/ewido-sign...ll-current.exe
When you have finished updating, exit Ewido.

Download CleanUp! http://cleanup.stevengould.org/ (Alternate Link if main link don't work - http://www.greyknight17.com/spy/CleanUp.exe ) and install it. Don't run it yet.

Restart your computer and boot into Safe Mode (if you don't know how, go to http://www.bleepingcomputer.com/foru...howtutorial=61 ).

Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you check the last one:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com... Read more

Read other 14 answers
RELEVANCY SCORE 34.8

hey guys! I know that viruses like these and malicious viruses really suck right? Well, you should know that I couldn't even open site while my unknown virus lurking around on my computer indetected. The truth is I actually accidently downloaded it myself, big mistake! But, I used a different computer and went here where I found a program called Emisoft emergency kit. I tried to add it to  the forum but it is too big a file, but then I uploaded the kit to a flashdrive and transferred it to my broken computer and activated the system. And behold! In just one simple scan it found the virus and fixed my computer. just to prove it I would like to state that I am typing this forum through my newborn computer!

A:hey guys! I know that viruses like these and malicious viruses really suck right

tell me what you guys think and what words can I use to make me sound smarter.

Read other 3 answers
RELEVANCY SCORE 34.8

I have had some problems with my computer over the past week or two. It started out with my noticing a Google Redirect virus. I thought I had solved the problem and then over the past few days I have caught exploit.drop.2, exploit.drop.6 and exploit.drop.7 viruses on my computer. Some programs I use will not open and my computer has shut off spontaneously, I've had the "blue screen of death" as well. I actually uploaded files I wanted to keep to a website in hopes of restoring computer to factory default settings but couldn't do it. When I went to restore the computer to the factory settings it took me to a screen for me to put in a username and password. It wouldn't accept my information, or any of the generic "admin", "password" logins, etc.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Steve at 21:04:04 on 2011-12-27
Microsoft? Windows Vista? Home Basic 6.0.6002.2.1252.1.1033.18.3061.1526 [GMT -5:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomL... Read more

A:Have had exploit.drop viruses, redirect viruses

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/434892 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other answers
RELEVANCY SCORE 34.8

I was watching The Screen Savers on TechTV the other day and this guy called and said that he had something on his computer trying to do a DOS(Denial Of Service) Attack on a Korean(I think) server. he said he had ran anti-virus and stuff. They told him that they could especially if you said to download it from anti-virus and that it is going to be very hard to erase. They told him to run some more stuff and if that didn't help that they would say to re-install windows. IS this all true is it possible for it to hide from anti-viruses? Also would it be possible for a trojan on your computer and even threw scanning your computer with spyware removal tools and Anti-virus for it to still be there? I'm a newbie when it comes to viruses and stuff so if anyone could help please help me.
 

A:Can Viruses/Trojans Hide From Anti-Viruses?

Read other 9 answers
RELEVANCY SCORE 34.8

Ok I am new so i have no idea how to get or post a hijack this log so i'll tell you the info i do know. I am using windows xp, [email protected] trojan alert keeps popping. Spyware.cberlog-c alerts also. Internet explorer pops up saying i should download crap anti virus like "BestSellerAntivirus" didn't download. The sites were protectroom.com and system defender, and i get random ads sometimes. So I really need help this is really fustrating. I really don't want to reboot my computer. Oh also I run norton 360 and I have a fire wall and router firewall. I just saw this post so don't blame me i am having the troubles as adam929. PLease help me.
 

A:Viruses, spybots, and all these fake viruses and alerts

Read other 9 answers
RELEVANCY SCORE 34.8

Hi its been a long time since my computer has been slowing down. I didnt mind it at first but it has gotten into my nerves lately. earlier, only 2 folders were open, my pictures and a subfolder of it I recall but it has become really slow, as in super slow. it seems ok now but i encountered a new problem. it reboots in itself, it happened 3 times today. I also can't install yahoo messenger, tried it a couple of times but failed.

