Over 1 million tech questions and answers.

AVG keeps finding Win32/Zperm in temp folder

Q: AVG keeps finding Win32/Zperm in temp folder

Hello,
 
I have both AVG and Ad-Aware installed (Ad-Aware is in compatibility mode so the real-time protection is off). AVG resident shield keeps reporting that Win32/Zperm has been found in the temp folder and this is due to the Ad-Aware Service. I choose the action to remove it, which it says is successful but then it reports the same thing again a little while later. An actual scan by AVG does not find anything, neither does a scan by Ad-Aware.
 
AVG resident shield report: Virus found Win32/Zperm, c:\Windows\Temp\... (actual folder and file changes every time)
 
The process name: C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareService.exe
 
I have also tried scanning with Malwarebytes Anti-Malware and that too doesn't give any postives. Could you help me remove it please or is it a compatabilty issue between AVG and Ad-Aware?
 
Thanks
 
My DDS log:
 
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16520  BrowserJavaVersion: 10.45.2
Run by Paulette at 13:17:06 on 2013-11-22
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.44.1033.18.2038.701 [GMT 0:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}
SP: Ad-Aware Antivirus *Disabled/Outdated* {631A84A5-349B-D564-3A83-A0F22C2DF32B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
.
============== Running Processes ================
.
C:\PROGRA~1\AVG\AVG2014\avgrsx.exe
C:\Program Files\AVG\AVG2014\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareService.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2014\avgidsagent.exe
C:\Program Files\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\BT Broadband Desktop Help\btbb\MA\8.3.1.7.bt.1.3\ma\bin\MAHostService.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\BT Broadband Desktop Help\btbb\MA\8.3.1.7.bt.1.3\ma\bin\node.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\AVG\AVG2014\avgui.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files\Common Files\Motive\pcCMService.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\AVG\AVG2014\avgnsx.exe
C:\Program Files\AVG\AVG2014\avgemcx.exe
C:\Windows\system32\taskeng.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_9_900_152_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.co.uk/
mDefault_Page_URL = hxxp://www.thetechguys.com/welcome
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
EB: {c585d593-e7f4-4852-a200-561686ee02e4} - <orphaned>
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [UpdateP2GShortCut] c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe "c:\program files\cyberlink\power2go" update "software\cyberlink\power2go\5.0"
mRun: [Skytel] Skytel.exe
mRun: [btbb_McciTrayApp] "c:\program files\bt broadband desktop help\btbb\BTHelpNotifier.exe"
mRun: [NWEReboot] <no file>
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{FD85F85B-96D0-4D8D-B5F6-FBEDF408F3E2} : DHCPNameServer = 192.168.1.254
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
Notify: GoToAssist - c:\program files\citrix\gotoassist\570\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-9-2 145720]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-9-2 223032]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-8-20 102200]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-9-8 27448]
R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-9-26 13560]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2013-8-15 28552]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2013-9-25 120632]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2013-9-2 209208]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2013-9-10 22840]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-9-2 176952]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-8-1 193848]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-9-24 37664]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2014\avgidsagent.exe [2013-10-3 3538480]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2014\avgwdsvc.exe [2013-9-25 301152]
R2 BT Help Wizard;BT Help Wizard;c:\program files\bt broadband desktop help\btbb\ma\8.3.1.7.bt.1.3\ma\bin\MAHostService.exe [2013-10-2 321024]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-1-3 21504]
R2 LavasoftAdAwareService11;Ad-Aware Service 11;c:\program files\lavasoft\ad-aware antivirus\ad-aware antivirus\11.0.4555.0\AdAwareService.exe [2013-10-18 497744]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-11-20 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-11-20 701512]
R2 PassThru Service;Internet Pass-Through Service;c:\program files\htc\internet pass-through\PassThruSvr.exe [2011-3-31 80896]
R2 pcCMService;pcCMService;c:\program files\common files\motive\pcCMService.exe [2012-9-25 376144]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2012-8-9 38608]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-11-20 22856]
R3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr73.sys [2010-2-24 494368]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-6-10 24576]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-6-23 23040]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2009-1-3 21504]
S3 qcusbser;Qualcomm USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbser.sys [2013-9-18 298496]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2013-8-14 13464]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
.
=============== Created Last 30 ================
.
2013-11-22 10:13:50 7772552 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{da30a9e0-e8fa-4dcf-8537-c97ee988888f}\mpengine.dll
2013-11-20 19:38:21 -------- d-----w- c:\program files\RealNetworks
2013-11-20 19:37:53 -------- d-----w- c:\users\paulette\appdata\roaming\RealNetworks
2013-11-20 19:36:25 -------- d-----w- c:\programdata\RealNetworks
2013-11-20 12:04:13 -------- d-----w- c:\program files\Audacity
2013-11-20 10:49:03 -------- d-----w- c:\users\paulette\appdata\roaming\Malwarebytes
2013-11-20 10:48:41 -------- d-----w- c:\programdata\Malwarebytes
2013-11-20 10:48:39 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-11-20 10:48:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-11-16 14:50:49 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2013-11-16 14:48:24 -------- d-----w- c:\program files\iPod
2013-11-16 14:48:15 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-11-16 14:40:37 -------- d-----w- c:\program files\Bonjour
2013-11-16 14:12:37 -------- d-----w- c:\users\paulette\appdata\roaming\Mp3tag
2013-11-16 14:12:02 -------- d-----w- c:\program files\Mp3tag
2013-11-13 21:07:55 297984 ----a-w- c:\windows\system32\gdi32.dll
2013-11-13 21:07:41 993792 ----a-w- c:\windows\system32\crypt32.dll
2013-11-13 21:07:34 596480 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-11-13 21:07:34 444928 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-11-11 15:50:36 -------- d-----w- c:\program files\common files\Lavasoft
2013-10-25 15:56:40 -------- d-----w- C:\ccc3018c2729c609bb05191f41
2013-10-25 14:20:30 -------- d-----w- C:\AdwCleaner
2013-10-25 13:42:36 -------- d-----w- c:\programdata\Oracle
2013-10-25 13:40:56 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
==================== Find3M  ====================
.
2013-11-18 19:01:34 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-18 19:01:34 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-11-11 05:50:18 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-10-13 09:48:06 1806848 ----a-w- c:\windows\system32\jscript9.dll
2013-10-13 09:35:52 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-10-13 09:35:38 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-10-13 09:30:14 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-10-13 09:29:02 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-10-13 09:25:39 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-10-02 16:11:44 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-09-26 14:54:39 44424 ----a-w- c:\windows\system32\sbbd.exe
2013-09-26 14:54:38 13560 ----a-w- c:\windows\system32\drivers\gfibto.sys
2013-09-25 19:57:14 120632 ----a-w- c:\windows\system32\drivers\avgdiskx.sys
2013-09-18 20:08:56 94208 ----a-w- c:\windows\system32\dpl100.dll
2013-09-10 21:11:44 22840 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2013-09-08 21:12:16 27448 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2013-09-02 09:39:32 176952 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2013-09-02 09:28:06 145720 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2013-09-02 09:28:04 209208 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-09-02 09:28:00 223032 ----a-w- c:\windows\system32\drivers\avglogx.sys
2013-08-29 07:36:04 2050048 ----a-w- c:\windows\system32\win32k.sys
2013-08-27 02:47:50 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-08-27 02:47:50 189952 ----a-w- c:\windows\system32\d3d10core.dll
2013-08-27 02:47:50 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2013-08-27 02:47:50 1029120 ----a-w- c:\windows\system32\d3d10.dll
2013-08-27 01:52:08 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2013-08-27 01:50:40 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2013-08-27 01:32:20 683008 ----a-w- c:\windows\system32\d2d1.dll
2013-08-27 01:28:36 1069056 ----a-w- c:\windows\system32\DWrite.dll
2013-08-27 01:28:35 798208 ----a-w- c:\windows\system32\FntCache.dll
2013-08-26 09:13:02 354656 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
.
============= FINISH: 13:18:51.27 ===============
 

