Over 1 million tech questions and answers.

Malware bytes freezes and AVG Detects Win32/Heur, Malware or Virus (Either way Please

Q: Malware bytes freezes and AVG Detects Win32/Heur, Malware or Virus (Either way Please

I have been having problems with my labtop since June 2009. My kids have gone on inapropriate sites and some how got viruses. I am no longer recieving most of the unfortunate pop ups dealing with svc host files not working but still the computer is extremely slow. I also have AVG 8.5 and it is detecting two viruses. win32/Heur.

I have run malwarebytes 3 times and once at 9 infections once at 10 infections and once at 11 infections it froze. Each time it froze it froze in C:/windows/system32/config folder. I have to restart the computer each time (takes ten minutes but works). Slow start up and shut downs. Out of 56 Processes I can only see 9 in task manager. And I also see (my web search) like more then 50 times in my start up (Viewing that with Advanced System Care Pro)

This is my system information then AVG report and finaly HJT log Info in order that I just mentioned.

thanks to anyone who can help out!

AWC System Information Report

Computer System
Computer Name EKAPICA-PC
User Name Eka Pica ( Pee )
Organization
Operating System
OS Name Microsoft® Windows Vista™ Home Basic
OS Version 6.0.6002
ServicePack 2.0
Product ID 89572-OEM-7332166-00029
System Uptime 13/09/2009 1:54:47 AM
Internet Explorer Version 8.0.6001.18783
Microsoft DirectX Version 10.0
OpenGL Version 6.0.6000.16386 (vista_rtm.061101-2205)
Free Physical Memory 1872 MB
Free Page File 3075 MB
Free Virtual Memory 4942 MB
Registry
Maximum Size 682MB
Current Size 25MB
Status OK
Center Processor
CPU Name AMD Athlon™ Processor 2650e
Code Name Model 15, Stepping 2
Manufacturer AuthenticAMD
Current Clock Speed 1600Mhz
Max Clock Speed 1600Mhz
Voltage 1V
External Clock 200Mhz
Serial Number 078BFBFF00070FF2
CPU ID x64 Family 15 Model 127 Stepping 2
Socket Designation Socket M2/S1G1
L2 Cache 512KB

(I am confused about the virus defenitions date should be in June last but it says March 13 2009)

AVG 8.5 Anti-Virus command line scanner
Copyright © 1992 - 2009 AVG Technologies
Program version 8.0.268, engine 8.0.281
Virus Database: Version 270.11.13/1999 2009-03-13

C:\Boot\BCD Locked file. Not tested.
C:\Boot\BCD.LOG Locked file. Not tested.
C:\Documents and Settings\All Users\Microsoft\Crypto\RSA\MachineKeys\086e0fda99562384c3da6ba1339df19c_5159205d-5a55-452a-9eeb-01370f9a4384 Locked file. Not tested.
C:\Documents and Settings\All Users\Microsoft\Crypto\RSA\MachineKeys\27e27981304cb0906ab79336c67af7a8_5159205d-5a55-452a-9eeb-01370f9a4384 Locked file. Not tested.
C:\Documents and Settings\All Users\Microsoft\Crypto\RSA\MachineKeys\49c6bb42b4031cba43fa527067ba7e7f_5159205d-5a55-452a-9eeb-01370f9a4384 Locked file. Not tested.
C:\Documents and Settings\All Users\Microsoft\Crypto\RSA\MachineKeys\5a3b246ca8cb73540943bd28df03661e_5159205d-5a55-452a-9eeb-01370f9a4384 Locked file. Not tested.
C:\Documents and Settings\All Users\Microsoft\Crypto\RSA\MachineKeys\7953f9c4b91032b4f9f3c8d13ead2293_5159205d-5a55-452a-9eeb-01370f9a4384 Locked file. Not tested.
C:\Documents and Settings\All Users\Microsoft\Crypto\RSA\MachineKeys\acaca67da1c2986b2dbae57266f1e89b_5159205d-5a55-452a-9eeb-01370f9a4384 Locked file. Not tested.
C:\Documents and Settings\Eka Pica ( Pee )\AppData\Local\Microsoft\Windows\UsrClass.dat Locked file. Not tested.
C:\Documents and Settings\Eka Pica ( Pee )\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Locked file. Not tested.
C:\Documents and Settings\Eka Pica ( Pee )\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Locked file. Not tested.
C:\Documents and Settings\Eka Pica ( Pee )\Desktop\Astrrology\Janus_4.1\Janus4.exe Runtime packed nspack
C:\Documents and Settings\Eka Pica ( Pee )\NTUSER.DAT Locked file. Not tested.
C:\Documents and Settings\Eka Pica ( Pee )\ntuser.dat.LOG1 Locked file. Not tested.
C:\Documents and Settings\Eka Pica ( Pee )\ntuser.dat.LOG2 Locked file. Not tested.
C:\Documents and Settings\JESSE AND IYRELL\AppData\Local\Temp\~DF576D.tmp Locked file. Not tested.
C:\Documents and Settings\JESSE AND IYRELL\AppData\Local\Temp\~DF5776.tmp Locked file. Not tested.
C:\Documents and Settings\JESSE AND IYRELL\AppData\Local\Temp\~DF9A55.tmp Locked file. Not tested.
C:\Documents and Settings\JESSE AND IYRELL\AppData\Local\Temp\~DF9B20.tmp Locked file. Not tested.
C:\Documents and Settings\JESSE AND IYRELL\AppData\Local\Temp\~DF9B69.tmp Locked file. Not tested.
C:\Documents and Settings\JESSE AND IYRELL\AppData\Local\Temp\~DF9BB1.tmp Locked file. Not tested.
C:\Documents and Settings\JESSE AND IYRELL\AppData\Local\Temp\~DF9E5D.tmp Locked file. Not tested.
C:\Documents and Settings\JESSE AND IYRELL\AppData\Local\Temp\~DF9E63.tmp Locked file. Not tested.
C:\Documents and Settings\JESSE AND IYRELL\AppData\Local\Temp\~DFD037.tmp Locked file. Not tested.
C:\pagefile.sys Locked file. Not tested.
C:\Program Files\DivX\DivX Converter\AKGZIK.ddc Virus found Win32/Heur Object was moved to Virus Vault.
C:\Program Files\Janus4\Janus4.exe Runtime packed nspack
C:\System Volume Information\MountPointManagerRemoteDatabase Locked file. Not tested.
C:\System Volume Information\{23ef82f6-8525-11de-962d-001eecdbec26}{3808876b-c176-4e48-b7ae-04046e6cc752} Locked file. Not tested.
C:\System Volume Information\{23ef8309-8525-11de-962d-001eecdbec26}{3808876b-c176-4e48-b7ae-04046e6cc752} Locked file. Not tested.
C:\System Volume Information\{23ef8315-8525-11de-962d-001eecdbec26}{3808876b-c176-4e48-b7ae-04046e6cc752} Locked file. Not tested.
C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} Locked file. Not tested.
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat Locked file. Not tested.
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat Locked file. Not tested.
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT Locked file. Not tested.
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 Locked file. Not tested.
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG2 Locked file. Not tested.
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT Locked file. Not tested.
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 Locked file. Not tested.
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG2 Locked file. Not tested.
C:\Windows\System32\config\COMPONENTS Locked file. Not tested.
C:\Windows\System32\config\COMPONENTS.LOG1 Locked file. Not tested.
C:\Windows\System32\config\COMPONENTS.LOG2 Locked file. Not tested.
C:\Windows\System32\config\DEFAULT Locked file. Not tested.
C:\Windows\System32\config\DEFAULT.LOG1 Locked file. Not tested.
C:\Windows\System32\config\DEFAULT.LOG2 Locked file. Not tested.
C:\Windows\System32\config\RegBack\COMPONENTS Locked file. Not tested.
C:\Windows\System32\config\RegBack\DEFAULT Locked file. Not tested.
C:\Windows\System32\config\RegBack\SAM Locked file. Not tested.
C:\Windows\System32\config\RegBack\SECURITY Locked file. Not tested.
C:\Windows\System32\config\RegBack\SOFTWARE Locked file. Not tested.
C:\Windows\System32\config\RegBack\SYSTEM Locked file. Not tested.
C:\Windows\System32\config\SAM Locked file. Not tested.
C:\Windows\System32\config\SAM.LOG1 Locked file. Not tested.
C:\Windows\System32\config\SAM.LOG2 Locked file. Not tested.
C:\Windows\System32\config\SECURITY Locked file. Not tested.
C:\Windows\System32\config\SECURITY.LOG1 Locked file. Not tested.
C:\Windows\System32\config\SECURITY.LOG2 Locked file. Not tested.
C:\Windows\System32\config\SOFTWARE Locked file. Not tested.
C:\Windows\System32\config\SOFTWARE.LOG1 Locked file. Not tested.
C:\Windows\System32\config\SOFTWARE.LOG2 Locked file. Not tested.
C:\Windows\System32\config\SYSTEM Locked file. Not tested.
C:\Windows\System32\config\SYSTEM.LOG1 Locked file. Not tested.
C:\Windows\System32\config\SYSTEM.LOG2 Locked file. Not tested.
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl Locked file. Not tested.
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl Locked file. Not tested.
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl Locked file. Not tested.
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl Locked file. Not tested.
C:\Windows\System32\RMActivate.exe Virus found Win32/Heur
C:\Windows\System32\WUDFHost.exe Virus found Win32/Heur
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:50:02 AM, on 13/09/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO - Version 9\Monitor.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&a...p;m=aspire_5515
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http;//www.google.ca
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http;//www.google.ca
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.ca
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.ca
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www/google.ca
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {da21bd13-ca22-42e3-a071-98f08f1ca1e7} - (no file)
R3 - URLSearchHook: (no name) - {085FEAA9-36F6-4A6D-9EE7-11951AE89CFC} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTogg.dll
R3 - URLSearchHook: (no name) - {2bae58c2-79f9-45d1-a286-81f911301c3a} - (no file)
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTogg.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTogg.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Application Layer Gateway] C:\Program Files\Common Files\alg.exe
O4 - HKLM\..\RunOnce: [ N@] N@
O4 - HKLM\..\RunOnce: [İN@] İN@
O4 - HKCU\..\Run: [Advanced Uninstaller PRO Installation Monitor] "C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO - Version 9\Monitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ter8m] RUNDLL32.EXE C:\Windows\TEMP\msxm192z.dll,w (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ter8m] RUNDLL32.EXE C:\Windows\TEMP\msxm192z.dll,w (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: *.arcsoft.com
O15 - Trusted Zone: http://*.myprintcreations.com
O15 - Trusted Zone: http://*.printcreations.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1246311245707
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1246087813403
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: AVGIDSAgent - AVG - C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe
O23 - Service: AVGIDSWatcher - AVG - C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS360service - Unknown owner - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: sofatnet Service (sofatnet) - Sigma Designs In - C:\Windows\system32\sofatnet.exe

