Over 1 million tech questions and answers.

Originally had Anti-virus Soft. Thought I had removed it. Have removed various Trojans and malware in the last week.

Q: Originally had Anti-virus Soft. Thought I had removed it. Have removed various Trojans and malware in the last week.

Got the Anti-virus soft virus more then a couple of weeks ago and was pretty sure I got it all. One of the things it did was attack my Hotmail account and send emails out to everyone in my contact list and my girlfriend got the (something) essentials 2010. I will post about that later on if I have problems. I was going to use the Hirens 10.2 boot disk and see if I could finish it off. I received an email from her with a couple of pictures of the kids. I opened one but not the other. The problem is she didn?t send me the email. Anyway I have used various spy-ware and malware removal tools as suggested from this very helpful forum and have the logs if you want to see them. So I am hoping you can take a look at my logs and see if you see any discrepancies. Thinking I need to reinstall Avast but not sure. I have used the basics and quarantined quit a bit of trojans and others. I have used Malwarebytes (Which I used first and didn't completely remove Anti-virus Soft.) SuperAntiSpyware, HyjackThis, Spybot, RootKitBuster, (I wasn't sure how interpret the log and what to do) SpyWareBuster, Combofix, a-squared Free, (Wish I could delete a2squared.exe from my start-up list) Dr.Web, (I had a warning on Combofix about a possible Varuit but it didn't find one) Norman Malware Cleaner, CCleaner, ATF Cleaner, Ran scans with Trend Micro Housecall and Avast. I think that?s it. I have the logs if you wish to see them.-------------------------------------------DDS (Ver_09-12-01.01) - NTFSx86 Run by Owner at 2:48:57.46 on Mon 03/01/2010Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_18Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1791.970 [GMT -8:00]AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}AV: avast! antivirus 4.8.1368 [VPS 100228-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}============== Running Processes ===============C:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\svchost.exe -k HTTPFilterC:\WINDOWS\system32\lxdxcoms.exeC:\WINDOWS\System32\svchost.exe -k imgsvcC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\a-squared Free\a2service.exeC:\Documents and Settings\Owner\Desktop\gmer.exeC:\Documents and Settings\Owner\My Documents\My Downloads\dds(2).scr============== Pseudo HJT Report ===============uStart Page = hxxp://www.google.com/uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8mLocal Page = hxxp://news.google.commStart Page = hxxp://news.google.comuSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%sBHO: Control Popups in Internet Explorer: {41353f8b-78ce-48a5-be44-153ed293d192} - c:\progra~1\popupp~1\PopLib.dllTB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No FileEB: {32683183-48a0-441b-a342-7c2a440a9478} - No FilemRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exemRun: [lxdxmon.exe] "c:\program files\lexmark 3600-4600 series\lxdxmon.exe"mRun: [lxdxamon] "c:\program files\lexmark 3600-4600 series\lxdxamon.exe"mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInitmRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartupmRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /autoDPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cabDPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cabDPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cabDPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cabDPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cabDPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cabDPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cabSEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL================= FIREFOX ===================FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\lm9qw8v9.default\FF - prefs.js: browser.search.selectedEngine - YahooFF - prefs.js: browser.startup.homepage - hxxp://news.google.com/nwshp?hl=en&tab=wn&q=FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.2.145.5\npGoogleOneClick8.dllFF - plugin: c:\program files\google\google updater\2.4.1739.5352\npCIDetect13.dllFF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dllFF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dllFF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dllFF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}---- FIREFOX POLICIES ----c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);============= SERVICES / DRIVERS ===============R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [2004-8-27 116264]R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-3-15 114768]R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-10-12 12872]R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-10-12 66632]R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-3-15 20560]R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-3-15 138680]R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-11-11 55656]R2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe -service --> c:\windows\system32\lxdxcoms.exe -service [?]R3 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2010-2-26 1858144]R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-3-15 254040]R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-3-15 352920]S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]S1 avgio;avgio;\??\e:\funny\avira\antivir desktop\avgio.sys --> e:\funny\avira\antivir desktop\avgio.sys [?]S2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdxserv.exe [2009-4-9 94208]S3 ASUSHWIO;ASUSHWIO;\??\c:\windows\system32\drivers\asushwio.sys --> c:\windows\system32\drivers\ASUSHWIO.sys [?]S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-10-12 12872]S4 AntiVirSchedulerService;Avira AntiVir Scheduler;"e:\funny\avira\antivir desktop\sched.exe" --> e:\funny\avira\antivir desktop\sched.exe [?]S4 AntiVirService;Avira AntiVir Guard;"e:\funny\avira\antivir desktop\avguard.exe" --> e:\funny\avira\antivir desktop\avguard.exe [?]S4 vsdatant;vsdatant; [x]=============== Created Last 30 ================2010-03-01 10:44:41 0 -c--a-w- c:\documents and settings\owner\defogger_reenable2010-02-28 12:28:50 0 dc----w- c:\documents and settings\owner\DoctorWeb2010-02-27 18:59:26 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys2010-02-27 18:59:23 19160 -c--a-w- c:\windows\system32\drivers\mbam.sys2010-02-27 18:59:23 0 dc----w- c:\program files\Malwarebytes' Anti-Malware2010-02-27 18:18:19 7380 -c--a-w- c:\windows\system32\winspy.tlb2010-02-27 00:05:17 0 dc----w- c:\program files\a-squared Free2010-02-24 22:52:11 0 dc----w- c:\program files\SpywareBlaster2010-02-24 03:59:47 0 dc----w- C:\!KillBox2010-02-22 07:56:27 130 -c--a-w- c:\documents and settings\owner\webct_upload_applet.properties2010-02-19 20:35:49 0 dc----w- c:\program files\JRE2010-02-18 00:52:04 0 dcsha-r- C:\cmdcons2010-02-18 00:51:22 98816 -c--a-w- c:\windows\sed.exe2010-02-18 00:51:22 77312 -c--a-w- c:\windows\MBR.exe2010-02-18 00:51:22 261632 -c--a-w- c:\windows\PEV.exe2010-02-18 00:51:22 161792 -c--a-w- c:\windows\SWREG.exe2010-02-18 00:16:25 25699 -c--a-w- c:\windows\system32\nvdisp.nvu2010-02-18 00:16:25 0 dc----w- c:\windows\nview2010-02-17 23:49:11 0 dc----w- c:\windows\NV6561000.TMP2010-02-17 21:29:39 0 dc----w- C:\ppchjt2010-02-17 20:27:20 0 dc----w- c:\windows\NV5601636.TMP2010-02-17 20:05:23 0 dc----w- c:\windows\nView-nv147562010-02-12 02:06:21 0 dc----w- c:\docume~1\alluse~1.win\applic~1\NVIDIA Corporation2010-02-12 01:53:40 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll2010-02-11 02:08:09 389120 -c--a-w- c:\windows\system32\CF30762.exe2010-02-11 02:01:17 0 dc----w- C:\SDFix2010-02-10 04:02:51 0 dc----w- c:\docume~1\owner\applic~1\Malwarebytes2010-02-10 04:02:39 0 dc----w- c:\docume~1\alluse~1.win\applic~1\Malwarebytes==================== Find3M ====================2010-01-12 06:17:44 278120 -c--a-w- c:\windows\system32\nvmccs.dll2010-01-12 06:17:44 154216 -c--a-w- c:\windows\system32\nvsvc32.exe2010-01-12 06:17:44 145000 -c--a-w- c:\windows\system32\nvcolor.exe2010-01-12 06:17:44 13666408 -c--a-w- c:\windows\system32\nvcpl.dll2010-01-12 06:17:44 110696 -c--a-w- c:\windows\system32\nvmctray.dll2010-01-12 06:17:40 81920 -c--a-w- c:\windows\system32\nvwddi.dll2010-01-05 10:00:29 832512 -c----w- c:\windows\system32\wininet.dll2010-01-05 10:00:21 78336 -c--a-w- c:\windows\system32\ieencode.dll2010-01-05 10:00:20 17408 -c--a-w- c:\windows\system32\corpol.dll2009-12-31 16:50:03 353792 -c--a-w- c:\windows\system32\drivers\srv.sys2009-12-18 01:14:00 411368 -c--a-w- c:\windows\system32\deploytk.dll2009-12-16 18:43:27 343040 -c--a-w- c:\windows\system32\mspaint.exe2009-12-14 07:08:23 33280 -c--a-w- c:\windows\system32\csrsrv.dll2009-12-08 19:27:51 2189184 -c----w- c:\windows\system32\ntoskrnl.exe2009-12-08 18:43:50 2066048 -c----w- c:\windows\system32\ntkrnlpa.exe2008-08-03 20:51:42 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008080320080804\index.dat============= FINISH: 2:49:30.75 ===============----------------------------------------------GMER 1.0.15.15281 - http://www.gmer.netRootkit scan 2010-03-01 14:24:53Windows 5.1.2600 Service Pack 3Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\fxtdypow.sys---- System - GMER 1.0.15 ----SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB53F26B8]SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xB53F2574]SSDT F7A8EBBC ZwCreateThreadSSDT F7A8EBCB ZwDeleteKeySSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xB53F2A52]SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB53F214C]SSDT F7A8EBDA ZwLoadKeySSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xB53F264E]SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB53F208C]SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB53F20F0]SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB53F276E]SSDT F7A8EBE4 ZwReplaceKeySSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB53F272E]SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xB53F28AE]SSDT F7A8EBB7 ZwTerminateProcess---- Devices - GMER 1.0.15 ----AttachedDevice \FileSystem\Ntfs \Ntfs SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc)AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)---- EOF - GMER 1.0.15 -----------------------------------------------------

RELEVANCY SCORE 200
Preferred Solution: Originally had Anti-virus Soft. Thought I had removed it. Have removed various Trojans and malware in the last week.

