Over 1 million tech questions and answers.

Impossible to Remove

Q: Impossible to Remove

I can't remove a file from my desktop which has remained after an abortion of download with Download Accelerator. Pls excuse my bad english.
Each time i try to delete it i get a message saying "Cannot delete "..." file : it is being used by another person or program. Close any programs that might be using the file and try again"
There is no other user on this station and i'm logged as administrator. No other program is running in this time (except processes in taskbar).
After a fresh reboot i get the same thing.
Can somebody help me please ?

RELEVANCY SCORE 200
Preferred Solution: Impossible to Remove

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Impossible to Remove

Read other 6 answers
RELEVANCY SCORE 52

I've tried w/ spybot, but it keeps detecting something named DSO Exploit, w/ 5 registry entries, that i cant solve.

Here is hijackthis log> can anybody help me removing this????

Logfile of HijackThis v1.98.0
Scan saved at 01:15:57 a.m., on 19/07/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\carpserv.exe
C:\WINDOWS\System32\wuamgard.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\WINDOWS\System32\MsgSys.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\sprivsm.exe
C:\WINDOWS\System32\rpaig32c.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\mmc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Spybot - S... Read more

A:Pop Up impossible to remove

Here is a quote from the spybot forums on this subject

The problem with the DSO Exploit is a little bug. We have already been able to locate and fix it, but unfortunately it was not included with the last update. It will hopefully be with the next one.
The DSO Exploit is a security gap in IE. Microsoft did already repair this, so if you have all Windows updates and patches installed, it is not dangerous for your system.
I hope that explains the situation.

If you want to stop it appearing in Spybot do this Click on Mode/advanced/settings/ignore products then tick it in the list that appears and it wont show anymore
 

Read other 1 answers
RELEVANCY SCORE 51.2

Does ANYONE know how to REALLY remove this??
I've followed numberous directions, endless amount of times. Ran tons of "anti-adware" programs. The "3 bad-guys" keep coming back with: O1 - Hosts: 69.20.16.183" - as well as the neverending loadingwebsite.com popups.

[Microsoft Windows 98 Second Edition AMD - 3D processeor]

ALSO - GET ERRORS w/ HJT & other when attempting to remove, as follows:

An unexpected error has occurred at procedure: modMain_FixOther1Item(sItem=O1 - Hosts: 69.20.16.183 ieautosearch)
Error #75 - Path/File access error

Windows version: Windows 9x 4.10.2222
MSIE version: 6.0.2800.1106
HijackThis version: 1.99.1

---------
I was following tech's listed directions to remove adware; ie: loadingwebsite.com, etc.
Ran a scan, checked lines as indicated.

Then got:
ERROR MESSAGE - popup box reads:

MICROSOFT VISUAL C++ RUNTIME LIBRARY
Runtime error!
Program C\windows\explorer.exe
abnormal program termination

(if I click OK - system shuts down)

This has been goijg on for weeks. Does anyone have an answer that works??
Thanks for help.
-------

File logs:

Logfile of HijackThis v1.99.1
Scan saved at 1:52:25 PM, on 03/25/2005
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\... Read more

A:Hosts: 69.20.16.183 IMPOSSIBLE TO REMOVE?

The analyst will also require:

Before doing anything, MAKE SURE that you can keep your computer on (at least until we get it fixed). This infection requires us to detect and remove it without rebooting or restarting your computer (unless the instructions say so). If you can't keep your computer on today, then I suggest that you don't get the logs yet until you are ready. With that said (when ready):

Please download the following programs required for the removal process:

Kill2Me http://www.greyknight17.com/spy/Kill2Me.exe
VX2Finder http://www.greyknight17.com/spy/VX2Finder.exe
Hoster http://www.greyknight17.com/spy/Hoster.exe
CleanUp! http://cleanup.stevengould.org/ or http://www.greyknight17.com/spy/Cleanup.exe
KillBox http://www.greyknight17.com/spy/KillBox.exe
DllCompare http://www.greyknight17.com/spy/DllCompare.exe

Please follow the steps below:

1. Download/run the following uninstallers:

Look2Me Uninstaller http://www.look2me.com/cgi-bin/UnInstaller
IGN Keyword Uninstaller http://www.greyknight17.com/spy/NLNUninstall.zip
ClearSearch Uninstaller http://www.greyknight17.com/spy/ClrSchUninstall.zip

2. Run Kill2Me.

3. Run VX2Finder and click on the Find VX2.BetterInternet button. Click Make Log and post this in the forum.

4. Run DllCompare now and click on the Locate.com button. Wait a few seconds and then click on the Compare button. Let it run, then click on 'Make a log of what was found'. Post that log here. Note: If you are hav... Read more

Read other 7 answers
RELEVANCY SCORE 51.2

Hi,

I am suffering from smitfraud-C.CoreService malware doom, detected in core.cache.dsk file in system32/drivers by Spyboot and Spyware doctor (here as Rootkit.Agent).

I have tried last days many things including the smitfraud-fix, many programs (adware, spybootSD, Spywar doctor, AVG-antispyware, Norton, Panda, Combofix,...) running in normal mode and safe mode... and nothing worked, those nasty popups keep coming again and again (funny... only in IE...) and the file is impossible to delete (do not appear in safe mode)

See below my HijackThis and ComboFix logs

Many thanks in advance!

rafael

--------------------------

HIJACKTHIS LOG
-------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:44:30, on 20/02/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\... Read more

A:Smitfraud-c impossible to remove

Hi guys,

The other HJT log I sent in the previous post was created before applying combofix (the last time I did it), so I am sending it updated to the current situation after combofix execution, just in case

Thanks,

rafael

ogfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:37:04, on 21/02/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C... Read more

Read other 2 answers
RELEVANCY SCORE 51.2

Hi everyone, I hate having to post here - I feel very defeated!! For the past week I have been getting alerts from AVG saying a trojan (BackDoor.Generic9.ULK, Generic9.BEDR, PSW.Generic5.AJXZ, Generic9.BAAL, and Generic9.BAUS) has been deleted from my system. Not sure of the impact, but they are executable files which appear in the temp folder and seem to get deleted by AVG, but they can hang around for a while before it notices them. The original issue was I could not longer connect to the internet, but I figured out all my IP settings had been changed. When I fixed that it ws all good. But the trojans have just not let up. I have followed various general directions for removing all sorts of spyware/malware, and have had several removed from my computer, but the issue continues. I have run the following programs, and can provide logs if it will help (I won't to start with to prevent this getting the longest post award...): avast, panda (online scanner), AVG anti-spyware (and antivirus too), ATF cleaner, adaware, SDFix, CCleaner, comboFix and HiJack This. (Please note I have not had more than one anti-virus active at any one time). I am begining to think this cannot be removed, and perhaps I should re-install - but that is such a pain!! Any help would be greatly appreciated!! Here is the current HiJackThis log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:56:12 PM, on 3/2/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet ... Read more

A:Impossible To Remove Trojan

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please post a brand new hijackthis log. If we do not hear back from you within a couple of days we will need to close your topic.When posting your logs please post them directly into the reply. Do not attach them.Also make sure you have already followed the steps outlined below:Preparation Guide For Use Before Posting A Hijackthis LogThank you for your patience.