--
End of file - 9873 bytes

THanks again to anyone who can help!

Correy

RELEVANCY SCORE 200
Preferred Solution: Malware bytes freezes and AVG Detects Win32/Heur, Malware or Virus (Either way Please

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Malware bytes freezes and AVG Detects Win32/Heur, Malware or Virus (Either way Please

Hello cgordon311,

Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy & Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Read other 1 answers
RELEVANCY SCORE 128.8

Yes, my computer has been running AWFULLY slow for about a year now. Ive got a few virus scanners/protection programs: AVG, Ad-Aware, Malware Bytes- Anti Malware, and Hijack This. My Norton expired ages ago. I have run a good few scans with each of these and deleted viruses/malware that AVG, Ad-Aware and Malware Bytes- AM have found, except from a couple of viruses that AVG has held in the virus vault. These viruses are entitled: Win32\Heur and Win32\Cryptor. The paths to each of these are: C:\WINDOWS\SYSTEM32\86k.dll and C:\Documents and Settings\user_name\Application Data\svchost.exe I'm not sure if i should get rid of them because one is a link library and the other is an executable file, and I'm especially unsure about this one since svchost is a service runner.I've also recently killed a process in process explorer called "AAAAMONd.exe" which was running another svchost.exe for which the company name was a bunch of random letters and the same with the descriptionAnother symptom is the classic "pop-up symptom" where when i visit a site on iexplorer, it comes up sites such as "best anti-virus removal software" and the URL is nothing like the one i have typed...whenever this happens, the warning window of AVG pops up and i then disconnect my internet so as to not recieve any "gifts". Apologies for the length of this post, but i read the "Preparation Guide" and it said that the mor... Read more

A:AVG quarantined win32/Heur and Win32/Cryptor. Malware Bytes picked up more malware.

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I'll ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.We need to create an OTListIt2 ReportPlease download OTListIt2 from hereSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the "Run Scan" button.The scan should take just a few minutes.Copy the log that opens up and paste it back here in your next reply.

Read other 12 answers
RELEVANCY SCORE 100

My AVG scan has detected the Win32/Heur Virus and moves it to the Virus Vault, but everytime I scan it appears again. I also believe this virus is causing my computer to freeze up randomly. Below is the HiJackThis log, DDS.txt file, and an attachment of the Attach.txt file.

hijackthis log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:05:42 PM, on 6/18/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Electronic Arts\EADM\Core.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Microsoft Office\Office12\GROOVE.EXE
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\AVG\AVG10\avgui.exe
C:\Program F... Read more

A:AVG detects Win32/Heur Virus

Read other 16 answers
RELEVANCY SCORE 100

yeah avg keeps popping up every 10 mins or so saying that its found a win32/heur virus in wordpad.exe tried shift deleting wordpad.exe but it just recreates itself etc and problem continues. ive ran spybot sd which solved the vps(i think)/generic problem. i also tried mbam but it cant update because of error 12007, supposedly due to being blocked by the firewall, i tried updating with the firewall off, still didnt work.. how do i get rid of this thing?
 

