Over 1 million tech questions and answers.

Removed trojan, removed settings changer, computer still not right

Q: Removed trojan, removed settings changer, computer still not right

Please help, my anti-virus removed a trojan a few days ago, tonight removed a settings changer, computer still not right. I can't download anything, can't save some word documents, everyday tasks are taking forever to accomplish.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:36:02 PM, on 7/6/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10t_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\sysWow64\SearchProtocolHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60195
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" class="wLink">http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" class="wLink">http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.verizon.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://toolbar.inbox.com/search/ie.aspx?tbid=80114&lng=en
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://toolbar.inbox.com/help/sa_customize.aspx?tbid=80114
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://toolbar.inbox.com/search/ie.aspx?tbid=80114&lng=en
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://toolbar.inbox.com/help/sa_customize.aspx?tbid=80114
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Inbox Toolbar - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~2\INBOXT~1\Inbox.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: 209.172.56.118 search.yahoo.com
O1 - Hosts: 209.172.56.118 www.bing.com
O2 - BHO: (no name) - MRI_DISABLED - (no file)
O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1079\TmIEPlg32.dll (file missing)
O2 - BHO: MapNeto 1 Toolbar - {1e7e4de1-5ef4-4baa-9250-c26258dc499a} - C:\Program Files (x86)\MapNeto_1\tbMapN.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: TmBpIeBHO - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: MapNeto 1 Toolbar - {1e7e4de1-5ef4-4baa-9250-c26258dc499a} - C:\Program Files (x86)\MapNeto_1\tbMapN.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Uninstall Adobe Download Manager] "C:\Program Files (x86)\NOS\bin\getPlusUninst_Adobe.exe" /Get1noarp
O4 - HKCU\..\Run: [Fyikokizicesojo] rundll32.exe "C:\Users\Greg\AppData\Local\ejosafuzawosa.dll",Startup
O4 - Global Startup: cleanddm.lnk = ?
O4 - Global Startup: MRI_DISABLED
O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files (x86)\GamesBar\2.0.1.55\oberontb.dll
O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files (x86)\GamesBar\2.0.1.55\oberontb.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~2\INBOXT~1\Inbox.dll
O18 - Protocol: intu-help-qb2 - {84D77A00-41B5-4B8B-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (file missing)
O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1079\TmIEPlg32.dll (file missing)
O20 - AppInit_DLLs: C:\PROGRA~2\Google\GOOGLE~3\GO36F4~1.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Trend Micro Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist Express Customer - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist Express Customer\209\g2ax_service.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: IHA_MessageCenter - Unknown owner - C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
O23 - Service: McciCMService64 - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Partner Service - Google Inc. - C:\ProgramData\Partner\Partner.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: Intel® Sample Collector (SampleCollector) - Intel Corporation - C:\Program Files\Sony\VAIO Care\collsvc.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServicepointService - Radialpoint Inc. - C:\Program Files (x86)\Verizon\VSP\ServicepointService.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
O23 - Service: VAIO Media plus Database Manager (SOHDBSvr) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe
O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
O23 - Service: VAIO Media plus Playlist Manager (SOHPlMgr) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (verizondm) (sprtsvc_verizondm) - SupportSoft, Inc. - C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe
O23 - Service: SupportSoft Repair Service (verizondm) (tgsrvc_verizondm) - SupportSoft, Inc. - C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe
O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata Intelligent Network Service Manager (VcmINSMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14036 bytes

RELEVANCY SCORE 200
Preferred Solution: Removed trojan, removed settings changer, computer still not right

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Removed trojan, removed settings changer, computer still not right

Hi,Please do the following:Please download DDS from either of these linksLINK 1 LINK 2and save it to your desktop.Disable any script blocking protection Double click dds to run the tool. When done, two DDS.txt's will open. Save both reports to your desktop.---------------------------------------------------Please include the contents of the following in your next reply:DDS.txtAttach.txt. NEXTPlease download aswMBR ( 511KB ) to your desktop.Double click the aswMBR.exe icon to run itClick the Scan button to start the scanOn completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Read other 2 answers
RELEVANCY SCORE 101.6

About a few weeks ago i noticed my Windows Updates no longer working. The error code meant there was a problem connecting to the windows server. So i thought it would fix itself. But it didn't. I did a bit more digging and this error code was linked to people having a DNS changer trojan. I did a spyware scan with Spyware doctor and this trojan came up. I tried to remove it with Spyware doctor, it said it had been removed. I restarted the pc to find it was back again. I scanned with superantispyware which found it also. Appeared to 'remove it', after a restart it was back, but this time windows update got a bit further. It found updates but when it started to download them it stopped and produced a different error code 8024402C. So it seems nothing i do actually removes it. I did some more searching on the internet and found some advice to change the DNS ip's in the registry that the trojan was using to the ones i want to use on the pc. I did this and they just changed back to the trojan DNS entries.

So to some up. This trojan is stopping me downloading windows updates and downloading anything from the microsoft website. It is also stopping any antivirus and spyware software from connecting to servers to get definition updates etc Any help would be much appreciated as this is the most stubborn spyware/malware ive ever had.

Here's my hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:44:44, on 18/11/2008
Platform: Windows Vist... Read more

A:Trojan.DNS-Changer Won't be removed

bump - I used combofix as i read in another DNS changer post that was recommended. Combofix found a few files, said it had to restart to remove them, just before the computer restarted i got a BSOD. Then windows wouldn't boot as the registry was either corrupted or not found. So i had to put my Vista DVD in and do a repair. Windows loaded up and the bloody trojan is still there :-(
 

Read other 3 answers
RELEVANCY SCORE 100.4

Ok Well To Start I found 12 Trojan.DNS Changers On my computer and the wont remove. I detected it with Malware bytes but it wont remove them.I reformatted my computer and there still there. Also my computer has been acting strang it will lock up on me and the only way to stop it is to manual reboot.Here is my RSIT logLogfile of random's system information tool 1.04 (written by random/random)Run by HP_Administrator at 2008-12-06 08:32:49Microsoft Windows XP Professional Service Pack 3System drive C: has 259 GB (93%) free of 277 GBTotal RAM: 2046 MB (69% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:32:51 AM, on 12/6/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Intel\Intel Matrix Storage Ma... Read more

A:Trojan.DNS Changer Wont Removed

Hello Coach Z,Tell me please, do you use a router?tea

Read other 11 answers
RELEVANCY SCORE 78.4

I received some sort of malware onto my computer this morning. I ran my updated malware bytes and it found 5 trojan downloader virus'. I also ran my McAfee scanner and it so far has found nothing. After re-starting my computer I found that it still re-routes me when I am on a website. This is the site that it brings up. http://www.xn-->,-kkagu.com/I have attached the log from my malware. I ran it again and it didn't find anything this time. If someone could give me an idea as to what to do next that would be great! Thank you!............................Malwarebytes' Anti-Malware 1.41Database version: 3267Windows 5.1.2600 Service Pack 312/1/2009 9:17:54 AMmbam-log-2009-12-01 (09-17-54).txtScan type: Full Scan (C:\|)Objects scanned: 244918Time elapsed: 1 hour(s), 33 minute(s), 35 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 1Files Infected: 4Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:C:\Documents and Settings\All Users\Application Data\15264844 (Rogue.Multiple) -> Quarantined and deleted successfully.Files Infected:C:\Documents and Settings\Krista Viglione�... Read more

A:Trojan virus cannot be removed from computer.