Read other 1 answers
RELEVANCY SCORE 51.2

So i have been having pop ups from goochi ads and no matter which anti virus/spyware/adware i run, it just won't go away..And prevents me from opening certain windows and keeps opening at random times, which is very annoying! Printer only printing blank too..don't know if it has anything to do with goochi...

Here's my log - thanks in advance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:45:46, on 20-08-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\NERO\System32\smss.exe
C:\NERO\system32\winlogon.exe
C:\NERO\system32\services.exe
C:\NERO\system32\lsass.exe
C:\NERO\system32\svchost.exe
C:\Programas\Windows Defender\MsMpEng.exe
C:\NERO\System32\svchost.exe
C:\Programas\TGTSoft\StyleXP\StyleXPService.exe
C:\NERO\system32\svchost.exe
C:\Programas\Lavasoft\Ad-Aware\aawservice.exe
C:\Programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Programas\Alwil Software\Avast4\ashServ.exe
C:\NERO\system32\LEXBCES.EXE
C:\NERO\system32\spoolsv.exe
C:\NERO\system32\LEXPPS.EXE
C:\NERO\system32\svchost.exe
C:\NERO\system32\MsPMSPSv.exe
C:\Programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Programas\Alwil Software\Avast4\ashWebSv.exe
C:\Programas\Java\jre1.6.0_01\bin\jusched.exe
C:\ATI-CPanel\atiptaxx.exe
C:\NERO\system32\LVCOMSX.EXE
C:\Programas\Logitech\Video\LogiTray.exe
C:\Programas\Labtec\Desktop\V5.1\kbdap32a.exe
C:\Programas\USB Disk Win98 Driver\Res.EXE
C:... Read more

Read other answers
RELEVANCY SCORE 51.2

My kid has been playing games on the internet on my laptop and I've noticed that my computer has been running slower than usual. Even more worrying, now every time I browse I receive a troublesome pop up window that first show redirsvc on the address bar which then changes into an advert. Furthermore, sometimes a windows pop up on the left of my browser screen with a video. I've googled ways to remove this problem and even installed malwarbytes, superantispyware professional and adwarecleaner. Even though all of these programs detect threats within my computer and cleans it up, the problem keeps on returning. My antivirus programme Kapersky doesn't detect anything.

Many thanks if anyone can show me how to resolve this problem.

I've pasted the logs below:

Hijack this

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:17:44, on 05/01/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16428)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Motive\pcContextHookShim.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Fire... Read more

A:redirsvc impossible to remove

bump
 

Read other 1 answers
RELEVANCY SCORE 51.2

I have removed all the suspicous files from my Control Panel to ProgramFilesx86. I have used many softwares like Malwarebytes, Adwcleaner and a few others but they dont detect vmhost, So it is impossible to remove vmhost.exe. Heres my problem though, i don't get the sound ads or anything. Everytime i start my computer, 4-8 minutes later i get an alert from Norton about a high risk attack then i know vmhost is already booted via Task manager. All it does is just make my CPU usage so insanley high but it makes me uneasy with this virus on my computer even though i can end the process.Edit: Moved topic from Windows 7 to the more appropriate forum.~ Animal

A:Vmhost.exe is impossible to remove.

Welcome aboard   Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeList Restore PointsClick Go and post the result. Please download Malwarebytes Anti-Malware to your desktop.NOTE. If you already have MBAM 2.0 installed scroll down.Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
At the end, be sure a checkma... Read more

Read other 1 answers
RELEVANCY SCORE 51.2

Ok, I have been everywhere looking to remove this thing. Ad-aware detects it, but always says it can't remove one file and will remove on reboot. I downloaded the Ad-aware VX2 add-on -- it is useless. From what I have seen, it has something to do with the system restore. But, from other forums I have seen in here, I'm pretty sure I can find help here. Am I right?
 

A:VX2 - This thing is impossible to remove!!

Post a hijackthis log please. Download and then extract Hijackthis.exe to a new folder. Do not run it from the zip the desktop or a temp folder.

Here's a link:
http://www.merijn.org/files/hijackthis.zip

Do not remove anything using HijackThis. Save the log and then copy and paste the contents into your next reply here in this same topic. It lists many types of entries. Some are good, and others need to be removed. We will help you sort it out.
Download the l2mfix here:
http://www.downloads.subratam.org/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

***IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!

--------------

Once you have run these, do not restart. The information will change.
 

Read other 2 answers
RELEVANCY SCORE 51.2

Im helping a friend and im finding it impossible to get rid of the file thats causin all the trouble. Ive narrowed it down to a dll in the sys32. mlJBSLdD.dll, its running using winlogon so i cant delete it. I kno this is the problem file, it is no known dll. I did a google on it and it returns nothing. I tried to also delete in safe mode and it didnt work neither did deleteing in the cmd prompt in safe mode. No scans are picking it up so im stuck. How do i get rid of it?
 

Read other answers
RELEVANCY SCORE 51.2

Just today i got hit wiht surfsidekick3 and ive tried everythign to remove it to no avail. Please help as it is really annoying
Here is my HijackThis logfile
Logfile of HijackThis v1.99.1
Scan saved at 6:45:18 PM, on 5/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CA\eTrust Internet Security Suite\eT... Read more

A:help ive been hit by Surfsidekick3, its impossible to remove!

Read other 11 answers
RELEVANCY SCORE 51.2

Hi there, im very new to removing viruses and had to come to bleeping computer for help!

I think i came in contact with this virus when i was streaming a movie online, my computer had automatically installed this virus while I was watching this movie. I had no clicked to install any plugins
Now, everytime I open internet explorer or Malware bytes Or avg or anything that would possibly help me get rid of this virus, The process iys.exe starts up again, and a faulty scanner with it called windows xp 2012 scanner.....

Im running microsoft windows xp 2002 service pack 2, and even as im writing this topic, i think the virus keeps closing my internet browser.

heres a hijack this log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:11:53 PM, on 1/2/2012
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\... Read more

A:iys.exe virus, impossible to remove!!!