A:avg detects win32/heur virus..

it seems to have stopped now, just scanned and removed in safe mode.
 

Read other 2 answers
RELEVANCY SCORE 99.6

Hello,

I have some sort of virus / malware. When I run a AVG virus scan, it finds and heals files in the Documents and Setting/chet/Local Settings/Temp directory. Thuese files are a series of numbers.exe (like 2333455667.exe). But I can't get Spybot Search and Destroy or Malware bytes to run (or internet explorer for that matter). They are installed, but when I click on them, nothing happens. And when I run AVG again, the same stuff shows up, saying it's infected with the win32/heur virus

Thanks for your help.

Chet

Here are the DDS logs

DDS (Ver_09-03-16.01) - NTFSx86
Run by chet at 8:43:21.70 on Fri 04/10/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.43 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C... Read more

A:unknown virus/malware problem win32\heur possible

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I'll ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.We need to create an OTListIt2 ReportPlease download OTListIt2 from hereSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the "Run Scan" button.The scan should take just a few minutes.Copy the log that opens up and paste it back here in your next reply.

Read other 9 answers
RELEVANCY SCORE 98.8

Hi

I belonged before but can't find original registration on my old computer.

Keep getting a popup with Secret antiVirus pro scan,

reader_s in docs and system32 file

Various generic downloaders

"Warning";"Found registry key with reference to infected file

\Application Data\nidle\nidle.exe";"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\nidle"
here's the hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:59:12 PM, on 5/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\dhcp\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\WINDOWS\system32\rpcnet.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\sopidkc.exe
C:\Program Files\Dell Support Center\bin\spr... Read more

Read other answers
RELEVANCY SCORE 98.4

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:05:09 AM, on 11/16/2009Platform: Windows Vista SP2 (WinNT 6.00.1906)MSIE: Internet Explorer v7.00 (7.00.6002.18005)Boot mode: NormalRunning processes:C:\Program Files (x86)\STOPzilla!\STOPzilla.exeC:\Program Files (x86)\AIM\aim.exeC:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exeC:\Windows\SysWOW64\Ctxfihlp.exeC:\Program Files (x86)\a-squared Anti-Malware\a2guard.exeC:\Program Files (x86)\F-Secure\Common\FSM32.EXEC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Windows\SysWOW64\CTXFISPI.EXEC:\Program Files (x86)\Windows Media Player\wmplayer.exeC:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exeC:\Program Files\Logitech\SetPoint\x86\SetPoint32.exeC:\Program Files (x86)\Steam\steam.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exeC:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet... Read more

A:Malware Bytes detects Malicious software

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand corner ... Read more

Read other 2 answers
RELEVANCY SCORE 97.6

I have been chasing the butterfly with AdAware, AVG, SpyBot in both safe and regular mode.

Please review my logs, thanks. SHould I cut/paste the text of the logs? or only included them as attachments?
Brian

***

A:Malware/virus Windows Xp Security, Win32/heur, Trojen Horse, More

Hello SkiBumBrian,

I apologise for the delay, the forum is too busy.

If you still need help, post a new HijackThis log (do not post attachments, unless i ask you to).

Read other 11 answers
RELEVANCY SCORE 97.2

hi, so my laptop has been a bit slow the last week.  I had downloaded bluestacks android emulator, I'm not sure if thlab at has caused the problem. (have removed it now)
 
I ran malwarebytes a few days ago and found this:
 
PUP.Optional.ASK, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Scheduled Update for Ask Toolbar, Quarantined, [739b9ba283169b9b7c0656e46e96a35d], 
 
ask seems to crop up every couple of months on one scan or another.  I also ran Sophos virus removal tool the same day, but it didn't detect anything.
 
Today I ran 9lab and it picked up two malware, here is the log
 

 
Windows Vista Service Pack 2 (Version 6.0, Build 6002, 32-bit Edition)
Internet Explorer 9.0.8112.16421
lisa :: LISA-PC
 
31/01/2016 12:29:56
9lab-log-2016-01-31 (12-29-56).txt
 
Scan type: Full
Objects scanned: 41420
Time Elapsed: 1 h 34 m
 
Files detected: 2
[032004C70123AF9D65354C6D2D901A29] Malware.MPL.Heur.vb [C:\Users\lisa\AppData\Local\Temp\unpinFromTaskBar.vbs]
[3077EFB1E39B891E16B34BFE7C439578] Malware.Win32.Gen.1F4A.sm!ff [C:\Program Files\OpenOffice.org 3\program\libtextcat.dll]

 
do I need to run any additional scans or would 9lab have removed everything?
 
Thanks in advance for any help.

A:Malware.MPL.Heur.vb and Malware.Win32.Gen.1F4A.sm!ff detected.

Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeList Restore PointsClick Go and post the result. Please download Malwarebytes Anti-Malware (MBAM) to your desktop.NOTE. If you already have MBAM 2.0 installed scroll down.Double-click ... Read more

Read other 10 answers
RELEVANCY SCORE 96

I have a serious computer problem I have read numerous posts to self diagnose and correct the problem. When I think it's good it comes back to haunt me, I am stuck with a computer that constantly freezes, Google redirects me to malicious sites and mostly everytime I try to run the control panel it freezes up on me. I also have this error messege that pops up and says "Generic Host process for Win32 services has encountered a problem and needs to close." Some additional info for that error message:SzAppname: svchost.exeSzAppVersion: 5.1.2600.5512SzModname: ntdll.dllSzModVersion: 5.1.2600.5755I have run Malware bytes numerous times quick scan, full scan it will detect then I will remove and when I restart the computer and run it again it's back on there! I am getting to my witsends over this I don't know what to do and need some help please! here is my HiJackthis log:Logfile of Trend Micro HijackThis v2.0.4Scan saved at 2:52:09 AM, on 11/30/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.17091)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WI... Read more

A:Google redirect virus, generic host process win32 error messege, constant virus removal with malware bytes

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the ... Read more

Read other 2 answers
RELEVANCY SCORE 87.2

HI

i was running an antivirus scan and was shown a warning that i have a win32/heur infection. i googled how to get rid of it and was led to this site. i've noticed that the drivers for my touchpad mouse keep getting removed and some other background programs occaisionally fail for no apparent reason. I couldn't figure out how to shut off either norton internet security or avg anti virus software for my dds scan. I also have windows 7 home student, i'm not sure whether or not its 32 or 64 bit but i couldn't figure out the gmer thing either.
 Attach.txt   6.33KB
  1 downloads here is my dds.scr log

thank you for helping me out,
let me know if you need more

.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Cullen at 22:45:47.03 on 28/03/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.8046.5207 [GMT -7:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
AV: AVG Anti-Virus 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.e... Read more

A:infected with win32/heur trojan malware

Hello toehead,i was running an antivirus scan and was shown a warning that i have a win32/heur infection.Which AV reported this infection, and where does it show it located at? Did it try to clean it for you?