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Originally had Anti-virus Soft. Thought I had removed it. Have removed various Trojans and malware in the last week.

Here is an updated file. Had to uninstall all antivirus and delete all entries including registry. Had many entries from past antivirus software. I then did a clean install of Avira. Sorry if that caused any problems.DDS (Ver_09-12-01.01) - NTFSx86 Run by Owner at 2:23:36.06 on Wed 03/03/2010Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_18Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1791.1005 [GMT -8:00]AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}============== Running Processes ===============C:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\svchost.exe -k HTTPFilterC:\WINDOWS\system32\lxdxcoms.exeC:\WINDOWS\System32\svchost.exe -k imgsvcC:\WINDOWS\Explorer.EXEC:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exeC:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Avira\AntiVir Desktop\sched.exeC:\Program Files\Avira\AntiVir Desktop\avgnt.exeC:\Program Files\Avira\AntiVir Desktop\avguard.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Avira\AntiVir Desktop\avscan.exeC:\Documents and Settings\Owner\My Documents\My Downloads\dds(2).scr============== Pseudo HJT Report ===============uStart Page = hxxp://www.google.com/uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8mLocal Page = hxxp://news.google.commStart Page = hxxp://news.google.comuSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%sBHO: Control Popups in Internet Explorer: {41353f8b-78ce-48a5-be44-153ed293d192} - c:\progra~1\popupp~1\PopLib.dllTB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No FileEB: {32683183-48a0-441b-a342-7c2a440a9478} - No FilemRun: [lxdxmon.exe] "c:\program files\lexmark 3600-4600 series\lxdxmon.exe"mRun: [lxdxamon] "c:\program files\lexmark 3600-4600 series\lxdxamon.exe"mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInitmRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartupmRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /minmRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cabDPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cabDPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cabDPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cabDPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cabDPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cabDPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cabSEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL================= FIREFOX ===================FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\lm9qw8v9.default\FF - prefs.js: browser.search.selectedEngine - YahooFF - prefs.js: browser.startup.homepage - hxxp://news.google.com/nwshp?hl=en&tab=wn&q=FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\lm9qw8v9.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dllFF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\lm9qw8v9.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dllFF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.2.145.5\npGoogleOneClick8.dllFF - plugin: c:\program files\google\google updater\2.4.1739.5352\npCIDetect13.dllFF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dllFF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dllFF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dllFF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}---- FIREFOX POLICIES ----c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);============= SERVICES / DRIVERS ===============R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [2004-8-27 116264]R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-10-12 12872]R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-10-12 66632]R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-3-2 108289]R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-3-2 185089]R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-11-11 56816]R2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe -service --> c:\windows\system32\lxdxcoms.exe -service [?]S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]S1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-3-2 11608]S2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdxserv.exe [2009-4-9 94208]S3 ASUSHWIO;ASUSHWIO;\??\c:\windows\system32\drivers\asushwio.sys --> c:\windows\system32\drivers\ASUSHWIO.sys [?]S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-10-12 12872]S4 vsdatant;vsdatant; [x]=============== Created Last 30 ================2010-03-03 04:29:49 0 dc----w- c:\program files\Avira2010-03-03 04:29:49 0 dc----w- c:\docume~1\alluse~1.win\applic~1\Avira2010-03-03 03:15:08 0 dcs---w- C:\gogo2010-03-02 07:56:39 0 dc----w- c:\program files\VirusTotalUploader22010-03-02 07:35:29 0 dc----w- c:\docume~1\owner\applic~1\QuickScan2010-03-01 10:44:41 0 -c--a-w- c:\documents and settings\owner\defogger_reenable2010-02-28 12:28:50 0 dc----w- c:\documents and settings\owner\DoctorWeb2010-02-27 18:59:26 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys2010-02-27 18:59:23 19160 -c--a-w- c:\windows\system32\drivers\mbam.sys2010-02-27 18:59:23 0 dc----w- c:\program files\Malwarebytes' Anti-Malware2010-02-27 18:18:19 7380 -c--a-w- c:\windows\system32\winspy.tlb2010-02-27 00:05:17 0 dc----w- c:\program files\a-squared Free2010-02-24 22:52:11 0 dc----w- c:\program files\SpywareBlaster2010-02-24 03:59:47 0 dc----w- C:\!KillBox2010-02-22 07:56:27 130 -c--a-w- c:\documents and settings\owner\webct_upload_applet.properties2010-02-19 20:35:49 0 dc----w- c:\program files\JRE2010-02-18 00:52:04 0 dcsha-r- C:\cmdcons2010-02-18 00:51:22 98816 -c--a-w- c:\windows\sed.exe2010-02-18 00:51:22 77312 -c--a-w- c:\windows\MBR.exe2010-02-18 00:51:22 261632 -c--a-w- c:\windows\PEV.exe2010-02-18 00:51:22 161792 -c--a-w- c:\windows\SWREG.exe2010-02-18 00:16:25 25699 -c--a-w- c:\windows\system32\nvdisp.nvu2010-02-18 00:16:25 0 dc----w- c:\windows\nview2010-02-17 23:49:11 0 dc----w- c:\windows\NV6561000.TMP2010-02-17 21:29:39 0 dc----w- C:\ppchjt2010-02-17 20:27:20 0 dc----w- c:\windows\NV5601636.TMP2010-02-17 20:05:23 0 dc----w- c:\windows\nView-nv147562010-02-12 02:06:21 0 dc----w- c:\docume~1\alluse~1.win\applic~1\NVIDIA Corporation2010-02-12 01:53:40 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll2010-02-11 02:08:09 389120 -c--a-w- c:\windows\system32\CF30762.exe2010-02-11 02:01:17 0 dc----w- C:\SDFix2010-02-10 04:02:51 0 dc----w- c:\docume~1\owner\applic~1\Malwarebytes2010-02-10 04:02:39 0 dc----w- c:\docume~1\alluse~1.win\applic~1\Malwarebytes==================== Find3M ====================2010-03-03 04:49:59 56816 -c--a-w- c:\windows\system32\drivers\avgntflt.sys2010-01-12 06:17:44 278120 -c--a-w- c:\windows\system32\nvmccs.dll2010-01-12 06:17:44 154216 -c--a-w- c:\windows\system32\nvsvc32.exe2010-01-12 06:17:44 145000 -c--a-w- c:\windows\system32\nvcolor.exe2010-01-12 06:17:44 13666408 -c--a-w- c:\windows\system32\nvcpl.dll2010-01-12 06:17:44 110696 -c--a-w- c:\windows\system32\nvmctray.dll2010-01-12 06:17:40 81920 -c--a-w- c:\windows\system32\nvwddi.dll2010-01-05 10:00:29 832512 -c----w- c:\windows\system32\wininet.dll2010-01-05 10:00:21 78336 -c--a-w- c:\windows\system32\ieencode.dll2010-01-05 10:00:20 17408 -c--a-w- c:\windows\system32\corpol.dll2009-12-18 01:14:00 411368 -c--a-w- c:\windows\system32\deploytk.dll2009-12-16 18:43:27 343040 -c--a-w- c:\windows\system32\mspaint.exe2009-12-14 07:08:23 33280 -c--a-w- c:\windows\system32\csrsrv.dll2009-12-08 19:27:51 2189184 -c----w- c:\windows\system32\ntoskrnl.exe2009-12-08 18:43:50 2066048 -c----w- c:\windows\system32\ntkrnlpa.exe2008-08-03 20:51:42 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008080320080804\index.dat============= FINISH: 2:24:17.92 ===============GMER 1.0.15.15281 - http://www.gmer.netRootkit scan 2010-03-03 17:41:34Windows 5.1.2600 Service Pack 3Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\fxtdypow.sys---- System - GMER 1.0.15 ----SSDT F7AA5316 ZwCreateKeySSDT F7AA530C ZwCreateThreadSSDT F7AA531B ZwDeleteKeySSDT F7AA5325 ZwDeleteValueKeySSDT F7AA532A ZwLoadKeySSDT F7AA52F8 ZwOpenProcessSSDT F7AA52FD ZwOpenThreadSSDT F7AA5334 ZwReplaceKeySSDT F7AA532F ZwRestoreKeySSDT F7AA5320 ZwSetValueKeySSDT F7AA5307 ZwTerminateProcess---- Devices - GMER 1.0.15 ----AttachedDevice \FileSystem\Ntfs \Ntfs SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc)AttachedDevice \FileSystem\Fastfat \Fat SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc)AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)---- Registry - GMER 1.0.15 ----Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 15Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 10000Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] yesReg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 300Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 10000---- EOF - GMER 1.0.15 ----