That 573.exe was something I had today and it tooks me hours to find. I finally got it with malwarebytes and went into temp files and personally deleted it and then emptied recycle bin. Make sure once you quarantine these, you delete them. Make sure you have the updated malwarebytes and run it after rebooting. Make sure to run it AS SOON as your computer starts. Make sure to go into the following file and delete that 573.exe file, that's the one that is rerouting you. C:\Documents and Settings\Krista Viglione\Local Settings\temp that is where the 573.exe is located. Make sure you have SHOW ALL HIDDEN FILES selected in your computer before you do this. Windows XP and Windows 2003To enable the viewing of Hidden files follow these steps: 1. Close all programs so that you are at your desktop. 2. Double-click on the My Computer icon. 3. Select the Tools menu and click Folder Options. 4. After the new window appears select the View tab. 5. Put a checkmark in the checkbox labeled Display the contents of system folders. 6. Under the Hidden files and folders section select the radio button labeled Show hidden files and folders. 7. Remove the checkmark from the checkbox labeled Hide file extensions for known file types. 8. Remove the checkmark from the checkbox labeled Hide protected operating system files. 9. Press the Apply button and then the OK button and shutdown My Computer. 10. Now your computer is configured to show all hidden files.Wi... Read more

Read other 4 answers
RELEVANCY SCORE 77.6

Windows XP SP3

I just installed windows on a new computer I got and when I put my old harddrives in, e:\ & g:\, AVG popped up and says I got a "SHeur2.NMJ Trojan Virus" on those drives. So I got rid of them and now when I access those hard drives through MY COMPUTER I get this error

"Windows cannot find 'RECYCLER\S-2-5-59-100006385-100030581-100019735-2957.com'. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search."

I had the same problem on my jump drive so I reformatted it and it worked. I can't really reformat these hard drives because they are huge. I mean I could but I'd need to buy a new hard drive to move all the important stuff.

The only way I can get to these hard drives is going to RUN and typing in "e:\" or "g:\". I've never ran into this before but it's a pain. My c:\ is working fine though. I ran a Hijack log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:08:22 PM, on 1/29/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfm... Read more

Read other answers
RELEVANCY SCORE 77.6

SHeur2.NMJ Trojan removed but still can't access my HDs through My Computer Windows XP SP2

Hi Everyone,

can someone help me and Dirk9000 as we have the same issue? I have just removed the SHeur2.NMJ Trojan Virus from my laptop and all is fine except for some reason I can no longer access my C harddrive via My Computer. When I click on the 'Local disk C' icon I get the following message:

"Windows cannot find 'RECYCLER/S-5-6-64-100019626-100029438-442
4.com' Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search."

If I right click and press explore I can get into my drive, or if I use 'windows key+E' but this is proving to be quite an irritant...

Can anyone help?

Best wishes,

Judd

Here is a Hijackthis log below:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:46:04, on 08/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS... Read more

Read other answers
RELEVANCY SCORE 77.6

My husband picked up a couple trojans a week ago. We were getting virus pop ups but didn't run our antivirus through the pop up incase it was fake. Also webpages were being redirected. Our AVG found 2 trojans which we removed. I also ran AVG anti-Rootkit, CCleaner, SuperAntiSpyware, Malwarebytes, and TDSSKiller. The TDSSKiller found another one which I removed.
Since the removal the computer was taking a while to load up our google homepage which it use to come up fast. Other webpages might have to be refreshed for them to show up otherwise the page is blank white. Random images aren't showing up and just have the red X. If I right click the image and click on show picture it will show up. It is a pain though looking through image search and having to right click on everything.
The day after the removal I decided to do a system restore to see if that would fix the problem. I opened up system restore and it only had one restore point from eariler that day. Usually it has points from 3 days up to a week before. This time it only had just the one since we had gotten the virus. I did adjust my restore so it does now have a restore point for each of the last couple days.
Yesterday my husband ran AVG just to make sure and it found two Java Trojans which we removed and ran all the scans again. The TDSSKiller didn't find any that time.
I don't know what to do now since I can't do a system restore to before we even got the first trojans. That is usually what fixes the problems i... Read more

A:Removed a trojan but now computer isn't acting normal.

Hello, Welcome to TSF.
I'm nasdaq and will be helping you.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

Please do not install or uninstall any programs, or run any other scanners or software, unless I specifically ask you to do so. Also please copy and paste logs into the thread, rather than add them as attachments.
===

Please download Malwarebytes Anti-Malware and save it to your desktop.[list]
alternate download link 2Make sure you are connected to the Internet.
Double-click on Download_mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware

Then click Finish.
MBAM will automatically start and you will be asked ... Read more

Read other 9 answers
RELEVANCY SCORE 76.8

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16447 BrowserJavaVersion: 10.7.2
Run by Luc-Michael at 15:22:16 on 2013-01-07
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.5942.2683 [GMT -5:00]
.
AV: Rogers Online Protection Anti-Virus *Enabled/Updated* {A61154FD-4365-E00F-9A33-13A09AD54B56}
SP: Rogers Online Protection Anti-Spyware *Enabled/Updated* {1D70B519-655F-EF81-A083-28D2E15201EB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Rogers Online Protection Firewall *Enabled* {9E2AD5D8-090A-E157-B16C-BA9564060C2D}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files (x86)\Rogers Online Protection\Rogers Online Protection\Fws.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\Bin�... Read more

A:Infected with Trojan virus Disables computer if removed. Need Help.

MBAM-Log

Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.06.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Luc-Michael :: LUC-MICHAEL-HP [administrator]

Protection: Disabled

06/01/2013 6:20:43 PM
MBAM-log-2013-01-07 (15-36-19).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 267442
Time elapsed: 4 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dplaysvr (Trojan.QHost.BG) -> Data: C:\Users\Luc-Michael\AppData\Local\dplaysvr.exe -> No action taken.

Registry Data Items Detected: 1
HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken.

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\Luc-Michael\Downloads\mplayer_Setup.exe (PUP.Bundle.Installer.OI) -> No action taken.
C:\update.exe (Trojan.Agent) -> No action taken.

(end)

Read other 27 answers
RELEVANCY SCORE 76.8

Hi guys - can I just say what a wonderful job you do on this forum (and indeed on similar forums!) -it's good to know people are out there trying to make a difference!

Anyway, I hope you can help.

First up - this is my Korean friend's computer, so the OS is in Korean but hopefully that doesn't matter...

Anyway, the computer was freezing and blue-screen problem (sorry i don't know the exact message, but i think it was "the system has become unstable" then the computer would do a memory dump, and restart. Sometimes the computer would freeze, esp. when surfing the internet using Internet Explorer. Avast anti-virus free edition was installed and updated when this started.

I downloaded MBAM in safe mode and tried to scan the computer, but it would hang except in safe-mode where it found 3 trojans. I will attach the log below. I tried running the AVAST boot scan, but it froze.

Post-removal of the trojan, the computer is slightly better, but enjoys rebooting and freezing when browsing using internet explorer. The computer will run fine in safe mode with networking, and fine in normal mode when not connected to the internet. This leads me to strongly suspect this or some other trojan/virus is still lurking somewhere! Anyway, i was looking for solutions on the web when i came across your forum and wondered if you could help? Thanks so much, Jonathan Amey

DDS (Ver_2011-07-14.01) - NTFS_x86
Internet Explorer: 8.0.7600.16385
Run by Administrat... Read more

A:MBAM removed trojan.dropper but computer still restarting

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:***************************************************First, I need to know if you still need help! To tell me this, please click on http://www.bleepingcomputer.com/logreply/409629 and follow the instructions there. If you do not still need help, this is all you need to do. If you do need help please continue below.***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
Please do this even if you have p... Read more

Read other 2 answers
RELEVANCY SCORE 76.8

A few days ago I got a warning that there were 4 trojans on my computer from my av software. I removed them as recommended by the software and now have svchost.exe using over 50% of my resources at all times. I have had complete crashes, unable to reboot, and other slowdowns since this happened. Please let me know what other information is needed. Thanks.