Read other 1 answers
RELEVANCY SCORE 87.2

Fresh install on the image I had backed up so this is strange

Malware anti bytes works fine when quick scan but thorough scan freezes and not responds

anyone help me out please

A:Malware anti-bytes freezes

Do you get any error messages?

Read other 8 answers
RELEVANCY SCORE 86.4

Hello
Been having some malware problems.
Had this Fake.AntiSpayware.TA that AVG free version seemed to take care of after a couple of days. Each day a new .dll file in the registry would catch it:
drvnux.dll
drvxot.dll
drvgom.dll
thats only 3 days worth...

Now in the AVG virus vault are the following:
Fake.AntiSpyware.TA
Trojan Horse Generic10.BHES
Trojan Horse Dialer.RZG
Trojan Horse Generic_c.OYJ
Trojan Horse FakeAlert.BG
Trojan Horse SHeur.CAEL
Trojan Horse downloader.Generic7.AEMW
Trojan Horse KillAV.IL
and a bunch of infected registry files.... still trying to get a log or printout of the virus vault so i wont try and type out all the stuff in there unless you need me to...

So this is the new one: Win32/Heur, still getting infected .dlls and each morning i loose the desktop background function and have to re-install it with a .reg patch.
Also have to run eTrust anti-virus etc as this is an office PC on the network. eTrust doesn't seem to register any of this mal-activity.
ok
So here is my hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:09:08 PM, on 13/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C... Read more

Read other answers
RELEVANCY SCORE 83.2

I ran a full scan using Mse and it found Trojan:win32/dynamer!ac and it gets stuck during clean up period.

I've scanned using malware bytes and that came up clean even selecting root kits.

I just would like to get rid of this virus please.

I'm not very technical savvy when it comes to viruses and tech talk so please if possible give me help in easy to follows step please.

Thanks again.
 

Read other answers
RELEVANCY SCORE 81.6

I think I may have a virus, I had Norton Security Suite from Comcast and for the past 2 days it keeps trying to start and gets an error every time. I tried running Malware Bytes and it will start the scan and time will start to elapse but the number in "objects scanned" remains at 0 and it does not move. I tried running Chameleon Malware Bytes and it updates and says that it removed any malicious files but when it goes to start Malware Bytes after that the program freezes and then closes. I downloaded AVG since Norton couldn't boot up and I can't get AVG to update and the scan says that it scans but "scanned objects" remains at 0 for that as well. I was going to uninstall Norton and try reinstalling it but also I cannot open my Add/Remove Programs from the control panel, when I click on it nothing actually comes up and I couldn't find the uninstall file in the Norton folder or the Norton Security Suite folder. Also I don't know if this is related but for the past 3 months or so occasionally my keyboard will type a number instead of a letter when I begin typing. Any help would be much appreciated, thanks in advance!

A:Avg/Malware Bytes Virus

Hello, please reboot to Safe Mode with Nerworking and run these. How to start Windows in Safe ModeMiniToolBoxPlease download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList DevicesList Users, Partitions and Memory size.List Minidump FilesClick Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.Please DownloadTDSSkillerLaunch it. Click on change parameters-Select TDLFS file system Click on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan results.Please download aswMBR ( 4.5MB ) to your desktop.Double click the aswMBR.exe icon, and click Run.When asked if you'd like to "download the latest Avast! virus definitions", click Yes.Click the Scan button to start the scan.On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.I'd like us to scan your machine with ESET OnlineScanHold down Control and click on this link to open ESET OnlineScan in a new window.Click the button.For alternate browsers only: (Microsoft Internet Explor... Read more

Read other 9 answers
RELEVANCY SCORE 80.8

Here is the Hijack this log: I could use any and all help from here! Thank You in advance!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:01:28 PM, on 7/7/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\James Marchisio\My Documents\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.noaa.gov/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explo... Read more

A:All executable files will not open, when opening AVG to scan computer freezes...malware bytes and AVG in safe mode will not fix...

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/459704 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 13 answers
RELEVANCY SCORE 80.8

Hi,

Appreciate any help here. I have the Vimax ad virus, and my Malware Bytes won't run anymore to remove/quarantine it. I've tried renaming the the mbam.exe file, trying to run Malware Bytes in safe mode, and no dice. I've been going crazy all evening trying to find a way to get rid of this virus, and get Malware Bytes to run again! I'd love some guidance.

moonlightgem

A:Have the Vimax Virus, can't run Malware Bytes!

Hello lets try it this way.Please print out and follow these instructions: "How to use SDFix". When using this tool, you must use the Administrator's account or an account with "Administrative rights"Disconnect from the Internet and temporarily disable your anti-virus, script blocking and any real time protection programs before performing a scan.When done, the SDFix report log will open in notepad and automatically be saved in the SDFix folder as Report.txt.If SDFix is unable to run after rebooting from Safe Mode, run SDFix in either Mode, and type F, then press Enter for it to finish the final stage and produce the report.Please copy and paste the contents of Report.txt in your next reply.Be sure to renable you anti-virus and and other security programs before connecting to the Internet.-- If the computer has been infected with the VirusAlert! malware warning from the clock and the Start Menu icons or drives are not visible, open the SDFix folder, right-click on either the XP_VirusAlert_Repair.inf or W2K VirusAlert_Repair.inf (depending on your version of Windows) and select Install from the Context menu. Then reboot to apply the changes.Now run part 1 of S!Ri's SmitfraudFixPlease download SmitfraudFixDouble-click SmitfraudFix.exeSelect option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).Please copy/paste the content of that report into your next reply.Note : process.exe is detected by some antivirus pr... Read more

Read other 11 answers
RELEVANCY SCORE 80

these are the instructions I followed:Uninstall itclick on this link ? and then select run.http://www.malwarebytes.org/affiliates/2...INSTALL IT TO YOUR DESKTOP, update it, then run a full scan and remove everything it finds.some viruses will try to disable it so if malwarebytes will not start up then go into the folder it is in and rename the mbam file to XXX then double click on the file you just renamed to start it up.after you have used malwarebytes then do this on-line scan.to make sure you have nothing else hiding away.http://www.bitdefender.com/scan8/ie.htmlpreferably in safe mode with networking.it's important you install it on your desktop so you can easily get into the folder and change the name of the mbam file.and viruses do not always look on the desktop for it.OR you can try the on-line scan first.This seemed to have helped but I still can't run Malware bytes and my computer redirects websites I try to get into sometimes. I installed Norman Malware cleaner is this is what it said:Removed 5 of these ( deleted file:C:/windows\system.32\UACqfqboedxvctjti.dat)in red appeared- To many infections/an unexpected error (Please contact support):C\Windows\system32\UACqfqboedxvctjtit.dat (infected with Text/Td.ss.A)File marked for defered cleaning (reboot required) c:\windows\Temp\UAC314c.tmp(infected with W32\FakeAlert.NEUI clicked quit afer it finished scanning and it prompted me to reboot computer automatically. I ... Read more

A:The computer at work is infested with PAV. I downloaded Malware bytes anti-Malware but it still won't scan

Hello it appears you are heavily infected with rootkits. They are interfereing with removal.You need to run HJT/DDS.Please follow this guide. go and do steps 6 and 7 ,, Preparation Guide For Use Before Using Hijackthis. Then go here HijackThis Logs and Virus/Trojan/Spyware/Malware Removal ,click New Topic,give it a relevant Title and post that complete log.Let me know if it went OK.