Read other 26 answers
RELEVANCY SCORE 118

So I'm trying to get rid of this so called anti virus xp2008. Got it down to it not cycling thru the "scan" , the desk top icon is gone and it has also been removed in the tray. Now It seems to be stuck in the background picture and I can't acces the settings to try and chage it, it is only like that for the main user on the account. It also still kicks into the blue screen saver that alerts me of viruses. I have installed Kaspersky, spyhunter and was thinking of trying Webroot... Please help.

A:Anti Virus Xp2008 Was Removed Or Do I Thought... Help Please

Hello and welcome. I am moving this from XP to the Am I Infected forum.Just click on your topic and you will go there.Please run this scan.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK ... Read more

Read other 11 answers
RELEVANCY SCORE 108

I received the Antivirus Soft virus/malware on Tuesday, 6/1. I followed the removal instructions and it seemed to be okay. Until I noticed that whenever I click on a link through Google, it will redirect me to a bogus website. If I copy and paste the address into the address bar or type the address directly into it there is no problem, it is only when I click on a link. Occasionally, Internet Explorer will pop up by itself and go to the same fake websites. I have used spybot sd and malwarebytes, but they are not picking up anything anymore. I have copied and attached the information you need. Any help would be greatly appreciated. Thank you for your time.DDS (Ver_10-03-17.01) - NTFSx86 Run by Logictrans at 16:37:58.65 on Thu 06/03/2010Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_17Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.379 [GMT -5:00]AV: PC Tools AntiVirus Free *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\PC Tools Security\BDT\BDTUpdateServ... Read more

A:Antivirus Soft Removed / Now Have Website Redirect Virus/Malware

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 15 answers
RELEVANCY SCORE 100

Hello, I got infected with the 'Anti Malware Doctor' virus, I ran malwarebytes and super anti malware and that took care of the main virus pop ups but google still redirects to advertisements. I have tried to run RKill like it says on this guide http://www.bleepingcomputer.com/virus-removal/remove-antimalware-doctor but whenever I try to run it it gives me a bluescreen of death and restarts my computer. I have attempted running Combo Fix, I saved it with a different filename to my desktop and it gives me a bluescreen of death before starting as well and restarts my pc. Combofix ran on safemode, but as soon as I reboot my pc the redirects and bluescreens still occur. Here is my hijack this log, any help would be highly appreciated, Thanks!Logfile of Trend Micro HijackThis v2.0.4Scan saved at 2:51:39 PM, on 4/29/2011Platform: Windows 7 SP1 (WinNT 6.00.3505)MSIE: Internet Explorer v8.00 (8.00.7601.17514)Boot mode: NormalRunning processes:C:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Windows\system32\taskeng.exeC:\Windows\Explorer.EXEC:\Windows\SOUNDMAN.EXEC:\Program Files\Microsoft IntelliPoint\ipoint.exeC:\Users\Roberto\AppData\Roaming\mIRC\mirc.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\system32\wuauclt.exeC:\Users\Roberto\Desktop\HijackThis.exeC:\Windows\system32 ... Read more

A:Anti Malware Doctor Virus removed stuck with redirects

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 21 answers
RELEVANCY SCORE 100

Hi,

I accidentally downloaded some malware a few weeks back that came in the form of Windows Media Player codecs (went to download codecs via Windows Media Player). The installation looked suspicious so I cancelled it before installing anything but just starting it got me infected. It was initially just adware so I googled tips on removing that particular bit of adware and followed all the steps listed somewhere online (used approximately 5-6 different programs). In that process, AVG picked up a trojan horse which it removed for me.

Following all this, I thought I had removed everything but I've had two different online accounts stolen in the past week (they both had the same email and password associated to the account) and now I'm really worried that I didn't manage to remove everything. I understand that they could have gotten my information from the initial infection but I was wondering if there is any way to 100% guarantee that all malware/spyware is gone?

I've just run an AVG and Malware-Bytes scan and they both did not pick anything up. Sysinfo below:

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 10 Home, 64 bit
Processor: Intel(R) Core(TM) i7-4710HQ CPU @ 2.50GHz, Intel64 Family 6 Model 60 Stepping 3
Processor Count: 8
RAM: 8075 Mb
Graphics Card: Intel(R) HD Graphics 4600, 1024 Mb
Hard Drives: C: Total - 381545 MB, Free - 259632 MB; D: Total - 550703 MB, Free - 550467 MB;
Motherboard: ASUSTeK COMPUTER INC., ... Read more

Read other answers
RELEVANCY SCORE 98.8

EDIT: Moved to proper forum,Virus, Trojan, Spyware, and Malware Removal Logs ~~boopmeApologies if this specific topic has been covered and my research hasn't found it, but I'm new to the forum.A week back my rig became infected with some malware entitled 'Antivirus GT', so I decided to renew my Norton AV and it hasn't returned since. However, my Firefox now redirects me to "www.websiteblockonline.com" after most search queries, and my overall performance seems marginally worse. I have read that this bogus redirection is part of the Antivirus GT package, yet I thought I had killed it?Here is my HJT log:Logfile of Trend Micro HijackThis v2.0.4Scan saved at 2:42:10 AM, on 23/07/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccSvcHst.exeC:\WINDOWS\system32\nvsvc32.exeC:\W... Read more

A:Have I removed all aspects of some malware I thought I cleansed?

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.We need to create an OTL report,Please download OT... Read more

Read other 36 answers
RELEVANCY SCORE 98

Yesterday afternoon, I received an email with a word document attached to it that was supposedly someone's resume. As soon as I opened the document, I noticed my corporate anti-virus (Vipre) kicked in and quarantined two trojans. I ran a deep scan using Vipre and rebooted my computer.
 
This morning, when I signed in, I noticed another trojan was quarantined which made me think that the virus did not get completely removed. At this point, I downloaded Malware Bytes, ran a scan and it removed a trojan as well. I rebooted, ran another scan with Malware Bytes and everything has been quiet so far, but I'm still suspicious that I might be infected still.
 
I am using Windows 7 Professional 64-bit.
 

A:Malware removed by Vipre Corporate Anti-Virus, but unsure if the system is clean

Ok cjn let's also run these.MiniToolBoxPlease download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.TDSSKillerDownload TDSSKiller and save it to your desktop.Extract (unzip) its contents to your desktop.Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.If an infected file is detected, the default action will be Cure, click on Continue.If a suspicious file is detected, the default action will be Skip, click on Continue.It may ask you to reboot the computer to complete the process. Click on Reboot Now.If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.AdwCleanerPlease download AdwCleaner by Xplode and save to your Desktop.Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 user... Read more

Read other 20 answers
RELEVANCY SCORE 98

Hello,

I use Window's Vista along with IE as my browser. Last night I got a notice about a trojan on my computer from a trial version of Bitdefender. I did notice that my browser was automatically opening tabs into some random website. Unfortunately my Bitdefender had expired and I was unsuccessful in trying to purchase it. I downloaded AVG and got a notice of several trojans one of which VundoB and the other a generic trojan which I unforunately have the exact name of. I ran AVG several times and it doesn't show any trojans or malware anymore. However when I restart my computer I get a message Run DLL "Error loading C:\Users\David\AppData\Local\Temp\hweugllh.dll I also get a message prompting me to enter my user name and password for the "proxy server" which I had never seen before. Here is my Hijack This Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:34:27 PM, on 4/3/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Progra... Read more

A:Solved: Thought I removed the malware but I am still getting error messages

Read other 13 answers
RELEVANCY SCORE 97.6

Please help! I am so frustrated! I have followed all of the instructions, bought SpyHunter and went through about 15 other programs and I am still getting IE pop ups when I am using FireFox. Originally I found I had trojandowloader.zlob and vundo, but I thought I got rid of them. I am posting my Hijack This log would someone be able to take a look for me?Thank you SO much!Best, KateLogfile of Trend Micro HijackThis v2.0.2Scan saved at 11:48:18 AM, on 2/8/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\ezSP_Px.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\WINDOWS\AGRSMMSG.exeC:\Program Files\iTunes\iTunesHelper.exeC:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeC:\WINDOWS\System32\nvsvc32.exeC:�... Read more

A:Ie Pop Ups, Thought I Removed Virus?