Recently, I just detected lots of viruses from removable disks. it changed the name of my flash disk to anti taga lipa are and added a virus called silentsoftech.exe, i also had a couple of trojans and also this brontok.n which is said to have prevented me from showing my hidden files and folders but fortunately, (I think) I have healed those viruses. and so as my antivirus says. by the way its kaspersky, I just changed from norton, it didn't even detected any of those viruses I have mentioned. i also have some problems with MS Word, when i open a document, only the application would open, I still need to click open and look for the document again. i think there are more problems, but these are the ones that I can remember. I'm still hoping that I could fix this without reformatting. Thanks

I ran hijackthis and got the log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:32:59 AM, on 2/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\... Read more

A:Multiple Viruses/ Removable Disk Viruses

bump!
 

Read other 2 answers
RELEVANCY SCORE 30.8

Well folks, there I was sitting on the couch, and my girlfriend says, right out of the blue, "My computer isn't working."My god, was she right.After a lot of manual cleanup and other tricks, I've finally been able to get the machine to log on and not be completely overrun by viruses, and I even managed to install the free version of AVG and HiJackThis. But that's more or less where it stops.AVG scans, and detects 20 odd different viruses, and tries to remove them (deletion, from what i can tell) and then thinks everything is happy, until i restart. Then they're all back again.HiJackThis results in a STOP 0x0000000A error unless I run it in safe mode, so here's what I've got:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 18:08:20, on 2007/07/28Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Boot mode: Safe modeRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dllO2 - BHO: C:\WINDOWS\System32 ... Read more

A:Viruses. Lots Of Viruses.

Hello there and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today. You have quite a heavily infected computer, it is likely that we will need to perform a few scans before you will be completely clean from malware, so please bear with me.Download Brute Force Uninstaller.Unzip it to a folder of its own (c:\BFU).Start the Brute Force Uninstaller by doubleclicking BFU.exeNext to 'scriptfile to execute' you'll see a little icon like this: When you click that icon, a little window will open that says: 'Please enter the full URL to the sript you want to execute'In the field, copy and paste this:http://metallica.geekstogo.com/alcanshorty.bfuClick OK. Then click Execute to run the script.Wait for the 'complete script execution' box to popup and press OK.Press Exit to terminate the BFU program.Download Combofix to your Desktop.Double click combofix.exeFollow the prompts that are displayed. Don't click on the window while the fix is running, because that will cause your system to hang.When finished, it should produce a log, combofix.txt. Post that in your next reply.Please include the Combofix log along with a fresh HijackThis log in your next reply.Thanks,Charles

Read other 6 answers
RELEVANCY SCORE 30.8

I'm currently running adaware and a full AVG scan on my sisters computer. At the moment Adaware has found over 230 new objects and it's still in C:documents and seetings

Now the big problem lies with AVG, every few minutes a window will pop up saying that a Virus (trojan downloader AS and stubby C for the most part) has been detected. Some of the files I can delete and others it says "No option available". There're also a bunch of pop up adds that open when IE is opened. I'll post an HJT log after the scans are done.
 

A:Viruses...lots of viruses

Read other 15 answers
RELEVANCY SCORE 24.8

i'm a real novice with computers so i'm not sure where to start to clean my computer. i got a bunch of viruses from AIM and i'm hoping someone can guide me step-by-step to get rid of them. here is my log file from hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 11:43:22 AM, on 9/24/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\Hummingbird\Connectivity\8.00\Inetd\inetd32.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\ZipToA.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Trend Micr... Read more

A:help me get rid of these viruses!

Welcome to TSG

Click here to download the trial version of Ewido Security Suite:
http://www.ewido.net/en/download/

Install Ewido.
During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
Launch ewido.
It will prompt you to update click the OK button and it will go to the main screen.
On the left side of the main screen click update.
Click on Start and let it update.
DO NOT run a scan yet.

Restart your computer into Safe Mode now.
(Start tapping the F8 key at Startup, before the Windows logo screen).
Perform the following steps in Safe Mode:

* Run Ewido:
Click on scanner
Click Complete System Scan and the scan will begin.
During the scan it will prompt you to clean files, click OK.
When the scan is finished, look at the bottom of the screen and click the Save report button.
Save the report to your desktop.

Reboot.

Post a new Hijack This log and the results of the Ewido scan.
 