Read other 1 answers
RELEVANCY SCORE 80

Have been using Win 7 Ultimate x64 for quite a while but tonight ran into a small problem. I like to keep the titles for links very short and want to rename "Malwarebytes Anti-Malware" (I am a registered, paid user) to simply "Malwarebytes". I am listed as an Administrator and I used LockHunter to unlock the file but it still does not allow me to shorten the description. When I shorten the name and hit OK I am told "You'll need to provide administrator permission to rename this file" Since I am the administrator on this machine I do not know what to do. Continuing does nothing. Anyone have any suggestions? /* Philip */

A:Changing File Decription for link to Malware Bytes Anti-Malware

Not sure but I think Malwarebytes is trying to protect itself.
That is one of the first things a virus would try to do is change the name/link and get it out of the infection way.

I can change the name of the desktop Icon to MBAM.

Read other 9 answers
RELEVANCY SCORE 80

Hello -

I think that I have pretty bad malware/spyware infection on my PC and need some help. I've searched through several posts but do not see a topic that quite describes my problem.

Here's my current situation - I'm running Windows XP Home SP3. Withinin IE I can not access any anti-spyware or anti-malware websites, I can't use any restore points, my Windows automatic updates will not work. I've downloaded, to a thumbdrive, Malware Bytes and tried to run MBAM but it will not execute (a command window will open but then quickly closes). I've tried all of this in both safe mode and regular mode. Lastly, I do have AVAST Home Edition Ver. 4.8 running on my PC but shut down the application when attempting to run the Malware Bytes application. AVAST has not listed any threats.

Besides not being able to access the Windows updates (or any of the other actions listed above) the PC will randomly freeze up when running IE and returns bogus search resutls from Google.

Any help is greatly appreciated!

-Thomas

A:Virus Infection Kills Malware Bytes

Hello and welcome... try renaming it. Right-click on the mbam-setup.exe file and change the .exe extension to .bat, .com, .pif, or .scr and then double-click on it to run.If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files, right-click on mbam.exe and change the .exe as noted above. Then double-click on it to run.

Read other 13 answers
RELEVANCY SCORE 80

I had the FBI Ransom virus pop up on my machine.  I booted into safe mode and ran malware bytes and it found 6 files and removed them.  I then ran the ESET online scanner and it found 6 additional files and removed them.  I've since run Malware Bytes and TrendMicro, but neither have found anything.  Things appear to be running normally, but I've had these types of viruses jump up and bite me again.  Is there a way I can tell if I have removed it completely? I am running Windows 7 Pro, SP1.  Thanks in advance for your help!

A:FBI Ransom Virus - Ran Malware Bytes & ESET, but is it gone?

Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.* Double-click mbam-setup.exe and follow the prompts to install the program.* At the end, be sure a checkmark is placed next to Update Malwarebytes' Ant... Read more

Read other 14 answers
RELEVANCY SCORE 80

I have a virus called "total security" I have looked at a few forums and tried some step by step instructions. it seems the most popular solution is to start up in safe mode and install "malware bytes" which I did and I started scanning the computer. After about 3 seconds, the program just quits and will not let me open it back up unless I reinstall it. I have also tried using "spyhunter" and it started scanning for a few seconds and then just quits. This is very frustrating and I need to know how to completely demolish this. I bought kaspersky antivirus because the best buy representative told me I could boot up from the cd and remove the malware but I guess it does not have that option.

Any help is appreciated!

Thanks,
Caleb

A:got virus "total security" I cannot run "malware bytes"

Hello, calaberator.Please subscribe to your topic so that you will be notified as soon as I post a reply, instead of you having to check the topic all of the time. This will allow you to get an email notification when I reply.To subscribe, go to your topic, and at the top right hand corner by your first post, click the Options button and then click Track this topic. The bullet the immediate notification bubble. Then press submit. We Need to check for Rootkits with RootRepealDownload RootRepeal from the following location and save it to your desktop.Direct Download (Recommended)Primary MirrorZip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)
Primary MirrorSecondary MirrorSecondary MirrorRar Mirrors - Only if you know what a RAR is and can extract it.
Primary MirrorSecondary MirrorSecondary MirrorExtract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).Open on your desktop.Click the tab.Click the button.Check all seven boxes: Push OkCheck the box for your main system drive (Usually C:), and press Ok.Allow RootRepeal to run a scan of your system. This may take some time.Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.In your next reply, please include the following:RootRepeal.txtRegards,neomage

Read other 1 answers
RELEVANCY SCORE 80

I scan with malware bytes each day and today it detected something it called pup.wirelesskeyview this was located at

c:\users\tesco\appdata\temp\temp1_wirelesskeyview(1).zipp\wirelesskeyview.exe

I then deleted this using malware bytes and scanned my comp qith avast, which found nothing. Is there anything else I need to do or should malware have got it all?

A:Malware bytes found pup.wirelesskeyview is this a virus?

This app recovers all wireless network keys (WEP/WPA) stored in your computer by the 'Wireless Zero Configuration' service of Windows XP and by the 'WLAN AutoConfig' service of Windows Vista.

http://www.nirsoft.net/utils/wireless_key.html

Someone had to install this.

Read other 3 answers
RELEVANCY SCORE 80

Hi,

Just had a quick question. I think I have a virus that's blocking all my malware programs. Everytime I open Malware Bytes, spybot or even Hijack This, it automatically closes on me and then I'm told I don't have permission to open it when I try to pull it up again.

I've seen all the advice about changing the file name and I'll give that a shot, but I was just curious if when I get it open, do you think it will just close on me again?