When I ran RootRepeal I got this message at the end
"Could not read system registry please contact the author"
DDS (Ver_09-12-01.01) - NTFSx86
Run by Thomas at 22:11:44.34 on Fri 01/01/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2292 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\DigitalPersona\Bin\DPWinLct.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\LEXPPS.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\b... Read more

A:Unknown Trojan Removed and Computer extremely slow now

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand corner ... Read more

Read other 23 answers
RELEVANCY SCORE 76.8

Hello to everyone on bleepingcomputers.com,

First off, I would like to apologize in advance if I've posted in the wrong forum..I would also like to mention that my computer skills/knowledge are average at best..So, I apologize for making things more complicated for everyone.

I will try to describe my situation as brief and accurate as possible..I recently had my computer infected by a terrible Trojan Virus (Trojan.Agent/Gen-Cryptic)..I had help from someone, to remove the Trojan from my computer..They guided me through certain steps like MBR Check, DDS, Rootkit Unhooker, ComboFix, OTL, etc..After guiding me through all the necessary steps, my computer was declared clean..Unfortunately after the clean, my computer wasn't performing properly..It was extremely slow/sluggish, when opening apps and connecting to the internet..I also had Windows Firewall shutting OFF, from time to time..I was then told at this point, to do a fresh install of Windows XP..Which brings me to my current problem..I've performed a fresh install twice, and for the life of me I cannot figure out why my computer feels like it's still infected..After the first fresh install of Windows XP I ran a scan with Malewarebytes Anti-Malware and it found:
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7032

Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 6.0.2900.2180

06/07/2011 8:23:28 AM
mbam-log-2011-07-06 (08-23-28).txt

Scan type: Full scan ... Read more

A:Removed Trojan.Agent/Gen-Cryptic from my computer and had to do a fresh install of Windows XP..However, I think my computer is...

Couple of questions to start with...

1. When you reinstalled Windows, was it clean installation, including formatting hard drive?
2. Was your computer physically connected to the net during reinstallation?
3. Did you put any backed up files back on freshly installed Windows?

Read other 13 answers
RELEVANCY SCORE 76

I have a HP Pavlion dv7-Windows 7 / 64 bit. Things change on this computer. On start, the icons are very slow to appear on desktop, my task manager format has changed - other odd performance. (Sorry but cannot think of specific issues, have been ill this past week & have "brain fog"). I have performed the steps requested. GMER only had the following boxes checked prior to scan: Services, Registry, Files, C:\, ADS. Saved the results and received an ARK file with 0 KB. A scan did run. Could not manually check the boxes indicated in the example.

I had tried to reinstall/recover from Drive D: but that failed. I ordered system recovery disks from HP & they would not run on start up, said they were incorrect for the system. This computer has had some really strange behavior for the past month. The task manager shows 3 processes (without descriptions & cannot open them or go to them via properties: csrss.exe, winlogon.exe, atieclxx.exe) Thank you so much for any help you can give!

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Carol at 22:44:47 on 2012-03-31
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.1943 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated*... Read more

A:Removed Trojan:Win32/Comroki-Computer performance issues

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 10 answers
RELEVANCY SCORE 76

Hello,

I recently used the very helpful guide on the home page of this site to remove the fake windows security popup alerts and the associated viruses. My computer has worked great for about a week, but then today, suddenly, my computer exploded with a number of "warnings" and pop-ups claiming my computer was infected. One particular warning showed up as a pop-up balloon on the bottom right telling me my virus protection was out of date, etc. Words were mispelled in the warning, indicating to me it was clearly another virus.

I'm running SUPERAntiSpyware Free addition on the infected computer right now, and it has found over 76 threats, including at least seven variations of trojans. These were certainly not on here a week ago when I ran this scan for the initial problem. Something tells me that even though I ran SUPERAntiSpyware and Malware-bytes the last time, something still remained.

Could this possibly be hiding in my system restore? About the only thing I've seen that could explain the issue is the need to toggle System Restore on and off after cleaning a system. I'm a bit leery of doing this. Should I try restoring to a point three weeks ago before all these problems occurred? Would that possibly take me back to a "clean" system? Or, should I trust the virus scans and malware removals that tell me my system is clean and just delete all my old system restores and start fresh?

I'd appreciate any advice/help someone can pr... Read more

Read other answers
RELEVANCY SCORE 75.2

First of all, thank you so much for taking the time to help me.
 
Every single game I play online will have some kind of strange problem.
 
Games for example:
 
RED ORCHESTRA 2:
I get a 'Speed hack deteced' and im stuck in one spot for a couple of seconds, after it happens a few times I get session banned. (This happens in every server)
 
HALF LIFE'S Sven co-op:
I will play normal for like 1-3 min and then I will get stuck a couple of times in one spot for a couple of seconds, kinda like a time out, eventually I get kicked for reason:
''You have been disconnected from server. Reason: Reliable channel overflow.' (This also happens in every server)
 
And other games:
I'll play normaly for like 1-3 min and then I'll get stuck in one spot, I can see my player animated running forward but he is stuck in the same position for a couple of seconds, some games don't kick me and just let me continue playing even though the time out thing will occur every 1-3 min.
 
My ping shows normal when this time out happens in every game, it dosent seem to spike or jump.
 
Things ive done to try to resolve the issue:
 
I have called my ISP to see if it was a connectivity issue, they tell me my connection is fine. I am using Cable internet directly connected to my tower.
 
I've ran Windows Microsoft security Essentials: Nothing found
I've ran Malwarebytes malware remover: Nothing found
I've ran Hitman pro: It found some tracking cookies and removed them
... Read more

A:Found Trojan:Win32/Meredrop, I removed it but computer is still acting strange.

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Nothing suspicious was found on your DDS log.Lets continue.--RogueKiller--Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit Quit all programs that you may have started.Please disconnect any USB or external drives from the computer before you run this scan!For Vista or Windows 7, right-click and select "Run as Administrator to start"For Windows XP, double-click to start.Wait until Prescan has finished ...Then Click on "Scan" buttonWait until the Status box shows "Scan Finished"click on "delete"Wait until the Status box shows "Deleting Finished"Click on "Report" and copy/paste the content of the Notepad into your next reply.The log should be found in RKreport[1].txt on your DesktopExit/Close RogueKiller+Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Click the Report button and the report will open in Notepad.IMPORTANTIf you click the Clean button all items listed in the report will be removed.If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.Close all open programs and internet browsers.Double click on AdwCleaner.... Read more

Read other 8 answers
RELEVANCY SCORE 75.2

This afternoon I used Windows Defender Offline to remove the Aluran Trojan from my laptop. After rebooting, my laptop will not reboot to Windows. I am in a constant loop where I get the BSoD and then it tries to boot again.
 
I have created a search.txt file and frst.txt log file using Farbar. Can somebody help me figure out what I should use for my fixlist.txt file?
 