Read other 1 answers
RELEVANCY SCORE 24.8

one day my computer started acting wierd like not being to access control panel, task manager, internet. I knew i had viruses and trojans, so i download for free stopzilla. and the scan said things like dollar revenue, kavo at critical. then i downloaded antivirus plus pareto logic and it said i had 100 viruses. i had downloader loadadv gen trojan, zero day attack at critical also about ten more at critical. and now i want to buy something on the internet really bad but i know its not safe. how can i completely get rid of these viruses so that i can start buying off the internet. what antivirus program do you suggest. oh yah my computer acting wierd and stuff that hasnt happened in a month. if i cant fix this soon then ill have to buy a new computer, I hope my computer be saved.

A:200 viruses!

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Read other 1 answers
RELEVANCY SCORE 24.8
Q: Viruses

i need help with AVG i wanna know how to get rid of trojan and other viruses on my computer with it cause it wont heal them and i need help
 

Read other answers
RELEVANCY SCORE 24.8

i cant even open up any of my spyware removals. i have microsoft security essentials and it wont open. i try to download new ones and it wont work. I need help fast!! My backround screen has been taken over by a virus warning

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:15:19 PM, on 3/20/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\dldtcoms.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\FirefoxPreloader\FirefoxPreloader.e... Read more

A:Need serious help!! Viruses!!

Read other 8 answers
RELEVANCY SCORE 24.8

ok then I have trojan.byteverify, java.Nocheat, and JS.Exception.Exploit
Logfile of HijackThis v1.97.3
Scan saved at 7:38:03 PM, on 11/9/2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svcinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\PackethSvc.exe
C:\Program Files\Sophos\Remote Update\cachemgr.exe
C:\Program Files\COMPAQ\Compaq Advisor\bin\compaq-rba.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\WINDOWS\System32\PROMon.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\windows\rundll32.exe
C:\Program Files\Common Files\Microsoft... Read more

A:3 viruses

lord42

Welcome to TSG!

Here is a new Beta version of CWShredder that should do a better job for you:

http://www.spywareinfo.com/~merijn/files/beta/CWShredder.exe

The files we are going to delete are hidden files so click on My Computer. Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files". Now click "Apply to all folders"
Click "Apply" then "OK"

Run Hijack This again and put a check by any of these that are left. Close all browser windows and "Fix checked"

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O4 - HKLM\..\Run: [spp] regedit -s C:\sp.reg

O4 - HKLM\..\Run: [System Service] C:\WINDOWS\System32\msrexe.exe

O4 - HKLM\..\Run: [Windows Shell Library Loader] load shell.dll /c /set -- by windows setup --

O4 - HKLM\..\Run: [Tapicfg.exe] C:\WINDOWS\System32\tapicfg.exe

O4 - HKLM\..\Run: [VB_run] C:\WINDOWS\comctl_32.exe

O4 - HKCU\..\Run: [explore] c:\windows\explore.exe

O4 - Startup: PowerReg Scheduler.exe

O4 - Global Startup: MSupdater.exe

O8 - Extra context menu item: Web Search - c:\windows\ex.htm

Restart to safe mode and delete:

The C:\WINDOWS\System32\svcinit.exe file
The C:\sp.reg file
The C:\WINDOWS\System32\msrexe.exe file
The C:\WINDOWS\System32\tapicfg.exe file
The C:\WINDOWS\comctl_32.... Read more

Read other 1 answers
RELEVANCY SCORE 24.8
Q: Viruses

Hello everyone.
Once again I have some problems. As I type this I am doing a virus scan with Norton. It says I have 4 infected files, but I am not sure wich ones yet. I know you cant do much without info, but as soon as it finishes I will tell you wich ones they are and am going to post a copy of a hijack log. Anyone know if I can make a hijack log as I search for viruses, or will it effect one of the processes if I do? I also noticed my computer making a bit more fan noise than usual. Also, my mom was on the PC yesturday when I wasnt home, so it might have been something then. Thanks.
 

RELEVANCY SCORE 24.8

Please help me.. I asked about this before. I dont think its a ie hijack.. its a trojan.. I dont want to lose all my stuff. thanks.