Thanks,

A:Malware Bytes/Spybot Blocked by virus

Hello and welcome. Please try this.Please download Rkill by Grinler and save it to your desktop.Link 2Link 3Link 4Double-click on the Rkill desktop icon to run the tool.If using Vista, right-click on it and Run As Administrator.A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.If not, delete the file, then download and use the one provided in Link 2.If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.If the tool does not run from any of the links provided, please let me know.Do not reboot the computer, you will need to run the application again Next run ATF and SAS:Note.. SAS doesn't open the registry hives for other user accounts on the system, so scans should be done from each user account.Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".From your regular user account..Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..DO NOT run yet.Open SUPER from icon and install and Update itUnder Scanner Options make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.Now reboot into Safe Mode: How to enter safe mode(XP)Using the F8 MethodRestart your com... Read more

Read other 5 answers
RELEVANCY SCORE 79.6

I have a Windows XP SP3 PC from a user who was infected with malware, I used Malware Bytes to remove the offending software, and now I am unable to open the Windows Update page. I can browse to other pages but after a few minutes, I get redirected to another random page. I also keep seeing the Just In Time debugger. Tried a Registry edit I found recommended elsewhere, to fix that issue, but that didn't last. At this point, neither SAS nor MBAM see any malware present, but I am stuck with my problem. Existing antimalware package is MS Forefront. All utilities I have used have been updated to the most recent definitions.

A:Malware Bytes cleaned malware, now Windows Update doesn't work, webpages randomly redirected

Hello,Please follow the instructions in ==>This Guide<== starting at Step 6.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to try to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Orange Blossom

Read other 1 answers
RELEVANCY SCORE 79.6

I have run into a terrible problem and can no longer use my computer. It started a few days ago when I believe I was infected by malware...I noticed a program running in my task manager...one of those short 3 letter exe programs, so I decided to run malware bytes. Malware bytes succesfully found that program and I think called it a rootkit or something else. I chose to remove the found problems and then it asked me to restart. Following restart, I get a blue screen of death shortly after the windows XP title comes on. When I choose any of the options (Safe Mode, Safe mode with networking, Safe mode with command prompt, or normal windows) I always get the blue screen and cannot log into windows.

The error message reads:
A problem has been detected and windows has been shut down to prevent damage to your computer. If this is the first time you've seen this stop error screen restart your computer. If this screen appears again follow these steps: Check for viruses on your computer. Remove any newly installed hard drives or hard drive controllers. Check your hard drive to make sure it is properly configured and terminated. Run CHKDSK /F to check for hard drive corruption, and then restart your computer.

Technical Information:
STOP: 0x0000007B (0xBA4C7524, 0XC0000034, 0x00000000, 0x00000000)

So at this point I ordered startup/recovery CDs from dell. I am using a dell computer with OEM installed windows XP home edition. I got the recovery CD today, and can now boot from CD.... Read more

A:Blue screen after running malware bytes - infected with malware

Hello, lets see if we can find the cause of this problem. I will move this topic to the malware removal forum.Try this please. You will need a USB drive.Download GETxPUD.exe to the desktop of your clean computerRun GETxPUD.exeA new folder will appear on the desktop.Open the GETxPUD folder and click on the get&burn.batThe program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.Click on Start and follow the prompts to burn the image to a CD.Remove the USB & CD and insert it in the sick computerBoot the Sick computer with the CD you just burnedThe computer must be set to boot from the CDGently tap F12 and choose to boot from the CDFollow the promptsA Welcome to xPUD screen will appearPress FileExpand mntsda1,2...usually corresponds to your HDDsdb1 is likely your USBClick on the folder that represents your USB drive (sdb1 ?)Press Tool at the topChoose Open TerminalType the following and press enter:

dd if=/dev/sda of=mbr.bin bs=512 count=1

Press EnterAfter it has finished a file will be located on your USB drive named mbr.binRemove the USB drive and insert it back in your working computer and navigate to mbr.bin, zip it up and attach it to your next reply.This will allow me to have a look at the MasterBootRecord of your drive and see if it is infected.

Read other 4 answers
RELEVANCY SCORE 79.6

I tried to down load the now version, and the computer won't let me download it.

And there is something wrong with the version of Anti-Malware I have now. Every time I want to use it.
It downloads the setup and then it up dates. And today when I wanted to scan, it stopped and computer ran an error
report.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:03:38 PM, on 10/4/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\G... Read more

A:Can't download the news version of Malware bytes Anti-Malware

Read other 16 answers
RELEVANCY SCORE 79.6

A couple days ago I was looking at the weather online on my Toshiba laptop (XP Media, SP3) when I got a report from Avast stating it had blocked a connection to a malware site, just like this, which popped up when I was typing.

Infection Details

Process:file://C:\WINDOWS\System32\svchost.exe Infection:url:Mal
Obviously I scanned and it did pick up some things, and I thought I had gotten the problem. Obviously I didn't, and I got Malwarebytes which I scanned with and again thought I might be good. MWB just started constantly reporting outgoing connections being blocked. I did some digging, a lot more scanning (all turned up clean), and I noticed a couple things.

1. I'm getting issues with SVChost where it is sometimes taking up nearly my entire CPU. I replaced it with a different version of SVChost (in all windows folder locations) and whatever is using it to do the bad stuff isn't the file itself because it resumed causing trouble.

2. I tried to get rid of all unwanted processes & services, & I came upon one which I couldn't get rid of- groovemonitor, associated with Microsoft Office. I'm suspicious because I've tried deleting it, manually and automatically, and whenever I try to delete the entire Microsoft Office folder this one set of files (the groovemonitor dll's) will not let me delete the folder. I've tried disabling this whenever possible.

I'm still getting constant url blocks no matter what I have done, all sca... Read more

A:Avast & Malware Bytes Constantly Blocking Malware Connections

Just wanted to provide a bump.
 

Read other 1 answers
RELEVANCY SCORE 79.6

Been attempting to fix an issue I am currently having, as I have attempted to run scans and nothing has worked, here's a link to the page where a person has been trying to help me fix the issue.http://www.bleepingcomputer.com/forums/topic421339.htmlUpdate, it appears i have the TDSSVirus, any tips on trying to remove it, would be appreciated.Merged posts. ~ OB

A:Google ReDirect Virus, along with unable to run malware bytes or any other virus scan

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/421422 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 2 answers
RELEVANCY SCORE 79.2

New malware detects browser, shows fake malware warning page.

Microsoft is warning about a new piece of malware, Rogue:MSIL/Zeven, that auto-detects a user's browser and then imitates the relevant malware warning pages from Internet Explorer, Firefox, or Chrome. The fake warning pages are very similar to the real thing; you have to look closely to realize they aren't the real thing. The ploy is a basic social engineering scheme, but in this case the malware authors are relying on the user's trust in their browser, a tactic that hasn't been seen before.

-- Tom
 

A:New malware detects browser, shows fake malware warning page

Thanks
 

Read other 1 answers
RELEVANCY SCORE 79.2

Please help me fix my computer. I would also like to be able to make sure its gone for good, and still have my keyboard working.
My brother had this same virus, he was able to get rid of it, but now his keyboard won't work. So please help!

P.S. You will most likely have to give me easy step by step instructions, because I have a reading comprehension disability.
If you can't I can ask my brother to help me, I guess.
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.21.09

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Owner :: BABYRUTH [administrator]

7/21/2012 10:05:50 AM
mbam-log-2012-07-21 (10-05-50).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 334275
Time elapsed: 4 hour(s), 13 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Data: C:\Users\Owner\AppData\Local\{365ff89e... Read more

A:Malware Bytes found virus want to make sure its gone for good!

