Over 1 million tech questions and answers.

Trojan/Trojan.Agent/Trojan.FakeAlert/Trojan.downloader

Q: Trojan/Trojan.Agent/Trojan.FakeAlert/Trojan.downloader

DDS (Ver_10-03-17.01) - NTFSx86 Run by XXXXXX at 14:07:30.08 on Mon 04/12/2010Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.1944.966 [GMT -5:00]============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\DTS.exeC:\Windows\system32\ibmpmsvc.exeC:\Windows\system32\AtService.exeC:\Windows\system32\svchost.exe -k RPCSSc:\Program Files\Microsoft Security Essentials\MsMpEng.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\WLANExt.exeC:\Windows\system32\conhost.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\LENOVO\HOTKEY\TPHKSVC.exeC:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\ThinkPad\Bluetooth Software\btwdins.exeC:\Program Files\ThinkPad\Utilities\DOZESVC.EXEC:\Program Files\Intel\WiFi\bin\EvtEng.exeC:\Windows\system32\svchost.exe -k HsfXAudioServiceC:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exeC:\Program Files\LENOVO\HOTKEY\CAMMUTE.exeC:\Windows\system32\lxddcoms.exeC:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exeC:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files\Lenovo\Access Connections\AcSvc.exeC:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exeC:\Windows\system32\wbem\unsecapp.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\svchost.exe -k bthsvcsC:\Windows\system32\WUDFHost.exeC:\Windows\system32\Dwm.exeC:\Windows\system32\taskhost.exeC:\Windows\Explorer.EXEC:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exeC:\Program Files\Lenovo\TrackPoint\tp4serv.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exeC:\Windows\System32\TpShocks.exeC:\Program Files\Lenovo\HOTKEY\TPONSCR.exeC:\Program Files\Lenovo\Zoom\TpScrex.exeC:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exeC:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXEC:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXEC:\Windows\System32\rundll32.exeC:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exeC:\Program Files\Microsoft Security Essentials\msseces.exeC:\Windows\System32\igfxtray.exeC:\Windows\System32\igfxpers.exeC:\Windows\system32\igfxsrvc.exeC:\Program Files\Lexmark 2500 Series\lxddmon.exeC:\Program Files\Lexmark 2500 Series\lxddamon.exeC:\Windows\system32\igfxext.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exeC:\Program Files\Pinnacle\Shared Files\Programs\Remote\remoterm.exeC:\Program Files\ThinkPad\Bluetooth Software\BTTray.exeC:\Program Files\Digital Line Detect\DLG.exeC:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Yahoo!\Messenger\ymsgr_tray.exeC:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exeC:\Program Files\Microsoft Office\Office12\WINWORD.EXEC:\Program Files\Lenovo\System Update\SUService.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\system32\svchost.exe -k SDRSVCC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\Windows\system32\NOTEPAD.EXEC:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exeC:\Users\Phil\Downloads\dds.scrC:\Windows\system32\conhost.exeC:\Windows\system32\wbem\wmiprvse.exe============== Pseudo HJT Report ===============uDefault_Page_URL = hxxp://lenovo.live.comuDefault_Search_URL = hxxp://www.google.com/ieuSearch Bar = hxxp://www.google.com/ieuSearch Page = hxxp://www.google.comuStart Page = hxxp://lenovo.live.comuInternet Settings,ProxyOverride = *.localuSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%sBHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No FileBHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dllBHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dllBHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dllBHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllTB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File{555d4d79-4bd2-4094-a395-cfc534424a05}uRun: [Google Update] "c:\users\phil\appdata\local\google\update\GoogleUpdate.exe" /cuRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduleruRun: [SmartAudio] c:\program files\conexant\saii\SAIICpl.exe /tuRun: [PMCRemote] c:\program files\pinnacle\shared files\programs\remote\Remoterm.exeuRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /backgrounduRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quietmRun: [TrackPointSrv] c:\program files\lenovo\trackpoint\tp4serv.exemRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exemRun: [FingerPrintSoftware] "c:\program files\lenovo fingerprint software\fpapp.exe" \smRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exemRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helpermRun: [TpShocks] TpShocks.exemRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exemRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BTVLogEx.DLL,StartBattLogmRun: [LPMailChecker] c:\progra~1\thinkv~1\prdctr\LPMLCHK.exemRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exemRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitormRun: [FingerPrintSoftwareSplashScreen] "c:\program files\lenovo fingerprint software\splashscreen.exe" \smRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXEmRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /backgroundmRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkeymRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [IgfxTray] c:\windows\system32\igfxtray.exemRun: [HotKeysCmds] c:\windows\system32\hkcmd.exemRun: [Persistence] c:\windows\system32\igfxpers.exemRun: [AcWin7Hlpr] c:\program files\lenovo\access connections\AcTBenabler.exemRun: [SmartAudio] c:\program files\conexant\saii\SAIICpl.exe /tmRun: [<NO NAME>] mRun: [lxddmon.exe] "c:\program files\lexmark 2500 series\lxddmon.exe"mRun: [lxddamon] "c:\program files\lexmark 2500 series\lxddamon.exe"mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottimemRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscriptStartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exeStartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exeuPolicies-explorer: DisallowCpl = 1 (0x1)mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)mPolicies-explorer: UseDefaultTile = 0 (0x0)mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)mPolicies-system: PromptOnSecureDesktop = 0 (0x0)mPolicies-system: DisableCAD = 1 (0x1)mPolicies-system: HideFastUserSwitching = 0 (0x0)IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000IE: Send image to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htmIE: Send page to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie.htmIE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htmIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLLDPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - hxxp://activex.camfrogweb.com/advanced/2.0.2.3/cfweb_activex.camfrogweb.com-advanced-2.0.2.3_instmodule.exeDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cabHandler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dllNotify: igfxcui - igfxdev.dllSEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dllLSA: Notification Packages = scecli ACGinaHosts: 127.0.0.1 www.spywareinfo.com================= FIREFOX ===================FF - ProfilePath - c:\users\philde~1\appdata\roaming\mozilla\firefox\profiles\qanybqnn.default\FF - prefs.js: browser.startup.homepage - www.google.comFF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dllFF - plugin: c:\program files\google\picasa3\npPicasa3.dllFF - plugin: c:\program files\microsoft\office live\npOLW.dllFF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dllFF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dllFF - plugin: c:\users\phil\appdata\local\google\update\1.2.183.23\npGoogleOneClick8.dllFF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}---- FIREFOX POLICIES ----FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);============= SERVICES / DRIVERS ===============R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2010-2-2 24304]R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2009-10-9 20520]R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2008-5-19 13480]R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 149040]R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]R2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [2009-10-20 1701112]R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-12-4 12672]R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\thinkpad\utilities\DOZESVC.EXE [2010-3-10 132456]R2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [2009-10-20 98304]R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]R2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\lenovo\hotkey\cammute.exe [2010-4-2 54632]R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2010-4-2 63928]R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2009-10-20 485376]R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-9-28 29472]R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6032.sys [2008-8-22 225408]R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2009-6-18 42368]R3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2009-9-15 6114816]R3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [2010-3-4 23152]R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2010-4-2 44984]S2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [2007-5-25 99248]S2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2008-5-24 520192]S2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\lenovo\rescue and recovery\UpdateMonitor.exe [2008-5-24 360448]S3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [2009-10-20 106496]S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]S3 mobiolavs;Mobiola Web Camera Video Source;c:\windows\system32\drivers\mobiolavs.sys [2010-4-10 17024]S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]S3 PCDSRVC{3037D694-FD904ACA-06000000}_0;PCDSRVC{3037D694-FD904ACA-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc.pkms [2009-11-20 20848]S3 PCDSRVC{C4B36920-79E24793-06000000}_0;PCDSRVC{C4B36920-79E24793-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\progra~1\pc-doc~1\pcdsrvc.pkms [2009-11-20 20848]S3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2008-8-31 75112]S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-4-25 1120752]S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-11 1343400]S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]=============== Created Last 30 ================2010-04-11 08:56:09 0 d-----w- c:\users\philde~1\appdata\roaming\Foxit Software2010-04-11 03:56:46 0 d-----w- c:\program files\SmartCam2010-04-11 03:19:00 0 d-----w- c:\program files\Mobiola Web Camera for BlackBerry2010-04-11 02:58:03 17024 ----a-w- c:\windows\system32\drivers\mobiolavs.sys2010-04-06 21:44:25 0 d-----w- c:\program files\SpeedCrunch2010-04-06 21:36:15 0 d-----w- c:\program files\Foxit Software2010-04-06 04:42:35 0 d-----w- c:\program files\SyncToy 2.12010-04-06 03:05:29 0 d-----w- c:\users\philde~1\appdata\roaming\TrueCrypt2010-04-06 03:05:15 223440 ----a-w- c:\windows\system32\drivers\truecrypt.sys2010-04-06 03:05:01 0 d-----w- c:\program files\TrueCrypt2010-04-03 01:05:28 0 d-----w- c:\users\philde~1\appdata\roaming\XMind2010-04-03 01:04:59 0 d-----w- c:\program files\XMind2010-04-02 08:18:25 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys2010-04-01 06:27:38 0 d-----w- c:\users\philde~1\appdata\roaming\AnvSoft2010-04-01 06:27:34 0 d-----w- c:\program files\AnvSoft2010-04-01 06:03:29 0 d-----w- c:\users\philde~1\appdata\roaming\ManyCam2010-04-01 04:22:07 256 ----a-w- c:\windows\system32\pool.bin2010-04-01 00:19:22 0 d-----w- c:\program files\iPod2010-04-01 00:19:21 0 d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}2010-04-01 00:15:51 0 d-----w- c:\program files\Bonjour2010-03-31 15:25:22 977920 ----a-w- c:\windows\system32\wininet.dll2010-03-30 11:40:17 0 d-----w- c:\program files\Lexmark 2500 Series2010-03-30 11:39:24 0 d-----w- C:\lexmark2010-03-26 19:03:24 11264 ----a-w- c:\windows\system32\PSSC8C2F.DLL2010-03-26 19:03:22 249856 ----a-w- c:\windows\system32\PSRC8C0D.DLL2010-03-26 18:30:44 442368 ----a-w- c:\windows\system32\PSPC1486.DLL2010-03-26 18:30:44 11264 ----a-w- c:\windows\system32\PSSC1490.DLL2010-03-26 18:30:44 11264 ----a-w- c:\windows\system32\PSSC148F.DLL2010-03-26 18:30:44 11264 ----a-w- c:\windows\system32\PSSC148E.DLL2010-03-26 18:30:44 11264 ----a-w- c:\windows\system32\PSSC148D.DLL2010-03-26 18:30:44 11264 ----a-w- c:\windows\system32\PSSC148C.DLL2010-03-26 18:30:44 11264 ----a-w- c:\windows\system32\PSSC148B.DLL2010-03-26 18:30:44 11264 ----a-w- c:\windows\system32\PSSC148A.DLL2010-03-26 18:30:44 11264 ----a-w- c:\windows\system32\PSSC1489.DLL2010-03-26 18:30:44 11264 ----a-w- c:\windows\system32\PSSC1488.DLL2010-03-26 18:30:44 11264 ----a-w- c:\windows\system32\PSSC1487.DLL2010-03-26 18:30:43 249856 ----a-w- c:\windows\system32\PSRC1474.DLL2010-03-24 08:39:42 0 d-----w- c:\users\phil\Tracing2010-03-24 08:34:37 0 d-----w- c:\program files\Windows Live SkyDrive2010-03-24 08:24:35 0 d-----w- c:\program files\common files\Windows Live2010-03-18 02:53:42 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx2010-03-18 02:53:42 69632 ----a-w- c:\windows\system32\QuickTime.qts==================== Find3M ====================2010-03-30 05:46:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2010-03-30 05:45:52 20824 ----a-w- c:\windows\system32\drivers\mbam.sys2010-03-05 01:25:02 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_tp4track_01009.Wdf2010-02-24 15:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe2010-02-19 23:47:50 3604480 ----a-w- c:\windows\system32\GPhotos.scr2010-02-12 16:46:14 91424 ----a-w- c:\windows\system32\dnssd.dll2010-02-12 16:46:14 107808 ----a-w- c:\windows\system32\dns-sd.exe2010-02-02 07:45:54 2048 ----a-w- c:\windows\system32\tzres.dll2010-01-18 23:29:31 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll2010-01-18 23:29:31 85504 ----a-w- c:\windows\system32\secproc_ssp.dll2010-01-18 23:29:31 365568 ----a-w- c:\windows\system32\secproc_isv.dll2010-01-18 23:29:30 369152 ----a-w- c:\windows\system32\secproc.dll2010-01-18 23:28:33 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe2010-01-18 23:28:33 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe2010-01-18 23:28:30 320512 ----a-w- c:\windows\system32\RMActivate.exe2010-01-18 23:28:30 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat2009-11-17 13:42:05 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat2009-11-16 17:39:48 245760 --sha-w- c:\windows\system32\%appdata%\microsoft\windows\ietldcache\index.dat2010-01-10 17:04:59 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010011020100111\index.dat2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe============= FINISH: 14:09:15.55 ===============UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH ITDDS (Ver_10-03-17.01)Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume1Install Date: 11/16/2009 3:24:31 PMSystem Uptime: 4/12/2010 1:38:15 PM (1 hours ago)Motherboard: LENOVO | | 74542GUProcessor: Intel® Core™2 Duo CPU P8600 @ 2.40GHz | None | 2376/266mhz==== Disk Partitions =========================C: is FIXED (NTFS) - 128 GiB total, 52.637 GiB free.E: is RemovableQ: is FIXED (NTFS) - 20 GiB total, 13.26 GiB free.S: is FIXED (NTFS) - 1 GiB total, 0.663 GiB free.==== Disabled Device Manager Items ================= System Restore Points ===================RP160: 4/5/2010 10:05:02 PM - TrueCrypt installationRP161: 4/5/2010 11:42:19 PM - Installed SyncToy 2.1 (x86)RP162: 4/6/2010 3:59:56 AM - Removed Ask Toolbar.RP163: 4/6/2010 11:00:18 AM - Windows UpdateRP164: 4/6/2010 8:33:07 PM - Windows UpdateRP165: 4/7/2010 11:09:14 AM - Windows UpdateRP166: 4/8/2010 1:54:35 PM - Windows UpdateRP167: 4/9/2010 4:48:10 PM - Windows UpdateRP168: 4/10/2010 4:04:49 PM - Windows UpdateRP169: 4/10/2010 9:58:22 PM - Device Driver Package Install: SHAPE Services GmbH Sound, video and game controllersRP170: 4/11/2010 5:30:03 AM - Windows UpdateRP171: 4/11/2010 6:34:10 PM - Windows UpdateRP172: 4/12/2010 1:08:59 AM - Windows Update==== Installed Programs ======================?Torrent32 Bit HP CIO Components Installer7-Zip 4.65Access HelpAdobe Flash Player 10 ActiveXAdobe Flash Player 10 PluginAdobe Reader 8.1.7Amazon Kindle For PC v1.0Amazon MP3 Downloader 1.0.10Amazon Unbox VideoAny Video Converter 3.0.4Apple Application SupportApple Mobile Device SupportApple Software UpdateBlackBerry Desktop Software 5.0.1BlackBerry Device Software v4.6.1 for the BlackBerry 8900 smartphoneBlackBerry? Media SyncBonjourCCleanerCDDRV_InstallerConexant 20561 SmartAudio HDCPUID HWMonitor 1.15DirectXInstallServiceDrag-to-DiscEraser 5.8.7erLTFile Hash CheckerFoxit ReaderGarmin City Navigator North America NT 2010.10 UpdateGarmin Communicator PluginGarmin USB DriversGarmin WebUpdaterGIMP 2.6.7GOM PlayerGoogle ChromeHelp CenterHijackThis 2.0.2ImgBurnIntel PROSet WirelessIntel® Graphics Media Accelerator DriverIntel® Management Engine InterfaceIntel® Network Connections DriversIntel® PROSet/Wireless WiFi SoftwareInterVideo Register ManagerInterVideo WinDVDiPowerHour 3.01iTunesJava™ 6 Update 17Java™ 6 Update 7KhalInstallWrapperLenovo Fingerprint SoftwareLenovo RegistrationLenovo System Interface DriverLenovo ThinkVantage ToolboxLenovo Welcome v1.0.23.3Lexmark 2500 SeriesLogitech SetPointMalwarebytes' Anti-MalwareMicrosoft AntimalwareMicrosoft Application Error ReportingMicrosoft Choice GuardMicrosoft Office 2007 Service Pack 2 (SP2)Microsoft Office Access MUI (English) 2007Microsoft Office Access Setup Metadata MUI (English) 2007Microsoft Office Excel MUI (English) 2007Microsoft Office Groove MUI (English) 2007Microsoft Office Groove Setup Metadata MUI (English) 2007Microsoft Office InfoPath MUI (English) 2007Microsoft Office Live Add-in 1.4Microsoft Office OneNote MUI (English) 2007Microsoft Office Outlook MUI (English) 2007Microsoft Office PowerPoint MUI (English) 2007Microsoft Office Proof (English) 2007Microsoft Office Proof (French) 2007Microsoft Office Proof (Spanish) 2007Microsoft Office Proofing (English) 2007Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)Microsoft Office Publisher MUI (English) 2007Microsoft Office Shared MUI (English) 2007Microsoft Office Shared Setup Metadata MUI (English) 2007Microsoft Office Ultimate 2007Microsoft Office Word MUI (English) 2007Microsoft Search Enhancement PackMicrosoft Security EssentialsMicrosoft SilverlightMicrosoft SOAP Toolkit 3.0Microsoft Sync Framework 2.0 Core Components (x86) ENU Microsoft Sync Framework 2.0 Provider Services (x86) ENU Microsoft Sync Framework Runtime v1.0 (x86)Microsoft Sync Framework Services v1.0 (x86)Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Mobile Broadband ConnectMobileMe Control PanelMozilla Firefox (3.6.3)MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)MSXML 4.0 SP2 Parser and SDKOGA Notifier 2.0.0048.0On Screen DisplayPaint.NET v3.5.3PharosPicasa 3Pinnacle TVCenter ProProduct Recovery Disc Burning UtilityProductivity Center Supplement for ThinkPadQuickTimeRegistry patch for Windows Vista USB S3 PM EnablementRegistry patch of Changing Timing of IDLE IRP by Finger Print Driver for Windows Vista Registry Patch of Enabling Device Initiated Power Management(DIPM) on SATA for Windows VistaRegistry patch to improve USB device detection on resume from sleep for Windows VistaRescue and RecoveryRoxio Activation ModuleRoxio Central AudioRoxio Central CopyRoxio Central CoreRoxio Central DataRoxio Central ToolsRoxio Creator Business EditionRoxio Express Labeler 3Security Update for 2007 Microsoft Office System (KB969559)Security Update for 2007 Microsoft Office System (KB978380)Security Update for CAPICOM (KB931906)Security Update for Microsoft Office Excel 2007 (KB978382)Security Update for Microsoft Office Outlook 2007 (KB972363)Security Update for Microsoft Office PowerPoint 2007 (KB957789)Security Update for Microsoft Office Publisher 2007 (KB969693)Security Update for Microsoft Office system 2007 (972581)Security Update for Microsoft Office system 2007 (KB969613)Security Update for Microsoft Office system 2007 (KB974234)Security Update for Microsoft Office Visio Viewer 2007 (KB973709)SofTestSonic CinePlayer Decoder PackSonic Icons for LenovoSpeedCrunch 0.10SpywareBlaster 4.2SyncToy 2.1 (x86)System Migration AssistantSystem UpdateTBS WMP Plug-inThinkPad Bluetooth with Enhanced Data Rate SoftwareThinkPad FullScreen MagnifierThinkPad Hotkey Features Integration SetupThinkPad Hotkey Features SetupThinkPad Keyboard Customizer UtilityThinkPad Mobility Center CustomizationThinkPad Modem AdapterThinkPad Power Management DriverThinkPad Power ManagerThinkPad TrackPoint DriverThinkVantage Access ConnectionsThinkVantage Active Protection SystemThinkVantage Productivity CenterThinkVantage Status GadgetThinkVantage Technologies Welcome MessageTrueCryptUpdate for 2007 Microsoft Office System (KB967642)Update for 2007 Microsoft Office System (KB977724)Update for Microsoft Office 2007 Help for Common Features (KB963673)Update for Microsoft Office Access 2007 Help (KB963663)Update for Microsoft Office Excel 2007 Help (KB963678)Update for Microsoft Office InfoPath 2007 (KB976416)Update for Microsoft Office Infopath 2007 Help (KB963662)Update for Microsoft Office OneNote 2007 Help (KB963670)Update for Microsoft Office Outlook 2007 Help (KB963677)Update for Microsoft Office Powerpoint 2007 Help (KB963669)Update for Microsoft Office Publisher 2007 Help (KB963667)Update for Microsoft Office Script Editor Help (KB963671)Update for Microsoft Office Word 2007 (KB974561)Update for Microsoft Office Word 2007 Help (KB963665)Update for Outlook 2007 Junk Email Filter (kb979895)VLC media player 1.0.3WallpapersWhat's Running 2.2Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric (07/07/2009 8.1.2.56)Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric (10/02/2008 8.1.2.37)Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)Windows Driver Package - Broadcom Bluetooth (09/11/2009 6.2.0.9407)Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)Windows Driver Package - Intel (e1yexpress) Net (03/27/2008 9.50.14.0)Windows Driver Package - Intel (iaStor) hdc (05/07/2008 8.2.0.1001)Windows Driver Package - Intel hdc (02/20/2008 6.9.1.1001)Windows Driver Package - Intel System (01/30/2008 8.6.1.1001)Windows Driver Package - Intel System (02/20/2008 8.6.1.1002)Windows Driver Package - Intel System (02/20/2008 8.7.0.1007)Windows Driver Package - Intel System (09/15/2006 7.0.0.1011)Windows Driver Package - Intel USB (02/05/2007 8.3.0.1011)Windows Driver Package - Lenovo 1.45 (02/18/2008 1.45)Windows Live ID Sign-in AssistantWindows Live Upload ToolXMindYahoo! Messenger==== Event Viewer Messages From Past Week ========4/9/2010 7:24:14 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR3.4/8/2010 1:06:40 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.79.1379.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5605.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 4/7/2010 4:58:10 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk3\DR7.4/7/2010 4:20:42 PM, Error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 7 time(s).4/7/2010 4:20:33 PM, Error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 6 time(s).4/7/2010 4:19:56 PM, Error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 5 time(s).4/7/2010 4:19:43 PM, Error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 4 time(s).4/7/2010 2:00:25 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.4/7/2010 11:33:47 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer LAUREN-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{9F62B266-EC1F-489D-A58B-DBB18495. The master browser is stopping or an election is being forced.
4/7/2010 10:50:08 AM, Error: Tcpip [4199] - The system detected an address conflict for IP address 130.160.232.212 with the system having network hardware address 00-19-B9-02-49-94. Network operations on this system may be disrupted as a result.
4/6/2010 4:52:22 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR9.
4/6/2010 3:56:58 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR5.
4/6/2010 1:05:38 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.102 with the system having network hardware address 00-25-56-11-89-8C. Network operations on this system may be disrupted as a result.
4/6/2010 1:00:46 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Browser service.
4/5/2010 1:54:14 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SUService service.
4/5/2010 1:49:18 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
4/12/2010 10:40:18 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
4/12/2010 1:39:43 PM, Error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 3 time(s).
4/12/2010 1:38:48 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the ThinkVantage Registry Monitor Service service to connect.
4/12/2010 1:38:02 PM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/12/2010 1:36:51 PM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/12/2010 1:36:38 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the TVT Scheduler service to connect.
4/12/2010 1:36:38 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the TVT Backup Service service to connect.
4/12/2010 1:36:38 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the TVT Backup Protection Service service to connect.
4/12/2010 1:36:38 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the lxddCATSCustConnectService service to connect.
4/12/2010 1:36:38 PM, Error: Service Control Manager [7000] - The lxddCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/12/2010 1:35:11 PM, Error: Service Control Manager [7016] - The Data Transfer Service service has reported an invalid current state 0.
4/12/2010 1:10:18 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk3\DR4.
4/11/2010 7:29:48 AM, Error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Exploit:JS/Pdfjsc.B&threatid=2147630774' class='bbc_url' title='External link' rel='nofollow external'>http://go.microsoft.com/fwlink/?linkid=370...atid=2147630774 User: NT AUTHORITY\SYSTEM Name: Exploit:JS/Pdfjsc.B ID: 2147630774 Severity: Severe Category: Exploit Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.79.1562.0, AS: 1.79.1562.0 Engine Version: 1.1.5605.0
4/11/2010 1:17:01 AM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.
4/11/2010 1:17:01 AM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