Thanks,
Sage

A:Removed Trojan Aluran with Windows Defender Offline - Computer will not boot now

edit

Read other 4 answers
RELEVANCY SCORE 75.2

Hello all, this is my first post though I've read through some threads before. I noticed my browser was redirecting my searches to other advertising sites randomly, so I ran malwarebytes (after ccleaner) to see what was going on. It found a couple things, including Trojan.FlyStudi.Gen in the c:\WINDOWS\system32\35DEDD\ directory. I deleted that directory altogether after cleaning it (this was on 3/16). A week prior on 3/10 I had run the scan and had it removed Trojan.Hiloti, Trojan.Agent, Worm.Autorun, and HackTool.Patcher from a few files in the same dierctory and the system restore volume (which I have since disabled).

While my browser is no longer redirecting (I looked for proxys too, none there anymore at least) and my hosts file was clean, now the computer still seems 'hesitant' moreso than before, even. Every time I click on something in the browser but I think in general as well, it hesitates like the processor is in use.

The most concerning news today was that a client of mine who has a joomla website hosted through godaddy just had her site go down. It was hacked with some iframe code in index.php, which I was able to remove and hopefully cure. However, I had this client's (and many of mine as well) login and password information to the hosting provider stored in filezilla. Just today I read that filezilla stores passwords in plain text (is this true??) and am worried that her password and possibly my other accounts and clients sites co... Read more

A:Trojan.flystudi.gen, google redirects, partially removed but computer still slow

Hello, Welcome to TSF.
I'm nasdaq and will be helping you.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

Please do not install or uninstall any programs, or run any other scanners or software, unless I specifically ask you to do so. Also please copy and paste logs into the thread, rather than add them as attachments.
===

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this ... Read more

Read other 12 answers
RELEVANCY SCORE 75.2

Our antivirus failed somehow and the computer started running abnormally slow. Downloaded shaw secure, scan was clean, downloaded malwarebytes and found 21 problems (see below). Then ran trojan remover from Symantec and found 2 more. Removed them. Computer is still SO SLOW and I am not super tech savvy. I have posted a hijackthis log...any help is appreciated SO SO MUCH!!Registry Keys Infected:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{49d63e18-33b1-46f2-82c2-39431fb94794} (Trojan.Vundo) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{49d63e18-33b1-46f2-82c2-39431fb94794} (Trojan.Vundo) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.HKEY_CURRENT_... Read more

A:Found trojan.vundo and several other malware, removed and computer is still uber slow

Since posting this, I read that a DDS.txt is helpful too and am adding that. thank you for your help!!
DDS (Ver_09-07-30.01) - NTFSx86
Run by Owner at 7:52:37.21 on Sat 08/08/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.182 [GMT -7:00]

AV: Shaw Secure 8.02 *On-access scanning enabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: Shaw Secure 8.02 *enabled* {D4747503-0346-49EB-9262-997542F79BF4}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\Shaw Secure\Common\FSMA32.EXE
C:\Program Files\Shaw Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\Shaw Secure\Common\FSMB32.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\W... Read more

Read other 10 answers
RELEVANCY SCORE 74.4

Got the Anti-virus soft virus more then a couple of weeks ago and was pretty sure I got it all. One of the things it did was attack my Hotmail account and send emails out to everyone in my contact list and my girlfriend got the (something) essentials 2010. I will post about that later on if I have problems. I was going to use the Hirens 10.2 boot disk and see if I could finish it off. I received an email from her with a couple of pictures of the kids. I opened one but not the other. The problem is she didn?t send me the email. Anyway I have used various spy-ware and malware removal tools as suggested from this very helpful forum and have the logs if you want to see them. So I am hoping you can take a look at my logs and see if you see any discrepancies. Thinking I need to reinstall Avast but not sure. I have used the basics and quarantined quit a bit of trojans and others. I have used Malwarebytes (Which I used first and didn't completely remove Anti-virus Soft.) SuperAntiSpyware, HyjackThis, Spybot, RootKitBuster, (I wasn't sure how interpret the log and what to do) SpyWareBuster, Combofix, a-squared Free, (Wish I could delete a2squared.exe from my start-up list) Dr.Web, (I had a warning on Combofix about a possible Varuit but it didn't find one) Norman Malware Cleaner, CCleaner, ATF Cleaner, Ran scans with Trend Micro Housecall and Avast. I think that?s it. I have the logs if you wish to see them.-------------------------------------------DDS (Ver_09-12-01.01) -... Read more

A:Originally had Anti-virus Soft. Thought I had removed it. Have removed various Trojans and malware in the last week.

Here is an updated file. Had to uninstall all antivirus and delete all entries including registry. Had many entries from past antivirus software. I then did a clean install of Avira. Sorry if that caused any problems.DDS (Ver_09-12-01.01) - NTFSx86 Run by Owner at 2:23:36.06 on Wed 03/03/2010Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_18Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1791.1005 [GMT -8:00]AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}============== Running Processes ===============C:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\svchost.exe -k HTTPFilterC:\WINDOWS\system32\lxdxcoms.exeC:\WINDOWS\System32\svchost.exe -k imgsvcC:\WINDOWS\Explorer.EXEC:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exeC:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Avira\AntiVir Desktop\sched.exeC:\Program Files\Avira\AntiVir Desktop\avgnt.exeC:\Program Files\Avira\AntiVir Desktop\avguard.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Avira\AntiVir Desktop&... Read more

Read other 26 answers
RELEVANCY SCORE 74.4

Hello all, this is my first post though I've read through some threads before. I noticed my browser was redirecting my searches to other advertising sites randomly, so I ran malwarebytes (after ccleaner) to see what was going on. It found a couple things, including Trojan.FlyStudi.Gen in the c:\WINDOWS\system32\35DEDD\ directory. I deleted that directory altogether after cleaning it (this was on 3/16). A week prior on 3/10 I had run the scan and had it removed Trojan.Hiloti, Trojan.Agent, Worm.Autorun, and HackTool.Patcher from a few files in the same dierctory and the system restore volume (which I have since disabled).

While my browser is no longer redirecting (I looked for proxys too, none there anymore at least) and my hosts file was clean, now the computer still seems 'hesitant' moreso than before, even. Every time I click on something in the browser but I think in general as well, it hesitates like the processor is in use.

The most concerning news today was that a client of mine who has a joomla website hosted through godaddy just had her site go down. It was hacked with some iframe code in index.php, which I was able to remove and hopefully cure. However, I had this client's (and many of mine as well) login and password information to the hosting provider stored in filezilla. Just today I read that filezilla stores passwords in plain text (is this true??) and am worried that her password and possibly my other accounts and ... Read more

A:Trojan.flystudi.gen, google redirects, partially removed but browser/computer still stalling

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

Read other 29 answers
RELEVANCY SCORE 74.4

Hi there, I have Vista Home premium, 64-bit, and all has been working just fine, until September 1 when I got a "Java Update" notification. I accepted the update, and ever since then, intermittently my computer freezes. I ran all sorts of antivirus, malware, spyware, programs, and found the trojan: javainstaller.jar. I searched on Java's site and found this: http://www.java.com/...cache_virus.xml

Nice.

Followed their instructions to get rid of it, and the freezing is less, but still happens a few times a day. It usually freezes with Firefox up and running, and I've tried ctrl-alt-del to get to task manager to end the non-responsive program (firefox). I cannot get task manager, it simply will not come up.

Any ideas? This is so aggravating, since i was downloading a trusted update from a so-called trusted company. Now my 1YO laptop appears to be pooched. Not sure how to get rid of the latest java update either, and no, i do not have a restore point to go back to (dumb, i know).

A:[SOLVED] 64bit Vista Trojan in java update, removed, but computer still freezing

problem solved. removed java, rebooted. reinstalled java, rebooted. no more freezing.