-Jere Rutter
 

A:Please help... Two viruses. CANT DO ANYTHING!!! :(((

Read other 16 answers
RELEVANCY SCORE 24.8
Q: viruses

I'm not very technical, and my other computer is infected with what looks like torjan bnk.key logger. It won't let me access to IE to download anything . Keeps taking me on a loop to purchase software
 

A:viruses

download these to the working computer & transfer them over so we can see what is wrong

follow advice here and post the logs those programs make
 

Read other 1 answers
RELEVANCY SCORE 24.8

hi guys

ok ive followed the 5 steps and i am unsure what viruses i have ? can u help me in finding them with the names so i can post on here what my virus problems are ?

thanks
mike



Deckard's System Scanner v20071014.68
Run by Administrator on 2008-07-19 16:58:48
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
131: 2008-07-19 15:58:55 UTC - RP131 - Deckard's System Scanner Restore Point
130: 2008-07-19 15:48:36 UTC - RP130 - Installed Windows Internet Explorer 7.
129: 2008-07-19 15:48:25 UTC - RP129 - Installed Windows IDNMitigationAPIs.
128: 2008-07-19 15:48:04 UTC - RP128 - Installed Windows NLSDownlevelMapping.
127: 2008-07-19 13:10:57 UTC - RP127 - System Checkpoint


-- First Restore Point --
1: 2008-07-05 08:13:37 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-19 17:00:32
Platform: Windows XP Service Pack 3 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
... Read more

A:how do i know what viruses i have ?

Hello and welcome to TSF

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

========

Please follow all instructions and in which order they come, if you have any questions, please ask before proceeding. Its important that you follow this through until i give you the all clear, a lack of symptoms does not mean that it is no longer present.

Please Do Not Attach logs to your posts unless you are advised to do so.


========

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.

=========

P2P

P2P - I see you have P2P software Azureus Vuze and LimeWire 4.18.2 installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.

References for the ... Read more

Read other 6 answers
RELEVANCY SCORE 24.8

Hello, i'm Mahesh and i would glady appreciate your help.

Last week my computer began acting strangly when it became very slow and a program AV CARE was installed automatically. Since then ive managed to get rid of it and scan the computer for viruses. However, even though i seemed to get rid of them, they seem to still be affecting the computer. The problems are that the computer is really slow and every now and then i get a message saying that C:\windows\system32\system.exe terminated unexpectedly with status code 1073740972 and that i had to save within 60 seconds (i think it was, i mean i didn't have that long to write it down, next time it happens ill check). This keeps happening and my computer takes ages to respond.

Ive got a dell dimention 4600 and im on XP.
Any help will be welcomed. Thanks so much!

A:Bad viruses.

Hello and Welcome.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Regarding the shutdown in 60 seconds, this should help.

Open notepad and copy/paste the text in the quotebox below into it:


Code:

@shutdown -a
Save this as fix.bat Choose to "Save type as - All Files"
It should look like this:

Each time your machine threatens to shutdown, double click on fix.bat & it shall abort the shutdown procedure. That should ease some of your current difficulties.

------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed. I currently have as many open topics as I can effectively handle; this will have you back in queue with the proper logs so an available helper would be able to assist.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Viru... Read more

Read other 1 answers
RELEVANCY SCORE 24.8

My AVG scans have come up with a boat load of stuff which has been dumped to the virus vault, but I don't know if I'm still infected or what??I am running an old pc with windows 2kpro for an OS. I strictly use Firefox for my internet. If any more info is required I apologize.Here is a copy of my HJT log.Thanks for any and all help in advance!BBLogfile of Trend Micro HijackThis v2.0.2Scan saved at 9:37:27 PM, on 1/7/2008Platform: Windows 2000 SP4 (WinNT 5.00.2195)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Boot mode: NormalRunning processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\system32\svchost.exeC:\WINNT\system32\LEXBCES.EXEC:\WINNT\system32\spoolsv.exeC:\WINNT\system32\LEXPPS.EXEC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\PROGRA~1\Grisoft\AVG7\avgrssvc.exeC:\PROGRA~1\Grisoft\AVG7\avgrssvc.exeC:\PROGRA~1\Grisoft\AVG7\avgemc.exeC:\PROGRA~1\Grisoft\AVG7\avgrssvc.exeC:\WINNT\System32\svchost.exeC:\Program Files\ewido anti-malware\ewidoctrl.exeC:\PROGRA~1\Iomega\System32\AppServices.exeC:\... Read more

A:Need Some Help...possible Viruses?

