Over 1 million tech questions and answers.

possible virus on a machine that was given to me

Q: possible virus on a machine that was given to me

it is possible that I might have a virus with a dell machine running vista home basic 32-bit. my son-in-law received the machine from his brother. he asked me to look at because his brother said it was running slow. when I booted up the machine, pc cleanup software from all kids of vendors started running as well as backup software and various other software programs. I tried to launch MSCONFIG but nothing happens. I tried to go to internet explorer but it takes to a search.conduit.com. I have downloaded, run and pasted the results from the programs that are requested when you open a new thread. please let me know if there is anything else that you need.
I do have the following CD if that is any help -
Re installation DVD Windows vista - home basic 32bit (This software is already installed on your machine. only use this to reinstall the operating system on a dell-PC.)
the GMER program ran forever and was checking alot of the files in the tempoary internet files folder. I can't remove the files because I can;'t get to the tools in IE to activate the menu bar to get to the internet options to delete the files. I can't seem to find the folder when I bring up explorer. I have option set to display the hidden and system files but I cannot see the directory.

I finally cancelled the GMER process after about 4 hours. I have attached the arc.txt
highjack log
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:16:02 PM, on 3/1/2014
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16533)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\DriverUpdate\DriverUpdate.exe
C:\Program Files\Kodak\KODAK Share Button App\Listener.exe
C:\Program Files\Sendori\SendoriTray.exe
C:\Program Files\Mobogenie\DaemonProcess.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\GEORGE-APRIL\AppData\Local\Facebook\Update\FacebookUpdate.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskmgr.exe
C:\Users\GEORGE-APRIL\Desktop\HijackThis.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.com/?publisher=SnapdoGOblidoo&dpid=GOB1&co=US&userid=14a0f4e9-65e8-39b4-e728-b1b0db2f9f5f&searchtype=ds&q={searchTerms}&installDate=22/11/2013
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.com/?publisher=SnapdoGOblidoo&dpid=GOB1&co=US&userid=14a0f4e9-65e8-39b4-e728-b1b0db2f9f5f&searchtype=ds&q={searchTerms}&installDate=22/11/2013
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?ctid=CT3...=SP8C8B0D8C-9322-400A-837D-F7814E77CCAE&SSPV=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" class="wLink">http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={3185336F-8DAD-11E2-9BD3-001E4F46CBAD}
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.com/?publisher=SnapdoGOblidoo&dpid=GOB1&co=US&userid=14a0f4e9-65e8-39b4-e728-b1b0db2f9f5f&searchtype=ds&q={searchTerms}&installDate=22/11/2013
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.com/?publisher=SnapdoGOblidoo&dpid=GOB1&co=US&userid=14a0f4e9-65e8-39b4-e728-b1b0db2f9f5f&searchtype=ds&q={searchTerms}&installDate=22/11/2013
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll
O2 - BHO: CrossriderApp0049004 - {11111111-1111-1111-1111-110411901104} - C:\Program Files\Feven 1.8\Feven 1.8-bho.dll
O2 - BHO: (no name) - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - (no file)
O2 - BHO: Search-Results Toolbar - {377e5d4d-77e5-476a-8716-7e70a9272da0} - C:\PROGRA~1\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll (file missing)