Read other 2 answers
RELEVANCY SCORE 72

Please help! After a ransom virus was removed from our desktop computer (originally a display model at Sam's), my administrator account is no longer visible...Only "Kiosk" and "Other User" . I have checked to see that net user administrator /active yes is successful but still do not see my user account listed. Any help would be appreciated.

BTW, I cannot login to windows AT ALL!

A:Login name removed after ransom virus removed

I wouldn't trust a used computer without reinstalling Windows.
No telling what is on it or what has been done to it.
If the PC has a valid COA with a readable license you can do a clean install at no cost.
This tutorial has everything needed for a clean install.
Clean Reinstall - Factory OEM Windows 7

Read other 4 answers
RELEVANCY SCORE 72

WINDOWS WILL NOT RUN AT ALL SINCE I REMOVED, WITHOUT USING USING RELEASE LEVER ,CPU CHIP ALONG WITH COOLING FAN. NOW WINDOWS DOES NOT LOAD AT ALL. APPRECIATE ANY HELP. COMPUTER IS HP PAVILION 455OZ.THANKS
 

A:Removed By Accident Removed Cpu Chip Along With Cooling Fan.

A friend did the same exact thing monday, with a Pavillion 6545C. Check the chip, if pins are missing you are for all intents and purposes screwed. His broke a few pins of in the chip socket. He is looking for a new box now. I was supossed to fix it for him but he couldn't wait and decided to do it himself, I am just glade he did it and not me, I can't afford to replace a computer right now.
 

Read other 10 answers
RELEVANCY SCORE 72

Hi, I'm on Windows 8.1 64-bit. There's proxy settings in PC Settings that I can't remove. It has this in the address: http=127.0.0.1:8080;https=127.0.0.1:8080
 
It appears in PC settings>Network, but not in Internet Options>Connections>LAN Settings. But I can't edit in Internet Options either. I tried the supposed fixes (for Windows 7) that I found here but none of them work.
 
I ran a scan in FRST64 and this is what came up:
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2015 01
Ran by Winfred Arman Lati (administrator) on WIN on 16-01-2015 22:19:20
Running from C:\Users\Winfred Arman Lati\Downloads
Loaded Profiles: Winfred Arman Lati (Available profiles: Winfred Arman Lati)
Platform: Windows 8.1 Single Language (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
() C:\Program Files (x86)\Common Files\Microsoft\Care Suite\ADUService\ADUServ... Read more

A:Proxy settings that can't be removed

Hey, Please move FRST to your Desktop.Step 1: AdwarecleanerPlease download AdwCleaner (by Xplode) from the link below and save it to your Desktop:Download Mirror #1Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)Click Scan and let the scan run.When it finishes, click Clean, following the on screen promptsAfter your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.Note: The log can also be found in here: C:\AdwCleaner\Step 2: MalwarebytesPlease download Malwarebytes Anti-Malware to your desktop Install the progamme and select updateOnce it has updated select Settings > Detection and ProtectionTick Scan for rootkitsGo back to the Dashboard and select Scan NowIf threats are detected, click the Apply Actions button, MBAM will ask for a reboot.On completion of the scan (or after the reboot) select View Detailed LogSelect Export > Select text file and save to the desktopAttach/Post that logStep 3: Junkware Removal Tool  Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".The tool will open and start scanning your system.Please be patient as this can take a while to complete depending on your system's specifications.On completion, a log ... Read more

Read other 35 answers
RELEVANCY SCORE 71.2

This is more of an annoyance than a problem but I thought I would post it and see what you guys think. So after updating from Windows 7 to Windows 10 I'm really liking the new OS except for one nagging issue. After installing the AMD driver package everything works fine for about a week or so then for some reason my system decides I don't need the Radeon Settings program and uninstalls it but leaves the drivers alone. Is there any reason why Windows would do this?

Read other answers
RELEVANCY SCORE 70.4

System performed an update now no Wireless settings are showing. Driver is missing. Attempted to download driver from site, everything appears to work. System restarts but drivers still not showing. Pretty upsetting that I am no able to get support for something that was not caused by any actions on my end but an update that the HP forced on me and is clearly defective.

A:Update removed Drivers No Wi-Fi settings avaiable

Hi: The only suggestions I can offer are these... 1.  See if running this utility finds and fixes the problem. This package provides HP Sure Connect (HP Wireless Rescue Tool) for supported models running a supported operating system. HP Sure Connect automatically recovers the driver of a communications device that has stopped functioning. http://ftp.hp.com/pub/softpaq/sp78001-78500/sp78408.exe 2. The parts list for your notebook indicates that is comes with a Realtek RTL8188EE 802.11bg/n 1x1 WiFi adapter. If the parts list is correct, install the most recent driver for that model wlan card from the link below... This package contains the driver installation package for the Realtek RTL8723BE/RTL8188EE wireless LAN Controller in the supported notebook models running a supported operating system.  2023.48.1130.2016 Rev.A   Feb 9, 2017 http://ftp.hp.com/pub/softpaq/sp79001-79500/sp79095.exe

Read other 1 answers
RELEVANCY SCORE 70.4

I recently uninstalled the CA online security package that came with my AT&T DSL. They now provide a norton product which appears to be the 2007 version.

After installing the Norton suite and running a scan all of the dial up networks that i had saved were no longer in my network connections folder.

I have tried to create new dialup networks and they appear to save and there will be a desktop shortcut created if i select that option in the add new connection wizard. when i look in the network connections folder the newly created connection is not there.

I would like to see if anyone has some tips to do the following:

1. configure norton so that it allows me to create dial up connections.
2. restore the dial up networks (dialers) that i had saved prior to installing Norton.

Thanks!!
 

Read other answers
RELEVANCY SCORE 70.4

Up until a few months ago I was using a slideshow with a number of pictures set to change picture every 10 seconds. This setting was hidden in Windows 10 but still accessible by using Run: control /name Microsoft.Personalization /page pageWallpaper
This took you to a page where you could set the picture to change every 10 seconds as well as select and deselect specific pictures in your selected folder that should be included or excluded in the slideshow. This workaround is no longer possible as the
above command takes you to the Windows 10 version of it. Here you can only select 1 minute as the fastest transition, and you can only select a folder (no longer able to deselect certain pictures). 
According to WindowsCentral's comment section, it seems that after the Creators update this was changed.
My question is: is it still possible through either editing it through the registry, or through some powershell command to have the background picture slideshow change picture every 10 seconds (or 30 seconds, or anything below 1 minute) as well as select/deselect
specific pictures?

Read other answers
RELEVANCY SCORE 70.4

I AM REPOSTING- SOMEHOW GOT SKIPPED
 
 
 
 
 
Hi ,, been here before and never been able to solve this issue,, The last suggestion by a member was to do a clean reinstall,,.however, I have read in other forums, that may not clear up some of the issues...With that said, I have downloaded RogueKiller  and I will attach log.. So, no internet via Wifi,, i am hard wired,, network adaptor has exclamation point on it: B/G 8-11,,,,try to install update, and it gives an error 1-Problems with NVIDIA GE Force,,, backend quits- t.. I just recently  downloaded a tool to fix registry, and I am pretty certain its legit..I have fixed some recent issues, like freeze ups, and BSD's etc.. So now i REALLY WANT TO, get on Windows 7.
 
 
SECOND TEXT:
 trying now to fix Network Adaptors-limited knowledge is power- NOT!!! scratch my comment on registry, not for us amateurs to play around with,, ,,So the issues are: No Wifi, Driver issues: B G 8/11 Network Adaptor- Network can't be seen or found, can't install the driver-  I am on Vista 64 HP Pavillion I use Avast, and recently used root-killer,, probably screwed up, but I think malwarebytes messed me up originally many months ago- i am also attaching recent ADw Cleaner logs,, had some bad stuff again,..
 