RELEVANCY SCORE 200
Preferred Solution: AVG keeps finding Win32/Zperm in temp folder

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: AVG keeps finding Win32/Zperm in temp folder

Actually, I forgot that Malwarebytes did find some PUPs which I deleted but ir didn't seem to have any affect.
 
Here is the log:
 
Malwarebytes Anti-Malware (Trial) 1.75.0.1300www.malwarebytes.org
Database version: v2013.11.20.06
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Paulette :: PAULETTE-PC [administrator]
Protection: Enabled
20/11/2013 10:50:45
mbam-log-2013-11-20 (10-50-45).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 201716
Time elapsed: 13 minute(s), 38 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 2
C:\Users\Paulette\AppData\Local\Temp\ct3288691 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Paulette\AppData\Local\Temp\ct3297861 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
Files Detected: 9
C:\ProgramData\YouTube Downloader\ytd_installer.exe (PUP.Optional.Spigot.A) -> Quarantined and deleted successfully.
C:\ProgramData\YTD Video Downloader\ytd_installer.exe (PUP.Optional.Spigot.A) -> Quarantined and deleted successfully.
C:\Users\Paulette\Local Settings\Temporary Internet Files\Content.IE5\6BYH295E\checktbexist[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Paulette\Local Settings\Temporary Internet Files\Content.IE5\DJLXJJ60\mism[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Paulette\AppData\Local\Temp\ct3288691\chromeid.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Paulette\AppData\Local\Temp\ct3288691\ism.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Paulette\AppData\Local\Temp\ct3288691\setup.ini.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Paulette\AppData\Local\Temp\ct3297861\chromeid.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Paulette\AppData\Local\Temp\ct3297861\setup.ini.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
(end)

Read other 22 answers
RELEVANCY SCORE 70.8

I've recently built my computer system and have always used AVG antivirus (free edition) but have recently also started using Avast! 4.7 (free edition). Avast! finds Win32:Trojan-gen {other} in the Windows\Temp directory (File names start with $ and end t$m). I keep putting these into the vault but they or others keep reappearing. AVG doesn't see anything. Also if I run sfc \scannow Windows wants to replace some files but it doesn't accept my XP Professional SP2 disk that I installed only recently. I've kept XP up to date so I can't see why it will not accept my XP disk.
Below is my HijackThis log generated through DSS and attached is the extra log generated by DSS. My system appears to be running fine but I'm wary of keyloggers etc. All advise would be very gratefully received.

Deckard's System Scanner v20071014.68
Run by Steve on 2008-01-09 12:19:17
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
52: 2008-01-09 12:19:26 UTC - RP52 - Deckard's System Scanner Restore Point
51: 2008-01-09 10:04:46 UTC - RP51 - Software Distribution Service 3.0
50: 2008-01-08 13:31:51 UTC - RP50 - System Checkpoint
49: 2008-01-06 22:14:16 UTC - RP49 - System Checkpoint
48: 2008-01-05 21:57:11 UTC - RP48 - System Checkpoint


-- First Rest... Read more

A:Avast! 4.7 Home Edition Finding Win32:Trojan-gen {other} in C:\Windows\Temp\

Bump.

Read other 1 answers
RELEVANCY SCORE 69.2

Hello!
 
I have had an internet connectivity problem for about a week now. First off, my internet connection randomly disconnects, goes silent for 5-10 seconds every few minutes, and then reconnects. Secondly, and I don't know if this is related, but I have two active connections now, which I never noticed before. My first connection is to my wireless router, and other than the aforementioned problems it behaves normally. My second connection is to Network 3, which I don't remember ever having and cannot control; it acts kind of like a hard line connection from a router in that I can't turn it off, but has no network access and serves no known purpose - I have no wired connection.
 
I ran AVG free, which detected win32/zperm, quaranteened it and removed it. I ran it again and it found it again. I then ran Ad-Aware which found and removed it several more times. Then I ran AdwCleaner, Junkware Removal Tool and finally ComboFix. The problem seemed to go away for about two days, then the internet connectivity issues returned, and now AVG nor Adaware can seem to find win32/zperm, but the problem persists.

A:win32/zperm

Hello having run ComboFix on your own we will need to see that log to determine what it removed. Please repost here ....Virus, Trojan, Spyware, and Malware Removal Logs. Include your above info and the CF log.

Read other 5 answers
RELEVANCY SCORE 68.4

Hello everyone. Recently AVG quarantined a file called Win32\Zperm. Should i be worried about this? Also, i noticed that when i watch a video online, it's not uncommon for the video to freeze. I than have to close the program and restart internet explorer to get it to work. I orginally started another thread with a Rkill log and was kindly directed, to the proper procedure of starting a thread.