Hello, the surest way to be sure that rootkit is gone is to post a DDS log.Please go here....Preparation Guide ,do steps 6-9.Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.If GMER won't run (it may not on a 64 bit system) skip it and move on.Let me know if that went well.

Read other 5 answers
RELEVANCY SCORE 79.2

Hi. Have a friends PC to try and clean it up. Have tried running both Panda Online and Malware Bytes in Safe Mode and they both cause the machine to reboot. They have a lot of junk tool bars on here, but not sure if there is something malicious. Please let me know.

HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:46:18 PM, on 4/9/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Search Guard PlusU\sgpupdaters.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\USBKVM Switcher\USBKVM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.e... Read more

A:Running Panda and Malware Bytes causes PC to reboot. Virus?

bump please
 

Read other 1 answers
RELEVANCY SCORE 79.2

I first tried SpyBot S&D, then Ad-Aware, and then finally MalwareBytes with no luck yet. I even tried switching Internet Browsers. I'm running on Windows 7 Professional 64-bit. I first noticed the redirect started after I removed one of those fake virus scan, and fake threat viruses, that don't let you do anything on your computer. I rolled the computer back to a good setting, and ran McAfee Enterprise Edition. It removed the virus, but thats when the redirect started. I was using Mozilla Firefox, and continued when I swtiched to Google Chrome, and back to Firefox.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by Hyton Rong at 0:48:53 on 2012-02-20
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4093.2657 [GMT -8:00]
.
AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows ... Read more

A:Malware Bytes, didn't get rid of redirect Virus on Windows 7 64-bit.

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the r... Read more

Read other 12 answers
RELEVANCY SCORE 79.2

I am getting redirects in Firefox. I'll click on a search result in google, and I'll be taken to a different page. I got back and try again and I get the page I was trying to go to. This happens sporadically.

I have ran Malware Bytes AntiMalware and come up with a clean scan but I still get redirects and don't know how to remove it.

Please help Thanks!

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_18
Run by Mr.Roboto at 21:05:23 on 2011-09-07
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.2046.813 [GMT -7:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\syst... Read more

A:Redirects after clean Malware Bytes and virus scan

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the r... Read more

Read other 10 answers
RELEVANCY SCORE 79.2

I'm writing this post because I'm quite sure I've gotten another virus. I say another because I had an issue a few months back.

About a week or two ago I got constant popups from Malware Bytes stating "Malware Bytes blocked potentially malicious website." I did a scan with Malware Bytes and my AVG and did not get any results for viruses, malware, etc. A few days after, I received a notice from my Gmail that there was a suspicious login attempt that was blocked from Hong Kong. I again tried my virus searches. I got no results and decided to uninstall AVG and downloaded BitDefender to see if it would show any results.

The BitDefender found the virus Gen:Variant.Symmi.7281 located in c:\system volume information\_restore{129201fa-b0ac-49b3-96b2-deb8b91e727b}\rp41\a0017151.dll. The file was deleted and when I restarted the computer an error box popped up stating "Error loading C:\Documents and Settings\Tiffany Stembridge\Application Data\lemse.dll The specified module could not be found."

Today I turned on my computer and got the popup 90% of the time it was turned on. I kept having to turn it off because the hour glass would popup and couldn't click anything. I'm concerned I have a virus, and of course any help would be greatly appreciated.

A:Malware Bytes Blocked Website/DLL Module: VIrus?

Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply.====================================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwar... Read more

Read other 9 answers
RELEVANCY SCORE 78.8

I am pulling my hair out. Please help. I have followed the instructions in your excellent forum at http://www.bleepingcomputer.com/virus-remo...-antivirus-plus but still no luck. Everytime Malware Bytes starts to run it dies. I have also been unable to get the RootRepeal Report. Same problem - it starts then apparently is killed by Antivirus Plus. I also had difficulty getting the DDS Tool to generate the log files but it finally worked. Here are the two files. At least it's a start. Can you tell me what I should do next? Thank You

A:Antivirus Plus Kills Malware Bytes Anti-Malware

Hello and welcome to Bleeping Computer! We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Fo... Read more

Read other 2 answers
RELEVANCY SCORE 78.8

DDS will not run on my computer.. I think it's due to my version of Windows? Is there any other program I can use and post to get help?

A:Very slow computer and malware bytes picking up malware

Hello Heathr6913,

Welcome to Bleeping Computer.
My name is fireman4it and I will be helping you with your Malware problem.

Please take note of some guidelines for this fix:
Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
   If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
   Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

   Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  I will be analyzing your log. I will get back to you with instructions.  1.Please download AdwCleaner by Xplode and save to your Desktop.Double click on AdwCleaner.exe to run the tool .Click on the Scan button.AdwCleaner will begin to scan your computer.After the scan has finished...Click on the Clean button.Press OK when ask... Read more

Read other 4 answers
RELEVANCY SCORE 78.4

So since a few days I keep having problems with logging in to many websites. So I started to check it out and whenever I log in (ex:hotmail) or try to send a request to some site my internet browser freezes at sending the request and I cant open new tabs because it looks like I dont have connection to internet.So I need to restart my internet browser and then I can browse normally again but I cant login to sites.Then I started to check what actually happened when I send a request here is what I found out...Packets Stream ReportIndex 102Protocol TCPLocal Address 192.168.1.73Remote Address 213.182.197.228Local Port 2783Remote Port 80Local Host werkplek-c0543d.lanRemote Host Service Name httpPackets 5Data Size 3.900 BytesTotal Size 5.115 BytesData Speed 0.2 KB/SecCapture Time 8-7-2009 13:41:15:343Last Packet Time 8-7-2009 13:41:38:296Local MAC Address Remote MAC Address Local IP Country Remote IP Country POST /track.cgi HTTP/1.1Host: 219b2f5f0ef5f21a398b1187e003a8db.netContent-Type: application/x-www-form-urlencodedContent-Length: 814Connection: Closeu=EIGENAAR_WERKPLEKC0543DFCD0F6A5&t=append&b=1&v=TWljcm9zb2Z0IFdpbmRvd3MgWFAgU2VydmljZSBQYWNrIDI=&f=post.log&z=1825&n=defaultW1tbVVJMOiBkMDIuZWFzeS1zaGFyZS5jb20vZmlsZV9jb250ZW50cy9maWxlL2lkLzE5MDY2MzA1Mjcvc2tleS90dWMwbzg4d3QzbHozejRwL2NvbnRfaWQvMjEKUHJvY2VzczogQzpcUHJvZ3JhbSBGaWxlc1xNb3ppbGxhIEZpcmVmb3hcZmlyZWZveC5leGUKUmVmZXJlcjogaHR0cDovL3d3dy5lYXN5LXNoYXJlLmNvbS8xOTA2NjMwNTI3L1BhbmRhLkNvbW1hbmRMaW5lU2... Read more

A:Infected - No Anti/virus/spyware/malware detects it

Hello if you have not run this then please do so.Next run MBAM (MalwareBytes):NOTE: Before saving MBAM please rename it to zztoy.exe....now save it to your desktop.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan ... Read more

Read other 8 answers
RELEVANCY SCORE 78

Hello,

My laptop apparently got a Virus and a program called AntiVira AV continually tries to open and give virus alerts and asks to scan computer. The virus has disabled and/or damaged HiJack This, AVG Antivirus, and Malwarebytes and I am unable to get any report logs. Google redirects to spam sites (viagra, porn, etc). This all happened when I went to the website "Daily TV Online". Any help would be greatly appreciated.