O2 - BHO: AOL Toolbar Loader - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - (no file)
O2 - BHO: WhiteSmoke New - {739df940-c5ee-4bab-9d7e-270894ae687a} - (no file)
O2 - BHO: DefaultTabBHO - {7F6AFBF1-E065-4627-A2FD-810366367D01} - (no file)
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: InternetHelper3 - {b920380d-fbe7-45c7-96ab-37e9870a566c} - (no file)
O2 - BHO: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - (no file)
O2 - BHO: (no name) - {C1ED9DA0-AFD0-4b90-AC6A-D3874F591014} - (no file)
O2 - BHO: (no name) - {c4b22c87-45ef-4f43-89f2-40db2078864e} - (no file)
O2 - BHO: Updater By SweetPacks Helper - {C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} - (no file)
O2 - BHO: Music Remote BHO - {CA6D5FD2-AD35-44F8-AFEF-B36C908CE901} - C:\Program Files\Music Remote\1.0\KangoBHO.dll
O2 - BHO: ConnectSo - {cc1bef2d-0428-46d8-b1f4-492e1b206099} - (no file)
O2 - BHO: (no name) - {df22384f-cf68-4d19-969f-10423715528b} - (no file)
O2 - BHO: Gameoff-games - {e1514faa-0f36-4330-8590-ea8c9c0a903f} - C:\Program Files\Gameoff-games\prxtbGame.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - (no file)
O2 - BHO: MixiDJ V5 - {f6f0f973-a4a3-48cf-9a7a-b7a69c30d71a} - (no file)
O2 - BHO: TBSB07898 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - (no file)
O3 - Toolbar: StartNow Toolbar - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll (file missing)
O3 - Toolbar: (no name) - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll
O3 - Toolbar: Search-Results Toolbar - {377e5d4d-77e5-476a-8716-7e70a9272da0} - C:\PROGRA~1\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll (file missing)
O3 - Toolbar: (no name) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - (no file)
O3 - Toolbar: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)
O3 - Toolbar: Gameoff-games Toolbar - {e1514faa-0f36-4330-8590-ea8c9c0a903f} - C:\Program Files\Gameoff-games\prxtbGame.dll
O3 - Toolbar: Music Remote - {D2C31D2B-35BE-4C2B-ACCB-A78877274E60} - C:\Program Files\Music Remote\1.0\KangoBHO.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe
O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~1\SEARCH~1\Datamngr\DATAMN~1.EXE
O4 - HKLM\..\Run: [Sendori Tray] "C:\Program Files\Sendori\SendoriTray.exe"
O4 - HKLM\..\Run: [TotalRecipeSearch_14 Browser Plugin Loader] C:\PROGRA~1\TOTALR~2\bar\1.bin\14brmon.exe
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [mobilegeni daemon] C:\Program Files\Mobogenie\DaemonProcess.exe
O4 - HKLM\..\RunOnce: [SpUninstallCleanUp] REG delete HKEY_LOCAL_MACHINE\Software\SearchProtect /f
O4 - HKCU\..\Run: [StartNow Search Protect] "C:\Program Files\StartNow Toolbar\search_protect.exe" /REPORT /PROTECT /RELAY
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\GEORGE-APRIL\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [Driver Pro] C:\Program Files\Driver Pro\DPLauncher.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\sendori.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\sendori.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\sendori.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\sendori.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\sendori.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {5EA13312-8764-496F-B4AB-F7A872B51E14} (ooVooWebCtrl Class) - https://oovoowww3-a.akamaihd.net/oovoomelink/oovoome/webvc/ooVooWeb.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Application Sendori - Sendori, Inc. - C:\Program Files\Sendori\SendoriSvc.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: BackupService - ArcSoft, Inc. - C:\Users\GEORGE-APRIL\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DealPly Live Service (dealplylive) (dealplylive) - DealPly Technologies Ltd - C:\Program Files\DealPlyLive\Update\DealPlyLive.exe