Hello and welcome. Please follow these guidelines while we work on your PC:Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I?ve given you the ?All clear.? Absence of symptoms does not mean your machine is clean! Please do not run any scans or install/uninstall any applications without being directed to do so.Any underlined text in my posts indicates a clickable link.If you have any questions at all, please stop and ask before proceeding. Please download DDS by sUBs from one of the following links and save it to your desktop.DDS.scrDDS.comDDS.pifDisable any script blocking protection (How to Disable your Security Programs)Double click DDS icon to run the tool (may take up to 3 minutes to run)When done, DDS.txt will open.After a few moments, attach.txt will open in a second window.Save both reports to your desktop.---------------------------------------------------Post the contents of the DDS.txt report in your next replyAttach the Attach.txt report to your post by scroling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and then click UPLOAD. Download GMER Rootkit Scanner from here to your desktop. Double click the exe file. If asked to allow gmer.sys driver to load, please consent . If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

Click the image to enlarge it
In the right panel, you will see several boxes ... Read more

Read other 2 answers
RELEVANCY SCORE 50.8

I ran Spybot which attempts to fix it, but the nasty thing just won't go away.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:31:29 PM, on 4/19/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16827)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeC:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exeC:\WINDOWS\system32\DVDRAMSV.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Progr... Read more

A:PWS.LDPinchIE Infection Impossible to Remove

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resul... Read more

Read other 2 answers
RELEVANCY SCORE 50.8

Hello,

I have a trojan, the NTRootKit-J. McAfee can't remove it, I can't delete the rdriv.sys file without it reappearing, and I haven't been able to remove it using any techniques suggested on other forums. I tried deleting rdriv.sys, and Win XP says it can't because "it is being used by another person or program."

Pocket Killbox kept saying "there appears to be no file by this name," yet it kepts appearing in my Temporary Internet Files and c:\WINDOWS\system 32 folder repeatedly, and sometimes in Temporary Internet Files. I used Disc Cleanup to remove it from Temp Internet Files, but I think it is still there somewhere.

It seems to be very well entrenched on my machine! So,please help me!

I downloaded Hijack This, and here is my logfile:

Logfile of HijackThis v1.99.1
Scan saved at 2:52:29 PM, on 9/18/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\ehome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\HP\KBD\KBD... Read more

A:HELP!! The impossible to remove NTRootkit-J Trojan!

Read other 16 answers
RELEVANCY SCORE 50.8

Ok, I seem to have some trojan malware I can't remove. I have been building, fixing, and repairing pc's for about 10 years. I've used cases in these forums many times to help me remove something, and this is the first time I'm come across something I couldn't remove myself and had to ask for assistance dealing with.

A friend dropped off an infected PC, a Dell Dimension 3000, 2.8Ghz, 200GB hard drive, 1GB Ram, Windows XP SP2, and IE6. Windows Update patches seem to be up do date and McAfee Pro Firewall and Security + AntiVirus intalled. I was told when I got the pc that it was slow and unusable, and riddled with popup, adverts - mostly pr0n.

So - I get the PC and boot up normally, log into the desktop, and that's where things got REALLY slow. McAfee and Firewall came up disabled. Here's what I did:

1. deleted IE cache and cookes
2. deleted all temp files I could in temp, windows/temp, and local settings/temp
3. installed spyware search and destroy, scanned, and removed 31 known problems
4. made sure that 'system restore' was turned off (which it was)
5. opened IE to do housecall.trendmicro.com scan (failed to completely load, took too long)
6. rebooted in safe mode with networking, ran IE housecall.trendmicro again, seemed to scan, but never got to results screen
7. reboot to normal windows, McAfee now enabled shows trojan virus it can't clean in "c:\windows\temp\startdrv.exe"
8. I can't change it's prope... Read more

A:startdrv.exe problems - near impossible to remove

if anyone has any ideas on this, that would be great! I have to try and finish it in a few hours and they guy wants to pick it up tonight, and this is the last thing I have to fix and remove before I give it to him. thanks in advance!
 

Read other 2 answers
RELEVANCY SCORE 50.8

I have accidentally created a second admin account on RC 7100 machine. How/ why that happened ? another story. However, now I cannot seem to delete it at all. Even when logged in under the account I always use (also admin), go to the User Accounts control panel, and only have options to rename/ change picture of the second admin account. How the heck do I get rid of it?

A:To remove a second admin account – impossible?

Command Line: Run an elevated cmd prompt
type: net user USERACCOUNTNAME /delete
and replace useraccountname with the account you want to delete.

Read other 5 answers
RELEVANCY SCORE 50.8

I have a persistent virus, I've done malwarebytes scans, Norton scans, Hijack this, I tried to uninstall IE8 and reinstall it, And still I have a persistent pop-up blocking me from sites. Now my norton is repeatedly warning me that it just blocked an attack on my computer describing it as: : "Network traffic from 86b6b96b.com matches signature of known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\SVCHOST.EXE" I can't locate it to remove it, and apparently neither can all these scans.. Killing me.. Any Ideas? THANKS..
 

Read other answers
RELEVANCY SCORE 50.8

On Friday, my computer became obviously infected with spyware (Desktop hijacked, constant popups about spyware, etc) due to visiting a mistyped URL. My Java files had not been updated in some time, just updated to the latest release today when I read that might be a problem.

I have tried removing the problem with Spybot S&D, Ad-aware, AVG Anti-Spyware, smitrem, smitfraudfix and Symantec anti-virus (including throwing the infected harddrive in a different computer as the D drive and running all of the scans from the ), but smitfraud.c and zlob keep appearing on Spybot scans (with Spybot saying it needs to be removed on reboot but never succeeding during the reboot scan).

Infected computer has not been connected to the internet since the problem began except to run Panda, I've been moving all of the fixes via USB thumbdrive from a known-good computer.

The two O20 lines in Hijackthis pop out as not correct:
O20 - Winlogon Notify: Rjkinme - rjkinme.dll (file missing)
O20 - Winlogon Notify: Rpqspmp - Rpqspmp.dll (file missing)Click to expand...

The rjkinme.dll one I've noticed on previous scans, but Rpqspmp.dll just showed up today.

Hijackthis log immediately after running ad-aware:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:34:57 PM, on 10/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WIND... Read more

A:Impossible to remove smitfraud and zlob

Read other 16 answers
RELEVANCY SCORE 50.8

i'm new on this forum, hi everyone, i got a virus or adware i don't know. i used adwcleaner, malware bytes removal tool, and then combofix, none of these has worked. these tools remove many viruses but when i restart i can see again their processes. simptoms are new start page on browsers, websearch instead google search, winrar updater, google chrome updater and java updater want to update these programs. what can i do. here is the combofix log. i hope it can help. thanks in advance 
some suspected processes are exttag.exe and many others with some strange name composed by letters and numbers.
i was able to remove many adware before now, using just adwcleaner but now, none of them is working. please help.
sorry for my bad english

A:impossible to remove a virus/Adware

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Download the version of this tool for your operating system.Farbar Recovery Scan Tool (64 bit)Farbar Recovery Scan Tool (32 bit)and save it to a folder on your computer's Desktop.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.===Wait for further instructions.