This is the original post: http://www.bleepingcomputer.com/forums/topic480398.html/page__pid__2937102#entry2937102

Here is the DDS log:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16448
Run by Elan at 21:23:28 on 2013-01-02
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.3999.1711 [GMT -4:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestric... Read more

A:AVG quarantined Win32\Zperm

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top o... Read more

Read other 16 answers
RELEVANCY SCORE 68.4

Hi,
I ve been wrestling with the removal of the win32/Zperm virus and came across the posting from Gabrielrock nov12 2013 that seems to be a similar problem to mine. see http://www.bleepingcomputer.com/forum/t/513821/infected-with-win32/zperm
As with above, Ad-Aware detects the win32/Zperm virus and appears to deal with it only for it to re-instates itself in a windows/temp/file. Please advise how I can get rid of it.
I am operating on windows Vista and being relatively PC niave would appreciate guidance.
Many Thanks
 

A:Infected with win32/Zperm

Hello DaidaftI'm Seedy21 and I will be helping you with your issues.Please note the following information about the malware forum:From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by mePlease do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.Please reply within 48 hours, if you are going to be away for longer please let us know or the topic will be closed for been inactiveIf you are using Cracked or Illegal software your thread will be closedLastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close.Note:There are both 32-bit and 64-bit versions of Farbar Recovery Scan Tool available. Please pick the version that matches your operating system's bit type.If you are unsure what you're system bit type is..... click Here for help.For x32 bit systems download Farbar Recovery Scan Tool and save it to your Desktop.For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your Desktop.Double-click the downloaded icon to run the tool.When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it also makes another log (Addition.txt).... Read more

Read other 21 answers
RELEVANCY SCORE 68.4

I have a pretty similar problem like another user, but decided to post here, because I am not sure if the same fix applies to me (his thread was: http://www.bleepingcomputer.com/forums/t/480470/avg-quarantined-win32zperm/)
 
My problem is same or similar. I have an AVG and ad-aware. Whenever I scan with AVG alone (even in safe mode), it doesn't  find anything, but whenever I scan with ad-aware, my AVG finds win32/zperm, detects it as a virus and quarantines it. However, each time I scan, each time I find it there, so it keeps on being there. The file, which gets quarantined is in C:\Windows\Temp\(folder with many numbers, which every time are different)\(folder tmp with more numbers)\(tmp with more numbers). 
 
I am not sure if it's a false positive or not, but I'd rather hear the opinion of professionals. Another thing is that my videos online also freeze from time to time. Maybe this might be the cause... Issue started just a few days ago.
 
 
My DDS log:
 
 
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.45.2
Run by home-pc at 17:51:08 on 2013-11-12
Microsoft Windows 7 Ultimate   6.1.7601.1.1257.370.1033.18.16259.14133 [GMT 0:00]
.
AV: AVG AntiVirus 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}
SP: Ad-Aware Antivirus *Disabled/Outdated* {631A84A5-349B-D56... Read more

A:Infected with Win32/Zperm

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Click the Report button and the report will open in Notepad.IMPORTANTIf you click the Clean button all items listed in the report will be removed.If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Check off the element(s) you wish to keep.Click on the Clean button follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleaner[Sn].txt (n is a number). Please downloadJunkware Removal Tool to your Desktop.Please close your security software to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.The tool will open and start scanning your system.Please be patient as this can take a while to complete, depending on your system's specifica... Read more

Read other 10 answers
RELEVANCY SCORE 68.4

ComboFix 14-08-19.01 - repeat 08/20/2014  21:24:48.2.8 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.32719.29329 [GMT -5:00]
Running from: c:\users\repeat\Downloads\ComboFix.exe
AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
SP: Ad-Aware Antivirus *Disabled/Outdated* {631A84A5-349B-D564-3A83-A0F22C2DF32B}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2014-07-21 to 2014-08-21  )))))))))))))))))))))))))))))))
.
.
2014-08-21 02:28 . 2014-08-21 02:28    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-08-18 03:37 . 2014-08-18 03:37    --------    d-----w-    c:\program files\Common Files\Lavasoft
2014-08-17 00:29 . 2014-08-17 00:29    --------    d-sh--w-    c:\users\repeat\AppData\Local\EmieUserList
2014-08-17 00:29 . 2014-08-17 00:29    --------    d-sh--w-    c:\users\repeat\AppData\Local\EmieSiteList
2014-08-16 23:55 . 2014-08-1... Read more

A:win32/zperm Combofix Log

ComboFix 14-08-15.01 - repeat 08/16/2014  18:36:07.1.8 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.32719.29682 [GMT -5:00]
Running from: c:\users\repeat\Downloads\ComboFix.exe
AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
SP: Ad-Aware Antivirus *Disabled/Outdated* {631A84A5-349B-D564-3A83-A0F22C2DF32B}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\tmp5AEB.tmp
c:\windows\SysWow64\tmp5BD6.tmp
E:\install.exe
.
.
(((((((((((((((((((((((((   Files Created from 2014-07-16 to 2014-08-16  )))))))))))))))))))))))))))))))
.
.
2014-08-16 23:39 . 2014-08-16 23:39    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-08-16 23:30 . 2014-08-16 23:30    --------    d-----w-    c:\windows\ERUNT
2014-08-16 23:28 . 2010-08-30 13:34    536576    ----a-w-    c:\windows\SysWow64\sqlite3.dll
2014-08-16 23:15 . 2014-08-16 2... Read more

Read other 12 answers
RELEVANCY SCORE 67.6

My AVG anti virus has been periodically flagging with a 'threat' called win32/zperm. It appears to be in C:\Windows\temp\ I always click remove it and it says its successful but periodically it returns.

I also have the issue of various popups while browsing the internet in Firefox (Its the only browser I use). Anything from this computer has been locked due to suspicious activity call this number to reactivate to various random popups.

Before coming here I've tried updating + running in safe mode AVG Anti Virus. Malware bytes, Spybot S&D and Adaware. They either don't find a threat or one of them find 'tracking cookies' which it removes but doesn't fix the problem.



I ran DDS and attached the two required text files. I've moved since I purchased this computers so I'm not entirely sure where my Window's disk is. I'm on Windows 10 Home 64bit if it matters. Any help would be appreciated, thanks.

Read other answers
RELEVANCY SCORE 67.6

My AVG anti virus has been periodically flagging with a 'threat' called win32/zperm. It appears to be in C:\Windows\temp\ I always click remove it and it says its successful but periodically it returns.

I also have the issue of various popups while browsing the internet in Firefox (Its the only browser I use). Anything from this computer has been locked due to suspicious activity call this number to reactivate to various random popups.

Before coming here I've tried updating + running in safe mode AVG Anti Virus. Malware bytes, Spybot S&D and Adaware. They either don't find a threat or one of them find 'tracking cookies' which it removes but doesn't fix the problem.