Welcome to the BleepingComputer HijackThis Logs and Analysis forum. My name is Richie and i'll be helping you to fix your problems.Apologies for the late response,as i'm sure you can appreciate we are extremely busy.If you've already recieved help at another forum and your issues have been resolved,or you're presently recieving help elsewhere then please let us know.If you still require help,please post a new Hijackthis log into this topic in your next reply.Also post a detailed description of the issues you're experiencing.*Note*Post all reports/logs directly into this topic,not as attachments,thanks.

Read other 3 answers
RELEVANCY SCORE 95.6

I followed the guide to remove XP2012 virus but I still have been unable to connect to the internet or my network. Attached are DDS and Gmer Logs. Any help would be appreciated.
Thanks,
Frank

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Run by Frank McCleneghen at 20:48:45 on 2012-01-04
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3572.2820 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
c:\drivers\audio\r213367\stacsv.exe
svchost.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\... Read more

A:Thought I removed XP2012 Virus but have ip issues

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the r... Read more

Read other 20 answers
RELEVANCY SCORE 94.4

Windows Vista Home PremiumProcessor: Duo 2.33 GHzRAM: 2 GB32-bitGreetings! About a week or 2 ago a virus infected my computer. It hijacked any search engines on my internet browsers' (IE 7 and FF) redirecting any searches to a 3rd party search website. I went through several virus and malware checkers and was able to restore my browsers. They currently work, and I assumed the virus was removed. However, I have noticed since my Physical Memory is still running high, and has caused notable slowdown in applications where memory problems hadn't existed before. When the virus hit, physical memory was sitting at approx 1.5-1.75 GB, crushing my cpu. After running various antivar software, I was able to reduce the usage to approx. 1 GB with no other apps running. Still high, but improved. Other than the High phys memory, I've not noticed any other problems.I've run AVG, Avira, and Avast! -- I currently only have Avast! installed on my machineI've run Ad-Aware, Malware Bytes, and Spyware TerminatorI've tried to go through all my startup processes and so far haven't found anything that raised huge red flags. I'm hoping someone can help me start looking in a new direction. I consider myself average with my computer skills. I've done most of the easier steps, but definitely need some help with the next steps. Thanks for any help with this!Aaron

A:Thought I Removed Virus, Though Physical Memory Still High

Determining whether a file is malware or a legitimate process usually depends on the location (path) it is running from. One of the ways that malware tries to hide is to give itself the same name as a critical system file like svchost.exe. However, it then places itself in a different location (folder) than where the legitimate file resides and runs from there. Another techinique is for the process to alter the registry and add itself as a Startup program or service so that it can run automatically each time the computer is booted. Keep in mind that a legitmate file can also be infected by some types of malware such as Virut which is a dangerous polymorphic file infector. A file's properties may give a clue to identifying it. Right-click on the file, choose Properties and examine the General and Version tabs.Tools to investigate running processes and gather additional information to identify them and resolve problems:AnVir TaskManager FreeProcess ExplorerSystem ExplorerProcessHacker - (requires Microsoft .NET Framework 2.0 or above to use)AutorunssvchostViewerThese tools will provide information about each process, CPU usage, file description and its path location.Anytime you come across a suspicious file or one that you do not recognize, search the name using Google <- click here for an example.Or search the following databases:BC's Startup Programs DatabaseSystemLookup StartupList IndexProcessLibrary.comFile Research CenterIf you cannot find any information, the ... Read more

Read other 1 answers
RELEVANCY SCORE 94.4

Hi, thought I'd try out this forum since techguys forum hasn't really been helpful my last few problems.

A few days ago I got a virus called Security Fighter, looked up how to remove it and every said to use MalwareBytes which I had already so I ran it and it seemed to remove it, except when I rebooted, my wireless internet connection was gone. I asked my dad to take a look at it while I was at work. The only way he could get it back was by doing a system restore. It worked, but then the next time I rebooted the connection was gone again. I did another scan with malware bytes, it found a few new items and it rebooted and the connection was still gone. I did another system restore and it came back. It was seemingly fine for the last few days, but yesterday I started seeing this warning pop up on sites that I visit all the time. It's something like Windows Security Warning telling me my browser is being infected and it's operating in an unsafe mode. So i just press back and it's gone. But I do scans and nothing significantly new shows up, just some adware trackers.

Tonight I noticed that there is this one ad on like EVERY website I visit, which I didn't notice at first, but honestly this one ad that I've never seen before is on almost every website I've been to. And when I do a Yahoo search when I click on a result link it brings me to a totally different website.

So I'm figuring that it's not all totally gone.

I just ran MalwareBytes and SUPERAntiSpyware ... Read more

A:Virus I thought was fully removed but noticing new symptoms

Hello and Welcome to TSF.

We no longer use HijackThis as our initial analysis tool.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

Read other 1 answers
RELEVANCY SCORE 94.4

Hi, thought I'd try out this forum since techguys forum hasn't really been helpful my last few problems.

A few days ago I got a virus called Security Fighter, looked up how to remove it and every said to use MalwareBytes which I had already so I ran it and it seemed to remove it, except when I rebooted, my wireless internet connection was gone. I asked my dad to take a look at it while I was at work. The only way he could get it back was by doing a system restore. It worked, but then the next time I rebooted the connection was gone again. I did another scan with malware bytes, it found a few new items and it rebooted and the connection was still gone. I did another system restore and it came back. It was seemingly fine for the last few days, but yesterday I started seeing this warning pop up on sites that I visit all the time. It's something like Windows Security Warning telling me my browser is being infected and it's operating in an unsafe mode. So i just press back and it's gone. But I do scans and nothing significantly new shows up, just some adware trackers.

Tonight I noticed that there is this one ad on like EVERY website I visit, which I didn't notice at first, but honestly this one ad that I've never seen before is on almost every website I've been to. And when I do a Yahoo search when I click on a result link it brings me to a totally different website.

So I'm figuring that it's not all totally gone.

I just ran MalwareBytes and SUPERAntiSpyware scans in S... Read more

A:Virus I thought was fully removed but noticing new symptoms

bump please

Read other 19 answers
RELEVANCY SCORE 94.4

Hi, thought I'd try out this forum since techguys forum hasn't really been helpful my last few problems.

A few days ago I got a virus called Security Fighter, looked up how to remove it and every said to use MalwareBytes which I had already so I ran it and it seemed to remove it, except when I rebooted, my wireless internet connection was gone. I asked my dad to take a look at it while I was at work. The only way he could get it back was by doing a system restore. It worked, but then the next time I rebooted the connection was gone again. I did another scan with malware bytes, it found a few new items and it rebooted and the connection was still gone. I did another system restore and it came back. It was seemingly fine for the last few days, but yesterday I started seeing this warning pop up on sites that I visit all the time. It's something like Windows Security Warning telling me my browser is being infected and it's operating in an unsafe mode. So i just press back and it's gone. But I do scans and nothing significantly new shows up, just some adware trackers.