O23 - Service: DealPly Live Service (dealplylivem) (dealplylivem) - DealPly Technologies Ltd - C:\Program Files\DealPlyLive\Update\DealPlyLive.exe
O23 - Service: DefaultTabUpdate - Unknown owner - C:\Users\GEORGE-APRIL\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MgAssist Service (MgAssistService) - Unknown owner - C:\Program Files\Mobogenie\MgAssist.exe
O23 - Service: Norton PC Checkup Application Launcher - Symantec Corporation - C:\Program Files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
O23 - Service: Service Sendori - sendori - C:\Program Files\Sendori\Sendori.Service.exe
O23 - Service: sndappv2 - Sendori - C:\Program Files\Sendori\sndappv2.exe
O23 - Service: Updater Service for StartNow Toolbar - Unknown owner - C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe (file missing)
O23 - Service: WajamUpdaterV3 - Unknown owner - C:\Program Files\Wajam\Updater\WajamUpdaterV3.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 11366 bytes
DDS

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16533
Run by GEORGE-APRIL at 20:16:40 on 2014-03-01
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2046.866 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\DriverUpdate\DriverUpdate.exe
C:\Program Files\Kodak\KODAK Share Button App\Listener.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Users\GEORGE-APRIL\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Mobogenie\MgAssist.exe
C:\Program Files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
C:\Program Files\Search Results Toolbar\Datamngr\datamngrUI.exe
C:\Program Files\Sendori\SendoriTray.exe
C:\Program Files\Mobogenie\DaemonProcess.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\GEORGE-APRIL\AppData\Local\Facebook\Update\FacebookUpdate.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Yontoo\Y2Desktop.Updater.exe
C:\Program Files\Sendori\SendoriSvc.exe
C:\Program Files\Sendori\Sendori.Service.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Sendori\SendoriUp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Sendori\sndappv2.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com/?ctid=CT3308837&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP8C8B0D8C-9322-400A-837D-F7814E77CCAE&SSPV=
uSearch Bar = hxxp://feed.snapdo.com/?publisher=SnapdoGOblidoo&dpid=GOB1&co=US&userid=14a0f4e9-65e8-39b4-e728-b1b0db2f9f5f&searchtype=ds&q={searchTerms}&installDate=22/11/2013
uSearch Page = hxxp://feed.snapdo.com/?publisher=SnapdoGOblidoo&dpid=GOB1&co=US&userid=14a0f4e9-65e8-39b4-e728-b1b0db2f9f5f&searchtype=ds&q={searchTerms}&installDate=22/11/2013
mStart Page = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={3185336F-8DAD-11E2-9BD3-001E4F46CBAD}
uSearchAssistant = hxxp://feed.snapdo.com/?publisher=SnapdoGOblidoo&dpid=GOB1&co=US&userid=14a0f4e9-65e8-39b4-e728-b1b0db2f9f5f&searchtype=ds&q={searchTerms}&installDate=22/11/2013
mURLSearchHooks: AOL Toolbar Search Class: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} -
mURLSearchHooks: {b920380d-fbe7-45c7-96ab-37e9870a566c} - <orphaned>
mURLSearchHooks: {f6f0f973-a4a3-48cf-9a7a-b7a69c30d71a} - <orphaned>
mURLSearchHooks: {739df940-c5ee-4bab-9d7e-270894ae687a} - <orphaned>
mURLSearchHooks: {cc1bef2d-0428-46d8-b1f4-492e1b206099} - <orphaned>
mURLSearchHooks: Gameoff-games Toolbar: {e1514faa-0f36-4330-8590-ea8c9c0a903f} - c:\program files\gameoff-games\prxtbGame.dll
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn6\yt.dll