I ran DDS and attached the two required text files. I've moved since I purchased this computers so I'm not entirely sure where my Window's disk is. I'm on Windows 10 Home 64bit if it matters. Any help would be appreciated, thanks.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.14393.0 BrowserJavaVersion: 11.91.2
Run by Nicholas at 12:28:54 on 2016-12-22
Microsoft Windows 10 Home 10.0.14393.0.1252.1.1033.18.8102.2929 [GMT -6:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG AntiVirus Free Edition *Enabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
SP: Spybot - Search and Destroy *Enabled/Outdated* {A16C3F68-9280-E053-1818-342707FECF4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG ... Read more

A:Win32/Zperm virus & popups.

Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.Run AdwCleaner and select Scan
Once the Scan is done, select Clean
Once done it will ask to reboot, please allow the reboot.
On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
Make sure the Addition.txt button is ticked.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
It also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------

Read other 11 answers
RELEVANCY SCORE 66.8

A few weeks ago you aided me in cleaning an infection off my computer and I thought it was clean.  However, the last week strange things have been happening.  Here is the original thread http://www.bleepingcomputer.com/forums/t/508728/dds-and-combofix-logs-as-requested/?hl=requested#entry3174075
 
I am running Windows XP Pro SP3, AVG internet security, Ad-Aware antivirus in compatibility mode and from time to time I run I-obit antivirus and Mal-warebytes free version.
 
Within the last week,

1.  I several times got a boot disk not found error while booting.  I thought it was the hard drive going bad but after a couple of days it was fine.
 
2.  AVG has several times detected and quarentined Win32/Zperm.  It seems to come back.
 
The last full system virus scans with I-Obit picked up a few things, I think Trojans, most of which I think are false positive, in old data files in an external backup.   These files have not been accessed for years except for copying them from one place to another.
 
3 This morning WinPatrol informed me that a number of things had been removed from my startup.  These included WinPatrol, AVG Toolbar, RTHDCPL.exe, Ad-Aware AV (set in compatiblity mode), spybot search and destroy's tea timer and maybe some more that I can't remember.
 
The programs were still in my system tray but I am reinstalling them just in case now.
 
Any help would be appreciated.
Thank you in advance... Read more

A:Strange disk behavior and Win32\Zperm

Hi -
Download Security Check by Screen317 from HERE
* Save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.Note: If a security program requests permission to access the Internet, allow it to do so.
 
 
Download MiniToolBox, Save it to your desktop and run it.
Checkmark the following boxes:
•Flush DNS
•List last 10 Event Viewer log
•List Installed Programs
•List Users, Partitions and Memory size.
•List Minidump Files
 Click Go and copy / paste the result (Result.txt).
 
 
Please download Malwarebytes Anti-Malware Free (a.k.a. MBAM) and save it to your desktop.NOTE : Do not accept the Free Trial Version at this time
* Follow these instructions for doing a Quick Scan in Normal Mode.
* Check for database Updates through the program's interface before scanning.
* Click on Scanner > Place a dot in Perform Quick Scan > Click Scan
* After completing the scan, a log report will open in Notepad.
* The log is automatically saved and can be viewed by clicking the Logs tab .
* Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
* Exit Malwarebytes when done.
* Note: If Malwarebytes encounters a file that is difficult to remove, y... Read more

Read other 11 answers
RELEVANCY SCORE 66

I am getting a notification from avast that :Malware was found!File Name: C:\Windows\TEMP\xxxx.tmp\svchost.exemalware name: Win32:Rootkit-gen [Rkt]Malware type: RootkitRecommended action: Move to chest(the xxxx is variable for each notification)I have run malwarebytes anti-malware and cleaned up some files - but this still keeps happening. I have run it again - and it reports no problems.I have tried Trend micro rootkit buster - and it reports that I am clean.IO have tried disabling system restore.I have downloaded dds.scr - but when I try to run it I get the message that windows cannot open this file: To open this file, windows needs to know what program created it. But I have got Hijack this - so I am including that log file as well as the Root Repeat one.Thanks in anticipation.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 13:53:32, on 12/12/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\WgaTray.exeC:\WINDOWS\E... Read more

A:Win32:Rootkit-gen [rtk] Avast keeps finding a tmp folder with this in it

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 13 answers
RELEVANCY SCORE 56

Here is my log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:15:22 AM, on 9/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jucheck.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\mm_tray.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PRO... Read more

A:I have these files in my %temp% folder JETBBAE.temp and ~DFCA9F.tmp and i cant delete

* Click here to download ATF Cleaner by Atribune and save it to your desktop.
Double-click ATF-Cleaner.exe to run the program.

Under Main choose: Select All

Click the Empty Selected button.
If you use Firefox:
Click Firefox at the top and choose: Select All

Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All

Click the Empty Selected button.

[*]NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
 

Read other 1 answers
RELEVANCY SCORE 54

I managed to fix my previous round (in my - urgh - neverending round of issues and errors with this computer). I've been experiencing slow boot-ups, slow browser start-ups and stuttering when watching videos online/playing games. So I decided to check out my comp with aswMBR:

I got several infection results, all surprisingly for my Chrome browser. AVAST! Users are apparently reporting issues with this, but I'm curious about the Malware-gen in the temp files. Is it worth exploring further?

Computer is, as always, a Compaq Presario CQ62 laptop running Windows 7.

ETA: And I've noticed that my SAS hasn't updated since February; whenever I try to update it it informs me that it has all of the proper updates.

A:Win32:Malware-gen in the temp files and Win32:Trojan-gen in Google update?

Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply.====================================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwar... Read more

Read other 9 answers
RELEVANCY SCORE 54

My case does not have a bulit in temp display, or anything inside that can tell me. Is there an option anywhere that can tell me? I heard that some CPU's do.

Or should i Red Green it and get a medical therm, and duck tape it inside my case?
 

A:Finding out my Temp

Download motherboard monitor.

http://www.techspot.com/downloads/26-motherboard-monitor.html
 

Read other 3 answers
RELEVANCY SCORE 53.2

Hello everyone
I can see on my company network that there is a windows machine in which the temp folder contains another folder:

temp/temp10634534/setup.exe
Is it normal for a temp folder to contain another temp folder?
 I was thinking this be an example of malware creating a randomly generated folder. VirusTotal does not flag the file as malicious but I am suspicious.

Any thoughts?