Read other 6 answers
RELEVANCY SCORE 50.8

Okay, I've done EVERYTHING under the sun to remove this virus called "brontok" or "Bron-Spizaetus". 

 
The thing about this virus is that it's smart as hell.
For example: I would be searching the internet on how to get this virus removed it shuts down my pc if i goto an "antivirus" website.
 
I've had to resort to scripts i found online just to get into my registry editor because this virus disables almost everything.
The thing i hate most about it is that it Disabled the Windows MSI Installer. So i can't install x64 programs or .MSI files. I get an error saying "MSI Installer Cannot be Accessed". - No matter what fix i try it's doesn't change.
 
I'm this close [  ] to reinstalling windows, but what if the virus is deep into my pc and can't be removed? What if it infected my BIOS?  
 
As of right now i'm pretty sure the virus is dormant, because i run these two programs everytime i start me pc "CleanX-II" & "rkill64" without these programs i wouldn't even be able to come to this website because my pc would shutdown.
 
"I cannot attach files becausee i can't browse for any... (because of brontok)"
 

 
Attach.txt
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 12/18/2011 4:24:21 PM
System Uptime: 12/21/2014 6:18:20 AM (0 hours ago)
.
Motherboard: Hewlett-Pac... Read more

A:Impossible to remove virus! - NO JOKE!

Hello potmasterjasper,

Welcome to Bleeping Computer.
My name is fireman4it and I will be helping you with your Malware problem.

Please take note of some guidelines for this fix:
Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
   If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
   Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

   Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  I will be analyzing your log. I will get back to you with instructions. Please download Farbar Recovery Scan Tool and save it to your Desktop.Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will ... Read more

Read other 3 answers
RELEVANCY SCORE 50.8

Hi I think I have found a new kind of infection. This infection is an addserver called 'adssite'. It appears to be a very pervasive infection as literally none of the most widely known and respected spyware or malware removal tools appears able to remove it. Moreover this infection appears to be specific/restricted to the Firefox web browser only.I will attempt to list the tools and utilities I have tried in order to remove this infection:AdawareSpybot SSDSunbelt Software CounterspySuperAntiSpywareavenger.exeATF-Cleaner.exeAvg Anti-RootkitAvg Anti SpywareHijackthisCCcleaner.exeTrend Micro Housecall.Microsoft Windows Defender.I have tried every known guide available on the Internet to try to get rid of this infection - but to no avail.Then I had a bit of a breakthrough. I noticed that the ads were only being served by the Firefox browser - and only in a Firefox web page, when Firefox was running.I checked all of the extensions and addon's in Firefox and this revealed nothing malicious or suspicious at all. (I of course removed all of the unwanted/unneeded software I could find from add/remove programs and disabled unneeded startup items in msconfig before even beginning this process).The final and only conclusion I could come to therefore (and one that I am certain some people here will disagree with/dislike vehemently) is that it was the actual Firefox executable itself that had been hacked/replaced/infected.In order to test this, after trying every possible other... Read more

A:Impossible To Remove Adware: Adssite Please Help!

Hello my only suggestion would be if you can upload those files to here in hopes of a solution for all.Virustotal Jotti's malware scan

Read other 1 answers
RELEVANCY SCORE 50.8

Hello all - I am running an eMachine with Windows XP, using Firefox as my browser. I definitely have something going on with my machine. When I launch FF, multiple tabs open with it, all opening up random pages, one telling me that I can work from home for Google if I only send them $2.00 for in the info. When I try to close that tab, I get another pop up that basically says 'are you sure' and it will not let me close the browser!

I've run the following software to find the problem - Malwarebytes Anti-Malware, Spybot Search/Destroy, Super AntiSpyware, AdAware and I'm running Avast Antivirus and a Zone Alarm fire wall.

I've run these scans in multiple modes - connected to the internet, disconnected from the internet in safe mode, and connected to the internet in safe mode. Viruses/malware will be found and removed but I still have the problem with Firefox.

Last night I downloaded an anti rootkit from Sophos and ran it. It found a TON of hidden files but they were all unknown and not recommended to be removed. I took the advice off the Sophos page and deleted my temp internet files, did a disk clean up, and re ran the scan - exact same results. There are so many hidden files there that I do not know which ones to remove - don't want to remove anything important!

I also ran an online antivirus called ESET Online Virus Scanner last night. One 'trojan' like virus was found and removed but I STILL get the problem with Fir... Read more

A:Malware/Spyware - Impossible to Remove

Hello,Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Orange Blossom

Read other 1 answers
RELEVANCY SCORE 50.8

Hi everyone its the first time I'm dealing with this kind of rootkit. Malwarebytes Anti-Malware scans shows a Rootkit.Agent with the name "sxfhxzto.dat" no matter how many times I apply the "Delete on reboot" option the file ("sxfhxzto.dat") remains thereSince it is a "Rootkit" I've already tried to remove it with no success with: -ParetoLogic Anti-Spyware-CCleaner-RootkitBuster-Sophos RootKit remover-GMER-Fsecure Blacklight rootkit eliminatorI also tried to delete it with killbox and file assasin but the file survive the reboot.What can I do? I dont want to format the pc just because of this rootkit.I'm running WinXP PRO+ SP3By the way here is the LOG Combofix gives me, hope that helps... Thanks in advance for any possible help!----------------------------------------------------------------------------ComboFix 09-04-01.01 - Marc 2009-04-02 23:52:08.2 - NTFSx86Microsoft Windows XP Professional 5.1.2600.3.1252.1.3082.18.1791.1177 [GMT -5:00]Running from: c:\documents and settings\Marc\Escritorio\Rootkit Removers\ComboFix.exeAV: Kaspersky Anti-Virus *On-access scanning enabled* (Outdated) * Resident AV is activeWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.((((((((((((((((((((((((( Files Created from 2009-03-03 to 2009-04-03 ))))))))))))))))))))))))))))))).2009-04-02 23:49 . 2009-04-02 23:50 <DIR> d-------- C:\32788R22FWJFW2009-04-02 23:07 . 2009-04-0... Read more

A:Rootkit.Agent impossible to remove!

Download REVOUNINSTALLER and install in your computer.
try revo to uninstall Any software which your are not able to uninstall. revo help you for uninstall any software from registry also.
It is easily available on net freely.

Read other 1 answers
RELEVANCY SCORE 50.8

Hello,If you have an ideehttp://www.arts-et-deco.com/Ecran.jpgI'am sorry the image didn't come ...Thanks

A:Problem : Impossible To Remove Connection

I have lots of ideas.