Tonight I noticed that there is this one ad on like EVERY website I visit, which I didn't notice at first, but honestly this one ad that I've never seen before is on almost every website I've been to. It's for VIMAX...which I looked up and apparently lots of people have these infesting them too. And when I do a Yahoo search when I click on a result link it brings me to a... Read more

Read other answers
RELEVANCY SCORE 91.6

Hi,I started getting random unstoppable popups from a virus program called "Virus Remover 2008" and so I rebooted in safe mode and searched online for ways to fix the problem. Many forums recommended running an AntiMalware program called "Malwarebytes" so I ran it and it "removed" 19 infected objects/files. It then warned me that some of the files were unable to be removed at the time and would be removed at the next restart and so I restarted.After the restart, my computer started to act a little wierd at the windows user logon page and it would start up windows until all the icons in the tasktray were initialized. Then, the blue screen would appear and it would automatically shutdown within a minute. I tried to shut down and restart multiple times, but came across the same problem. Finally, I rebooted in safe mode and found others also had this problem and was told I should install and run HijackThis. Here are the results of my scan and I would appreciate your expertise in resolving this problem. Thank you in advance.JenLogfile of Trend Micro HijackThis v2.0.2Scan saved at 12:22:21 PM, on 1/4/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: Safe mode with network supportRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\syst... Read more

A:Virus Remover 2008 Thought to be Removed, BUT Now Blue Screen & Automatic Shutdown

Hello smllcherriWelcome to BleepingComputer ========================Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Read other 1 answers
RELEVANCY SCORE 91.2

I started a thread 2 days ago, but it's useless now. I've changed so much since then, and I think I'm not allowed to edit that thread anymore I think I've gotten rid of the browser modifier, and then trojans started popping up. I've been running scans from MBAM, AVG, and Microst Malicious Removal for 2 days. I think I am still infected!! Can you please help me? What do I do?
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-02-2015
Ran by OWNER (administrator) on USER-PC on 25-02-2015 10:03:37
Running from C:\Users\OWNER\Desktop
Loaded Profiles: OWNER (Available profiles: OWNER & Guest)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Lexmark International, Inc.) C:\Windows\System32\LEXBCES.EXE
(Andrea Electronics Corporation) C:\Windows\System32\AERTSrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program File... Read more

A:Removed Malware and Trojans!! Am I still infected? Help Please!!

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Read other 1 answers
RELEVANCY SCORE 91.2

My friends laptop had numerous trojans & malware. She was unable to connect to the internet or anything.I have ran AVG 7.5 antivirus, spybot s&d, A-squared, malware bytes anti malware & super anti spyware. Between all of these programs I removed numerous things.They are all showing no more traces, but the computer is still running slower than it did before the infection.I have ran Hijack this & would like your help in determining if I got everything cleaned off..Thank you in advanceLogfile of Trend Micro HijackThis v2.0.2Scan saved at 00:57, on 2008-04-19Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\brsvc01a.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\System32\brss01a.exeC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\Explorer.EXEC:\Program Files\a-squared Free\a2service.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\PROGRA~1\Grisoft\AVG7\avgemc.exeC:\WINDOWS\System32\hkcmd.exeC:\Program Files\Common... Read more

A:Had Numerous Trojans & Malware, Not Sure If All Removed

Hi,* Please visit this webpage for instructions for downloading and running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofixThis includes installing the Windows XP Recovery Console in case you have not installed it yet.Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

Read other 12 answers
RELEVANCY SCORE 91.2

Hi I had removed a bunch of trojans this morning but I'm checking to see if there are any lingering malware left. I had restarted after malwarebytes had finished since it asked me to restart. After the restart, I no longer had a desktop or toolbars, but I could use the task manager to open programs. I browsed around and figured out how to fix the registry. I did. Got my desktop back. However, my IE is no longer working, I was forced to jump on another comp and got chrome onto a flashdisk. I am sure there are some left but Malwarebytes and AVG haven't detected any. I'm just trying to make sure those two are right and I'm wrong. Thanks for any help!! Here are the logs from dds with a zip of other 2.


DDS (Ver_09-05-14.01) - NTFSx86
Run by David Vo at 17:34:34.57 on Sun 06/21/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_05
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1918.1385 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\S... Read more

A:Removed Trojans but may still have some malware left!

Please visit this webpage for download links, and instructions for running combofix:

http://www.bleepingcomputer.com/comb...o-use-combofix

Note: Please rename combofix.exe to cfix.exe

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Read other 8 answers
RELEVANCY SCORE 90.4

I was recently infected with Antispyware Soft ---- removed most of the virus. The only thing left are the random redirects/browser hijack that I experience when I click on Google's search results. (Sometime my browser just opens a random new tab and directs me to a random website also). DDS.txt file below with Attach.txt and Ark.txt attached.DDS (Ver_10-03-17.01) - NTFSx86 Run by Administrator at 2:09:36.17 on Sun 05/09/2010Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_20Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.701 [GMT -5:00]FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exesvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exesvchost.exeC:\Program Files\a-squared Free\a2service.exeC:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exeC:\WINDOWS\Explorer.EXEC:\... Read more

A:Search results redirect virus (recently removed Antispyware Soft)

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 10 answers
RELEVANCY SCORE 89.6

Ok i have tried a lot of things to correct the MBR but maybe that is not the issue here. I have multiple Live cds now available. i have recently tried more things and im not getting proper sleep because of my dedication to this issue. Multiple forums that i have read state "Just boot with the XP cd, then choose recovery console. At the prompt, type fixmbr"i would love to do this but i can not get past the administrator password, so i utilized the blank out method of clearing the password. still will not accept a blank password because when prompted to enter password i simply press enter and that is the same command to cancel back to "C:/" i have installed on another computer UBCD4WIN and built a cd strictly to instructions. booted to UBCD with no problems utilized programs in MbrFix, MBRWiz, and TestDisk. All failed to correct my boot issue. Booting to cd works great, but can not get to boot to original OS on hd. when atempting to boot normally it simply goes to a blank screen. atempted to enter "free dos" and use command fdisk.exe /mbr and failed to recognize as a valid command. I could go the easy way around and reinstall from scratch but i wouldnt learn anything accept to keep good sleeping habits. this is for a friend who had a virus (scareware) and was out of town i could not instruct to remove with out handling the computer so i told her to use the forums (http://www.bleepingcomputer.com/virus-removal/remove-antimalware-doctor) she d... Read more

A:removed anti malware dr now cant boot

Hello and welcome to Bleepingcomputer.Please read this from Mircosoft.http://support.microsoft.com/kb/978788This should and I mean should get you back to normal again.Please keep us posted.Kind regards.Bruce.

Read other 6 answers
RELEVANCY SCORE 88.8

 Attach.zip   4.06KB
  22 downloads
 mbam_log.zip   580bytes
  25 downloadsDDS.txtDDS (Ver_09-02-01.01) - NTFSx86 Run by Dani at 13:44:07.48 on 19/02/2009Internet Explorer: 7.0.5730.13Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1012.460 [GMT -8:00]AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated)AV: Shaw Secure 8.00 *On-access scanning enabled* (Updated)FW: Shaw Secure 8.00 *enabled*============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exeC:\Program Files\Shaw Secure\Common\FSMA32.EXEC:\Program Files\Shaw Secure\Anti-Virus\FSGK32.EXEC:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exeC:\Program Files\Shaw Secure\Common\FSMB32.EXEC:\Program Files\Java\jre6&#... Read more

A:Trojan.BHO not removed by Malwarebytes' Anti-Malware

Hello dthans,Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.Please do this:1. Download HijackThis? here:http://www.trendsecure.com/portal/en-US/th.../hijackthis.php2. Click 'Do a System Scan and Save log'.The HJT log will open in notepad.Thanks,tea

Read other 8 answers
RELEVANCY SCORE 88.8

Hi there

My virusscanner gave me several notices that i had virusses and several trojans on the machine.
Iam not sure if i removed all off them here is the list off trouble i found.

Malagent
Comitsproc
Cospet.A
Dynamer!dtc
Meredrop
Delf

These bugger where found by microsoftvirusscanner here are some details of the machine and a fresh hijack this log.

Tech Support Guy System Info Utility version 1.0.0.1
OS Version: Microsoft Windows XP Home Edition, Service Pack 3, 32 bit
Processor: Intel(R) Atom(TM) CPU N270 @ 1.60GHz, x86 Family 6 Model 28 Stepping 2
Processor Count: 2
RAM: 2037 Mb
Graphics Card: Mobile Intel(R) 945 Express Chipset Family, 224 Mb
Hard Drives: C: Total - 40005 MB, Free - 22745 MB; D: Total - 108619 MB, Free - 105155 MB;
Motherboard: MICRO-STAR INTERNATIONAL CO., LTD, U-100, Ver.001, FFFFFFFF
Antivirus: Microsoft Security Essentials, Updated: Yes, On-Demand Scanner: Enabled

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:17:55 , on 22-12-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\System Control Manager\MSIService.exe
C:\Program File... Read more

Read other answers
RELEVANCY SCORE 87.6

AMD Came in with another piece of malware, called Security Suite, they came in at the same time and installed to different directories, and it also installed the Tango Toolbar. It was your basic browser hijacker, I killed the processes, found the files and deleted them, and cleared the registry key of any infected keys. Use HJT to disable and delete any other registry keys, plus the BHO's relating to the Tango Toolbar and the redirect pages that the hijacker would load. I'm not computer stupid, so I do know what I'm doing, however I'm having a bit of trouble with this one. First, it setup a proxy and surfed to dozens of pages in the background, my avast network monitor was going crazy, and watching all these links get visited let me know it was hijacked. My internet was slow and laggy, and to connect, I would have to disable my LAC and re-enable it, and my internet gateway would start. It completely infected Google Chrome and Java, and I had to uninstall both of those things. System Restore was turned off, so it wasn't hiding in there. I ran HJT and saw an odd registry key.O4 - HKLM\..\Run: [Rbodanis] rundll32.exe "C:\WINDOWS\aqiyihit.dll",StartupI figured this may be part of the virus, so I used msconfig and disabled it from Startup.Bad move on my part, when I restarted my computer, looped BSOD, and nothing would load. Couldn't even get a Safe Mode boot. After atleast three hours of struggling with this, I used ... Read more

A:Anti-Malware Doctor removed, but traces remain.