Read other answers
RELEVANCY SCORE 53.2

Hi, my computer is old and has small hard drive space, and someone recommended I delete my %temp%, my temp, and my prefetch folder, but I was just wondering, since I had to do a whole lot of searching ,and downloading of drivers, (just to make my computer compatible with windows 7), where all my downloaded drivers are? And if deleting any of these folders will screw up my drivers, and give me problems, and I would have to find the drivers again. (Also I don't really know what the drivers are called, so I can't really search for them) Because I really wanna delete these folders to make my computer faster, because on XP, where my drivers always worked and I never needed to update them, I deleted those folders all the time, and it made it faster because those folders had a crapload of stuff in them, but I don't want my computer to not be compatible with the games/videos/music/etc. I use it for.

A:Are my drivers in my temp folder, or my %temp% folder?

Your drivers are stored in windows\system32\drivers folder.

I would recommend letting windows do the clean-up instead of hunting down all the temp stuff.

Click on the start orb and type in "disk" in the white search box. That will give you "disk cleanup" as one of the options. Click on that and away you go.

Read other 1 answers
RELEVANCY SCORE 52.8

When my virus scan is running I see it looking at this path: C:Users/me/appdata/local/microsoft/windows/temporaryinternetfiles

I had the idea that I should be able to just delete those from my pc before the scan, and then it wouldn't take so long. I followed the path, but temp int files is not at the end. Where do I look for them?

Is my idea correct? I can just delete them so the antivirus won't have to look at them?

Thanks in advance.

A:finding temp internet files

Try this path
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files

Read other 6 answers
RELEVANCY SCORE 52.8

When my virus scan is running I see it looking at this path: C:Users/me/appdata/local/microsoft/windows/temporaryinternetfiles

I had the idea that I should be able to just delete those from my pc before the scan, and then it wouldn't take so long. I followed the path, but temp int files is not at the end. Where do I look for them?

Is my idea correct? I can just delete them so the antivirus won't have to look at them?

Thanks in advance.

A:finding temp internet files

Try this path
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files

Read other 7 answers
RELEVANCY SCORE 52.4

I picked up a worm virus and have it isolated, however, there are temporary files that are infected that I would like to delete. These files begin A00 followed by five numbers and end in .CPY. How do I locate these files so I can delete them before they continue to copy themselves?
 

A:Klez.H Finding And Deleting Temp Files

Read other 16 answers
RELEVANCY SCORE 51.6

I tried to completely rename my pc acct, user profile folder, etc; using this thread:

User Profile Folder - Change User Account Folder Name

It didn't work. The 1st time I booted, W-7 had created a new acct with beginning user settings (taskbar programs, desktop, display, etc). I then reversed the changes and logged off. I rebooted and my original desktop and name appeared.

But, I also found an additional entry in C:\Users: a Temp folder with a padlock icon attached.

An instruction I followed in the rename procedures was to reverse any shared folders in C:Users.

For now, I've abandoned the rename & just want to clean up the damage. What should be done with the Temp folder with a padlock icon?

A:Temp folder with padlock icon in C:\User folder after try PC rename

I would not recommend a full rename as shown however you can go in users and rename your profile there. Since programs could still be using the original folder I would leave that be. If you tried to log into the account and you had not changed the registry correctly then Windows would have created that temporary folder. You can take ownership of it and look inside of it to make sure that you don't have data in there but I suspect that you don't. Provided that there isn't anything in there that is vital and your profile is working correctly then you should be able to remove that folder. Take Ownership of file

Read other 1 answers
RELEVANCY SCORE 51.6

I've just started using my new desktop pc which I bought specifically to download stuff from the internet and to my horror it wants to save everything in my temp internet files folder. Does anyone know how to change this please? I've tried messing about with the security settings but that didn't solve it. I've seen a few threads on here but have yet to find an answer.

Now wishing I'd stuck with my old pc on XP!!!

Thanks

A:Trying to save to my documents folder rather than the temp internet files folder

what internet browser do you have?
you should be able to change the configuration from the internet browser, and to make it save to the desktop.

Dom

Read other 10 answers
RELEVANCY SCORE 51.2

A while ago I got a pop-up asking me to complete a survey, but at the time I was on Wikipedia. It was not a Wikipedia ad. I minimised and it stayed there, so I assumed it was coming from a local source. It disappeared before I really had a chance to do anything further. I have McAfee Total Protection and tried scanning. It found nothing. I then downloaded BitDefender Free Edition (it seemed the best free antivirus from the quick reads I did.) I scanned and it found a few things here and there. I removed them and scanned again. Nothing was found. Since then, the Virus Shield constantly gives me notifications that it has either quarantined items, or that it could not fix and item and a restart is required. All these are in the directory "C:\Windows\Temp\" and the files are then in folders named "tmp0000" followed by 4 more characters. There seem to be about 150 of them.
 
Is it being silly or am I infected by something. If these are all false positives then I think I'll uninstall and try Avast! (At least I've used it before and know what to expect)
 
Bitdefender has already picked up some false positives in the form of OS .ISOs. (CentOS, FreeNAS and Windows Memphis disk images)
 
I wouldn't be too surprised if it's a virus actually, my PCs given me a little trouble lately that could be caused by it.
 
Windows 10 Pro
McAfee Total Protection 14.0
Bitdefender 1.0.21

A:Bitdefender constantly finding so-called infected temp files

Best to just have one antivirus installed. Use the programs below to find and remove both adware and malware. Depending on where
the ISOs were downloaded from, Bitdefender may not be wrong.
 
Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the
Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.
After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.
CCleaner - PC Optimization and Cleaning - Free Download
 
Download Malwarebytes' Anti-Malware from Here
Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
When MBAM is finished scanning it will display a screen that displays any malware that it has detected.
Click the Remove ... Read more

Read other 4 answers
RELEVANCY SCORE 51.2

Hi,

I was wondering if someone could help me find a previous version of a document on my desktop. My system is Windows XP, and it is a Notepad .txt document.

Here is my problem:

I worked in Notepad and created a large document. I saved it and named it, and then saved it many times throughout working on it. I then left the project and worked on some other things for a while. I did NOT close the document (which becomes the problem later). When I came back to the project, I forgot that I had NOT closed the original document, and went to the folder it was stored in, and 'opened' it from there. Because there is some type of bug in Notepad, it will actually open up the document as a second identical document instead of telling you that it is already open, or instead of automatically just going to the already-opened document. Thus, I now had two of the same document open on my desktop.

Because there were a lot of things open on my desktop at the time, I didn't notice that there were two. (Especially since I had forgotten that I had not closed it when I left it the first time.) So I thought that the 'second' copy of the document was the only one, of course, and began to work in it, adding a tremendous amount of data. I worked in the document through the day and into the night, and then closed the document as you would normally do.