 
HOPE, you can help- Thank you

A:I have been infected,- was removed-caused damage to settings?

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/569212 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

Read other 97 answers
RELEVANCY SCORE 69.6

I removed a virus from XP and all my desktop settings were changed, when I opened firefox, my bookmarks were gone and my thunderbird mail account was also gone. Now I can't open firefox at all.

I'm not sure I remember exactly how I removed the virus, I was trying everything, but I was dinking around in the registry, and may have deleted one of the "has no value" settings.

I have tried system restore, several times, but the restoration is incomplete. I tried a system restore in safe mode - still incomplete.

Any suggestions?

Thanks.

A:I removed a virus and lost all settings, email and browser.

Well...your assumption that your system is not infected now...is questionable, IMO. (FWIW: I hardly ever believe members when they state that they have properly removed malware on their own...when the system still malperforms.)

a. If the system is infected, then the priority must be attempted removal of malware...via the Am I Infected forum.

b. If the system is truly clean...and you have a MS Windows CD...I would suggest a repair install effort.

c. If you don't have a MS Genuine XP CD...then your options are limited and determined by the manufacturer of your system. These options might include restore-to-factory default disk/partitions procedures determined by the manufacturer.

System manufacturer and model?

Louis

Read other 1 answers
RELEVANCY SCORE 69.6

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.45.2
Run by Tyrone at 1:06:25 on 2013-12-11
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6010.4399 [GMT -8:00]
.
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Common Files\Intel\Wireless... Read more

A:removed virus and restored to factory settings... Still compromised?!

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===Your DDS log is clean.Any issues with this computer?

Read other 2 answers
RELEVANCY SCORE 68.8

Mod Edit: Moved to proper forum ~~boopme
 
 
Hello - and thanks for help in advance. I am running Windows XP - fully updated with all latest service packs.
 
For the second time in a couple of months my PC became infected with PCEU ransomeware. Previously (last December) I removed this using ComboFix with no issues and so attempted the same again. After some hassle (couldn't boot into safe mode) I eventually managed to get a brief window to run ComboFix booting into safe mode with command prompt.
 
Here is the ComboFix Log:
 
 
ComboFix 13-02-24.01 - Paul 26/02/2013   0:54.2.4 - x86 MINIMAL
Running from: c:\documents and settings\Paul\My Documents\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\5280702.js
c:\documents and settings\All Users\Application Data\5280702.pad
c:\documents and settings\Paul\Application Data\ldr.mcb
c:\windows\system32\Cache
c:\windows\system32\Cache\26c630d098e22dd5.fb
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.... Read more

A:PCEU Ransomware removed using ComboFix - now no iexplore or network settings!

Just a quick note to say I'm still actively looking for help in this problem but will be out of town until Sunday so if you do help me (and I thank-you if you do) please don't expect a response from me until Monday at the earliest.
 
Many thanks
SB

Read other 8 answers
RELEVANCY SCORE 68

Hello,

I started my desktop computer and the desktop was blank. All my files from the desktop and from my user folder have been moved to C:\Users\DH (DH is the name of my account). All the settings in my account are deleted. For example I can't access to my Outlook and so on.

It seems that the computer somehow destroyed my account (account settings) and moved my data from user folders (Documents, Downloads etc.) to C:\Users\DH.

Is there any way how to get back to my normal account? Right now I am in my account, but the account just simply is not there.

Read other answers
RELEVANCY SCORE 68

Hi, I was working on my pc last night. I left the room and when I came back my desktop wallpaper was gone and replaced by a screen stating the following: WARNING - Your're in Danger etc etc. I couldn't open any programmes I just kept getting pop-ups asking me to buy a product to get rid of spyware - it was called system tool? I restarted pc in safe mode and ran Malwarebytes anti-malware. It eventually (after pc crashing a couple of times) found and removed "Trojan.Fake Alert" and "Trojan.zbotR.Gen". I can now use the pc but am worried that it may still be infected I have tried to scan it with AVG but pc keeps shutting down before scan is completed. I'd be grateful for any advice, Thanks

A:MBAM Removed Trojan.Fake Alert and Trojan.zbotR.gen Is my PC Still Infected?

My hubby had this problem. It took me ages to sort it out.
Nothing stays open long enough, if it will open, to sort it out. I had to open XP in safe mode by continuously pressing F8 on start up. I followed instructions on how to use RKill found on this site. RKill stopped the virus from preventing internet etc from being opened.
I then downloaded Spyware Doctor anti-malware which I thought had sorted the problem out.
Don't reboot after using RKill or the virus might return, use Malwarebytes to clean it up first, I did this after I had run RKill in safe mode and also had to use RKill again followed by Malwarebytes in usual windows XP when the virus returned after computer had been turned off completely and restarted. The system is now clean and virus has not returned.
Also, something called BADARemote seems to carry viruses, when I cleaned out the virus, the BADARemote icon was in my start up menu where the icon for the bogus security centre had been. I googled BADARemote and found others had had problems with it too, thinking it was supposed to be on the system. It is easily got rid of, I found instructions in google, will try to find a link for you if you have the same problem as we did.
Best wishes.
K

P.S. trouble started with hubby clicking on a web link so make sure you have your security settings enabled to warn you of potentially danger in real time from such links.

Read other 3 answers
RELEVANCY SCORE 67.6

Hi,Could someone please help me to clean up my machine after MBAM removed Trojan.Agent and Trojan.Vundo.H? MBAM looks like it worked but suspiciously there's a file that was deleted that returned by itself.1. Removed Trojan.Agent using MBAM.Malwarebytes' Anti-Malware 1.35Database version: 1915Windows 5.1.2600 Service Pack 318/04/2009 11:27:45 PMScan type: Full Scan (C:\|)Objects scanned: 142863Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 1Registry Data Items Infected: 0Folders Infected: 0Files Infected: 1Registry Values Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wcayulecugofu (Trojan.Agent) -> Delete on reboot.Files Infected:C:\WINDOWS\unilobakamodeta.dll (Trojan.Agent) -> Delete on reboot.2. Updated MBAMMalwarebytes' Anti-Malware 1.36Database version: 2000Windows 5.1.2600 Service Pack 318/04/2009 11:56:36 PMScan type: Quick ScanObjects scanned: 71077Time elapsed: 2 minute(s), 31 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 1Folders Infected: 0Files Infected: 1Registry Data Items Infected:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: dkblmn.dll -> Not selected for removal.Files Infected:C:\WINDOWS\dkblmn.dll (Trojan.Vundo.H) -&... Read more

A:Clean-up after MBAM removed Trojan.Agent and Trojan.Vundo.H

Hi,Sorry for the delay in responding. Please do this:Please use the Internet Explorer browser (or FireFox with IETab), and do an online scan with Kaspersky Online ScannerNote: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX componentClick Yes, when prompted to install its ActiveX component.(Note.. for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)The program launches and downloads the latest definition files. Once the files are downloaded click on Next Click on Scan Settings and configure as follows: Scan using the following Anti-Virus database:ExtendedScan Options:Scan Archives
Scan Mail Bases Click OK and, under select a target to scan, select My ComputerWhen the scan is done, in the Scan is completed window (below), any infection is displayed. There is no option to clean/disinfect, however, we need to analyze the information on the report. To obtain the report:Click on: Save Report As (above - red blinking arrow)Next, in the Save as prompt, Save in area, select: DesktopIn the File name area, use KScan, or something similarIn Save as type, click the drop arrow and select: Text file [*.txt] Then, click: Save Please post the Kaspersky... Read more

Read other 9 answers
RELEVANCY SCORE 67.6

Well About 3 Days Ago I Installed Comodo Antivirus, Comodo Firewall Pro, and Comodo BOClean, after my brother "accidently" removed my outdated Spysweeper. I ran both Firewall Pro and Antivirus and they found A Trojan and removed it, but since then my internet is severly crippled. I can't open new tabs and i can't download anything, I've tried to use Hijack This and it says,

Internet Explorer cannot download HJTInstall.exe From www.trendsecure.com.
Internet Explorer was not able to open this Internet site. The requested site is either unavailiable or cannot be found. Please try again later.