Since I'm at a loss for what to do, I haven't done anything else since I posted. I'm just waiting for someone to respond.

Read other 3 answers
RELEVANCY SCORE 87.6

I had orginally installed Corel Paint Shop Pro X4 and Corel Corel Draw X5 on a USB drive. After a week with no access to these programs, I went in and removed everything manually. (figuring I would not be able to recover the drive) in the registry (it has worked in the past)

Now the drive is again available (bent connection) . UNFORTUNATELY, I can not reinstall the programs, so after 3 days of desperate, I went to the registry and removed EVERYTING that I could find that was in reference to these programs.

Unfortunately, SOMETHING was left behind so now I can not reistall the programs. Now what?
 

A:soft removed but not removed

I use a program called everything to remove all traces:

http://majorgeeks.com/Everything_d7787.html
 

Read other 2 answers
RELEVANCY SCORE 86.8

Hi everyoneThe desktop is working on XP SP3 and was infected displaying a message "Please wait, your Internet-Connection has not yet been established". This was on a pale grey screenI managed to open an outdated MBAM software on the machine on a usb flash drive and now it has cleared all the nasties in it.So, now I cannot connect on the internet, I cant find the CD-rom on my computer (yellow exclamation mark on device manager/cd-rom drive) I cant access task managerCan anyone help me to fix those two above? Also, go through again some security procedures just in case something is left there.Cheers

A:Trojans/virus removed - Internet not working

Hello and welcome to BleepingComputer! My name is Thisisu and I will be helping you with your malware related computer problems.I do have some basic rules while we are working together so please read and follow them:Be specific!
If you come across a problem while performing any of the steps listed here, do not simply state "It did not work." Tell me the exact error you encountered if one was given to you. For example, this is a much better response: "When I ran the ____ tool, an error box appeared on my screen and said 'Illegal operation attempted on a registry key that has been marked for deletion.'. There is only an 'OK' button in the box."Do not run any scans/fixes on your own!
If at any time you feel that you can handle the rest of your computer problems on your own without my help, just let me know! I will not be offended as there are others that need help with their computers. However, do not perform scans and/or fixes that I have not asked you to do on your own and then expect me to continue helping you because I will not!I will close the topic if I have not heard a response from you within 72 hours.
If you are going to be away, just let me know and I will leave the topic open until you can return.__ Please download RogueKiller and run it on the computer with the issue.When it opens, press the Scan buttonWhen the scan is finished, press the Delete button.Please post the contents of the latest numbered RKreport.t... Read more

Read other 2 answers
RELEVANCY SCORE 86.4

When I run NoAdware anti-virus it finds Matewatcher and when I go to remove it, anti-virus asks if I want to make a copy of the file. I have tried making a copy and not making a copy but Matewatcher is not removed.

Logfile of HijackThis v1.99.1
Scan saved at 7:31:56 PM, on 4/30/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\... Read more

Read other answers
RELEVANCY SCORE 86

Ok about 2 weeks ago i was infected with the Total Security 2009 malware, and updated version of the Total Security. Well it infected giving me the bogus total security program coming up, changing my desktop background saying im infected,etc. This is the link to my previous topic that i got help with to run a log, it has more info on whats going on (http://www.bleepingcomputer.com/forums/index.php?showtopic=261376&st=0&gopid=1448207&#entry1448207 ) I ran Win32kdiag.exe and here is the log below

Running from: C:Documents and SettingsSparklesDesktopWin32kDiag.exe

Log file at : C:Documents and SettingsSparklesDesktopWin32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:WINDOWS'...

Found mount point : C:WINDOWS$hf_mig$KB915865KB915865

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSASSEMBLYNativeImages_v2.0.50727_32TempZAP74E.tmpZAP74E.tmp

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSASSEMBLYNativeImages_v2.0.50727_32TempZAP8DF.tmpZAP8DF.tmp

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSASSEMBLYTMPTMP

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSConfigConfig

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSConnection WizardConnection Wizard

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSDebugUserModeUserMode

Mount po... Read more

A:originally infected with Total Security 2009, removed it but still having things go crazy on me?

Hi,

Looks like you didn't let win32kdiag run long enough. Please run it again and this time give some more time for it to finish.

Read other 16 answers
RELEVANCY SCORE 86

Ok about 2 weeks ago i was infected with the Total Security 2009 malware, and updated version of the Total Security. Well it infected giving me the bogus total security program coming up, changing my desktop background saying im infected,etc. I tried to find a tutorial on how to remove it but everything says to go into the system32 folder and change the name of taskmrg and run it and end the Total Security process, but everytime i tried to run the task manger after renaming got error of Task Manager disabled by administer. Also no anti-virus or maleware removal works (avast, spybot, malwarebyets removal) i got Spyware docter to run and delete total security along with a couple of other things, Then i also got Registry Booster 2 to delete quite a few files (something in the 400 registry error range) and still getting the problem of when i install an anti-virus. For example i install malwarebytes removal and launch it it works for only a couple of minutes then exits randomly then when i click it to restart gives me the error window of "Windows cannot access the specified device, path, or file. You may not have the appropriate permission to access the item." I cant get hijack this to work either. And also when using a webbrowser (firefox or IE) i sometimes get redirected to crap websites that are completely random and I have no clue what they are. Im at a lost right now because i really need my computer for school so help will be great. Thanks

A:originally infected with Total Security 2009, removed it but still having things go crazy on me?

Hello and welcome. Please try this to fix the task manager.This step involves making changes in the registry. Always back up your registry before making any changes.Go to Start ? Run and type: regeditClick OK.On the left side, click to highlight My Computer at the top.Go up to File ? Export Make sure in that window there is a tick next to "All" under Export Branch.Leave the "Save As Type" as "Registration Files".Under "Filename" put RegBackup.Choose to save it to C:\Click save and then go to File ? Exit.Or you can download and use ERUNTwhich is an excellent free tool that allows you to to take a snapshot (backup) of your registry before making changes and restore it when needed.Click on the link below:http://www.kellys-korner-xp.com/xp_tweaks.htmScroll down to #275 and click "Lift Restrictions - TM, Regedit and CMD" in the left column. Go to File, choose "Save page as" All Files and save regtmcmdrestore.vbs to your desktop. Double-click on that file to allow the script to run and reboot when done. Since the script modifies certain registry settings your anti-virus package may warn you about it. Ignore the warning and allow it to run. Open task manager and stop this processes. TotalSecurity 2009.exe, tsc.exe, Sc2C21UvvM.exe.Now let's try to run Malwarebytes (MBAM).1. Uninstall Malwarebytes' Anti-Malware using Add/Remove programs in the control panel.2. Restart your computer (very important).3. Download and run this utility. Mbam clean4. It will ask to restart your computer (pl... Read more

Read other 11 answers
RELEVANCY SCORE 85.2

DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by Doug Optiplex 980 at 9:35:46 on 2011-12-20
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8182.5781 [GMT -5:00]
.
AV: AVG Anti-Virus 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k L... Read more

A:Win 7 Anti-Virus 2012 - Removed with MalwareBytes

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/433738 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 2 answers
RELEVANCY SCORE 85.2

I removed a fake anti-virus with MBM and it destroyed my internet connection and I can't figure out how to fix it. I tried to replace the missing AFD file but it did not fix the connection.

fake anti-virus removed with MBAM
Now no internet connection

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by KATHY at 6:37:51 on 2012-01-01
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.990.633 [GMT -6:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Malwarebytes' Anti-Malware�... Read more

A:fake anti-virus removed with MBAM

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the r... Read more

Read other 22 answers
RELEVANCY SCORE 85.2

I removed the malware with MalwareBytes. I have lost my Windows Defender and Firewall.

I get the following message: Specified service does not exist as an installed service. error 0x80070424

Did I remove the problem entirely and how can I repair my Window 7.

Thank you

A:Win 7 Anti-Virus 2012 - Removed with MalwareBytes

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.Orange Blossom

Read other 7 answers
RELEVANCY SCORE 85.2

My anti-virus said it removed a trojan. When I restarted my computer my anti-virus was turned off and it won't turn back on. I ran MalwareBytes and I didn't find anything, so I need some help.