Read other 8 answers
RELEVANCY SCORE 50.8

Hello folks,

I am having trouble removing whatever it is hijacking our browsers. I have done updates and scanned with the following programs: AVG Antivirus Free - clean, Malwarebytes' Anti-Malware - clean, SUPERAntiSpyware Free Edition - infected, tried to run a Panda security scan overnight and it failed to complete. I don't know what else to try and hoping that someone may be able to assist me in removing. Thanks in advance.

Samantha

Here is the log for what SUPERAntiSpyware found & removed:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/12/2010 at 09:11 AM

Application Version : 4.39.1002

Core Rules Database Version : 5060
Trace Rules Database Version: 2872

Scan type : Quick Scan
Total Scan Time : 00:13:08

Memory items scanned : 443
Memory threats detected : 0
Registry items scanned : 2588
Registry threats detected : 5
File items scanned : 7945
File threats detected : 103

Rogue.Component/Trace
HKU\S-1-5-21-2793178847-2727177335-3729566148-1003\Software\Microsoft\FIAS4052N

Adware.Flash Tracking Cookie
C:\Documents and Settings\Owner\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\SASN3DWQ\IA.MEDIA-IMDB.COM
C:\Documents and Settings\Owner\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\SASN3DWQ\MEDIA.KELBYMEDIAGROUP.COM
C:\Documents and Settings\Owner\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\SASN3DWQ\MEDIA.KHOU.COM
C:\Documents and Settings\Owner\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJ... Read more

A:Browser redirect impossible to remove

Read other 11 answers
RELEVANCY SCORE 50.8

It seems like I've been infected with some variant of FakeVir. I've tried everything to remove it, but the little sucker doesn't show up in the Task Manager and even runs in Safe Mode!


Quote:




Logfile of HijackThis v1.99.1
Scan saved at 8:08:06 PM, on 5/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe (wireless card)
C:\WINDOWS\System32\bcmwltry.exe (wireless card)
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\FileZilla Server\FileZilla Server.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Azureus\Azureus.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://google.com/
R3 - URLSearchHook: (no name) - {06492950-9BC7-E616-E828-ECABB816B3E9} - C:\WINDOWS\system32\xaiwn.dll (file missing)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: Nothing - {f79fd28e-36ee-4989-aa61-9dd8e30a82fa} - C:\WINDOWS\system32\hp2EB3.tmp
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dl... Read more

A:Little known virus, almost impossible to remove (HJT included)

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted.

---------------------------------------------------------------------------------------------

Please print out or copy these instructions/tutorial to Notepad as the internet will not (while in Safe Mode) be available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.

---------------------------------------------------------------------------------------------

I see no evidence of an AntiVirus program on your system. This must be resolved. Here are two very good free Antivirus products which are available:Avast!
AVG
Select one of these, or another of your choice. Download, install, update definitions, and run a full system scan.

---------------------------------------------------

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Please download the trial version of Ewido anti-malware from here:
http://www.ewido.net/en/download/Install Ewido anti-malware.
When installing, under Additional Options uncheck Install background guard and Install scan via context menu.
When you run Ewido for the first time, you could get a warning "Database could not be found!". Click Ok.
The program will pro... Read more

Read other 1 answers
RELEVANCY SCORE 50.8

Hello:
i was infected by Antivirus 2008 Pro a few days ago and found this site. i downloaded the instructions as well as Malwarebytes, CCleaner, Spywareblaster and Spyhunter to a usb thumb drive in an effort to try fixes that were described on this site on the malware removal forums and a moderater named Simon V. the problems i'm having is that my computer is so slow now, that every mouse click literally takes around 15-20 minutes to respond (for instance, to just access my thumb drive took about an hour and a half last night), but mostly my computer just gets frozen. i can not access task manager because an error messages pops up saying that it has been disabled. my windows explorer icon is missing (as are about half of my other desktop icons), and i can not access the all programs feature from the start menu because it no longer exists. my wireless connection no longer works and i can not get on the internet. i have finally been able to copy the above programs from the thumb drive to my desktop, and i've successfully run CCleaner. none of the other programs ever launch and my computer freezes. the only thing that i have found to do anything is running Windows Defender, which takes an entire day to run through a full scan. once the scan is completed, it says my system is running normally, and there are usually 27-35 internet expolorer windows that have been automatically opened along with corresponding windows system alert pop ups telling me to scan my system. all of... Read more

A:Impossible To Remove Antivirus 2008

I'd just recommended to backup your data, reformat and reinstall Windows.

Read other 6 answers
RELEVANCY SCORE 50.8

Hello, I had to reformat and reinstall Win XP and then restore from backups, some didn't work as advertised.

I can't reinstall Acronis True Image because it didn't fully uninstall.

There is an entry "[13:51:18 - Error]: Failed to remove "HKEY_LOCAL_MACHINE\Software\Acronis"! Windows core returned the following error: "Invalid key"" which my registry cleaner can't remove. Using regedit I tried but I got the same msg.

I can't rename it or erase it and it screws up my reinstall.

Any thoughts?

Thanks

Bob
 

A:Solved: Impossible to remove registry key

Read other 6 answers
RELEVANCY SCORE 50.8

Hello! My name is Jess. My computer recently contracted an "svchost.exe trojan virus", and I canNOT remove the beast to save my life. I was hoping someone might be able to give me a hand. I've come across your forums several times over the years while researching various issues I was experiencing, and you always seemed to be helpful to other users. I tried searching your site to find someone who had the same issue as me so I could just follow the steps you suggested, but I didn't see anyone else in the same position.Anyway, although I'm not quite as computer savvy as I wish I could be, I do consider myself a little further along the bell curve than most average computer users. I know my message is long (sorry!) but I've tried to provide as much information as I possibly can about my computer, the issue, and everything that I've already tried. Please let me know what you suggest doing to rid my computer of this thing! I work from home, and my remote desktop program won't let me in until this issue is resolved.[/color]My Computer:-Toshiba Satellite C655-Windows 7 (64-bit operating system)-Purchased around August 2009-I've also included as much hardware information as I could possible figure out in my Profile, in case you need it. (I apologize that I wasn't sure about some of them, or just couldn't find the information)The Issue:Trojan virus. And a sneaky one at that, since it's completely invisible... Read more

A:svchost.exe Trojan - Impossible to remove

Here is the DDS log I was supposed to attach originally.

Read other 13 answers
RELEVANCY SCORE 50.8

Hi,

I've recently come under a very annoying attack from a browser hijacker. I got the thing from facebook because my friend's machine was infected and messaged me asking me to view a video I was in etc..

Well thats how I got it. My facebook is now shutdown as it was sending random links/messages to all my friends.