I struggled with Adzgalore but thats gone (thank God), but that was removed and i have not been bothered by the pop-ups since.
In General im having these symptoms

- I cannot run Task Manager or Registry Edit
- Internet Explorer 7 cannot open new tabs or download things (ive had luck with .zip files)
- I cannot Hijack This when i download it as a .zip file, ive extracted it and it left me with an icon that says HijackThis.exe, when i click on it nothing happens..
- IE Cannot reset itself, It messes up when it tries to Reset User Customizations
- Comodo removed something called Trojan-PSW.Win32.OnlineGames (i have a theory about where this came from if you need it)
- I Really Need Help!!!

A:I Removed A Trojan, But....

A few suggestions:Try running your virus scan in Safe Mode (How to start Windows in Safe Mode).Run the RRT (Remove Restrictions Tool).For your internet problems:Log on as an administrator, go Start > Run and type: "cmd". In the window that appears type: "netsh winsock reset". When the program is finished, you will receive the message: "Successfully reset the Winsock Catalog. You must restart the machine in order to complete the reset." Close the command box and reboot your computer.Go Start > Run > type: "cmd" In the window that appears type: "ipconfig /flushdns". Close the command box.Go Start > Control Panel > Network Connections. Right click on your default connection, usually Local Area Connection or Dial-up Connection if you are using Dial-up, and and choose Properties. Double-click on the Internet Protocol (TCP/IP) item. Select the radio button that says "Obtain DNS servers automatically". Reboot. Warning: Some Internet Service Providers need specific DNS settings. You need to make sure that you know if such DNS settings are required before you make this change.

Read other 3 answers
RELEVANCY SCORE 67.6

Hey guys, recently I ran a McAfee scan and came up with two trojan viruses. I was able to remove one just fine but the other one it says I cannot remove. It's in C:\\WINDOWS\system32\svchost.exe and it's detection name is BackDoor-DOB!mem.

What can I do about this? Thanks.
 

Read other answers
RELEVANCY SCORE 67.6

Hi all
 
i have a trojan infection that keeps showing banners on the internet pages and it opens an on click pop up ,
 
recently i noticed that it prevents documents from preview and download from my gmail account.
 
i tired spybot version 2.2 but it could not remove this, it still showing that disturbing banners and adds, hense that i am using multiple browsers on my machine ( chrome , firefox and IE) ..
 
before my machine infected with the same, but i found a software which i dont remember its name and from where i download..
 
so anyone can help in this ?
 
regards

A:A trojan that cannot be removed

Hello Victim,Welcome to Bleeping Computer.My name is fireman4it and I will be helping you with your Malware problem.Please take note of some guidelines for this fix:Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.If you do not understand any step(s) provided, please do not hesitate to ask before continuing.Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.Finally, please reply using the Post button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.1.Download AdwCleanerDouble click on AdwCleaner.exe to run the tool.***Note: Windows Vista and Windows 7 users:Right click in the adwCleaner.exe and select "Run as administrator"Click the Scan button.A logfile will automatically open after the scan has finished.Please post the content of that logfile in your next reply.Or you can find the logfile at C:\AdwCleaner[R1].txt.2.Download RogueKiller on the deskt... Read more

Read other 2 answers
RELEVANCY SCORE 67.6

hi all

Scanned my computer with avg n ad aware.Found a trojan by tke name of trojan horse downloader mediket.A.AVG can't remove it as it is 'embedded'.i chose 'heal' 4 ad aware but after a few days,i can't shut down my computer again.btw the problem the trojan gave me was not being able to shut down my computer properly....is the trojan a serious one?i cannot delte or move it to virus vault or heal it.....using AVG 7.0

Logfile of HijackThis v1.98.2
Scan saved at 6:20:48 PM, on 12/16/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\TASKMON.EXE
C:\INSTALLERS\MODEM\WINPPPOVERETHERNET.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\SOFTWARES\ZONEALARM\ZLCLIENT.EXE
C:\SOFTWARES\AVG7.0\AVGCC.EXE
C:\SOFTWARES\AVG7.0\AVGEMC.EXE
C:\SOFTWARES\AVG7.0\AVGAMSVR.EXE
C:\SOFTWARES\POP-UP STOPPER FREE EDITION\PSFREE.EXE
C:\PROGRAM FILES\MSI\CORE CENTER\CORECENTER.EXE
C:\SOFTWARES\SPYWAREGUARD\SGMAIN.EXE
C:\SOFTWARES\SPYWAREGUARD\SGBHP.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM... Read more

A:trojan can't be removed?!!!

hi, do a few online scans from here. where is the trojan located exactly?
delete and clean out your temp files. turn off system restore.
Run an online antivirus check from at least one and preferably 2 of the following sites....
http://housecall.trendmicro.com/
http://www.pandasoftware.com/activescan/
http://www.ravantivirus.com/scan/

make sure autoclean is enabled on the scans

post another log

khaz
 

Read other 2 answers
RELEVANCY SCORE 67.6

Hi,

I was wondering if someone can help me with this.

I have windows XP.

I installed McAfee antivirus and it detected a virus "new Malware!bot" in C:\\windows\system32\nqw.exe

but when I click "clean" it says it can't. And when I click "delete" it says it can't and when I click "quarantine" it says it cant.

I tried looking for the file but i didn't find it.

Can someone help me with this?

Thanks.
 

A:pls help - trojan that won't be removed

Read other 12 answers
RELEVANCY SCORE 67.6

O/S windows 732 bitHistory of the issue:Recently I had a trojan attack on my system wherein I received some hard drive corrupted messages, most of my folders got hidden, had some random updates for my flash player which never went away and I could not start the windows security. I started on safe mode and searched the internet and came across this extremely helpful site and used some of the tools recommended such as Superantispyware, Rkill and Unhide. With those tools I managed to remove the most of the errors, but the system is still not fully clean. Internet explorer is seriously corrupted i.e. everytime I click on a google searched link I will be redirected to some random ad website and if I do manage to get the correct site, the computer becomes so slow that it takes ages to load the pages. Everyday when I start the system the Superantispyware detects the same adware cookies which were previously deleted and sometimes trojans are detected. It seems like some sort of trojan gets activated everytime I start the system and automatically creates these cookies and stores it in a folder which seems like one of the user's name but it is not, it is a folder with a name similar to the user name. I cannot find this folder under C:\Users when I try to look for it.Any ideas of how to clean my computer without having to formatting the drive?Your help is much appreciated.*Moderator Edit: Moved topic from Windows 7 to the more appropriate forum. ~ Queen-Evie*

A:Trojan still not being removed

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results hereDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

Read other 33 answers
RELEVANCY SCORE 67.6

I had a trojan, but got it removed... it was pain in the ass

Now i got some serious problems-.-
Whenever i open a file, it automatical shows: "Open file with:".
Whatever i open with, it wont work correctly.