==== End Of File ===========================


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-12 14:22:43
Windows 6.1.7600
Running: gmer.exe; Driver: C:\Users\PHILDE~1\AppData\Local\Temp\pwrdipod.sys


---- System - GMER 1.0.15 ----

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83249AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83249104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 832493F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 832322D8
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83231898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 832491DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83249958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 832496F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83249F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8324A1A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 82E625C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82E87052 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}? System32\drivers\akheb.sys The system cannot find the path specified. !.text peauth.sys AB311C9D 28 Bytes [44, 52, 06, 12, 2F, 5C, 56, ...].text peauth.sys AB311CC1 28 Bytes [44, 52, 06, 12, 2F, 5C, 56, ...]---- User code sections - GMER 1.0.15 ----.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[4972] kernel32.dll!SetUnhandledExceptionFilter 76FB3162 5 Bytes JMP 61C55622 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation).text C:\Program Files\Mozilla Firefox\firefox.exe[5952] ntdll.dll!LdrLoadDll 76E6F585 5 Bytes JMP 00A513F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)---- Devices - GMER 1.0.15 ----Device \Driver\ACPI_HAL \Device\00000056 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)Device \Driver\BTHUSB \Device\00000080 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)Device \Driver\BTHUSB \Device\00000080 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)Device \Driver\BTHUSB \Device\00000082 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)Device \Driver\BTHUSB \Device\00000082 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)---- Registry - GMER 1.0.15 ----Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{257D7C77-FADD-4399-B8D9-261EA73913B9}\[email protected] isatap.{01C15EFA-2AE0-4316-872D-ACE37B72AE6B}Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\[email protected] \Device\{3B276B88-C4B0-48B8-9491-98FDD1180A58}?\Device\{64655D9C-139B-40D3-94F8-2EB0584C9A80}?\Device\{27B15CE3-295A-48B2-BA6E-03CA2A44EF46}?\Device\{257D7C77-FADD-4399-B8D9-261EA73913B9}?\Device\{E0B94583-4A73-4540-85EF-9A35E6C9C7BD}?\Device\{B11D4E12-E373-472A-B15E-AF38C3A927FD}?\Device\{154A2B53-3ED2-4D08-9F8C-759C1DBE8468}?\Device\{EF281AE3-1C92-40D5-9C65-E089D3C6E221}?\Device\{39DE7D10-2065-4042-A69E-5F043929D283}?Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\[email protected] "{3B276B88-C4B0-48B8-9491-98FDD1180A58}"?"{64655D9C-139B-40D3-94F8-2EB0584C9A80}"?"{27B15CE3-295A-48B2-BA6E-03CA2A44EF46}"?"{257D7C77-FADD-4399-B8D9-261EA73913B9}"?"{E0B94583-4A73-4540-85EF-9A35E6C9C7BD}"?"{B11D4E12-E373-472A-B15E-AF38C3A927FD}"?"{154A2B53-3ED2-4D08-9F8C-759C1DBE8468}"?"{EF281AE3-1C92-40D5-9C65-E089D3C6E221}"?"{39DE7D10-2065-4042-A69E-5F043929D283}"?Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\[email protected] \Device\TCPIP6TUNNEL_{3B276B88-C4B0-48B8-9491-98FDD1180A58}?\Device\TCPIP6TUNNEL_{64655D9C-139B-40D3-94F8-2EB0584C9A80}?\Device\TCPIP6TUNNEL_{27B15CE3-295A-48B2-BA6E-03CA2A44EF46}?\Device\TCPIP6TUNNEL_{257D7C77-FADD-4399-B8D9-261EA73913B9}?\Device\TCPIP6TUNNEL_{E0B94583-4A73-4540-85EF-9A35E6C9C7BD}?\Device\TCPIP6TUNNEL_{B11D4E12-E373-472A-B15E-AF38C3A927FD}?\Device\TCPIP6TUNNEL_{154A2B53-3ED2-4D08-9F8C-759C1DBE8468}?\Device\TCPIP6TUNNEL_{EF281AE3-1C92-40D5-9C65-E089D3C6E221}?\Device\TCPIP6TUNNEL_{39DE7D10-2065-4042-A69E-5F043929D283}?Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001fe1e959d0 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\[email protected] 0x84 0xCB 0x09 0xE6 ...Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{257D7C77-FADD-4399-B8D9-261EA73913B9}@InterfaceName isatap.{01C15EFA-2AE0-4316-872D-ACE37B72AE6B}Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{257D7C77-FADD-4399-B8D9-261EA73913B9}@ReusableType 0Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{9F62B266-EC1F-489D-A58B-DBB18495E183}@LeaseObtainedTime 1271099568Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{9F62B266-EC1F-489D-A58B-DBB18495E183}@T1 1271099668Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{9F62B266-EC1F-489D-A58B-DBB18495E183}@T2 1271099743Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{9F62B266-EC1F-489D-A58B-DBB18495E183}@LeaseTerminatesTime 1271099768Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001fe1e959d0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\[email protected] 0x84 0xCB 0x09 0xE6 ...Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings (not active ControlSet) Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\[email protected] ApartmentReg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\[email protected] C:\Windows\system32\OLE32.DLLReg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\[email protected] 0xC8 0x28 0x51 0xAF ...Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\[email protected] ApartmentReg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\[email protected] C:\Windows\system32\OLE32.DLLReg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\[email protected] 0x46 0x47 0x15 0xB0 ...Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\[email protected] ApartmentReg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\[email protected] C:\Windows\system32\OLE32.DLLReg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\[email protected] 0x25 0xDA 0xEC 0x7E ...Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\[email protected] ApartmentReg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\[email protected] C:\Windows\system32\OLE32.DLLReg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\[email protected] 0x86 0x8C 0x21 0x01 ...Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\[email protected] ApartmentReg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\[email protected] C:\Windows\system32\OLE32.DLLReg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\[email protected] 0xF5 0x1D 0x4D 0x73 ...Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\[email protected] ApartmentReg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\[email protected] C:\Windows\system32\OLE32.DLLReg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\[email protected] 0xB0 0x18 0xED 0xA7 ...Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\[email protected] ApartmentReg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\[email protected] C:\Windows\system32\OLE32.DLLReg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\[email protected] 0x97 0x20 0x4E 0x9A ...Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\[email protected] ApartmentReg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\[email protected] C:\Windows\system32\OLE32.DLLReg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\[email protected] 0x01 0x3A 0x48 0xFC ...Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\[email protected] ApartmentReg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\[email protected] C:\Windows\system32\OLE32.DLLReg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\[email protected]0a51804d844a3 0x51 0xFA 0x6E 0x91 ...Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\[email protected] ApartmentReg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\[email protected] C:\Windows\system32\OLE32.DLLReg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\[email protected] 0xB1 0xCD 0x45 0x5A ...Reg

RELEVANCY SCORE 200
Preferred Solution: Trojan/Trojan.Agent/Trojan.FakeAlert/Trojan.downloader

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Trojan/Trojan.Agent/Trojan.FakeAlert/Trojan.downloader

Hello and welcome to Bleeping Computer! We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HEREWe also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:Why we request you disable CD Emulation when receiving Malware Removal AdviceThen create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:How to create a GMER logElle

Read other 2 answers
RELEVANCY SCORE 184.8

I have been clearing a computer from numerous infections. I uninstalled the outdated (since 2006) McAfee AV. I have installed Microsoft Security Essentials, MBAM, and SuperAntiSpyware. I used this combination as well as several online scanners to remove over 150 infections. Every time I run a scan with SAS, the log comes back with the following infections:Trojan.Dropper/SVCHost-FakeC:\SYSTEM VOLUME INFORMATION\_RESTORE{D5FFFA500B1B}\SVCHOST.EXEC:\SYSTEM VOLUME INFORMATION\_RESTORE{D5FFFA500B1B}\SVCHOST.EXETrojan.Agent/Gen-FakeAlertC:\SYSTEM VOLUME INFORMATION\_RESTORE{D5FFFA500B1B}\SMSS.EXEC:\SYSTEM VOLUME INFORMATION\_RESTORE{D5FFFA500B1B}\SMSS.EXEMicrosoft Security Essentials pops up during the scan with the following infection:Trojan Downloader: Win32/Unruy.D C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5FFFA500B1B}\SMSS.EXE I created a new restore point and deleted all previous points, yet these infections still remain. I was receiving help from another moderator who had me try several things before directing me here. Topic referenced is here: http://www.bleepingcomputer.com/forums/t/318510/cannot-remove-trojan/ ~ OB I am posting the DDS log, GMER log, and attaching the attach.txt file. Thank you in advance for any and all help you can provide. DDS (Ver_10-03-17.01) - NTFSx86 Run by Phillips at 14:21:21.10 on Tue 05/25/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1278.796 [GMT -4:00]AV: Microsoft Security Essentials *... Read more

A:Infected with: Trojan.Dropper/SVCHost-Fake,Trojan.Agent/Gen-FakeAlert, & Trojan Downloader: Win32/Unruy.D.

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 19 answers
RELEVANCY SCORE 183.6

Hello all,

My laptop was hit with a multiple virus infection while using Firefox.
Symantec seemed to have taken care of things at the time but I was still having some problems, and it didn't seem to be able to get rid of TDSS. I disabled system restore and tried to clean the registry manually, but wasn't able to find all the entries listed on the Symantec site. I disabled the TDSS driver via the control panel.
MBAM wouldn't install, so I tried Spybot which found a few other issues. Finally I was able to install MBAM and HJT from a disc, and connected back to the internet again briefly to update both.
I ran CCCleaner then MBAM in safe mode and MBAM seems to have cleaned everything (both MBAM and HJT scans looked ok afterwards, though there are still a few entries in the HJT log that look suspicious to me).
Everything seems to be fine now, and I proceeded to uninstall the old Java updates, got all the latest Windows updates, and then turned system restore on again.
I'm basically looking for some advice on what to do to make sure everything is in fact gone as there are those few HJT entries that look suspicious to me.
Thanks in advance!
DDS (Version 1.1.0) - NTFSx86
Run by mo at 16:50:17.96 on Tue 01/06/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2532 [GMT -6:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)

============== Running Processes ====... Read more

A:Multiple Virus Infection: Trojan.Vundo, Trojan.VundoH, Trojan.BHO, Trojan.TDSS, Trojan.Agent, Trojan.Downloader, Malware.Trace...