Thank you,

J
 

A:AntiVira AV Redirect (Hijack This, AVG, Malware Bytes all disabled by Virus)

Read other 16 answers
RELEVANCY SCORE 78

My desktop computer uses XP, and it is 64 bit.Malware Bytes is constantly saying it has blocked an outgoing IP from connecting to websites. Random IP addresses will show up, which makes me wonder if I have a virus.However when I downloaded D.D.S. I made sure to disable all firewalls, antivirus etc. (I use NOD32, and SuperAntispyware and Malware Bytes) so all of them were disabled, yet DDS will only scan 3/4th of the way through and stop.In the instructions it says This scan should not take longer than three minutes to complete, and I have waited over 30 minutes without it moving past the 3/4th mark. To be specific, the scan stops right at the "it" in "Post the contents of the logfile to the forum where IT was requested."When I try to close the DDS program, it does not close, even with a CTRL ALT DELETE. I have to manually shut down the computer by holding the power button. Otherwise it doesn't turn off. Even minimizing the DDS screen immediately brings it back up on the screen.As far as GMER goes, the instructions stated it only works for 32 bit, is there anything like it that is used for 64 bit computers?Any help as to what is going on, would be much appreciated, thank you.

A:Possible Virus - Malware Bytes constantly blocks outgoing IP addresses

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/431216 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 38 answers
RELEVANCY SCORE 78

Hi,
Ive been infected with a Smart HDD. Ive ran Rkill and malware bytes. Malware bytes shows two registry files that are infected. should I delete these?

Registry Data Items Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.

Thanks in Advance.

A:smart hdd virus. malware bytes finds 2 in registry, delete?

Yes please do that.. Then run this ...Please download TDSSKiller.zip and and extract it.Run TDSSKiller.exe. Click Start scan.When it is finished the utility outputs a list of detected objects with description.
The utility automatically selects an action (Cure or Delete) for malicious objects.
The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click ContinueLet reboot if needed and tell me if the tool needed a reboot.Click on Report and post the contents of the text file that will open.

Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log has a name like: TDSSKiller.Version_Date_Time_log.txt.If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions. [color=green]In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.

Read other 10 answers
RELEVANCY SCORE 77.6

Hi to everyone, in the couple of days i have been experiencing something weird and stressfull, i have kaspersky 2016 Anti virus (recently upgrated to 2017) and it is blocking some URL from every browser, Edge, Explorer and chrome, the web pages are:


adserve.cpmba.se
bestarmour4u.work
bestarmour4u.work/favicon.ico
show.*********** Varies sites
I have runned Malwarebytes antimalware, Spybot, Adwcleaner, kaspersky full scan, and nothing shows up, i even formated my whole computer 2 times and the 2 times the URL gets blocked by kaspersky, but how do i get them removed once for all, can you help me please???

Running Windows 10 1155

Sorry for my english but please help me
 

A:Help! Malware? Virus? Kaspersky detects URL virus and blocked them but...

Uploaded files from FRST64

 

Read other 0 answers
RELEVANCY SCORE 77.2

Constant popups and redirect links everytime i try and click on anything on the internet... is actually driving me crazy now... seems to be since i installed the free windows 10... any help much appreciated have attached the dds files

A:Cant remove malware and have run avg, malware bytes, hitman pro etc

Constant popups and redirect links everytime i try and click on anything on the internet... is actually driving me crazy now... seems to be since i installed the free windows 10... any help much appreciated have attached the dds files

Read other 4 answers
RELEVANCY SCORE 77.2

I run malwarebytes daily and today it keeps finding malware (I've ran twice today) - something about uniblue and PC Machanic - but I don't have them (I know they're malware) and haven't downloaded anything for a long time and it's been a couple weeks since anything has needed updating and I make sure nothing is checked on updates.
I've not done anything out of the ordinary. Checked email (online - no program - didn't have anything suspicious and I delete anything with an attachment but nothing with an attachment anyway), checked NHK World, weather, NASA NG and AZ HW PODs, that's about it. Nothing to download and don't download anything but updates and been a couple weeks since any updates but Windows.

Read other answers
RELEVANCY SCORE 77.2

I was attempting to run Malware Bytes on my home system and got a Run Time Error 93 - invalid Pattern String error. I found some advice on this site in a forum on how to correct, downloaded the Combo-Fix, and took the steps outlined. I initally had (7) "infections" in my registry when I ran Malware Bytes beore the run time error, afterwards, down to 1 before the same error hit after I ran Combo-Fix, so some progress. I have followed the site instructions on what to process and have attached the logs. Hope someone has the expertise to help me with this. Thanks in advance! Daniel

A:Malware / Malware Bytes run-time error

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.We need to create an OTL report,Please download OT... Read more

Read other 21 answers
RELEVANCY SCORE 77.2

Hello
 
I recently did a fresh install of Windows 7 on my PC. I guess I forgot to install any AV until I was prompted to by Windows Update, which if I remember correctly, did install OK originally. Normally I would have installed AVG and MB, but I've had quite a few PC problems recently and so was a little haphazard, I can't remember whether I actually got MB installed prior to these problems or after. Anyhow, recently I started up my PC and upon starting got a message that MSE couldn't start because of error occurring during initialization, Error 0x80073b01.
 
I found a similar topic here and have run a few of the programs, most optimistically Hitman Pro, which found a couple trojans and malware items and deleted them. But I still have this issue with MSE that it can't load, can't be reinstalled and can't be uninstalled.
 
Other symptoms: Malware Bytes icon on my desktop went from being their logo to a generic .lnk/shortcut image and wouldn't load. I managed to reinstall it after using safe mode and using mbam clean to get rid of the mbamext.dll that wouldn't delete normally. I now have MBAM on my desktop and I can run it, but it won't get the latest updates (it appears to download them, but then says the db is missing or corrupt) and it won't let me do a scan.
 
I have been trying to copy some files to an external HD, but the ones with Security in their name can't be moved.
 
It seems like something is definitely running in the background ... Read more

A:Malware preventing MSE and Malware Bytes running?

Try running in Safe Mode and doing a full system scan with your antivirus.  You could also try a System Restore.  

Read other 2 answers