This infection will not allow me to visit any anti-spware websites or any forums for support. How I managed to get on this one I do not know. I've tried many many websites looking for help, only to be re-directed to a random search engine or some anti-virus website.

Basically I've managed to get ad-aware and spybot S&D by using a friends machine and copying them onto CD. I also have got hijackthis.

None of these are working and everytime I try to go to any website which might hope to help me, I get re-directed to another stupid search website.

Im at a total loss and cannot now use my computer for internet banking/work or anything else useful..

The hijack this log is as follows:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:14:00, on 02/11/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16916)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifie... Read more

A:Impossible to remove browser hijack!

Hello and welcome to TSF.

HijackThis is no longer the preferred initial analysis tool in this forum.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Read other 1 answers
RELEVANCY SCORE 50

Hello.

I am new here but i thought i would try to get some help from you interpeting logfiles. Apparently i have a rootkit, or multiple according to gmer "sometimes". shows different results sometimes. Plus i thing something is weird with chrome,behaves abnormal, and in logfile it says the startup page starts wit hxxxs.google PLUS hitmanpro says i have a irp_mj_scsi kernel mode hook on storahci.sys, been detected but buypassed. its a hidden driver. and mouse lags +++ almost like theres a ghost in here

Can you help me interpet the logfile and see if there is something that can be done?
 

Read other answers
RELEVANCY SCORE 50

Hello, I like to replace my standard harddisk in my Ideapad 100-14IBY with a SSD. I have read the corresponding Maintenance manual and followed the instructions step by step.It is impossible to remove the keyboard without breaking it, it seems like it is glued. Is there any advise, other than sending it in to a service partner, how to safely remove the keyboard ? I just don´t get it why Lenovo really makes it so hard for users to change the drive in this particular model. Thank you in advance











Solved!
Go to Solution.

A:Ideapad 100-14IBY impossible to remove keyboard

Welcome to the Lenovo Community !
 
Please review the Lenovo Training Video for your model and the section pertaining to removing the keyboard.  Chances are the little catches on the edge of the keyboard are holding things up.
 
https://www.lenovoservicetraining.com/showcase?sid=701&key=TGVuZw==

Read other 9 answers
RELEVANCY SCORE 50

Hi I have a browser hijacker that

Norton Internet Security
Adaware Free version
Spybot Search and Destroy
XoftSpy SE
Adaware SE Professional Version
Windows Defender
SuperAntiSpyware
(Removed Norton as it isn't the first time it has failed me) So tried
ClamWin
PCtool Free Antivirus
Avira Free Antivirus

REFUSES TO REMOVE!

Also tried some others that I installed then uninstalled because they didn't do the trick. Anyway you get the idea. The browser hijacker is still there. Anytime I search it sends me to an ad for something or a weird search engine or just somewhere else I don't want to be.

Also was having ads talk when no windows or other programs were running. Except maybe the screensaver! Yes talking ads when nothing is open. The other night I thought two men were talking and came downstairs with my club! Anyway I do think I have that removed with the last XoftSpy scan. I haven't heard it talking since the last removal of an unwanted registry change. Then again I thought the talking ads were gone for the last three days then it starts talking ads to me again so. AHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHH! Help Please!

Update: Still have the talking ads!!!!!!!!!!

Update: next day. So far I have gotten rid of the browser hijacker using combo fix. Unsure about the talking ads. However feel free to close this topic. I'll figure it out on my own as I see you guys are very busy dealing with o... Read more

Read other answers
RELEVANCY SCORE 50

Hi there,

I'm working on a friend's computer. Her computer was acting weird about a week ago. I did system restore. When I was working on that, I found a hijack virus that had hidden all of her files. I used Malware bytes and rkill in the process and was able to restore all her files.
Now she brought me the computer again saying there was a power outtage and when it came back the computer went through a loop trying to do a startup system repair. I tried letting it do that, but then it came back asking me for a password which apparently doesn't exist. It doesn't let you do anything else, so I restarted. It goes through the loop again.

I have a norton antivirus/antispyware 2011 trial, so I then tried to boot up the computer using that. It goes through scanning and all that. Says it removed 2 trojans.
But then, it brings me to a repair screen where it has something it can't remove. I clicked on details. This is what it says:
Hosts: c:\windows\system32\drivers\etc\hosts

I can't seem to do anything else. I tried to close all of Norton, but then it takes me through the loop again, unless I boot the computer using the disk again. So I did that.
After some of the scanning, Norton has a link for the command prompt. I thought HORRAY! But once I'm there, it won't let me do anything on c:\
Instead, I'm on x:\Windows\System32
I tried finding the file above, c:\windows\system32\drivers\etc\hosts
but it says it does not regognize.
So I tried x:\windows\system32\drivers\etc\hosts
... Read more

A:Nasty trojan virus seems impossible to remove

I still need a miracle with this. I thought I might be able to get at least someone here who had to deal with this virus and defeated it. :(
Please, please if you've had to deal with this or you have an answer, I would love you forever!

Read other 2 answers
RELEVANCY SCORE 50

Symptom 1: I keep getting browswer pop-ups even when IE isn't open. They are adds for online casino and sometimes spyware removal tools (ironic isn't it) If I am offline, they still appear only they are blank.

Symptom 2: I sometimes get system alerts telling me that my computer is infected (no joke!). I have recognised the process as helper.exe in the task manager. If I end the process when the alert fires, it dissapears.

symptom 3: I get a yellow triangle in my taskbar with an exclamation mark in the middle. It tells me that I have x amount of infections on my computer and that I should upgrade my security software. This also appears to be the helper.exe process!

It seems to be the same problem that this guy had

http://computercops.biz/postitle107987-0-0-.html

I did as many of the same things as were relevant to my machine but to no avail.

I have also completed the Major Geeks basic removal process but still I get these annoying symptoms. I have searched everywhere online and haven't been able to find any information about this hijacker/virus.

I have used

Hijack this
Adaware SE with the special plugin
Spybot Seek and Destroy with the plugin
CCcleaner (cleaned everything)
Spyware Blaster
Vet Antivirus
Cool Web Shredder
aboutbuster
kill2me
ADSD spy utility
Microsoft malware remover
McAfee stinger


I did all of this in safe mode too.

No matter what I do, nothing seems to work!

Can anyone help me? I am on the verge of a reinstall whi... Read more

A:desktop-taskbar hijacker impossible to remove. Help!

I see you say you have already used HJT, but let's see what's running on your computer:

Get HijackThis . This program will help us determine if there are any spyware/malware on your computer. Run the scan, save the log, but do not fix anything yet. Many files it finds are harmless, and required for your system to operate.

Post your log in a new thread in the HijackThis Log Help forum. This our dedicated spyware/virus forum. One of the expert analysts there will look over your log and assist you. Please include a brief description of the problem you are having and what you have done to fix it so far.