But if i from scratch open the file as admin, it works fine.
What a pain! What can i do?

A:I had a trojan and removed it... But now the .....

Hello n0men, and welcome to Vista Forums.

Downloading and merging the exe and lnk (LNK) options in the tutorial below may be able to fix this for you. They will restore the default associations for these file extensions.

Default File Type Associations - Restore

Hope this helps,
Shawn

Read other 3 answers
RELEVANCY SCORE 67.6

And I'd just like to make sure my pc is completely clean.

I'm using google chrome and clicked on a link by accident which I knew to be a keylogger site, and using an anti-malware program (malwarebytes') I believe I removed the trojan.

I'm on windows xp and have avg free running, which didn't pick anything up when I went to the site.

Here's the hjt log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:22:54 AM, on 1/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Zune\ZuneLauncher.exe
C:\WINDOWS\system32\... Read more

A:Just Removed a Trojan

Here's the malwarebytes log if it helps.

Malwarebytes' Anti-Malware 1.33
Database version: 1665
Windows 5.1.2600 Service Pack 3

1/18/2009 11:12:03 AM
mbam-log-2009-01-18 (11-12-03).txt

Scan type: Full Scan (C:\|)
Objects scanned: 142070
Time elapsed: 1 hour(s), 1 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a26f07f-0d60-4835-91cf-1e1766a0ec56} (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 

Read other 3 answers
RELEVANCY SCORE 67.2

Hey all any help with this would be great. I was without Norton for about a week when I realized somthing was up with my Dell Inspiron 530. All of a sudden I was not able to open IE. I ran Malwarebytes and Spybot and removed the following:Trojan.AgentTrojan.Vundo.HTrojen.VundoTrojen.BHO.HAdware.MyWebSearchAfter that I renewed my Norton and ran another scan which removed Backdoor.Trojan, everthing seems to be OK. But now but I have twice recieved the following error message."pcdrsysinfoprocessor.p5x - Entry Point Not Fount" -"The procedure entry point [email protected]@[email protected]@@[email protected] could not be located in the dynamic like library Common dll."What does this mean and am I safe of all security threats? Thanks in advance for all help!!! Below is my HijackThis log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:11:58 PM, on 12/6/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\ATI Technologies\ATI.ACE\CLI.EXEC:\WI... Read more

A:Trojan.Vundo.H , Tojan.BHO, Trojan.Agent Removed...I think?

We apologize for the delay in responding to your request for help. We are volunteer staff at Bleeping Computer and get overwhelmed at times with the large number of users seeking help. We are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate your letting us know. If not, please perform the following steps so we can have a look at the current condition of your computer. If you have not done so, include a description of your problem along with any steps you may have performed so far.When you have completed the steps below, a staff member will review the log and provide instructions for you to get your computer clean and free of malware.Thanks and we apologize for the delay.We need to see current information on what is happening in your computer. Please perform the following scan: Please download DDS by sUBs from one of the following links. Save it to your desktop.DDS.com DDS.scr DDS.pif After downloading the tool: Disconnect from the Internet. Disable all antivirus/anti-spyware protection. If needed, please read How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs. Double click on the DDS icon, allow it to run. Please note: If the scan fails to run, you may have to dis... Read more

Read other 2 answers
RELEVANCY SCORE 66.8

Greetings,
A few days ago I downloaded something that was marked as infected when I tried to open it and my feverish little fingers clicked the wrong button releasing the infection. After much scanning and checking it seemed to be a trojan name VIRTUMONDE which appeared to fill C:\My Downloads with 300+ .RAR files and cause popups. I dound that it had put an entry(s) in the HKLM Run line pointing to a DLL file in the C:\Windows\System32 folder, when I delted this entry it would immediately replace it. (it seems to be gone now) I started by running my Avast AV, then Hitman Pro with a working version of Spyware Doctor, followed by PREVX1 then I ran ATF Cleaner, AVG, and SuperAntiSpyware, also ran VundoFix and ComboFix I think I'm pretty close to clean but would appreciate very much if you could look at my HijackThis log and tell me what you think....I seem to be getting popups still
Thanks, John

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:22:22 AM, on 3/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\... Read more

A:TROJAN.VIRTUMONDE - Removed?

Read other 12 answers
RELEVANCY SCORE 66.8

I started having issue with my laptop - it started to be very slow when on the internet, started to crash on some sites (ones with lots of photos or videos).  Did a deep scan with Malware Bytes which found 117 items: 115 were "PUP.Optional" items and 2 were Trojan Agents. 
 
The computer seemed better for about 1 day and then it started with the same issues but they were worse in their frequency - computer was extremely slow, crashed every time we tried to watch videos and another user of the WiFi in the house started to find that the internet was slow for him as well. He thought it might be the router but I think it was created by the issue with the laptop. The computer crashed with both Firefox and Chrome. When the computer was crashing, I pressed Con/Alt/Del and the CPU usage would show between 95 - 100% then quickly drop back down to 20 - 30%. In the bottom left corner I noticed that when I opened a new site there would be messages like "Transferring from Superfish" and some other sites that I did not recognize (sorry did not write them down as they disappeared very quickly). 
 
Did an additional scan in Safe Mode with Malware Bytes. It found nothing yet the issues persist. My IT person guided me through a couple of things but when they did not fix the issue, he suggested I come to this site for help (it is where he comes when things are particularly "gummed up"). So HELP!!! 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Exp... Read more

A:Trojan removed yet still having problems

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/521857 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

Read other 18 answers
RELEVANCY SCORE 66.8

Sometime in the last week or so, a Trojan has found its way on to my computer. I have several anti spyware programs running, so I'm not sure how it got past them, but it did.

The symptoms are fairly simple: on Google searches, most of the pages I click on are redirected to other pages (e.g., Tooseeka.com, etc.). I have used dozens of programs to try to find the problem and remove them, but only Malwarebytes Anti-Malware has been able to find the problem. However, when I go to remove selected files, it says that it does, I restart, but the problem remains. When I run Malwarebytes again, it finds the same two files, which it just won't get rid of. In looking at the Malwarebytes log, the Trojans seem buried in the computer in a place where I cannot get to them. I did manage to find one infected file (of the same name as what Malwarebytes found) in windows/system32 directory using combofix, and deleted it...but the problems still remain. I've also received some help on another site using HijackThis, and the problem has *slightly* improved, but the Trojans remain.

I am completely at a loss as to what to do -- I'm including a log from my most recent Malwarebytes scan:
Malwarebytes' Anti-Malware 1.39
Database version: 2476
Windows 6.0.6001 Service Pack 1

7/26/2009 2:51:01 PM
mbam-log-2009-07-26 (14-50-57).txt

Scan type: Full Scan (C:\|)
Objects scanned: 4950
Time elapsed: 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys... Read more

A:Trojan.TDSS can't be removed -- need help!

Hello and welcome to Bleeping Computer.Please subscribe to your topic so that you will be notified as soon as I post a reply, instead of you having to check the topic all of the time. This will allow you to get an email notification when I reply.To subscribe, go to your topic, and at the top right hand corner by your first post, click the Options button and then click Track this topic. The bullet the immediate notification bubble. Then press submit.I am sorry but:One or more of the identified infections is a backdoor trojan. This allows hackers to remotely control your computer, steal critical system information and download and execute files.I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:How Do I Handle Possible Identity Theft, Internet Fraud, and CC F... Read more

Read other 3 answers