A:Anti-virus removed virus now anti-virus won't turn back on.

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results hereDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

Read other 11 answers
RELEVANCY SCORE 84.8

Started with the system fix virus. I used the guide from bleeping computer and finally found something to remove the system fix virus. However, I still have google redirects and malwarebytes is catching outbound requests from explorer.exe and iexlore.exe on a regular basis. There are other suspicious services running (winlogon.exe and csrss.exe have no username or description and cant be stopped) as well . Vista Home Premium X64 Op System.

Attached is the DDS log.

Thanks much for any help.

A:Pesky virus - removed System fix but trojans or rootkits remain

Attached also is the DDS.TXT

Read other 24 answers
RELEVANCY SCORE 84.4

I've seen some other threads on this topic but none of the solutions have helped me unfortunately. If anyone could help me out I'd greatly appreciate it!

I'm running Windows 8.1

A:Can't enable Windows Defender - removed other Anti-Virus

Hey mate,

Look through the link in this thread to find out how to possibly repair it: Windows Defender on Windows 8 - Introduction

Read other 2 answers
RELEVANCY SCORE 84.4

I'm a newby, logged on and got info on 11/9/08 regarding anti-virus pro 2009 removal used malwarebyes' anti-malware, then installed latest free version of avg 8.0The program removed some of my add on programs, which didn't bother me because I figure I can re-load them when I get everything else straightened out. Since the infection & clean up the my computer seems to be running fine albeit a little slower than usual. I use internet explorer as my main operating system, since the invasion and clean-up I haven't been able to access my hotmail, yahoo, or iwon email accounts from explorer, but i sometimes use safari and I can access all 3 from it. avg says I have no plugins for my email ~ should I try to download new plugins for my email & if so from where?violet{Mod Edit: Moved from HJT to AII~~boopme}

A:removed anti-virus pro 2009, can't access emails

Welcome to Bleepin

You mention MBAM and AVG removing some of your programs, those would be programs you would be better off without, many free crapware programs come with spyware and furnish a backdoor for worse malware to install.

If your internet explorer is not working properly then that would usually indicate you are still infected, post that last MBAM log and update the program and run a new scan and post that log also

MBAM = Malwarebytes Antimalware

Read other 5 answers
RELEVANCY SCORE 84.4

Hey Guys!

Hope you can help - Frustrated!!!

I was hit 2-3 times in the past couple weeks with different variants of the XP Anti Virus 2011
Each time I followed through on your removal guide and things seemed ok, but I am continuing to have numerous problems.

Windows update will not access the windows update web-site to get updates
numerous svchost.exe are running in taskmanager and they quite often use up all the cpu causing other programs not to operate
- sometimes when i shut down some of these svchost.exe files, programs that seemed to be not opening, open immediately
Google search sometimes re-directing to other pages.
computer will not complete the start-up routine quite often
Sometimes when doing a restart or shutdown it does not close properly
Some programs that used to open on startup are now not opening
Security center seems to shut down on its own and needs to be restarted
"Generic Host Process for WIN32 Services has encountered a problem and needs to close. We are sorry for the inconvenience." pops up on a regular basis

Any help you may offer would sure be appreciated!!! as I have tried pretty well everything that I am comfortable trying on my own

Thanx!!!
Ron

A:XP Anti Virus 2011 removed but problems continue

Hello and welcome.Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!Be sure to download TDSSKiller.exe (v2.5.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.Click the Start Scan button.Do not use the computer during the scanIf the scan completes with nothing found, click Close to exit.If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).Copy and paste the contents of that file in your next reply.If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the fil... Read more

Read other 3 answers
RELEVANCY SCORE 84

Please help! After a ransom virus was removed from our desktop computer (originally a display model at Sam's), my administrator account is no longer visible...Only "Kiosk" and "Other User" . I have checked to see that net user administrator /active yes is successful but still do not see my user account listed. Any help would be appreciated.

BTW, I cannot login to windows AT ALL!

A:Login name removed after ransom virus removed

I wouldn't trust a used computer without reinstalling Windows.
No telling what is on it or what has been done to it.
If the PC has a valid COA with a readable license you can do a clean install at no cost.
This tutorial has everything needed for a clean install.
Clean Reinstall - Factory OEM Windows 7

Read other 4 answers
RELEVANCY SCORE 83.6

Client's computer started "acting funny." Icons disappeared from desktop. Automatic updates were turned off. System restore points had vanished. Could not run Microsoft updates. Popup Explorer pages were bothering users.Ran Trend Internet Security scan, ran Ad-aware scan, ran Panda Antivirus scan. Ran vundo scan and remover (said it found instances and removed them). Problem persists. Here's the log from DSS:Deckard's System Scanner v20071014.68Run by Tech on 2008-07-17 19:24:22Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --108: 2008-07-18 02:24:25 UTC - RP447 - Deckard's System Scanner Restore Point107: 2008-07-18 02:23:51 UTC - RP446 - Last known good configuration106: 2008-07-18 02:23:46 UTC - RP445 - Last known good configuration105: 2008-07-18 02:23:46 UTC - RP444 - Last known good configuration104: 2008-07-18 02:23:46 UTC - RP443 - Last known good configuration-- First Restore Point -- 1: 2008-07-18 02:23:31 UTC - RP340 - System CheckpointBacked up registry hives.Performed disk cleanup.-- HijackThis (run as Tech.exe) ------------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:25:29 PM, on 7/17/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900... Read more

A:Thought I Had Removed Vundo

Hello byteguy and welcome to BC. It looks like a smorgasbord in there. Let's see what else we can find. Follow the steps below in order:Before running a new scan let's clean out the temporary folders. Download ATF Cleaner to your Desktop.Double-click ATF-Cleaner.exe to run the program.Click Select All found at the bottom of the list.Click the Empty Selected button.If you use Firefox browser, do this also:Click Firefox at the top and choose Select All from the list.Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser, do this also:Click Opera at the top and choose Select All from the list.NOTE : If you would like to keep your saved passwords, please click No at the prompt.Close ALL Internet browsers (very important).Click the Empty Selected button.Click Exit on the Main menu to close the program.Now download OTScanIt from here or here to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.Note: You must be logged on to the system with an account that has Administrator privileges to run this program.Close ALL OTHER PROGRAMS.Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
In the Drivers section click on Non-Microsoft.Under Additional Scans click the checkboxes in front of the following items to select them:Read more

Read other 29 answers
RELEVANCY SCORE 83.6

After struggling with the instructions and attempting to remove Spy Falcon and thinking I had done so late Monday evening, last night (Tuesday) when I got home I booted up PC and had an immediate system crash with BSOD. I repowered restarted and got a MS critical error message that an AOL driver problem had occurred, there was a link for download fix, I did, and all came back up OK but immdiately Spy Falcon regenerated itself onto my PC.

I am guessing either I didn't have all SF files removed as I thought or the system crash initiated a system restore that included the SF spyware. Bottom line is I am back where I started.

Some general info is: PC is a Dell Dimension 8250 desk top with Win XP Home Edition, SP1, Winver 5.1, 256mb RAM, on a dial up with AOL. The PC was bought new directly from Dell about 2-3 years ago. I had been using AOL Safety & Security programs but removed all of that and now have loaded free versions of AVG Virus protection, Spybot, Zone Alarm firewall, Ad Aware, and Spy blaster. I also have CCleaner, SmitRem, Fix.??, HJT, etc. that was used before in the attempted removal process.

This evening when I get home from work I will start the process and follow removal instructions as best I can and hope for the best.

In another thread I started here yesterday "Found 007 Spyware", Enthusiast posted a lengthy list of suggestions and instructions for me to follow. If you read this post please respond and tell me whether I should f... Read more

A:I Just Thought I Had Removed Spy Falcon!

Follow the spy falcon removal steps listed on our forum first. The 007 keylogger is a different problem.Actually, since you have a recurring infection the best thing to do after you follow the spy falcon removal tutorial may well be to run Adaware and Spybot after updating them, and then post a HJT log in our HJT forum.Read the pinned post in our “HijackThis” forum, herehttp://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/ Carefully read and follow all directions explicitly.Following instructions run a log, and post it in following HJT forum, at this linkhttp://www.bleepingcomputer.com/forums/posthjtlog.htmlInclude a brief description of your computer (ie, processor, amount of RAM, brand or motherboard, etc, and the problem you are experiencing.)Do not as yet attempt to fix anything by yourself using Hijack This as even what may seem to be a small mistake can render your op system inoperable.Some files when in one folder may be fine while in another may be malware. A member of our HJT Team will analyze your log, make recommendations and offer assistance.It may take a period of time to get a response to the log you posted because the members of our HJT Team are kept very busy. Please be patient as this team is manned by volunteers. They will help you by assisting those posting in the order received as soon as possible.NOTEOnce you have posted your HJT log, please DO NOT make any additional p... Read more

Read other 1 answers
RELEVANCY SCORE 83.6

I want to install kaspersky 2009 but it wont let me until AVG8 is deleted.