My name is BHowett and I will be helping you to get sorted. If for any reason you do not understand any of the instructions, or are just unsure then please do not guess , simply post back with your question, and we will go through it again. This seems like a tech issue and not a malware problem, but lets take a look and see what we find.Sorry for the delay, please do the following...ComboFix Please ownload ComboFix from Here or Here* IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License A... Read more

Read other 12 answers
RELEVANCY SCORE 177.2

I am fairly new to this process, so I hope I do this correctly. I have Spybot S&D and just downloaded Malbytes. They both seem to help somewhat but cannot remove reader_s.exe or services.exe. I am experiencing internet popups and redirects, the Windows firewall is disabled, as is my Symantec antivirus. There is a login screen when I start Windows XP that did not used to be there. I am getting number of random error messages, and Malbytes is sometimes deleted and I have to reinstall it. Also, random .tmp files seem to popup. Thanks in advance for any help you can provide.
DDS (Ver_09-02-01.01) - NTFSx86
Run by Jordan at 1:53:18.65 on Thu 02/19/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1437 [GMT -5:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)
FW: Norton Internet Worm Protection *disabled*
FW: ActiveArmor Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program File... Read more

A:Infected with Trojan.FakeAlert.H, Trojan.Agent, Trojan.Downloader?

Please download Malwarebytes' Anti-Malware from HERE or HERENote: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Full Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.NEXTPlease download RSIT by random/random and save it to your Desktop.Double click on RSIT.exe to run RSITBefore you click "Continue", make sure you change the List files/folders created or modified in the last 3 monthsClick Continue at the disclaimer screen.Once it has finished, two lo... Read more

Read other 3 answers
RELEVANCY SCORE 158.8

Malwarebytes' Anti-Malware 1.34Database version: 1876Windows 5.1.2600 Service Pack 23/20/2009 4:06:56 PMmbam-log-2009-03-20 (16-06-56).txtScan type: Full Scan (C:\|D:\|)Objects scanned: 119370Time elapsed: 21 minute(s), 29 second(s)Memory Processes Infected: 2Memory Modules Infected: 0Registry Keys Infected: 5Registry Values Infected: 7Registry Data Items Infected: 3Folders Infected: 0Files Infected: 13Memory Processes Infected:C:\WINDOWS\services.exe (Trojan.Agent) -> Unloaded process successfully.C:\WINDOWS\system32\reader_s.exe (Trojan.Agent) -> Unloaded process successfully.Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\protect (Trojan.NtRootkit.Agent) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\protect (Trojan.NtRootkit.Agent) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msile (Backdoor.IRCBot) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msile (Backdoor.IRCBot) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msile (Backdoor.IRCBot) -> Quarantined and deleted successfully.Registry Values Infected:HKEY_LO... Read more

A:Trojan.Agent,Trojan.NtRootkit.Agent,Backdoor.IRCBot,Trojan.FakeAlert.H

I have posted at Geekstogo to help you already.
Please do not post at multiple forums for help.

Read other 1 answers
RELEVANCY SCORE 156.4

Noticed this morning that Microsoft Security Essentials real-time protection was turned off and that I could not get it to turn back on. Also could not get windows update to run. Went to Services and tried disabling and then enabling windows installer. Also tried uninstalling and reinstalling MSE, but still the same problem.

Next ran MBAM full scan and found the first Rootkit.0Access; Exploit.Drop.GS; Trojan.Agent; Trojan.Downloader. Clicked remove selected and let it reboot. MBAM log created below. Ran MBAM (quick scan this time) again and found Trojan.Lameshield.124. About to hit "remove selected" and reboot. Will post log after reboot.

I have backup drives that I use (2.5" USB drives). Should I scan those as well (at same time)? Thank you for any help!!!

MBAM log attached. Ran DDS but didn't see any option to save the log. Will figure that out and post after reboot. EDIT: rebooted, and reran DDS. The program ran, but then shut down without allowing me to save a log. Any ideas to get more information about my issue?

I run Windows Vista 32-bit. Dell Inspiron E1505 (5 years old). I run MSE and windows firewall (firewall still active as far as I can tell). Removed other malware before reinstalling MSE and followed procedures on microsoft articles about reinstalling MSE.
 mbam-log-2012-12-29 (15-25-09).txt   5.9KB
  3 downloads

 mbam-log-2012-12-29 (18-25-47).txt   2.05KB
&nbs... Read more

A:MBAM - Rootkit.0Access; Exploit.Drop.GS; Trojan.Agent; Trojan.Downloader; Trojan.Lameshield.124

**In any case where you happen to be busy or unable to give us a reply, we would be grateful if you keep us informed in advance and we will be more than happy to wait. Failure to do so we will have your thread closed in THREE(3) days.

Hello there, iseeker I'm Conspire, I'll be glad to help you with your computer problems.Please observe these rules while we work:Read the entire procedureIt is important to perform ALL actions in sequence.If you don't know, stop and ask! Don't keep going on.Please reply to this thread. Do not start a new topic.Stick with me till you're given the all clear.Remember, absence of symptoms does not mean the infection is all gone.Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.IMPORTANT NOTE : Please do not delete anything unless instructed to. Remember to backup all your important data(if possible) before moving on.

Read other 16 answers
RELEVANCY SCORE 156

I am running Microsoft Security Essentials, Malwarebytes' Anti-Malware, Superantispyware Professional. I was running McAfee Security Suite when I got infected. None of the programs find the infections except for Superantispyware. It quarantines and deletes the infections. I restart the computer and then when I run the scan again they are still there.
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by akparker at 19:54:02 on 2011-11-10
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2046.1066 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.e... Read more

A:Infected with Trojan.Agent/Gen-IExplorer[Fake], Trojan.Agent/Gen-PEC, and Trojan.Downloader-Winlogon/FAS

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 18 answers
RELEVANCY SCORE 154

Internet Explorer was popping up windows, 3 at a time, regardless if I was on the Internet. These popups are continuous, making it almost impossible to do anything. I downloaded and installed Malwarebytes, performed the Quick Scan, and 18 infections were identified. They were quarantined and I deleted them. I then performed a Full Scan and it was clean. However, IE is still launching new windows as quickly as it closes them and placing them at the forefront of everything I do.I was not able get a Gmer log as these popup windows interrupt its process. I tried at least 5 times. Following is my DDS log. I am also including the Malwarebytes log in case that might help as well. Please note that I replaced the user name with [name] in the logs.Many thanks!EDIT: If it helps to know this, when I had Task Manager up to kill IE each time it launched it's trio of windows while Malwarebytes performed its scan, every time the URL it launched with was www.webcrawler.com, and then it redirected to another site. It seemed to be referring to a list of sites as some were repeated..DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer: 8.0.6001.18702Run by [name] at 17:51:16 on 2011-08-07Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2003.513 [GMT -7:00]..============== Running Processes ===============.C:\Program Files\Fingerprint Sensor\AtService.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.... Read more

A:IE Popups Still Highjacking My Computer, After Removing Trojan.BHO, Trojan.FakeAlert, Trojan.Hiloti, Adware.Agent, Adware.DeepD...

Hello Alda B. Woods and welcome to BC.

Sorry about the delay, do you still need help?

Read other 8 answers
RELEVANCY SCORE 153.2

Hi Mike !

Don't know what happend !! My windows starts normally, after selecting the user, it dispalys ' loading personal settings'.. After that getting an error ' userint.exe application error' . Reference memory problem. Then it shows my desktop without any Task bar/Status bar and all the icons on my desktop are not displayed. i am accessing the explorer through Task manager using Ctrl+Alt+Del ..

Let me know whether this is an virus infection or some problem with windows registry.
thanks
clement

A:Infected with Trojan.Virtumonde/Trojan-Downloader.Agent.OGP, Help me in removing the trojan

Welcome to BCThe process of cleaning your computer may require you to temporarily disable some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all obj... Read more

Read other 4 answers
RELEVANCY SCORE 151.6

Ive been fighting the Zlob.Downloader.vcs and Virtumonde-C Viruses for a few days now. Im hoping these logs are telling me that Ive finally won the battle, but I need a second opinion, any help? Greatly appreciated!!Deckard's System Scanner v20071014.68Run by Jack Schmitt on 2008-04-20 18:52:47Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --85: 2008-04-21 01:52:55 UTC - RP85 - Deckard's System Scanner Restore Point84: 2008-04-20 18:10:03 UTC - RP84 - Removed Sunbelt CounterSpy.83: 2008-04-20 17:40:54 UTC - RP83 - Installed Sunbelt CounterSpy.82: 2008-04-19 23:21:58 UTC - RP82 - ComboFix created restore point81: 2008-04-18 18:02:13 UTC - RP81 - Last known good configuration-- First Restore Point -- 1: 2008-04-18 18:01:54 UTC - RP1 - System CheckpointBacked up registry hives.Performed disk cleanup.-- HijackThis (run as Jack Schmitt.exe) ----------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:53:35 PM, on 4/20/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16640)Boot mode: NormalRunning processes:E:\WINDOWS\System32\smss.exeE:\WINDOWS\system32\winlogon.exeE:\WINDOWS\system32\services.exeE:\WINDOWS\system32\l... Read more

A:Trojan.vundo, Trojan.agent, Trojan.fakealert

Hello! Welcome!I see you already have Malwarebytes installedDouble-click the Malwarebytes IconOnce the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish, so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to restart. (see extra note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Please copy and paste the entire report in your next reply. Extra note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.If you have run this tool before please post all previous logfiles.

Read other 1 answers
RELEVANCY SCORE 146.8

Hello,

I did some regular scans on my mothers computer and I found some viruses like Trojan Horse Downloader.Small.DHQ, Trojan.FakeAlert, and TrojanVundo. In addition to these viruses my mother had her startup to SELECTIVE startup!!!! I do not know why and it shouldn't have been that way. So I put it back to normal, and startup is ridiculous, and I was just wondering what can we do about getting rid of these viruses and cleaning up random junk from starting on startup.

Thank you in advanced, you guys are awsome,

Steve

p.s. should I post a hijackthis log, if so how should i. save to desktop and scan only?

A:Trojan Horse Downloader.Small.DHQ, Trojan.FakeAlert, and TrojanVundo

Hello and welcome to Bleeping Computer.Please subscribe to your topic so that you will be notified as soon as I post a reply, instead of you having to check the topic all of the time. This will allow you to get an email notification when I reply.To subscribe, go to your topic, and at the top right hand corner by your first post, click the Options button and then click Track this topic. The bullet the immediate notification bubble. Then press submit.First, please do not post your HijackThis log here as they are NOT permitted in this area of the siteLets take a look with MalwarebytesPlease download Malwarebytes' Anti-Malware from here:MalwarebytesPlease rename the file BEFORE downloading to zztoy.exe instead of mbam-setup.exeMBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Double Click zztoy.exe to install the application.* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.* If an update is found, it will download and install the latest version.* Once the program has loaded, select "Perform Full Scan", then click Scan.* The scan may take some time to finish,so please be patient.* When the scan is complete, click OK, then Show Results to view the results.* Make sure that everything is ... Read more

Read other 16 answers
RELEVANCY SCORE 146.8

Hello,my situation:Dell 8100 desktop is infected by Trojan.Dropper/SVCHost-Fake, Trojan.Agent/Gen-FakeAlert as reported by SuperAntiSpyware. SAS scan exits after finding these two. Malwarebytes scan also exits shortly after start.DDS: DDS.txt - see below. Attach.txt was not produced for some reason.GMER started but exited right after clicking "Scan", so no report to show, unfortunately.Thank you!Lev.DDS (Ver_11-05-19.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20Run by Lev at 17:41:20 on 2011-05-25.============== Running Processes ===============..============== Pseudo HJT Report ===============.uStart Page = hxxp://www.yahoo.com/uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.comuDefault_Page_URL = hxxp://www.dell4me.com/mywayuSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.htmluSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.htmluSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.comuURLSearchHooks: H - No FileuURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn6\yt.dllmWinlogon: Userinit=c:\windows\system32\userinit... Read more

A:Trojan.Dropper/SVCHost-Fake, Trojan.Agent/Gen-FakeAlert

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
If I instruct you to download a specific tool in which you already have, please delete the copy that you hav... Read more

Read other 40 answers
RELEVANCY SCORE 145.2

Hi,

Yesterday I got virus warnings from AVG and Windows Defender. After running them, and Malwarebytes Anti-Malware, and ComboFix, I think I have cleaned them off. But I want to make sure. I would greatly appreciate any help and will make a donation if we can make sure I'm all clean.