That of course saved the document correctly, and all would have been fine, except there was the original/first document (now... Read more

A:Finding a backup, previous version, or temp file for a Notepad .txt doc

Make a search for *.* and specify the date of last modification. Then check each file for beeing what you are searching for.

Sorry, that's the only thing I can advice in your case...
 

Read other 2 answers
RELEVANCY SCORE 51.2

Hi,

I was wondering if someone could help me find a previous version of a document on my desktop. My system is Windows XP, and it is a Notepad .txt document.

Here is my problem:

I worked in Notepad and created a large document. I saved it and named it, and then saved it many times throughout working on it. I then left the project and worked on some other things for a while. I did NOT close the document (which becomes the problem later). When I came back to the project, I forgot that I had NOT closed the original document, and went to the folder it was stored in, and 'opened' it from there. Because there is some type of bug in Notepad, it will actually open up the document as a second identical document instead of telling you that it is already open, or instead of automatically just going to the already-opened document. Thus, I now had two of the same document open on my desktop.

Because there were a lot of things open on my desktop at the time, I didn't notice that there were two. (Especially since I had forgotten that I had not closed it when I left it the first time.) So I thought that the 'second' copy of the document was the only one, of course, and began to work in it, adding a tremendous amount of data. I worked in the document through the day and into the night, and then closed the document as you would normally do.

That of course saved the document correctly, and all would have been fine, except there was the original/first document (now just... Read more

A:Finding a backup, previous version, or temp file for a Notepad .txt doc

Your best bet might be to search for the file using the middle few letters of the name of the file. If there is a temp file stored somewhere on the disk that contains the full version of the document, its extension might be different from .txt and the first letter and/or last letter of the file name may have been changed by the system to indicate that it is a backup. So if your file was originally named something.txt, I would put in *eth* in the search box and search the whole disk for all matches. Good luck, and do post back with the results.

Read other 1 answers
RELEVANCY SCORE 49.2

Logfile of HijackThis v1.99.1Scan saved at 10:46:35 PM, on 7/5/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Analog Devices\SoundMAX\SMAgent.exeC:\Program Files\Common Files\AOL\1137955663\ee\AOLSoftware.exeC:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\Program Files\CA\eTrust Internet Security Suite\caissdt.exeC:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exeC:\PROGRA~1\ICROSO~1\alg.exeC:\Program Files\VideoMate\ComproPVR\ComproPVR.exeC:\Program Files\VideoMate\ComproPVR\Common\ComproRemote.exeC:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exeC:\Program Files\Microsoft Office\Office10\WINWORD.EXEC:\Program Files\CA\eT... Read more

A:Outer Info/www.error404site.com Popups/ Etrust Ez Antivirus Finding Errors In C:\windows\temp\win***.tmp Files

Hi mrc7928 and Welcome to the Bleeping Computer!First download ewido anti-spyware from HERE and save that file to your desktop.This is a 30 day trial of the programOnce you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.Once the setup is complete you will need run ewido and update the definition files.On the main screen select the icon "Update" then select the "Update now" link.Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.Once in the Settings screen click on "Recommended actions" and then select "Quarantine".Under "Reports"Select "Automatically generate report after every scan"Un-Select "Only if threats were found"Close ewido anti-spyware, Do Not run a scan just yet, we will shortly.Download smitRem.exe ?noahdfear, and save the file to your desktop.Double click on the file to extract it to it's own folder on the desktop.Place a shortcut to Panda ActiveScan on your desktop (in Internet Explorer, right click on Panda ActiveScan link select "Copy Shortcut" then right click on your desktop and select "Paste Shortcut" or in FireFox right-click the link and select "Save Link As" and save it to your ... Read more

Read other 18 answers
RELEVANCY SCORE 48.4

Hi all,

I have a folder in my Temp folder named {6858401D-7D6C-482c-B108-64AAE0B0A7E8} and have no idea what it is. I have my computer set to show hidden files/folders but when I check the folder there is nothing in there. I can delete the folder with no problem, but when I restart the computer it put itself back in the Temp Folder. I run Windows XP Service Pack 3. For anti-malware and virus protection I have Malwarebytes Anti-malware and Superantispyware Professional with NOD 32 and I update them daily. Today I ran a scanner with the anti-malware programs/virus protection but nothing came back. Could the folder in my Temp folder be a rootkit or is it nothing to worry about?

Thanks in regards,

Marrim

A:Strange Folder in my Temp Folder

Randomly named alpha/numeric folders are commonly created and used temporarily when updating Windows components. They are also used by some software programs (i.e. Microsoft Office, Microsoft Visual Studio, etc) during update or installation to hold setup files (.inf, .cat, .gpd, .ppd and .dlls) and other information. These files and folders are usually automatically removed as part of the update process. However, its not uncommon for them not to be cleaned up and left behind after the update has been applied. When that occurs they usually can be manually deleted at any time. For example, when you run the MS Malicious Software Removal Tool (MSRT), a temporary folder with random alpha/numeric characters (i.e. C\79f142e5e9e574d23954) will be created on your C:\ drive that contains mrt.exe, mrtstub.exe and a file named $shtdwn$.req. Since external drives can be a hiding place for malicious files, MSRT will scan them too and you may find a left over folder in that location. Most of the time after performing a scan and you click finish or cancel, the folder will automatically be removed right away or after the next restart of the computer. If not, the folder and its contents can be manually deleted without an adverse effect on the computer.Installation of service packs, security updates from Microsoft for MSMXL packages and hotfixes also create temporary randomly alpha/numeric named folders. Sometimes these folders create sub-folders as described here or contai... Read more

Read other 3 answers
RELEVANCY SCORE 48.4

I am really perplexed as to what is going on with a Documents folder. It's not MY DOCUMENTS, but rather, the Libraries-Documents folder (versus the my documents under my user profile/name).

The folder is FULL of garbage. This includes things that appear to be "temp files" (but with valid file types such as jpg, mp3)...also in there doc files, png, tdb, diz, ebc, and others I don't even recognize. Some of these things include package files from the Sims series games (there were a TON of them in there) and others included pictures that I did NOT save locally (as if it were a temp file from the web). There are even many duplicates of some of these pictures. Some I *DID* save as part of a genealogy project, but I didn't save them there....I saved them in a completely different folder with a completely different name.

Needless to say, I've got a LOT of work ahead of me cleaning this sucker out (thousands of files to the tune of 16.5gigs...seriously).