I went to add/remove programmes (or programme features to some) and its not there. I went to programme files and there was the file (which was empty) so I deleted that. I went back to kas and it keeps saying to uninstall it, even though I cant see it installed. What do I do?

In all programmes under start, theres no mention of it there either.

Oh and im using MS Vista.

Thank you,
James.
 

A:How do I remove AVG which I thought was removed?

Read other 6 answers
RELEVANCY SCORE 83.6

Posted to "Am I Infected" forum and was instructed to create a new post here. Below is the DDS log and I have attached the DDS attach.txt and the GMER results. I can supply the Malwarebytes, SuperAntiSpyware, and Spyware Doctor logs if you need them. I disabled the internal wireless network on the infected PC for now, and all scans were performed using a thumb drive. GMER did not terminate as I would expect. There was not clear "finished " indication, but GMER had obviously stopped scanning. My CPU usage was also stuck at 100%. Thanks,--Brian AOriginal Post:I am helping a co-worker with his computer. His desktop was filled with porn links and Paladin Anti-virus was present. I followed the instructions on this site for removing Paladin, and it seems to be gone (Malwarebytes found/fixed 80+ threats). I also ran SuperAntiSpyware which found/fixed 60+ threats. I then ran Spyware Doctor((this program would not run before scanning with mbam and Sas) which found/fixed 5 instances of rootkit.tdss. My question is, Is the computer still infected?Thank you in advance,Brian A Reply to original post:Hello,Given the presence of rootkits that were found, I suggest you follow the instructions in ==>This Guide<==.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<==If you can produce at least some of the logs, then please create the new topic. If you cannot produce any of the logs, then post back here and we will provide you with... Read more

A:removed Paladin Anti-virus, rootkit.tdss and other stuff

Hello and and Welcome to BleepingcomputerPlease note we are very busy, so if I don't hear from you within 5 days the topic will be closed, If you have since resolved your issues I would appreciate if you would let me no so I can close this topic.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Under the Custom Scans/Fixes box at the bottom, paste in the following bold text.%systemroot%\system32\*.dll /lockedfiles%systemroot%\Tasks\*.job /lockedfiles%SYSTEMDRIVE%\*.exenetsvcsmsconfig/md5startproquota.exeeventlog.dllscecli.dllnetlogon.dllcngaudit.dllsceclt.dllntelogon.dlllogevent.dlliaStor.sysnvstor.sysatapi.sysIdeChnDr.sysviasraid.sysAGP440.sysvaxscsi.sysnvatabus.sysviamraid.sysnvata.sysnvgts.sysiastorv.sysViPrt.sys/md5stopCREATERESTOREPOINTPush the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedThanks

Read other 20 answers
RELEVANCY SCORE 83.6

All scans I have done so far informs me that I have removed the nasty anti virus 2012 on my vista lap top. When I put the machine in safe mode all the icons on my desk top are there. When I boot up in normal mode the task bar and desk top icons are missing. Does this mean something is still running in the background connected with this virus

A:Removed Vista Anti Virus 2012 Desk Top BLANK

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/438810 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 2 answers
RELEVANCY SCORE 82.8

My computer was infected with the Windows Antivirus 2012 a few weeks ago. I read some of the help files, and thought I had taken care of it. However, my computer is acting a little funny at times. Programs take a little longer to start than they used to and IE will hang at times (didn't have this problem before the infection), so I'm afraid that maybe I didn't clean all the infection. I hope someone will take a look at my logs and help me take care of this.

I'm running Windows XP SP3, Comodo firewall, and Avast Antivirus. I run the free Malwarebytes at least once a week.

Thank you an advance for any assistance,

NizTink

DDS.Log
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by KM at 14:12:18 on 2012-01-29
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1522 [GMT -6:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\syst... Read more

A:Win Antivirus 2012 - Thought I removed it

Hello and Welcome to the forums!My name is Gringo and I'll be glad to help you with your computer problems.Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 31. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the runn... Read more

Read other 20 answers
RELEVANCY SCORE 82.8

idk if the ASRock 990FX EXTREME3 mobo i was looking at is only out of stock or if its gone, but i have to go back and ask for help, i was looking at gigabyte boards. but i need some specifics and asthetics counts...

am3/am3+
preferably 3 pcie 16
2+ pcie 1
atleast 1 pci
quad channel ram, but if possible but not rquierd, i like being able to go to 32 gb of ram
usb 3.0 and 2.0
sata 3.0 6gb/ps
prety decent heat sinks
i like matte gunmetal and charcole black

but heres the kicker, i need this under $160

to be honest, if the ASRock 990FX EXTREME3 is worth 140 from somewone else instead of 120 from new egg, ill go for it, but i dont get the point in spending money if its not worth it in the long run.

another board i looked at was ASRock 990FX EXTREME4 the extreme 4 model looked interesting but i need more black and less blue and white.i can MAKE it work but i would need a little bit more assurance its worth the money

A:thought i knew which mobo to buy, it was removed from new egg

It's still there... Newegg.com - Computer Hardware, Motherboards, AMD Motherboards, ASRock, AM3+

Sorry, it's the ASRock 990FX Extreme4, the 3 has been deactivated, no longer available.
http://www.newegg.com/Product/Produc...82E16813157281

Read other 9 answers
RELEVANCY SCORE 82.8

Over the winter I downloaded Windows Live Messenger. Because it was available in my native language (Dutch) and I was going to use it with family and friends in Holland I downloaded the Dutch version.

After that, things that used to be in English were in Dutch. My hb can't read that so it was causing some problems and I finally decided to completely remove Messenger. Previously, when removing/adding programs, you could choose from the programs where they were in alphabetical order; click the program you want to delete and click 'remove'. But when I tried that, a new window showed up with checked Window programs. I checked the 'Messenger' one and proceeded. While in the process of removing some things showed up that were included in the removal process. I cannot remember exactly what they were, it went by too fast.

Anyhow, long story short: after this process was finished, IE and OE seem to have disappeared. I can open a browser in other ways and am on line but IE and OE are nowhere to be seen.

When I click on the globe with 'internet' or the 'email', the internet options window opens, and not IE.

Also, 'System Restore' doesn't work (anymore?). And on top of that, Windows Live Messenger is still there, and all the Dutch titles, descriptions, still there.

To say I'm embarrassed is an understatement. Any suggestions would be so appreciated!

Regards,
Milli.
 

A:Removed Messenger (thought I did). IE disappeared???

http://support.microsoft.com/kb/938275
Pls follow the link directions for uninstall

http://support.microsoft.com/default.aspx?kbid=318378#XSLTH3126121123120121120120
Please follow this link for he repair of IE and OE
 

Read other 2 answers
RELEVANCY SCORE 82.8

I first did a scan with Spybot S&D. After several cleanings the Virtumonde.dll would not go away. I googled it, then finally downloaded Virtumondebegone and while it "found" it, I'm not sure it got completely rid of everything. I've tried several scans with T-M Housecall, my Verizon Anti-Spyware, S&D, Smitfraud, and now I am here. HELP!!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:25:06 AM, on 7/9/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeC:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exeC:\Program Files\CA\PPRT\bin\ITMRTSVC.exeC:\Program Files\Raxco\PerfectDisk\PDAgent.exeC:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYSC:\WINDOWS\system32\PSIService.exeC:\WINDOWS\system32\svchost.exeC:\Program File... Read more

A:Thought I Removed Vitumonde But Something Else Still Remains...

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please download Deckard's System Scanner (DSS) and save to your Desktop.alternate download siteDSS will do the following:Create a new System Restore point in Windows XP and Vista.Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.Check some important areas of your system and produce a report for an analyst to review.Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.You must be logged onto an account with administrator privileges when using.Close all applications and windows.Double-click on dss.exe to run it and follow the prompts.If your anti-virus or firewall complains, please allow this script to run as it is not
malicious.When the scan is complete, two text files will open in Notepad:main.txt <- this one will be maximizedextra.txt <- this one will be minimizedIf not, they both can be found in the C:\Deckard\System Scanner folder.Please copy (Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your next reply.-- When running DSS, some firewalls may warn that it is trying to access the Internet especially if your asked to download the most current version of HijackThis. Please ensure that you allow it permission to do ... Read more

Read other 13 answers