Hello busybeaver and welcome to BleepingComputer!Apollogies for the delay. The forum has been very busy lately. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic: Preparation Guide For Use Before Posting A Hijackthis Log.Thanks,Johannes

Read other 1 answers
RELEVANCY SCORE 24.8

Please help me. But keep in mind I am not as technical as most of you. I have been infested by what I believe to be several different viruses on my home PC.

I tried to clear history, files and temp files...no help. Pop-ups multiply by the second.

I went out here and got a scan - Spy nuker - I believe, it scanned and found 407 infected files. Prompted me to purchase clean tool, so I did.

It showed rb32, n-case, launcher, xupiter just to name a few.

So I cleaned several times, until I came up with a scan with 0 infected files. Thought I was in the clear, but NO - POP UPS still monopolize my pc. What do I do, and do I have to spend more money to get this fixed?

Also, when I was doing uninstall on several of the programs, I did an uninstall on what was called "launcher", right after that, I could no longer open any of my microsoft office programs. The documents that are saved are still there, just can't open them.
Any way for me to retrieve these programs?

Also, did some changes on security on the internet, is this doing me any good and/or necessary?

Forever indebted,
Jody
 

A:Viruses, viruses and more viruses

Read other 16 answers
RELEVANCY SCORE 24.8

My first issue was windows giving me this error at startup "Windows cannot find 'C:\windows\services.exe'. Make sure you typed the name correctly, and then try again"

I clicked ok and this came up "Could not load or run 'C:\windows\services.exe' specified in the registry. Make sure the file exsists on your or remove the reference to it in the registry" this makes sense due to the previous problem.

I thought I would just copy it over from system 32 to into the windows file but as it turns out services.exe is a sonar virus as well as "pukka". I was then refered here by POADB.

So here is my DDS.txt result:
____________________________

DDS (Ver_09-06-26.01) - NTFSx86
Run by User at 12:35:16.20 on Sat 07/11/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.521 [GMT 2:00]

AV: Norton AntiVirus *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton AntiVirus *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
C:\... Read more

A:Help. Viruses!

Hello and welcome to TSF

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

========

Please follow all instructions and in which order they come, if you have any questions, please ask before proceeding. Its important that you follow this through until i give you the all clear.

=========

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Place combofix.exe on your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.

Double click on combofix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.

With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.

Follow the prompts to allow ComboFix to download and install th... Read more

Read other 10 answers
RELEVANCY SCORE 24.8
Q: viruses

My "internet has encountered a problem and needs to close down, sorry for the inconvenience." every time I turn on the internet. What is happening? Can I get some help?
 

Read other answers
RELEVANCY SCORE 24.8

Malware bytes keep saying it blocks incoming AND outgoing ip addresses.
heres a little list of em.
07:25:39 Jackson IP-BLOCK 95.143.193.1 (Type: outgoing)
07:25:42 Jackson IP-BLOCK 95.143.193.1 (Type: outgoing)
07:25:48 Jackson IP-BLOCK 95.143.193.1 (Type: outgoing)
07:29:44 Jackson IP-BLOCK 87.248.176.1 (Type: outgoing)
07:33:19 Jackson IP-BLOCK 208.73.210.2 (Type: outgoing)
07:33:22 Jackson IP-BLOCK 208.73.210.2 (Type: outgoing)
07:33:26 Jackson IP-BLOCK 78.140.152.6 (Type: outgoing)
07:33:28 Jackson IP-BLOCK 208.73.210.2 (Type: outgoing)
07:33:29 Jackson IP-BLOCK 78.140.152.6 (Type: outgoing)
07:33:35 Jackson IP-BLOCK 78.140.152.6 (Type: outgoing)
07:33:41 Jackson IP-BLOCK 208.73.210.2 (Type: outgoing)
07:33:44 Jackson IP-BLOCK 208.73.210.2 (Type: outgoing)
07:33:50 Jackson IP-BLOCK 208.73.210.2 (Type: outgoing)
07:34:21 Jackson IP-BLOCK 93.183.194.2 (Type: incoming)
07:38:20 Jackson IP-BLOCK 95.143.193.1 (Type: outgoing)
07:38:23 Jackson IP-BLOCK 95.143.193.1 (Type: outgoing)
07:38:29 Jackson IP-BLOCK 95.143.193.1 (Type: outgoing)
07:44:28 Jackson IP-BLOCK 87.248.176.1 (Type: outgoing)
07:44:58 Jackson IP-BLOCK 222.65.80.43 (Type: outgoing)
07:48:56 Jackson IP-BLOCK 95.143.193.1 (Type: outgoing)
07:48:59 Jackson IP-BLOCK 95.143.193.1 (Type: outgoing)
07:49:05 Jackson IP-BLOCK 95.143.193.1 (Type: outgoing)
07:53:17 Jackson IP-BLOCK 78.140.152.6 (Type: outgoing)
07:53:21 Jackson IP-BLOCK 78.140.152.6 (Type: outgoing)
07:53:27 J... Read more