Or PM a mod to move this thread there, and then include the HJT log.

Without getting into speculation, that helper.exe can be dropped by a rootkit variant, and may take deeper looking tools at our disposal then what you have used do far.

Read other 2 answers
RELEVANCY SCORE 50

My computer is infected with a virus that redirects google results to other pages on Mozilla Firefox. I've tried nearly every anti-virus program available, and none of them have been able to remove it. My computer is a desktop machine, it's Windows 7 64-bit. Any help would be appreciated!DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_22Run by Carol at 16:16:46 on 2012-03-26Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6007.3898 [GMT -4:00].AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:�... Read more

A:Google redirect virus, impossible to remove!

Hello and Welcome to Bleeping Computer!!My name is Gringo and I'll be glad to help you with your computer problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us1.Do not run any other tool untill instructed to do so!doing so will only at best cause you unneeded worry as it finds our backups and may even list our toolsand at worst can cause conficts with our tools and lead to unforseen things to happen2.Please Do not Attach logs or put in code boxes.besides the time it takes me to open the reports it makes it harder to find something if I need to go back to do more research and putting them in code boxes just makes them so hard to read3. After each step give me a little feedback It does not need to be long but just something so I know how things are going it can be something likeI am still getting redirectedThe computer is running as it shouldDon't put things like - it is the same as before or still the same this just makes me go back and look for you last feedback as to how things are4. read every post completely before doing anythingPay special attention to the Notes** I have put inThese are things I have found that happen allot and can be taken care of easily just by reading the Notes**Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Back... Read more

Read other 8 answers
RELEVANCY SCORE 50

Hello all,

New to the forum. I'm pretty computer literate but by no means an expert. Somehow I've gotten a browser hijacker and I have been unable to remove it. Have tried using Hijack This, Avira, AVG, Spybot, Malewarebytes, SuperAntiSpyware, Ad-Aware, and maybe one or two more. Nothing finds anything out of the ordinary. What happens is this- I'm clicking on any old link to open it to a new tab in firefox or IE, and it redirects me to a random page. Sometimes it seems to have something to do with what I'm looking for, sometimes it's just like 'learn how to work from home'. The redirects seem to happen maybe half of the time, and the other times it goes where I want. Nothing super malicious, but it's super annoying. No other symptoms. I'd appreciate anyone taking a look at this for me and lending their expertise. Thanks in advance, here are my logs/info (attached as well):

DDS (Ver_09-12-01.01) - NTFSx86
Run by Admin at 20:17:19.89 on Tue 12/01/2009
Internet Explorer: 8.0.6001.18828
Microsoft? Windows Vista? Home Basic 6.0.6002.2.1252.1.1033.18.1978.931 [GMT -5:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files&... Read more

A:Browser Hijacker- Proving impossible for me to remove

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 17 answers
RELEVANCY SCORE 50

Nothing since to be working for me.
This is my last hope. I?m posting my HijackThis log.
Please Help.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:14:12 PM, on 6/18/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AnVir Task Manager Pro\AnVir.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Chrome\Application ... Read more

A:Google / Yahoo redirect impossible to remove.

Please post the ComboFix Log(s)as well run the following:Please download DDS from either of these linksLINK 1 LINK 2and save it to your desktop.Disable any script blocking protection Double click dds to run the tool. When done, two DDS.txt's will open. Save both reports to your desktop.---------------------------------------------------Please include the contents of the following in your next reply:DDS.txtAttach.txt. NEXTPlease download aswMBR ( 511KB ) to your desktop.Double click the aswMBR.exe icon to run itClick the Scan button to start the scanOn completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Read other 22 answers
RELEVANCY SCORE 50

Hi guys,
 
need some help, everytime I try to remove a USB hard disk I get a message saying it is not possible because some program is using it.
There is no program (to my knowledge) using the disk, I've tried to wait about half an hour then I got the same message again.
I disabled write-caching for the disk so I can (in theory) unplug the disk without safe-removing it, nonetheless I'd really like to know what is causing the problem and fix it.
The disk is connected to the PC via a USB hub.
I have no issue in removing USB flash drives.
 
Any suggestion?

A:USB hard disk impossible to remove safely

This is usually due to a process accessing the drive. See this excellent post by jcgriff2 on tracking down the process that may be causing the problem.
 
http://www.bleepingcomputer.com/forums/t/591692/safely-eject-media/?p=3828150

Read other 4 answers
RELEVANCY SCORE 49.6

OK so I'm back again with a very stubborn virus. I can't remember the last time I went on a forum to seek for help on malwares. But basically, when I resort to doing so, it means the virus is VERY hard to remove.

So far I have tried the Latest updates of Malwarebyte's Anti-Malware, Lava's Ad-Aware, SuperAntiSpyware, Spyware Terminator, CWShredder, HiJackThis.

But none of them was able to fix this. I have even completely uninstalled Firefox, and deleted all of the Mozilla folders, then re-installed it, but to no avail. System Restore didn't do any good either.

So onto description of this virus:
This virus affects BOTH firefox & IE8 (I've tried both). When I click on a link from Google's search results, it has a 50% chance of redirecting me to Ad sites. But always, it first redirects to waitsearch.ws, THEN redirects to a different site. Some of the most frequent redirects are dodofit.com & real.com

OK, soo.. ANY help would be appreciated Thanks.

A:Google/Yahoo Redirect (waitsearch.ws) IMPOSSIBLE to remove!!

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Read other 1 answers
RELEVANCY SCORE 49.6

I was just wondering if there is something that exists like this..thanks
 

A:Is there any virus, spyware, adaware, or hijacker thats impossible to remove ??

With the pros here, like Flrman1, DVK01 and Cookiegirl, et. al. - I doubt it!
 

Read other 2 answers
RELEVANCY SCORE 49.6

Hello to all and sorry for my bad english. I'm victim of an adware /malware that makes Chrome open itself with spam or popup pages and seems that i can't get rid of it. At this moment i've deleted Chrome from my pc. I've tried everything, but nothing happens. I've two log files, one from Hijackthis and one from Combofix. I'll copy paste both of them here.
Thank you in advice!
 