How are these files getting here and how can I prevent it from happening again?

Thanks in advance!
 

A:Is the Documents folder being used as a Temp Folder???

Read other 12 answers
RELEVANCY SCORE 48.4

Hello
I recently installed 2 updates from NVIDEA.
I have run disc clean up and Ccleaner>Windows but this attachment says it all.
I could use 'Unlocker' but do not want to do damage if the file should not be removed.
Do you have any suggestions?
TY
Peter

A:Temp folder %temp %

It's good to be cautious. That Folder may be important to your graphics adapter and removal could cause problems. However, I have deleted such Folders without issues except once and all I had to do was re-install the drivers.

Read other 0 answers
RELEVANCY SCORE 48

Hi,

Whenever I run spybot it consistently finds this problem, but AVG only finds a host problem which it changes. The computer has 384MB of RAM, 2.80GHz speed, Intel Pentium D 915, is XP pro service pack 2 and a work computer (I have permission to try and get rid of the trojan). I've attached the extra.txt from hijackthis and exported then attached the panda scan report as requested.

Please let me know if I've missed anything.

Thanks in advance!

Here's my main Hijackthis log:

Deckard's System Scanner v20071014.68
Run by user on 2008-07-15 12:30:57
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
33: 2008-07-15 11:31:10 UTC - RP368 - Deckard's System Scanner Restore Point
32: 2008-07-14 14:09:11 UTC - RP367 - Software Distribution Service 3.0
31: 2008-07-14 08:15:32 UTC - RP366 - Software Distribution Service 3.0
30: 2008-07-11 17:43:54 UTC - RP365 - Software Distribution Service 3.0
29: 2008-07-11 14:54:04 UTC - RP364 - System Checkpoint


-- First Restore Point --
1: 2008-06-02 15:21:38 UTC - RP336 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 384 MiB (512 MiB recommended).


-- HijackThis (run as charlotte-neary.exe) ---------------------------... Read more

Read other answers
RELEVANCY SCORE 47.6

i keep getting a virus called zperm. i ran AVG and ad-aware. here is a copy of hijackthis. do i need to do anything else?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:10:41 PM, on 2/7/2015
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
c:\PROGRA~1\AVG\AVG2015\avgrsx.exe
C:\Program Files\AVG\AVG2015\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG2015\avgidsagent.exe
C:\Program Files\AVG\AVG2015\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe
C:\Program Files\AVG\AVG2015\avgui.exe
C:\Program Files\AVG SafeGuard toolbar\vprot.exe
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\WINDOWS\system32\svchost.ex... Read more

A:zperm virus

Read other 6 answers
RELEVANCY SCORE 47.6

My day started with my computer becoming infected with Win 7 Antivirus 2012 I followed the (awesome) instructions on bleeping computer and removed this threat.

Now Avast keeps popping up threat blocked messages and threat logs show one WIN32:Malware-Gen and multiple WIN32: DNS Changer ?VJ [Trj] ( new one found every few minutes)

I patiently await your expert advice,

Thanks,

Brian

A:Avast keeps finding WIN32: DNS Changer VJ [Trj]

Hello Brian,lets take another look.Please download MiniToolBox, save it to your desktop and run it. Checkmark the following checkboxes: Flush DNS Report IE Proxy Settings Reset IE Proxy Settings Report FF Proxy Settings Reset FF Proxy Settings List content of Hosts List IP configuration List Winsock Entries List last 10 Event Viewer log List Installed Programs List Users, Partitions and Memory size. List Minidump FilesClick Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.>>>I'd like us to scan your machine with ESET OnlineScanHold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScanClick the button.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)Click on to download the ESET Smart Installer. Save it to your desktop.Double click on the icon on your desktop.Check Click the button.Accept any security warnings from your browser.Under scan settings, check and check Remove found threats Click Advanced settings and select the following:Scan potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth technologyESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.When the scan completes, push Push , and save the file ... Read more

Read other 4 answers
RELEVANCY SCORE 47.6

Hi i am using windows XP Pro service pack 3. Avanquest System Suite 8 Pro, is not finding any problems. every time i restart my PC the Microsoft Malicious Removal Tool finds WIN32/Vundo.gen!AI I use Spy-Bot Search and Destroy and AdAware. Neither is finding anything. I ran the Microsoft scan from their site it found 4 items and 3 issues but didn't tell me what they were. Not sure what else you need to know so here is the log.
DDS (Ver_09-01-07.01) - NTFSx86
Run by Matthew at 22:39:14.01 on Wed 01/14/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1981.1354 [GMT -5:00]

AV: Avanquest VirusScanner Pro *On-access scanning enabled* (Updated)
FW: Avanquest NetDefense Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\lxdecoms.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVANQU~1\SYSTEM~1\MXTask.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\AVANQU~1\... Read more

A:microsoftmalicousremovaltool keeps finding win32/Vundo.gen!AI

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed. Use the 'Add Reply' and add the new log to this thread. Also please explain your problem as fully as possible. Each little detail will help in getting your system cleaned up and functional again.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scans:Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mba... Read more

Read other 12 answers
RELEVANCY SCORE 47.6

When I was first infected with this virus, I couldn't get Firefox to load any websites, and when trying to use IE7, an endless number of popups would appear on the screen to various websites. I would greatly appreciate it if someone could help get my PC back to normal. The Kaspersky and DSS reports are below. Thank you.======------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Tuesday, April 29, 2008 10:36:02 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 30/04/2008 Kaspersky Anti-Virus database records: 732170-------------------------------------------------------------------------------Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: trueScan Target - My Computer: A:\ C:\ D:\ E:\ G:\Scan Statistics: Total number of scanned objects: 93716 Number of viruses found: 5 Number of infected objects: 15 Number of suspicious objects: 0 Duration of the scan process: 00:52:45Infected Object Name / Virus Name / Last ActionC:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skippedC:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skippedC: ... Read more

A:Avast Keeps Finding Win32:tratbho [trj]

Hello zucchero81,Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button.If you use Firefox browserClick Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browserClick Opera at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program. For Technical Support, double-click the e-mail address located at the bottom of each menu.Download SDFix and save it to your Desktop. Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop. Please then reboot your computer in Safe Mode by doing the following :Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; Instead of Windows loading as normal, the Advanced Options Menu should appear; Select the first option, to run Windows in Safe Mode, then press Enter. Choose your usual account. Open the extracted SDFix folder and double click RunThis.bat to start the script. Type Y to begin the cleanup process. It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot. Press any Key and it will restart the PC. When the PC re... Read more

Read other 8 answers
RELEVANCY SCORE 47.6

My computer became infected with Win 7 Antivirus 2012 I followed the instructions on bleeping computer and removed this threat.