The initial warning was for Trojan.Fakealert. Since then I have had detections of:
Trojan.Fakealert
Trojan.Agent
Trojan.Hanam
Adware.Minibug
Malware.Trace
Trojan.SHeur2.ANWV

Yesterday with repeated Malwarebytes scans in safe mode, and with ComboFix, I was able to get the system responsive again. Since then I have had detections of a trojan in a System Restore point (which I deleted) and in the Recycler (which I emptied).

Once again, some help reviewing logs to make sure I cleaned it off would be most appreciated!! My DDS logs are attached. I will check back frequently and provide any other info if needed.

DDS (Ver_09-06-26.01) - NTFSx86
Run by Steven at 17:36:04.03 on Wed 07/01/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.1008 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\s... Read more

A:Trojan.Fakealert and Trojan.Agent infection, hopefully almost cleaned

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 145.2

Hi, hoping I can get some help from the users here.. I'm having some trojans I can't get rid of.. it's causing redirects within the internet browser (FireFox and IE7).. also causes IE7 to have a fatal error and close.. I've used malwarebytes, spyware doctor,and McAfee Anti Virus.. all of these scanner do find things and they are always a little different.. they delete them but the trojans just keep coming back.. I have also tried running the scanners in safe mode and that has not helped.. here is a HijackThis log.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:23:38 PM, on 4/29/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exec:\PROGRA~1\COMMON~1\mcafee\mcproxy ... Read more

A:Trojan.Agent, Trojan.FakeAlert, Worm.Autorun

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_Sca... Read more

Read other 2 answers
RELEVANCY SCORE 142.8

Hi all,
Since 2 days I have a nasty thing on my laptop with XP and it really got on my nerves. Usually I can handle the most simple stuff "with a little help from my friends" (forums), but now it looks like I need a real-time help exactly for me.

The symptoms are:
- disabled registry;
- disabled task manager;
- disabled safe-mode;
- Runtime error 6002 on Media player classic and DC++ which requires replacing the *.exe files; also, Spybot doesn't run;
- random-named *.exe files created in \local settings\temp\
- the problematic line in HiJackThis keeps reoccuring:
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1.

So the other day I learnt how to re-enable the TaskMan, RegEdit and SafeMode when i need to use them.
Spyware Doctor find the detects the things from the topic name: "Trojan.Agent, Trojan-downloader.agent, Hacktool.spammer".
The thing stays. I'd be very grateful to a little help.

A:Trojan.Agent, Trojan-downloader.agent, Hacktool.spammer, nasty stuff

DDS (Ver_09-03-16.01) - NTFSx86
Run by Alexander at 16:00:39.71 on неделя 26/04/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1251.1.1033.18.1791.1190 [GMT 3:00]
============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\RAMpage\RAMpage.exe
C:\Program Files\Datecs\FlexType 2K\FType2K.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Skype\Phone\Skype.exe
C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\wintmlls.exe
C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\winxjcakb.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ale... Read more

Read other 3 answers
RELEVANCY SCORE 142.4

I'm posting this on behalf of a friend.Prior to this friend contacting me, she had a friend from school help her with her "computer issues". From what she tells me this friend Executed and MBAM scan as well as 2 ComboFix scans. The first CF scan crashed her computer apparently. (I told her that this was very risky, but the friend that did it didn't know any better). I did, however, confirm that the ComboFix.exe that was used was obtained from bleepingcomputer.comThe MBAM log shows that her computer was infected with a Trojan.FakeAlert (Sysvxd.exe) and a Trojan.Downloader found in C:\WINDOWS\system32\drivers\svchost.exe The ComboFix log also shows the following deletions:c:\documents and settings\Lins\Application Data\inst.exec:\windows\system32\lsprst7.dllc:\windows\system32\nsprs.dllc:\windows\system32\ssprs.dllc:\windows\unins000.datc:\windows\unins000.exeAttacht.txt and ark.txt have been attached to this post. IF you would like to see the MBAM log as well as the ComboFix log, please let me know and I will gladly post them.Below is the DDS log:DDS (Ver_09-12-01.01) - NTFSx86 Run by Lins at 14:09:55.57 on Sun 01/31/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.281 [GMT -5:00]AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C... Read more

A:Infected with Trojan.Downloader and Trojan.FakeAlert

Hello,My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if youwould let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up.Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)Please download GMER from one of the following locations, and save it to your desktop:Main MirrorThis version will download a randomly named file (Recommended)Zip MirrorThis version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs, as this process may crash your computer.Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.Double click on Gmer to run it.Allow the gmer.sys driver to load if asked.You may see a rootkit warning window, If you do, click No.Untick the following boxes on the right side of the Gmer sc... Read more

Read other 17 answers
RELEVANCY SCORE 142.4

I first want to apologize for posting this in the wrong section. Sorry about that.

I have been working on trying to get a PC cleaned of a Trojan problem that was picked up from streaming old time radio website.

This is a Windows XP Dell Latitude D400 laptop

I have tried SUPERantiSpyware, Windows Defender, Avast Malwarebytes and Drweb-cureit all in SafeMode no networking and in regular start up mode. I have turned off AntiSpyware and firewalls and tired a second time to remove the Trojan files but it still shows that there is an infection even after reboot to Normal windows. I hope someone can give me a bit of guidance on what next to try.
DDS (Ver_09-06-26.01) - NTFSx86
Run by Melissa at 14:32:44.62 on Thu 07/23/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.307 [GMT -5:00]

AV: avast! antivirus 4.8.1335 [VPS 090723-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\... Read more

A:Difficulties with Trojan.FakeAlert and Trojan.Agent

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 10 answers
RELEVANCY SCORE 139.6

I'm at a complete loss as to how to rid my computer from these trojans. I've run Spyware Doctor several times, but they keep showing up in subsequent scans. I also get varied "Cannot Find File "WIN32\xxx.dll" messages at startup, and a recurring popup from the Windows Firewall saying "To help protect your computer, Windows Firewall has blocked some features of this program. Do you want to block this suspicious software? Name: Win32.Brontok..." But the boxes for "Keep Blocking" and "Unblock" are grayed-out. "Enable Protection" seems to result in my system freezing up.

Anyway, your help is greatly appreciated. I'm fairly competent with technology, so I'll try to follow instructions to the letter and hopefully we can get rid of this stuff. Thanks!

-Greg
DDS (Ver_09-05-14.01) - NTFSx86
Run by CA$H $LAVE CLIQUE at 19:18:46.10 on Mon 05/18/2009
Internet Explorer: 6.0.2800.1106
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.3518.2793 [GMT -4:00]

AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -... Read more

A:Trojan.Virtumonde, Trojan-Downloader.Agent.OGP, WIN32.Brontok

Just to update, I downloaded Malwarebytes and Avast! 4.8 and did some additional scanning, tried a few other tools with some success. My latest problems were with just getting to this site without redirects.

I also had to repair windows in order to get rid of my blue screen, which means I'm now back to XP SP1. I'd like to run Windows Update, but it would appear that I've been locked out of using that service. Can't run the normal Update through IE because "One or all of the following services are disabled: Automatic Updates, BITS." And trying to enable those services through msconfig yields an "Access Is Denied" window.

Ugh.

Here are my latest logs, if anyone reads this and is interested in helping:
DDS (Ver_09-05-14.01) - NTFSx86
Run by CA$H $LAVE CLIQUE at 18:29:19.21 on Wed 05/20/2009
Internet Explorer: 6.0.2800.1106
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.3518.2932 [GMT -4:00]

AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spool... Read more

Read other 3 answers
RELEVANCY SCORE 139.6

I got rid of this virus through spyware doctor and was able to remove 4% of space, but defrag needs 15% to work properly. How to I go in and find where they put all this stuff to use up my C-drive and remove it? I have my defrag logs but they don't tell me where the problems are located. I'm happy to post a new log if someone tells me what they need. Any ideas? I have posted latest defrag log.
Thanks

A:Help with Trojan Downloader.agent.BDBU/Virus gone how to reclaim trojan used ram

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Read other 1 answers
RELEVANCY SCORE 139.6

Hi guys,I ran a rogue executable sent to me by a friend and knew immediately that something was awry.SYMPTOMS- Computer bogged down immediately and i saw i was infected with the Nmehaa.exe process (which i ended).- Received repeated warnings that Spoolsv.exe was trying to access secure files (selected no)- Received repeated warning that internet explorer wasn't executing script properly and prompted to continue running script. I don't use IE, just firefox. I selected no repeatedly, then accidentally hit yes, which resulting in my google links being hijacked and sending me to shopping pages within firefox.- could not run malwarebytes anti-malware OR Superantispyware free- my wireless zero configuration continually turns itself off, meaning wireless network access is nearly impossible- PC doesn't recognize a plugged in ethernet cable- my taskbar at bottom has messed up colors (i run a black theme and the taskbar is now black with gray sections)ACTIONS- disabled wireless network card- ran AVG anti-virus in standard mode, which gave a false negative and didn't remove any infection- attempted system restore several times, to no effect- found and followed the preparation guide here on bleepingcomputer.com (DDS and GMER files are attached)- After following guide, i took one more stab at a solution: I downloaded the latest versions of superantispyware and malwarebytes and their latest definitions, transferred them to the PC via USB, and ran them in safe mode after t... Read more

A:Infected with Malware.Trace, Trojan.Agent, Trojan.Downloader

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.We need to create an OTL report,Please downloa... Read more

Read other 9 answers
RELEVANCY SCORE 139.2

Hi,It seems that I have trojan activity on my home pc.I am running Vista and when I log in to my user profile I get a blue desktop with a box saying 'Warning! Spyware detected on your computer! Install an antivirus or spyware remover to clean your computer'I have tried a few malware removal programs, Malwarebytes, CCleaner, Adaware and ran virus scans in an attemp to try and remove it myself without bothering you guys but I just can't shift it, so I'm hoping you may have the time to help?What I have noticed is that I only get these warnings when I am logged into my user profile, not as administrator or as another user on the pc. I also get no warnings when running in safe mode.I run Avast and that brings up a warning soon after the blue desktop comes up that points to infection with C:\Users\Guy\AppsData\Local\Temp\tt991.tmp.vbs. The numbers/letters after the tt (in this case 991) change each time I log in. It also states Malware Name: VBS:Malware-gen, Malware Type: Virus/Worm, VBS verison 080805-0,08/05/08 which I try and delete from the warning box.I then am greeted with a windows script host message box that will say the above file (tt991.tmp.vbs) failed (Access Denied).I also regularly get Windows security alert message boxes come up on the screen saying that Windows Firewall has detected activity of harmfull software with mention of one of many trojans. These have been:Trojan-Clicker.Win32.Tiny.hTrojan-Downloader.Win32.Agent.bqTrojan... Read more

A:Vbs:malware-gen - Trojan-clicker.win32.tiny.h, Trojan-downloader.win32.agent.bq, Trojan-spy.win32.keylogger.aa

Hi,I am hoping you can help me.My computer keeps telling me it is infected with spyware/malware. I get a blue desktop on startup with regular warnings saying the computer is infected with:Trojan-Clicker.Win32.Tiny.hTrojan-Downloader.Win32.Agent.bqTrojan-Spy.Win32.KeyLogger.aaTrojan-Spy.Win32.GreenScreenTrojan-Spy.HTML.Bankfraud.dqStrange thing is that these only show up when I log in to my user account. If I log in as administrator, another user or as any user in safe mode I get no warnings and nothing shows up on scans.The pop up warings direct me to this site: www.antispyware-review.info/?wmid=46638&pwebmid=uWfLn0pimL&a= which is Smartsoft reviews to buy PC Antispy or PC Clean pro.Malwarebytes scan picks up Fake.Dropped.Malware, Malware.Trace, Trojan.FakeAlert and Hijack.Wallpaper and even if I remove these and restart the PC they come back.A spybot scan pointed to 2 entries of VirtumondeI'll attach the latest HJT log, Malwarebytes log and Spybot logs in case you need them. Please help me with this, I cant seem to shift it Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:54:34 AM, on 8/7/2008Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Windows Defender\MSASCui.exeC:\Windows\RtHDVCpl.exeC:\Program Files\Ado... Read more