 
ComboFix 16-11-13.01 - Roberto 26/11/2016  21:02:32.1.12 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.39.1040.18.24567.21196 [GMT 1:00]
Eseguito da: c:\users\Roberto\Downloads\ComboFix.exe
AV: ESET Smart Security 8.0 *Enabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
FW: Personal firewall ESET *Enabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
SP: ESET Smart Security 8.0 *Enabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Resident AV is active
.
.
.
(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\WinRAR\Leggimi.Txt
c:\program files (x86)\WinRAR\Leggimi_1a.Txt
c:\program files (x86)\WinRAR\Licenza.Txt
c:\program files (x86)\WinRAR\Ordin.htm
c:\program files (x86)\WinRAR\Ordina.htm
c:\programdata\ntuser.pol
c:\users\Roberto\AppData\Roaming\msregsvv.dll
c:\users\Roberto\AppData\Roaming\Propellerhead Software\ReCycle
c:\users\Roberto\AppData\Roaming\Propellerhead S... Read more

A:Chrome redirect adware or malware impossible to remove

And here is the Hijackthis log
 
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 21:33:13, on 26/11/2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18525)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Users\Roberto\AppData\Local\Akamai\netsession_win.exe
C:\Users\Roberto\AppData\Roaming\Spotify\SpotifyWebHelper.exe
C:\Program Files\PreSonus\1394AudioDriver_FireBox\FireBox.exe
C:\Users\Roberto\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\ASUS\GPU Tweak\GPUTweak.exe
C:\Program Files (x86)\ASUS\TurboV\TurboV.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
C:\Program Files (x86)\ASUS\EPU-6 Engine\SixEngine.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
C:\Program Files (x86)\ASUS\GPU Twea... Read more

Read other answers
RELEVANCY SCORE 49.6

Hi. I was wondering if you could help me out. Every time I run a search on google or yahoo if I click on a link it redirects me to another website. Ive run numerous malware scans without them showing anything. I ran TDSSKiller and it shows that it finds Rootkit.win32.tdss.tdl4 everytime I run it (even after I request that it cure the file). Any help would be greatly appreciated. Thanks in advance.

A:Impossible to Remove Trojan or Malware - Google Redirect

Hello,Please follow the instructions in ==>This Guide<==.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<==If you can produce at least some of the logs, then please create the new topic. If you cannot produce any of the logs, then post back here and we will provide you with further instructions.

Read other 2 answers
RELEVANCY SCORE 49.6

Hello to all and sorry for my bad english. I'm victim of an adware /malware that makes Chrome open itself with spam or popup pages and seems that i can't get rid of it. At this moment i've deleted Chrome from my pc. I've tried everything, but nothing happens. I've two log files, one from Hijackthis and one from Combofix. I'll copy paste both of them here.
Thank you in advice!
 
 
ComboFix 16-11-13.01 - Roberto 26/11/2016  21:02:32.1.12 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.39.1040.18.24567.21196 [GMT 1:00]
Eseguito da: c:\users\Roberto\Downloads\ComboFix.exe
AV: ESET Smart Security 8.0 *Enabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
FW: Personal firewall ESET *Enabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
SP: ESET Smart Security 8.0 *Enabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Resident AV is active
.
.
.
(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\WinRAR\Leggimi.Txt
c:\program files (x86)\WinRAR\Leggimi_1a.Txt
c:\program files (x86)\WinRAR\Licenza.Txt
c:\program files (x86)\WinRAR\Ordin.htm
c:\program files (x86)\WinRAR\Ordina.htm
c:\programdata\ntuser.pol
c:\users\Roberto\AppData\Roaming\msregsvv.dll
c:\users\Roberto\AppData\Roaming\Propellerhead Software\ReCycle
c:\users\Roberto\AppData\Roaming\Propellerhead S... Read more

A:Chrome redirect adware or malware impossible to remove

And here is the Hijackthis log
 
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 21:33:13, on 26/11/2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18525)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Users\Roberto\AppData\Local\Akamai\netsession_win.exe
C:\Users\Roberto\AppData\Roaming\Spotify\SpotifyWebHelper.exe
C:\Program Files\PreSonus\1394AudioDriver_FireBox\FireBox.exe
C:\Users\Roberto\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\ASUS\GPU Tweak\GPUTweak.exe
C:\Program Files (x86)\ASUS\TurboV\TurboV.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
C:\Program Files (x86)\ASUS\EPU-6 Engine\SixEngine.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
C:\Program Files (x86)\ASUS\GPU Twea... Read more

Read other answers
RELEVANCY SCORE 49.6

Hello,

We have a laptop running Win XP professional that is infected with the ANIfile Exploit trojan. I have tried running McAfee and Trend Micro's malware removal software, but to no avail. The trojan is now in a read-only folder that cannot be made readable on the computer. The address is C:\Documents and Settings\Dean\Local Settings\Temporary Internet Files\Content IE5\VJEL1831.

The VJEL1831 file is the one that can't be removed. What should we do next? Nothing will remove this trojan!!!

Here is a Hijack This log of this laptop:

Logfile of HijackThis v1.99.1
Scan saved at 1:14:39 PM, on 10/23/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WI... Read more

A:Solved: Help with the impossible to remove Exploit ANIfile trojan

Read other 12 answers
RELEVANCY SCORE 49.6

Using a Windows 7 computer.
 
About two weeks ago, sometimes I would not be able to access certain websites in my web browser, google chrome, and it says "This webpage is not available." I ran a diagnostic with windows which said that my DNS server is not responding so I tried some things to make sure that it would work. After that didn't work, I ran a virus scan with AVG and Avast. Avast found nothing while AVG found two things. They were:
"";"Inline hook win32k.sys EngSetPointerTag+0x190 -> 0xFFFFF95F8023D132, <unknown>";"Infected"
"";"Inline hook win32k.sys EngFntCacheLookUp+0xFFFFF95F8012A981, <unknown>";"Infected"
So then I downloaded malwarebytes and mbar, started my computer in safe mode while disconnected from the internet, scanned with both of those, avast, and AVG, and deleted everything that they found. I started my computer again and it still had the problem. I then started to search for this problem on the internet and apparently no one can really fix this. Someone even used nuke.bat in the Avenger, and it didn't get rid of it. I am at a complete loss at what to do. Please help.

A:Inline hook win32k.sys (rootkit maybe?), Impossible to Remove?

I ran a virus scan with AVG and Avast
 

 
 
I believe your problem is that you have two antivirus applications running at one time.
 
I suggest that you uninstall both of them.
 
Then run the removal tools and reboot after each.
 
http://www.avast.com/en-us/uninstall-utility
http://www.avg.com/us-en/utilities
 
 
After the reboot then Choose only one of them and re-install it.
 
 
 
Then follow the steps below to make sure that there is not something lurking on your machine.

Please download MINITOOLBOX and run it.Checkmark following boxes:Flush DNSReset FF proxy SettingsReset Ie Proxy SettingsReport IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory sizeList Devices (problems only)Click Go and post the result.
 
 

Download Security Check by screen317 from here.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Download Autoruns and Autorunsc Unzip it to your desktop and then double click autoruns.exe After the scan is finished then click on File>>>>>>>>>>>Save The default name will be autoruns.arn make sure to save it as Autoruns... Read more

Read other 5 answers