A:One or two viruses? and how to fix

Read other 6 answers
RELEVANCY SCORE 24.8

Please, I'm in desperate need of help.

First I'll start with whats going wrong with my computer;

- Where i try to open Windows Media Players it says "Can not perform operation, memory to low"
- Cannot copy and paste
- Cant open weblinks

There's probably a few others problems that I havent worked out yet.

Fortunatly I can paste my HiJackThis log, is there anyone that could go thorugh this and work out what to fix?

Logfile of HijackThis v1.96.0
Scan saved at 13:52:56, on 30/08/2003
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\WINNT\system32\crypserv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\WINNT\explorer.exe
C:\WINNT\loadqm.exe
C:\Program Files\Common Files\CMEII\CMESys.exe
C:\WINNT\Dit.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\WildTangent\Apps\GameChannel.exe
C:\WINNT\wt\updater\wcmdm... Read more

A:What viruses do I have?!

Read other 16 answers
RELEVANCY SCORE 24.8
Q: viruses

i can't copy and paste. i have stinger which scans my computer for viruses and every time i scan it the same viruses keep coming up.they are svchost.exe and dllhost.exe. i can't play windows media player when im connected to the internet unless i open it before i connect. And i can't drag items off the desktop into something else. Also sometimes when i got to control panel and add/remove programmes it doesn't show the items and instead of saying close it says cl&ose.
 

A:viruses

go to http://www.tomcoyote.org/hjt/ , and download 'Hijack This!'.
Unzip, doubleclick HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log somewhere, and please copy & paste its contents to the forum.

It will possibly show issues deserving our attention, but most of what it lists will be harmless or even required, so do NOT fix anything yet.
Someone here will be happy to help you analyze the results.
 

Read other 1 answers
RELEVANCY SCORE 24.8

n e body kno how to get rid of the w32.valla.2084 virus
 

A:help with viruses

First, I think you mispelt w32.valla.2048 virus. Sorry for being so pedantic.

Do you have any AntiVirus installed, such as Norton AV?
If not, try this maybe...

Go to the following site http://www.norman.com/virus_info/w32_valla_2048.shtml and download and use "Vallafix" in the Detection and removal section. Worth a try.

Hope this helps!

 

Read other 3 answers
RELEVANCY SCORE 24.8

So I got some viruses last night and I ran Malwarebites and it did not fix everything. Then things got worse and there were some weird programs running in my processes and now I am unable to open most programs without a fake "XP Internet Security 2012 Firewall Alert" opening up asking me to fix it or ignore it and continue.

I tried clicking on the ignore option once because the alert came up when I tried to access my control panel and nothing that bad seemed to happen. But I am still unable to open Firefox, Winamp or any number of other programs.

I used DDS and GMER and got the text files also. Now I'm wondering where I should go from here.
 

A:Got some viruses, need some help

I was able to get access to my programs and run Malwarebytes again by using this guide

http://www.bleepingcomputer.com/virus-removal/remove-win-7-antispyware-2012

However there is still 2 programs running in my processes called "Acrord32.exe" and "Ngokac.exe" which are taking up a lot of mem usage. There are also 2 icons on my taskbar that were never there before that say "help" and "options" wghen I drag my cursor over them.

I'm not really sure where to go from here. What should I do to try to fix this problem?
 

Read other 1 answers
RELEVANCY SCORE 24.8

Hello, im have got this problem on my computer where it redirects my google searches to quicksearch.com or fastsearch.com or licosearch. Also recently my computer won't load up my desktop and crashes constantly when it ry to open up any item. The sound icon in the taskbar freezes and locks up. It also crashes the desktop and needs me to click restore and crashes again. In short its not letting me use anything so im now using my mums account...