BHO: Feven 1.8: {11111111-1111-1111-1111-110411901104} - c:\program files\feven 1.8\Feven 1.8-bho.dll
BHO: {31ad400d-1b06-4e33-a59a-90c2c140cba0} - <orphaned>
BHO: Search-Results Toolbar: {377e5d4d-77e5-476a-8716-7e70a9272da0} -
BHO: {3ef64538-8b54-4573-b48f-4d34b0238ab2} - <orphaned>
BHO: {739df940-c5ee-4bab-9d7e-270894ae687a} - <orphaned>
BHO: {7F6AFBF1-E065-4627-A2FD-810366367D01} - <orphaned>
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: {b920380d-fbe7-45c7-96ab-37e9870a566c} - <orphaned>
BHO: {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - <orphaned>
BHO: {C1ED9DA0-AFD0-4b90-AC6A-D3874F591014} - <orphaned>
BHO: {c4b22c87-45ef-4f43-89f2-40db2078864e} - <orphaned>
BHO: {C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} - <orphaned>
BHO: Music RemoteBHO: {CA6D5FD2-AD35-44F8-AFEF-B36C908CE901} - c:\program files\music remote\1.0\KangoBHO.dll
BHO: {cc1bef2d-0428-46d8-b1f4-492e1b206099} - <orphaned>
BHO: {df22384f-cf68-4d19-969f-10423715528b} - <orphaned>
BHO: Gameoff-games Toolbar: {e1514faa-0f36-4330-8590-ea8c9c0a903f} - c:\program files\gameoff-games\prxtbGame.dll
BHO: {EEE6C35C-6118-11DC-9C72-001320C79847} - <orphaned>
BHO: {f6f0f973-a4a3-48cf-9a7a-b7a69c30d71a} - <orphaned>
BHO: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - <orphaned>
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Music Remote: {D2C31D2B-35BE-4C2B-ACCB-A78877274E60} - c:\program files\music remote\1.0\KangoBHO.dll
TB: Gameoff-games Toolbar: {E1514FAA-0F36-4330-8590-EA8C9C0A903F} - c:\program files\gameoff-games\prxtbGame.dll
TB: StartNow Toolbar: {5911488E-9D1E-40ec-8CBB-06B231CC153F} -
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn6\yt.dll
TB: Search-Results Toolbar: {377e5d4d-77e5-476a-8716-7e70a9272da0} -
TB: Gameoff-games Toolbar: {e1514faa-0f36-4330-8590-ea8c9c0a903f} - c:\program files\gameoff-games\prxtbGame.dll
TB: Music Remote: {D2C31D2B-35BE-4C2B-ACCB-A78877274E60} - c:\program files\music remote\1.0\KangoBHO.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [StartNow Search Protect] "c:\program files\startnow toolbar\search_protect.exe" /REPORT /PROTECT /RELAY
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Facebook Update] "c:\users\george-april\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Driver Pro] c:\program files\driver pro\DPLauncher.exe
mRun: [Conime] c:\windows\system32\conime.exe
mRun: [DATAMNGR] c:\progra~1\search~1\datamngr\DATAMN~1.EXE
mRun: [Sendori Tray] "c:\program files\sendori\SendoriTray.exe"
mRun: [TotalRecipeSearch_14 Browser Plugin Loader] c:\progra~1\totalr~2\bar\1.bin\14brmon.exe
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [mobilegeni daemon] c:\program files\mobogenie\DaemonProcess.exe
mRunOnce: [SpUninstallCleanUp] REG delete HKEY_LOCAL_MACHINE\Software\SearchProtect /f
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableVirtualization = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223}
LSP: c:\windows\system32\Sendori.dll
DPF: {5EA13312-8764-496F-B4AB-F7A872B51E14} - hxxps://oovoowww3-a.akamaihd.net/oovoomelink/oovoome/webvc/ooVooWeb.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.254 192.168.0.1 192.168.1.254
TCP: Interfaces\{863821CC-9765-4BD2-A7B0-DAEA71B49234} : DHCPNameServer = 192.168.1.254 192.168.0.1 192.168.1.254
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\33.0.1750.117\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
IFEO: k9filter.exe - svchost.exe
IFEO: MpCmdRun.exe - svchost.exe
IFEO: MpUXSrv.exe - svchost.exe
IFEO: MSASCui.exe - svchost.exe
IFEO: msconfig.exe - svchost.exe
.