Read other 5 answers
RELEVANCY SCORE 138.4

I am running Windows Vista on a Compaq pc. I have run Malwarebytes and have a copy of the log after running a full scan. I just want to know what are my next steps. My biggest concern was actually something called a trojan backdoor.generic11. I have AVG and SUPERantispyware installed and they both detect it but can't seem to get rid of it. Here is a copy of the log from malwarebytes:Malwarebytes' Anti-Malware 1.46www.malwarebytes.orgDatabase version: 4052Windows 6.0.6001 Service Pack 1 (Safe Mode)Internet Explorer 8.0.6001.189288/10/2010 1:58:21 PMMalwareBytesScan type: Full scan (C:\|D:\|)Objects scanned: 283866Time elapsed: 1 hour(s), 15 minute(s), 51 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 2Registry Values Infected: 3Registry Data Items Infected: 1Folders Infected: 2Files Infected: 5Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Malware.Trace) -> No action taken.HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\UACd.sys (Trojan.Agent) -> No action taken.Registry Values Infected:HKEY_CURRENT_USER\Environment\avapp (Rogue.PersonalAntiVirus) -> No action taken.HKEY_CURRENT_USER\Environment\avuninst (Rogue.PersonalAntiVirus) -> No action taken.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows_update.exe (Trojan.Downloader) -> No action taken.Registry Data Items Infecte... Read more

A:Rogue.WindowsSystemSuite, Trojan.Agent, Trojan.Downloader ect

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you let... Read more

Read other 2 answers
RELEVANCY SCORE 138.4

Hello again, the viruses have struck me again and I need your help, yet again. So both of those trojans, and vundo[though I believe I've gotten rid of it] have been given me plenty of problems.

I have spyware tools and it detects and "cleans" them but they always come back. TDSServ comes in infections of 33 or more, and the Trojan-downloader.Agent comes in 1 infection. I did a full scan, restarted, and then another fullscan after as directed by a PC Tools moderator. No luck.

The symptoms have been a slower computer in general, and when playing games increased ping occurs, usually was 50 and is now 170-200+ ping. I've been using ad-ware, spybot, ccleaner and spyware blaster to no avail, and have done the pre-complain routines.

Here is my log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:08:28 PM, on 12/14/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\lxdccoms.exe
D:\WINDOWS\system32\PnkBstrA.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Creati... Read more

A:Trojan.TDSServ, Trojan-Downloader.Agent.OGP problems

Hi, welcome to TSF!

Did you run GMER as outlined here?

http://www.techsupportforum.com/secu...oval-help.html

If you ran it, please post the log. If for some reason it won't run, rename it to any name you want then run it again.

Read other 19 answers
RELEVANCY SCORE 138.4

Hi,

My partner's laptop is infected with a pretty nasty virus (and she gave me the job of fixing it!).

The virus killed the internet connection, disabled Norton anti-virus and generally slows down the whole machine.

I already ran malwarebytes anti-malware, which found the following:
Trojan.Downloader
Trojan.Agent
Trojan.Spammer
Rootkit.Bagle

Malwarebytes tried to remove the infected files but the virus just returns on reboot.

I also ran hijackthis. I can post both the logs if requested.

Thanks in advance for any help!

Cheers,
Karol.

A:Infected with Trojan.Downloader / Trojan.Agent / Bagle

Hi Karol and welcome to BC Let's do a few tasks. If you are using a wireless router, please reset it and make sure it is set to automatically obtain a DNS address. Routers vary, so you may have to reference your manual. If you do not have a manual, please let us know what the model and make of your router is. Also, please make sure you place an administrator password on your router. Don't forget to write this information down = you may need it 6 months from now Please rerun Malwarebytes using these instructions:On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen:Click on the Show Results button to see a list of any malware that was found.Make sure that everything is checked, and click Remove Selected.When removal is completed, a log report will open in Notepad.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply and exit MBAM.Note:-- If MBAM encounters a file that is dif... Read more

Read other 9 answers
RELEVANCY SCORE 138.4

Hi ! My system has been infected with Trojan.Virtumonde/Trojna-Downloader.Agent.OGP viruses. These were identified by Spyware Doctor , after identifying them Spyware doctor prompts me to reboot the system so that they can be removed. But once the system is started againg, they are there. Again Spyware Doctor identifies them and tries to Fix them, again asking to re-boot the system. This keeps on going but the viruses are still there. The Trojan.Virtumonde virus is associated with the basesr.dll file in System32 folder. The basesr.dll file description shows - Alcohol 120%, Company-Alcohol Soft Development Team

Due to this

I am receiving lot of unusual pop-up screens
Internet Explorer is Re-directing to different web pages instead of the expected page.
Internet explorer takes lot of time to load a page.
CPU usage seems to 100%.
Unkown process are executing in windows task manager.

Please resolve the same for me . let me know for anything.

DDS.txt details:

DDS (Ver_09-03-16.01) - NTFSx86
Run by Clement at 18:20:15.82 on Mon 05/04/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2038.1348 [GMT -4:00]

AV: Prevx 3.0 *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\... Read more

A:Infected with Trojan.Virtumonde/Trojan-Downloader.Agent.OGP

Hello mercyman,Download Security Check by screen317 from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt.Please post the contents of that document.

Read other 45 answers
RELEVANCY SCORE 138.4

Hi,My partner's laptop is infected with a pretty nasty virus (and she gave me the job of fixing it!).The virus killed the internet connection (but I managed to figure out how to get the internet back), disabled Norton anti-virus and generally slows down the whole machine. The virus seems to prevent me from restarting into Windows safe mode. Various tools don't run - for instance, I could not run DrCureIt or even Kaspersky online scan. I've been moved to this forum from the 'Am I infected? What do I do?' forum. For a full report of the problem, and the steps taken so far, please see:http://www.bleepingcomputer.com/forums/t/228965/infected-with-trojandownloader-trojanagent-bagle/I'm posting a DDS log as in the instructions.Thanks in advance for all your help!Cheers,Karol.DDS (Ver_09-05-14.01) - NTFSx86 Run by Eczka at 12:48:08.06 on Tue 26/05/2009Internet Explorer: 6.0.2900.2180Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.446.82 [GMT 10:00]AV: Norton AntiVirus 2005 *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton Internet Worm Protection *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\ACS.exesvchost.exesvchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\TOSHIBA\... Read more

A:Infected with Trojan.Downloader / Trojan.Agent / Bagle

Hello KarolF, and to Bleeping Computer Forums, My Nick is Net_Surfer I'll be glad to help you with your computer problems.I will be working on your Malware issues, this may or may not solve other issues you may have with your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. Please note that whatever repairs we make, are for fixing "your computer problems only" and by no means should be used on another computer.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown Here.Please be patient and I'd be grateful if you would note the following:The cleaning process is not instant. DDS logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. 1. Please reply using the AddReply button in the lower right hand corner of your screen. Do not start a new topic. 2. The lo... Read more

Read other 15 answers
RELEVANCY SCORE 137.2

Laptop would boot up but there seemed to be no desktop and nothing on the start menu. Ran Malwarebytes before coming here and seemed to remove 14 infections. Now the start menu has some stuff back but the desktop still is blank. I'm gonna post all the logs but should i also post the first malwarebytes log?

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.18702
Run by Administrator at 13:09:55 on 2011-12-03
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1713 [GMT -8:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.toshibadirect.com/dpdstart
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart
mSearchAssistant = hxxp://www.google.com/ie
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} -... Read more

A:trojan.agent and trojan.fakealert

Hello and welcome to Bleeping Computer.My name is km2357 and I will be helping you to remove any infection(s) that you may have.I will be giving you a series of instructions that need to be followed in the order in which I give them to you.If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.Please do not start another thread or topic, I will assist you at this thread until we solve your problems.Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.Sorry for the delay in replying, the forum is very busy. If you still need help, please do the following:Step # 1 Download and run DDSDownload DDS and save it to your desktop from here or here or hereDisable any script blocker, and then double click dds.scr to run the tool. When done, DDS will open two (2) logs: DDS.txt Attach.txtSave both reports to your desktop. Post them back to your topic.Step # 2: Download and Run GmerPlease download gmer.zip from Gmer and save it to your desktop.***Please close any open programs ***Double-click gmer.exe. The program will begin to run.**Caution**These types of scans can produce false positives. Do NOT take any action on any "<--- ROOTKIT" entries unless advised by a trained Security AnalystIf possible rootkit activity is found, you will be asked if you would like to perform a full scan. Cli... Read more

Read other 20 answers
RELEVANCY SCORE 136.8

Computer has been shutting down randomly and not letting me run Norton 360.
Went to safe mode and ran Kaspersky and found 2 problems supposedly:
trojan-downloader.java.agent.f also trojan-downloader.getcodec.n
I cannot find any info to get rid of these. In safe mode I ran updated Norton 360,
Malwarebytes AMWare, Trend Micro Housecall and Absolute systemcare. All found
nothing. What should I do? Older system (2000) running XP pro.
Thanks Bruce

A:trojan-downloader.java.agent.f also trojan-downloader.getcodec.n

When the computer shuts down do you get a blue screen error message?

Read other 30 answers
RELEVANCY SCORE 136.4

I'm running on Windows XP Media Center. I've been using Webroot's Spysweeper and PCtools antivirus, and i've constantly picked up the same alerts every time I run a scan and removing them. After removing them and rebooting my computer, I get a fakealert on my taskbar which I can't seem to remove either. I've also tried booting in safe mode and running a scan, but that didn't work either seeing as how everything seemed to come back as alerts when I restarted. I've also noticed that Windows Defender has an error when I startup my computer. Thats the most I can recall happening. I've temporarily removed the red circle with the X on it (fakealert) that advertises some spyware product by closing explorer.exe from my process tabs and restarting it with run.

A:Trojan Zlob, Trojan-backdoor.gen, Fakealert, Trojan.dl.winrean.a

Hello Kanko and welcome.Please run this first, post back the scan report and tell us how the PC is doing now.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Acan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message ... Read more

Read other 10 answers
RELEVANCY SCORE 135.6

I wasn't aware of any problem until my Symantec Antivirus program stopped automatically scanning my computer. I tried to run it manually and gave me a message that said it wasn't installed properly. I googled the error message and found that it was a Trojan of some sort and that I should run a Panda scan. I ran a Spyware Doctor scan aswell which came back with Trojan.Agent and Trojan-Downloader.ConHook.

Here are the DDS results:
DDS (Ver_09-01-19.01) - NTFSx86
Run by george at 21:34:58.53 on Thu 01/29/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.108 [GMT -5:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\... Read more

A:Trojan.Agent and Trojan-Downloader.ConHook

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the ... Read more

Read other 2 answers
RELEVANCY SCORE 135.2

Mod Edit: Log split away from topic here http://www.bleepingcomputer.com/forums/t/144809/infected-by-something-wicked/Deckard system scanner report is below. I was not able to load Kapersky because my IE is too corrupted and I can't get enough space on my hard disk in time before whatever is on my computer partitions off the space. I have cleared about 1 Gig of new space on my computer but the computer still shows that it has less than 100 MB of space on it.Deckard's System Scanner v20071014.68Run by Paul Hanken on 2008-05-05 23:34:54Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Failed to create restore point; disk is full.Backed up registry hives.Performed disk cleanup.System Drive C: has 0.01 GiB (less than 15%) free.-- HijackThis (run as Paul Hanken.exe) ----------------------------------------Unable to find log (file not found); running clone.-- HijackThis Clone ------------------------------------------------------------Emulating logfile of Trend Micro HijackThis v2.0.2Scan saved at 2008-05-05 23:38:01Platform: Windows XP Service Pack 2 (5.01.2600)MSIE: Internet Explorer (7.00.6000.16640)Boot mode: NormalRunning processes:C:\WINDOWS\system32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\BRSVC01A.... Read more

A:Trojan Vundo.EGG, Trojan Retapu.D, Generic.Zeno.E5F12F0C, Adware.Isearch.D, Trojan Downloader.Small.