Now Avast keeps popping up threat blocked messages and threat logs show one WIN32:Malware-Gen and multiple WIN32: DNS Changer ?VJ [Trj] ( new one found every few minutes)

I have ran malwarebytes anti-malware and it doesn't show anything neither does the tdss rootkit removal tool.

Here is my dss log.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Gabriela (O_n) at 10:53:31 on 2011-12-26
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1979.875 [GMT -5:00]
.
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchos... Read more

A:Avast keeps finding WIN32: DNS Changer VJ [Trj]

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/434526 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 2 answers
RELEVANCY SCORE 47.6

please helpe me!!!

avast keeps finding win32:agent-lts[trj]
and
win32:zlober[drp]
 

A:avast keeps finding win32:agent-lts[trj]

Download HijackThis.

Do a scan and post the log here. Don't fix anything for now.
 

Read other 1 answers
RELEVANCY SCORE 47.2

Hi Everyone. I'm Using WinXP OS n Avast Antivirus. Recently Avast keeps finding a Trojan named Win32:Agent-LTS [Trj]. I have performed a boot time scan and disabled System Restore, but to no avail. Should I delete some registery keys, if so which ones & how do I find out ?

This is the file name detected by Avast: C:\DOCUME~1\Ruben\LOCALS~1\Temp\ac8zt2\msmdev.dll

I suspect it came from another user of this computer, is that possible ?

Thanking You in Advance
 

A:Solved: Avast Keeps finding Win32:Agent-LTS [Trj]

Read other 14 answers
RELEVANCY SCORE 47.2

Hi, having some trouble with a virus. Each time my computer starts up and Kapersky scans my drives it finds the following Trojan-PSW.win32.QQpass.ara

Also, there are parts of the virus in the System Volume Information files on C and D drives.

Part of the virus is also in Internet Explorer subfolder Plugins. Kapersky can delete the Plugins folder and self-generated Auto-run file in the D drive.

Please advise how I should proceed?

Thanks, Gav

A:Kapersky Keeps Finding Trojan-psw.win32.qqpass.ara

Your problem seems serious. Please click here and follow all steps that you have not already completed.Do not alter your computer before you receive a reply for the HijackThis Log. This is because fixes will be based on the information you supply when you made the log.Also be patient, as there are only a limited number of helpers and a large demand. If you receive no reply within 5 days, please post the link to your thread in the thread hereGood luck

Read other 2 answers
RELEVANCY SCORE 47.2

I've seen another post with the same problem and there did not seem to be much concern but I am uneasy about this. Here is want za keeps finding and I quarantine it and next scan it's there again. The first time za found it I delelted it. Should I post a hijack log?
Win32.Yok
RegistryKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A2B7A0F0-B697-4A71-8D91-43443F57D7BB}

Thanks,
Marianne
 

A:Solved: Zone Alarm keeps finding Win32.Yok

Read other 16 answers
RELEVANCY SCORE 47.2

I have scanned this machine with Avast, Spybot, VunduFix, VirtumundoBegone,...Doesn't seem to help. Can you offer me more guidance? Your assistance is appreciated.My HJT log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:42:36 PM, on 1/10/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeC:\Program Files\Dell\NICCONFIG... Read more

A:Avast Scan Keeps Finding Win32:tratbho

Please don't respond yet. Ran another Spybot scan and got a completely different result. Cleaning those items and testing.

Read other 3 answers
RELEVANCY SCORE 46.8

I used to could save things out of my temp folder.... for the past month it keeps telling me I cannot copy from source folder....... anyone know what has changed?

Thanks so much for your help!
 

Read other answers
RELEVANCY SCORE 46.8

can i delete C:\WINDOWS temp file
 

A:temp folder

Delete Everything Inside Temp Folder
 

Read other 2 answers
RELEVANCY SCORE 46.8

Excel and word freeze when I try to save an attachement to the temp folder
OLK 14
I also can't locate this folder under wher eist is supposed to be
How can I fix that problem

Thank you
 

A:OLK 14 Temp Folder

DON'T save to the temporary Outlook directory, it is temporary.
Save it to a real directory that you know will remain between reboots.
Create your own "temporary" folder, that you control, call it anything.

If you really want to know where the temporary folders are, first they are hidden and can't be seen unless you enable the ability to see hidden system files and folders.

Assuming you did enable the viewing of hidden files, then you may find that Outlook folder (if you have WinXP) in
C:\Documents and Settings\<yourname>\Local Settings\Temporary Internet Files\OLK<somevalue>
 

Read other 1 answers
RELEVANCY SCORE 46.8

I work on winXP system with Mozilla Thunderbird as my e-mail client.
today, when sending mail I began to receive an error message as follows:

<there was a problem including the file:///C:docume~1/Admin/Locals/temp/nsemail.html in the message. would you like to continue>

After deleting this and on a second or third trial my message is sent correctly.
In order to understand the ?problem? I looked for the ?Temp? folder mentioned in this message and I found a ~2Gb folder with an enormous lot of temporary files including the nsemail.htm as in the error message.
Please advise what are these files and can this folder be deleted.
thunderbird has no real support so maybe somebody can help to get rid of the "problem".
thanks

A:temp folder

Your best bet is to run uncleaner UnCleaner - Josh Cell Softwares that will remove everything that is safe you may need to install .net to run it being xp

Read other 7 answers
RELEVANCY SCORE 46.8

hi all
am just asking f i can delete the contain of this folder without cuzing problems
C:\Documents and Settings\aaazzz\Local Settings\Temp\
on win XP
it is 750 MB

thnx
 

A:temp folder is so big!!

Yes, you can delete all the files in your temp folder, but don't delete the temp folder itself. If there are any files in there that are being used by some program, they just won't be deleted.
 

Read other 2 answers
RELEVANCY SCORE 46.8

Okay, tis sunds kinda dumb but I deleted my temp folder by accident...does this matter or should I fix it somehow..?

A:No temp folder....

Which Temp folder?

Read other 1 answers
RELEVANCY SCORE 46.8

Can you please tell me if it is safe to empty the temp. folder.
 

A:temp folder

Yes, you can safely delete the files in Windows/Temp folder. If it's something you have recently accessed, it may not allow you to delete it. In that case, reboot and delete.

JP
 

Read other 1 answers