I tried download dds by subs but my computer won't let me the open the links for it.

Im a novice and was wandering if you guys could help me.

Hijack This:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:42:28, on 09/06/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton GoBack\GBPoll.exe
C:\WINDOWS\System32\G... Read more

Read other answers
RELEVANCY SCORE 24.8

Started having problems ran spybot and adaware and norton antivirus 06 spybot started freezing up when i tried fixing virtumonde.generic joined your site got hijackthis and here is my first log just need some direction on what to do next. thanksLogfile of Trend Micro HijackThis v2.0.2Scan saved at 2:08:27 AM, on 1/7/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\WINDOWS&... Read more

A:Help With Viruses

Hello solution23,

Welcome to Bleeping Computer

Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea

Read other 2 answers
RELEVANCY SCORE 24.8

You all helped me out greatly in the past ...... and ever since then my computer has been working GREAT! Until recently. I'm getting a few pop-ups and a bunch of things coming up from AVG saying something like this could be a threat and needs to be shut down. I haven't gotten that in the last few days though, but when AVG scanned my computer this morning it said there were 56 threats ..... and all of them said "virus found lop".

Sorry if that's not too detailed. I know nothing about this sort of stuff ..... but you all walked me through it last time and told me exactly what to do to get it running better. Thanks for all your help!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:22:09 PM, on 2/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINNT\system32\CTsvcCDA.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINNT\system32\SK9910DM.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINNT\GWMDMMSG.exe
C:\WINNT\System32\hkcmd.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Creative\Me... Read more

A:Need Help With Viruses (w/ HJT log)

Read other 7 answers
RELEVANCY SCORE 24.8

Hey all. Somehow I got a ton of virusus that give me all this porn stuff. I ran HJT many times, Ad-aware, NAV, SpybotSD and I still have stuff on my comp. When I shut down, it loads IE right before and opens a porn site and says donwload aborted. Below is my HJT log, followed by my HJT start-up log. PLEASE any help is appreciated.

Logfile of HijackThis v1.97.7
Scan saved at 1:21:38 AM, on 12/13/2003
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
C:\WINNT\System32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C... Read more

A:Viruses!

Any help????
 

Read other 2 answers
RELEVANCY SCORE 24.8

Hello!!I have noticed my PC is going slow in last days, sometimes it doesn't work properly and I have to reboot it... I think I have some viruses...Here is the log...Logfile of Trend Micro HijackThis v2.0.2Scan saved at 07:27:20 p.m. PINKCESA, on 18/05/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16640)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Archivos de programa\Canon\IJPLM\IJPLMSVC.EXEC:\Archivos de programa\Archivos comunes\LightScribe\LSSrvc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\wscntfy.exeC:\HP\KBD\KBD.EXEC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\Archivos de programa\Hewlett-Packard\HP Software Update\HPWuSchd2.exeC:\Archivos de... Read more

A:Several Viruses

Hello Chulegcg and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download Malwarebytes' Anti-Malware from Here or HereDoubleclick mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is complete... Read more

Read other 2 answers
RELEVANCY SCORE 24.8

I just recently removed the Vundo virus off my computer with Vundofix. I am now having problems with Internet Explorer and Firefox both loading websites at times. I will go to a website and the computer just sits there waiting for a response fom the page. I am also getting pop ups, and the system is running slow.Here is the main text from the DSS scan:Deckard's System Scanner v20071014.68Run by Administrator on 2008-06-18 22:16:44Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --59: 2008-06-19 04:16:52 UTC - RP839 - Deckard's System Scanner Restore Point58: 2008-06-18 06:06:04 UTC - RP838 - Last known good configuration57: 2008-06-18 06:06:01 UTC - RP837 - Last known good configuration56: 2008-06-18 06:06:00 UTC - RP836 - Last known good configuration55: 2008-06-18 06:06:00 UTC - RP835 - Last known good configuration-- First Restore Point -- 1: 2008-06-18 06:05:56 UTC - RP781 - Software Distribution Service 3.0Backed up registry hives.Performed disk cleanup.-- HijackThis (run as Administrator.exe) ---------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:19:58 PM, on 6/18/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOW... Read more