Hello 425Fool,

Welcome to Bleeping Computer

Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea

Read other 4 answers
RELEVANCY SCORE 134.8

I got two different names for a trojan yesterday and today, and after completely running your ?5 steps before posting a log? I am finding no trojan at all! I know this sounds like a good thing, but I'd like some explanation if possible. I am running WIndows XP Home.

Yesterday WebRoot SpySweeper found trojan-backdoor-progdav, which I eliminated on 2-17-07 by using TetonBob?s excellent instructions. Today I re-used those instructions, but the target files were not found, so I ran SpySweeper again ? and this time it found a different problem: trojan-downloader-ruin.

So I used POADB?s instructions (provided to jack5000 on 4-25-06) for removing trojan-downloader-ruin: downloaed CleanUp!, Ewido with updated database, and FixWareout; ran FixWareout online; then ran HiJackThis offline in safe mode. HJT didn?t list any of the items that jack5000 was told to delete. The file to manually delete (C:\WINDOWS\\System32\dmeue.exe) also was NOT present. Then I ran my first Panda scan.

Finding none of the target files, I went to TechSupportForum?s ?5 steps before posting a log? (now realize I should?ve done first.) Took ages, but the only things found were 1 malware program (Viewpoint Media Player, which I removed in Step 1), & 7 tracking cookies (which I quarantined using Ad-Aware SE in Step 2). In Step 4 no service packs were missing ? only upgraded IE (which I never use ? I?m a Firefox user) to IE 7.

After all of this, I decided to run SpySweeper again, and thi... Read more

A:Trojan change from trojan-backdoor-progdav to trojan-downloader-ruin, no target files

Welcome organicbarb

Are there any current spyware symtoms ?

Your logs look fine
You can delete
C:\install.dat
C:\dnsbak.reg
C:\fixwareout
fixwareout.exe and combofix,exe

You should update java, afterwards this old version should be uninstalled.
J2SE Runtime Environment 5.0 Update 2

Read other 1 answers
RELEVANCY SCORE 134.8

It started on or about July 22. First we had popups circumventing our popup blocker. Then I noticed that there was an active connection listed in our firewall connection list that was called "??ool32\??crosoft.Our server had been down for almost a week because of an electrical storm, and we got a new modem with the fix from the broadband carrier. Our sercurity system may also have been down at the same time, but when we did a scan after getting our internet back, there was nothing found. After doing all of the steps recommended before doing the hijack this scan, we were told that we had all of the problems listed in the title of this post, and the House Doctor scan also said that there was an infection which couldn't be quarantined located in D:\SYSTEM VOLUME INFORMATION\_RESTORE{B9823275-D858-...\A0015881.DLL. The last 3 scans done using the same suggested programs have come back clean. During the last week the computer has begun to freeze and move very slowly. The firewall has also come up with warnings that ??ool32 has been attempting to connect with the internet, but has been blocked...so it is obviously still there. My Hijackthis logfile follows:

Logfile of HijackThis v1.99.1
Scan saved at 8:13:36 PM, on 04/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32&#... Read more

A:W32/backdoor.kzk, Trojan.downloader.purityscan, Java.trojan.exploit.bytverify, Trojan.clicker.vb.dw

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please download Ewido Anti-spyware and save that file to your desktop.This is a 30 day trial of the programOnce you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.Once the setup is complete you will need run ewido and update the definition files.On the main screen select the icon "Update" then select the "Update now" link.Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.Once in the Settings screen click on "Recommended actions" and then select "Quarantine".Under "Reports"Select "Automatically generate report after every scan"Un-Select "Only if threats were found"Close Ewido anti-spyware. Do not run a scan just yet. We will shortly.Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.

Clean out your Temporary Internet filesClose Internet Explorer and close any instances of Windows Explorer.Click Start -> Control Panel and then double-click Internet Options.On the General tab, click Delete Files under Tem... Read more

Read other 10 answers
RELEVANCY SCORE 134.8

btcar popup, trojan.agent.apmc, trojan.script.14303, trojan.fakeav.kueHi,My antivirus program, BitDefender Antivirus 2010, has blocked the above trojans. The main trojan that keeps popping up however is: Trojan.Agent.AMPC. It is located in my temp file as 94.tmp. I have deleted my temp files, some of them wouldn't delete so I downloaded and ran CCleaner.After successfully deleting files that windows alone wouldn't allow me to do, I presumed my problems were over. (haven't had the antivirus program pop-up in 12 hrs now)I opened up google and typed in the topic I wanted and clicked on the link I wanted & I was redirected to btcar.com. I closed it, clicked on another link and I was directed to virtualway.info among other annoying sites. So I blocked these sites in IE, and proceeded to download & run SpyBot S&D. 4 Issues were found and I repaired them.I then did a deep system scan with BitDefender and it said no viruses or spyware were found:BitDefender Log File Product: BitDefender Antivirus 2010Version: BitDefender Antivirus ScannerScanning task: Deep System ScanLog date: 5/6/2010 2:36:47 AMLog path: C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Profiles\Logs\deep_scan\1273077407_1_00.xml Scan paths: Path 0000: C:\ Scan Level: Scan for viruses: YesScan for adware: YesScan for spyware: YesScan for applications: YesScan for dialers: YesScan for rootkits: YesScan for keyloggers: Ye... Read more

A:btcar popup, trojan.agent.apmc, trojan.script.14303, trojan.fakeav.kue

Hello and and Welcome to BleepingcomputerPlease note we are very busy, so if I don't hear from you within 5 days the topic will be closed, If you have sinceresolved your issues I would appreciate if you would let me no so I can close this topic.Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)Please download Malwarebytes' Anti-Malware from HereNote: If you already have Malwarebytes' Anti-Malware, just update then run it.Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan (the scan may take some time to finish, so please be patient).When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy and Paste the entire r... Read more

Read other 2 answers
RELEVANCY SCORE 134.8

At first it started as pop-up internet explorer windows while browsing in Firefox and re-directs in Google when I clicked on a link (however I can copy the link from a google search and paste it in a new window). Then whatever I have seemed to disable my internet connection after a couple of minutes (almost like it new I was trying to figure out how to get rid of it!). I have done some work at trying to remove the problem and it seems like everything is better EXCEPT that Google keeps redirecting - so I know not everything has been cleaned! I have a spotty and slow wireless connection for this computer so I would rather not use an online scanner if I don't have to but I will do what it takes if that is the case.

Looking forward to some help. Attached is my HiJackThis Log from earlier today. Thanks!

A:Trojan.Agent, VBS/Disabler.NAB Trojan, Win32/Kryptik.AKJ Trojan and maybe others! Google Redirect in Firefox

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I'll ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.Please download ComboFix from one of these locations:Link 1Link 2Link 3Important!You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Make sure that you save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow ... Read more

Read other 41 answers
RELEVANCY SCORE 134.4

Hi Boopme
Are you here?
Do I need to post everything that I have already posted to you here?: http://www.bleepingcomputer.com/forums/forum103.html
or is someone else going to help me? if so please let me know and I will give details to them.
By the way - this morning before work - I deleted my quarentine folders from SuperAntiSpyware and the logs from my desktop and ran a scan and it didn't pick anything up! But my Malwarbytes will not load again from the task bar when I click on it - it would not let me stop it by right clicking either so hoping it wasn't running a script for the DDS scan? - so I'm afraid my trojans might be back! I was going to run the Rkill one more time - but I didn't
I couldn't run GMER - I have Windows 7 64 bit and it would run but it didn't give me any options to check mark. I was using the 34 bit explorer (does that matter?)
Also the defogger - I'm not sure it worked as it didn't come up for me to click the finish button - it just went back to the little box that says disable? But I did get the DDS logs.
Here is my DDS Log:

DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by tamhbrih at 18:15:58.57 on Mon 02/14/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1788.802 [GMT -7:00]

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Disabled/... Read more

A:Infected with Trojan.Agent/Gen-IEFake, Trojan.Agent/Gen-IExplorer[Fake] &Trojan.Agent/Gen-PEC

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Please take note:If you have since resolved the original problem you were having, we would appreciate you letting us know. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available.If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply'... Read more

Read other 23 answers
RELEVANCY SCORE 134

I followed the instructions on the hijack this prep and below is the file. I am very concerned that I can't seem to get rid of some unusual files in my msconfig startup and running processes. Unidentified items in msconfig. startup are Zeno is under C:\WINDOWS\system 32\pwinqsap.exe CORN001, Z_Start C:\WINDOWS\system32\dwdsregt.exe CORN001, Then under SOFTWARE\Microsoft\Windows\CurrentVersion\Run are : 9339047 C:\PROGRA~\9339047\9339047.exe; sd "C:\PROGRA~1\AUTOST~1\sd.exe" --checkOnly; mhnn "C:\Program Files\Obla\mhnn.exe" -vt ndrv The mhnn is also in the task manager as a running process. I cannot find any of these listed in windows explorer or my registry. Logfile of HijackThis v1.99.1Scan saved at 6:35:30 PM, on 1/4/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared... Read more

A:Backdoor.dsnx, Hacktool, Trojan.cmapp, Download Trojan, Trojan.downloader.gen,

Sorry for the delay. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:Preparation Guide For Use Before Posting A Hijackthis Log

Read other 3 answers
RELEVANCY SCORE 134

I have gotten Trojan.Ertfor ,Trojan.Zlob.H ,Trojan.Downloader ,and Malware.Trace and I just cant seem to get rid of these Trojans I have ran Malwarebytes'Anti-Malware program(did not get rid of these,and came back) I also did a manual deletion of these Trojans(They came back and didn't stay deleted) I will also add the Malwarebytes'Anti-Malware program Log of these Trojans. Can i get help on what to do to get rid of these annoying Trojans?
Here is the Malawarebytes'Anti-malware Log:

Malwarebytes' Anti-Malware 1.38
Database version: 2335
Windows 5.1.2600 Service Pack 3

6/25/2009 4:33:11 PM
mbam-log-2009-06-25 (16-33-07).txt

Scan type: Quick Scan
Objects scanned: 104801
Time elapsed: 9 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 3
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\sdjee3inf.dll (Trojan.Ertfor) -> No action taken.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{b2c7b2a1-00f3-42bd-f434-00aaba2c8952} (Trojan.Zlob.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b2c7b2a1-00f3-42bd-f434-00aaba2c8952} (Trojan.Ertfor) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion ... Read more

A:Trojan.Ertfor, Trojan.Zlob.H, Trojan.Downloader, Malware.Trace, OhMY!