A:Viruses And Pop-ups

Hello Jerome and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download Malwarebytes' Anti-Malware from Here or HereDoubleclick mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed,... Read more

Read other 8 answers
RELEVANCY SCORE 24.8
Q: viruses

first ive been looking for solution for my problems found 1 thread but his prolbem wasnt resolved he had to reformat. my computer has been acting up i dont know alot about computers so heres my problem a virus took away my system admin privlages and several other viruses effected my system the got rid of my ability to copy and paste drag and drop ( some reason i can copy and paste hijack this logs) also my sound is gone. these are not hardware problems since i already went and check that first doing a quick virus scan with avast it says i have 3 viruses.

also i tried running an online scan just to double check but mozila firefox is not supported and i uninstalled internet explorer will post a hijackthis log below

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:38, on 2008-02-20
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WIND... Read more

A:viruses

right i ran a search and destroy scan and it seems i have 6 keyloggers 34 trojans and 3 viruses any help on how to remove them since avast wont pick them up so i can repair them

Read other 19 answers
RELEVANCY SCORE 24.8

Hey, So I'm not even 100% sure I have a virus, but I'm pretty sure I do. What happends is basically it doesn't allow me to go to some sites, and its slightly slower, here's the hijack this log..Looks really unhealthy to me ;) those systemroot thingys look like trojans.. I've ran malwarebytes antimalware, Windows Malware remover, spybot Search and Destroy. I also have avast as well as mcaffe.Didn't pick up anything, I also checked to make sure I wasn't on a proxy server, which I'm not.. So.. Whats up Doc?Logfile of Trend Micro HijackThis v2.0.4Scan saved at 10:56:25 PM, on 9/1/2010Platform: Windows 7 (WinNT 6.00.3504)MSIE: Internet Explorer v8.00 (8.00.7600.16385)Boot mode: NormalRunning processes:C:Program Files (x86)IntelIntel Matrix Storage ManagerIAAnotif.exeC:Program Files (x86)CyberLinkPowerDVD DXPDVDDXSrv.exeC:Program Files (x86)Dell WebcamDell Webcam CentralWebcamDell2.exeC:Program Files (x86)RoxioRoxio BurnRoxioBurnLauncher.exeC:Program Files (x86)Dell Support Centerbinsprtcmd.exeC:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exeC:Program Files (x86)Common FilesJavaJava Updatejusched.exeC:Program Files (x86)iTunesiTunesHelper.exeC:Program Files (x86)Dell Support Centergs_agentdsc.exeC:Program Files (x86)Internet Exploreriexplore.exeC:Program Files (x86)Internet Exploreriexplore.exec:PROGRA~2mcafee.comagentmcagent.exeC:Program Files (x86)RoxioRoxio BurnRoxio Burn.exeC:Program Files (x86)Internet Exploreriexplore.exeC:Program Files... Read more

A:Possible Viruses

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the ... Read more

Read other 2 answers
RELEVANCY SCORE 24.8

I have windows XP and F-secure virus scan AND Adaware and I have about 5 viruses that I cannot get rid of. It started with Virus.Win32.Nsag.a ..... then Exploit.HTML.DragDrop and JS/NoClose.M showed up. Then MSOLE32.EXE arrived last night and this morning a trojan downloader that I did not write the complete name down. The virus scan sez it can't get rid of any of these, but it has renamed some of them. I don't want them renamed, I want them gone!!!! I can't find much info on any of them, but maybe I don't know how to look. Please help!!!
 

A:Too Many Viruses

Read other 9 answers
RELEVANCY SCORE 24.8

according to spyHunter3
I may have
Zlob.trojan
Trojan.Vundo
Virusprotect
Adware.BHO.je
VirusHeat
wildTangent
DMSETUP


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 4:27:16 PM, on 2/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NetProject\scit.exe
C:\Program Files\NetProject\sbmntr.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\s... Read more

A:I believe I have about 5 viruses. Please Help

Hello skipper281989 and Welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please be patient with me during this time.

-----------------------------------------------

HJT v2 is out of Beta now. Please uninstall it from Add/Remove programs, delete the executable, and get the latest version here.

Please read this sticky topic, and then do this:

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
Please attach extra.txt to your post.
To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into th... Read more

Read other 1 answers