Hello and welcome.. Let's do 2 things next,I think we can clear this up.Run part 1 of S!Ri's SmitfraudFixPlease download SmitfraudFixDouble-click SmitfraudFix.exeSelect option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).Please copy/paste the content of that report into your next reply.Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.http://www.beyondlogic.org/consulting/proc...processutil.htmYou have a good amount of files here. We should do a full scan.....Rerun MBAM like this:Open MBAM in normal mode and click Update tab, select Check for Updates,when doneclick Scanner tab,select FULL scan and scan.After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Read other 7 answers
RELEVANCY SCORE 134

Hello I have an Acer Aspire 5100 laptop running Windows XP Home. All microsoft updates current to Sept 15. Using Avira Antivirus, Malwarebytes, Super Anti Spyware, Spyware Blaster, Spybot Search and Destroy, CCleaner and Windows Defender. All updates current to Sep 15. Windows Defender has disappeared from the task bar.Problems are as follows: all started on Friday, Sept 17 in the morning, no problems before that at all- Ccleaner had entries in registry that looked very suspicous (one included nqagoxiw in the entry) - cannot get to Windows Update site (page says Internet Explorer cannot display the webpage) - could not get Avira, etc to update (some have since started updating)- could not get to forums page (redirect to Godzilla Malware or something close to that) - I connected via the cached link so I could print the instructions- cannot load Task Manager- could not get Control Panel to work (It is now working)- if I try to run Avira or Malwarebytes in safe mode the computer shuts down (also shut down once in regular mode when I was running Malwarebytes)- fixed in time debugger keeps popping up- messages saying Windows Explorer has encountered a problem (could not save error message so this a summary of the message)- gmer runs but freezes and I cannot save the log or copy it - indeed I have to shut down with the power button as laptop becomes totally nonresponsive (I hand copied the last fews lines of the log that were displayed and have posted those at the bottom of this me... Read more

A:TR/Crypt.XPACK.Gen3 Trojan ; Trojan.Hiloti ; Trojan.Agent/Gen-Falint

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 28 answers
RELEVANCY SCORE 132.4

I have done all the preparatory actions. AVG Antispyware tells me I am infected with Trojan.Small.fb but cannot remove it. Spy Doctor scan shows Trojan.Downloader.Ruins amd Trojan. DNS Changer.Here is my HijackThis log.Can anyone help please?Logfile of HijackThis v1.99.1Scan saved at 14:49:22, on 01/11/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\SCardSvr.exeC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeC:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exeC:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLSer... Read more

A:Infected With Trojan.small.fb, Trojan.downloader.ruins, Trojan.dns Changer

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.Please download FixWareout http://downloads.subratam.org/Fixwareout.exeorhttp://swandog46.geekstogo.com/Fixwareout.exeSave it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.When your system reboots, follow the prompts. Afterwards, Hijack This will launch. Close Hijack This, and click OK to proceed. )Fix these with HJT ? mark them, close IE, click fix checkedO17 - HKLM\System\CCS\Services\Tcpip\..\{05F2BA51-171A-4B1D-AE5F-B8515E38E241}: NameServer = 85.255.115.18,85.255.112.61O17 - HKLM\System\CCS\Services\Tcpip\..\{8269A184-3C5F-41F7-A7E9-581E273A2475}: NameServer = 85.255.115.18,85.255.112.61O17 - HKLM\System\CCS\Services\Tcpip\..\{C0DCAED8-AC99-4371-811A-DDA8BF12F7D8}: NameServer = 85.255.115.18,85.255.112.61O17 - HKLM\System\CCS\Services\Tcpip\..\{FD6801D5-625E-482E-AA33-1FD2EB1B2544}: NameServer = 85.255.115.18,85.255.112.61O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.18 85.255.112.61O17 - HKLM\System\CS1\Services\Tcpip\..\{05... Read more

Read other 6 answers
RELEVANCY SCORE 132.4

I'm was infected with Virtumonde because I had the pop-up window with saying I was infected with the one virus that it says and then lead you to another site with a virus scan but I got rid of those I think. The problem that I am having is something is changing my programs so they do not work like Lava soft Ad-aware when I tried starting it the computer would restart on it own and do it everytime I tried starting it. I ran VundoFix and that seemed to fix most of my problems but when I ran SpySweeper it still says that I have a Trojan-Downloader-Conhook, Adware Zeno search assistant, enbrowser, sidebyside search and a spycookie Aff6007 cookie. My internet is still acting funny, like when I try to play games on Pogo it says Applet(s) in this HTML page requires a version of Java different from the one the browser is currently using. In order to run the Applet(s) in the HTML page, a new browser session is required. Close all the Netscape browser sessions and start a new browser section to run the HTML page which never came up before I had these Trojans. Why did McAfee Internet Security stop these problems? Everytime I run my virus scan it says I am clean, as well as spybot and ad-aware. The only one that says I have a problem is SpySweeper. Any suggestions would be greatly appreciated, sorry if I sound a little confused on what the problem is but I am tired to trying to figure this out thanks it advance.Logfile of HijackThis v1.99.1Scan saved at 7:31:48 PM, on 4/9/2006Pla... Read more

A:Infected With Trojan-downloader-conhook, Trojan.linun, And Trojan.virtumod

Hi,

The forums are really busy, that explains why logs get behind. We start with the oldest logs first. If you still need some help, please start with posting a new hijackthislog in this thread. Don't start with a new thread.
Then I'll take a look.

Read other 10 answers
RELEVANCY SCORE 132.4

This is a business computer and it is very important that it runs properly, been having issues with it for a week now. I have tried running several anti-virus programs to no avail. Currently using Panda, but used some other free software like AVG etc.Hoping you can help me, here is the hijackthis logLogfile of Trend Micro HijackThis v2.0.2Scan saved at 5:12:36 PM, on 2/2/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Panda Security\Panda Antivirus Pro 2009\TPSrv.exeC:\PROGRAM FILES\PANDA SECURITY\PANDA ANTIVIRUS PRO 2009\WebProxy.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exeC:\Program Files\Citrix\GoToMyPC\g2svc.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Citrix\GoToMyPC\g2comm.exeC:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exeC:\Program Files\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exeC:\Program Files\Citrix\GoToMyPC\g2pre.exeC:\Program Files�... Read more

A:Business computer infected with Trojan/CI.A, Trojan Downloader.MDW, and Generic Trojan

Hi,This is a business computer and it is very important that it runs properlyNot sure if you're aware how severly infected this computer is.Since you are posting a log from a Company owned computer... There are a few things that need attention first before we proceed with this..* You must inform your Supervisor immediately.This because of:Most company machines are connected into a network at some time or other, and your infection may compromise the security of that network.If sensitive material is compromised by an infection, your company could be held liable.* Your Company must give permission for us to give you assistance.This because of:We are not here to replace your company's IT Department. If there's an IT Department, then they are responsible to deal with this.There may be sensitive material on your computer that your company would not want revealed in an open forum.Also, since this is a computer used at work - the first thing I always advise is to back up important files you don't want to lose, this since malware causes a system unstable and it may happen that it suddenly won't boot anymore, because of the damage already present.Your system is severly infected. Problem with these infections nowadays is, it causes a lot of damage. Even if we clean the malware off your system, I can't guarantee that your system will be clean afterwards, because these infections/bundles leave a lot of leftovers behind that most scanners won't even recognise and logs won't show.Also, I ca... Read more

Read other 2 answers
RELEVANCY SCORE 132.4

Hi, a friend gave me his machine to look at as it was getting pop ups.

I couldn't run in safe mode as machine wouldn't boot.

I changed the names of malware bytes and super anti spyware as they wouldn't install.

Did the compaq windows system restore and tried again.

I ran them both, mbam found 706 entries, superanti found 698.

I then installed nod32 and it found 5 entries.

I rebooted into safe mode, ran scans again with each - mbam said clean, super anti still says,:

Trojan.Rootkit/Gen - 19 entries
Trojan.Agent/Gen - 1 entry
Trojan.Downloader-TinyProxy/Mstre8 - 1 entry

Any help on removing these would be really appreciated, many thanks.

Regards

A:Trojan.RootKit/Gen Trojan.Agent/Gen Trojan.Downloaded-TinyProxy/Mstre8

Hello and welcome to TSF

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

Read other 1 answers
RELEVANCY SCORE 132.4

I've used Malwarebytes and Norton 360 to scan and re-scan my computer to remove any intrusions. I've also read other posts online to remove particular entries in my registry that were associated with these viruses. So far, my MBAM and Norton is saying my computer is clear, but the programs also said that the other day and found something new today. I've backed up my registry as well just in case. The trouble started when I opened up a flash movie file the other day and the security suite kept popping up. So I researched the suite and I knew (general virus knowledge) not to click yes on anything or to download anything. I finally got it to stop but I feel my computer is vulnerable now. Also my Norton 360 is picking up tracking cookies now when it scans, when I never used to have a lot of tracking cookies detected. I'm not 100% confident that my computer is safe. I haven't really used it since I got the Security Suite virus. I've only been running scans and searching online for more information on the removal. I also used Rkill in the process of removing the Security Suite. Your assistance in removing this issue for good is greatly appreciated.DDS (Ver_10-03-17.01) - NTFSx86 NETWORK Run by James Brinson at 22:45:14.70 on Wed 09/15/2010Internet Explorer: 8.0.7600.16385Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3070.1843 [GMT -4:00]SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}=====... Read more

A:Security Suite, Trojan.Hiloti, Trojan.Zefarch, Trojan.Agent.U

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

Read other 12 answers
RELEVANCY SCORE 132.4

Hello! I am so new to all of these! I already searched for the removal of these viruses and read in a lot of forums. All of these forums have logs, etc. involving the precious system files. I don't even understand the logs and I have read instruction on how to remove these but they do not guarantee anything. I am afraid that the PC might malfunction and be sent to the Repair Shop again. (It just got sent 4 days ago) I ran Malwarebyte's Anti-Malware and scanned my computer and found 46 infections. It shows the option that removes the selected files but I'm afraid because these files are categorized as 'Registry Keys, Registry Values, Memory Modules, and Registry Datas'. Should I delete them anyway?

And so, I want a professional, expert, etc. in all of these since I am such a sucker to all of these virus removal stuff.. I want that pro to walk with me through all of these. From the very first step to the very last and that is when the virus will be wiped out.. Please help..

A:Infected With Trojan.vundo, Trojan.bho, Trojan.agent, Malware.trace

Please copy/paste the MBam scn log for us to review.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner... Read more

Read other 10 answers
RELEVANCY SCORE 132

Hello, I'm sadly back again. I was here in the summer. My computer has been acting up. Lots of activites that point to infection. I also have seen my CPU usage jump and pretty much stay at 100% with no active applications open, virutally locked up, or locked up. Fan runs like crazy. My firewall was set to off, without me doing it. Poltergeist in this computer! Prep work as listed on the *Before you post* section is complete. I'm sorry that this posting is so long, but I'm including virus scans as well as the HijackThis log. I used Pandascan, and Bitdefender and my own Trendmicro ran overnight as well. Results for Pandascan:Incident Status Location Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Laurie Gassman\Favorites\Sites about\Ab scissor.url Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Laurie Gassman\Favorites\Sites about\Broadband comparison.url ... Read more

A:A Boat Load Of Trojans! Smitfraud, Trojan.winshow.js.b, Trojan.winshow. Trojan.agent.em, Troj Agent.oz, Tro Dloader.qf,tro...

Hello pacificoast, Since you are so infected, I want you to run some additonal scans.***************************************************Please download, update and run the a-squared Free 2.0 Select the "Deep Scan" button and press the Scan button.If malware is found, click the button "Remove Selected Malware"and save the log file by clicking on "Save Report". Let it delete whatever it finds. *************************************************** Download and install AVG Anti-Spyware 7.5 (formerly Ewido) 1. After download, double click on the file to launch the install process. 2. Choose a language, click "OK" and then click "Next". 3. Read the "License Agreement" and click "I Agree". 4. Accept the default installation path: C:\Program Files\AVG Anti-Spyware 7.5 and click "Next", then click "Install". 5. After setup completes, click "Finish" to start the program automatically or launch ewido by double-clicking its icon on your desktop or in the system tray. 6. The main "Status" menu will appear. You can select "Change state" to inactivate 'Resident Sheild' and 'Automatic Updates'. If you choose to do this, then right click on ewdio in the system tray and uncheck "Start with Windows". 7. Select the "Update" button and click "Start update". If you are having problems with the updater, manually update with the Ewido Full d... Read more

Read other 37 answers