Note: multiple IFEO entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R0 amacpi;Microsoft Away Mode System;c:\windows\system32\drivers\null.sys [2012-1-3 4608]
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-3-14 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-3-14 180248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-12-28 775952]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-12-28 410784]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2013-5-23 119056]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-11-10 176128]
R2 Application Sendori;Application Sendori;c:\program files\sendori\SendoriSvc.exe [2013-7-1 119072]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-12-28 67824]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-12-28 50344]
R2 BackupService;BackupService;c:\users\george-april\appdata\roaming\hp simplesave application\uUACTokenSvc.exe [2011-12-28 83512]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2012-1-3 21504]
R2 MgAssistService;MgAssist Service;c:\program files\mobogenie\MgAssist.exe [2014-1-22 63168]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\norton pc checkup 3.0\SymcPCCULaunchSvc.exe [2013-7-11 132504]
R2 Service Sendori;Service Sendori;c:\program files\sendori\Sendori.Service.exe [2013-7-1 22304]
R2 sndappv2;sndappv2;c:\program files\sendori\sndappv2.exe [2013-7-1 3623200]
R2 Yontoo Desktop Updater;Yontoo Desktop Updater;c:\program files\yontoo\Y2Desktop.Updater.exe [2013-3-15 23552]
R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2006-11-2 987648]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2006-11-2 251904]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 dealplylive;DealPly Live Service (dealplylive);c:\program files\dealplylive\update\DealPlyLive.exe [2013-11-25 148000]
S2 DefaultTabUpdate;DefaultTabUpdate;"c:\users\george-april\appdata\roaming\defaulttab\defaulttab\dtupdate.exe" --> c:\users\george-april\appdata\roaming\defaulttab\defaulttab\DTUpdate.exe [?]
S2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;c:\program files\startnow toolbar\toolbarupdaterservice.exe --> c:\program files\startnow toolbar\ToolbarUpdaterService.exe [?]
S2 WajamUpdaterV3;WajamUpdaterV3;"c:\program files\wajam\updater\wajamupdaterv3.exe" --> c:\program files\wajam\updater\WajamUpdaterV3.exe [?]
S3 dealplylivem;DealPly Live Service (dealplylivem);c:\program files\dealplylive\update\DealPlyLive.exe [2013-11-25 148000]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2014-1-15 13464]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-9-11 770168]
.
=============== File Associations ===============
.
ShellExec: vlc.exe: Open="c:\program files\easy media player\emp.exe" --started-from-file "%1"
.
=============== Created Last 30 ================
.
2014-03-01 23:08:14 -------- d-----w- c:\users\george-april\appdata\roaming\SUPERAntiSpyware.com
2014-03-01 23:08:06 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2014-03-01 23:08:06 -------- d-----w- c:\program files\SUPERAntiSpyware
2014-02-28 04:51:52 -------- d-----w- C:\Boot
2014-02-26 23:24:09 -------- d-----w- c:\windows\Migration
2014-02-12 13:50:09 1248768 ----a-w- c:\windows\system32\msxml3.dll
2014-01-31 14:45:15 7760024 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{4a4b5940-859e-4358-a446-cf215f4fec9c}\mpengine.dll
.
==================== Find3M ====================
.
2014-03-02 00:45:55 13464 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2014-03-01 22:58:31 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-03-01 22:58:31 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-03-01 22:58:31 43152 ----a-w- c:\windows\avastSS.scr
2014-03-01 22:58:31 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-02-21 17:53:14 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-21 17:53:14 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-21 17:53:06 8835464 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2014-02-05 08:56:17 1806848 ----a-w- c:\windows\system32\jscript9.dll
2014-02-05 08:50:39 1129472 ----a-w- c:\windows\system32\wininet.dll
2014-02-05 08:49:56 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2014-02-05 08:48:40 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2014-02-05 08:48:27 421376 ----a-w- c:\windows\system32\vbscript.dll
2014-02-05 08:47:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2014-01-22 22:29:09 851176 ----a-w- c:\windows\system32\WinUSBCoInstaller2.dll
2014-01-22 22:29:09 53152 ----a-w- c:\windows\system32\USBCoInstaller.dll
2014-01-22 22:29:09 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2013-12-18 11:13:56 231584 ------w- c:\windows\system32\MpSigStub.exe
2013-12-08 08:50:02 0 ----a-w- C:\LILE82C.tmp
2013-12-08 08:50:01 0 ----a-w- C:\LILE7AF.tmp
2013-12-08 08:50:01 0 ----a-w- C:\LILE7A0.tmp
2013-12-08 08:49:41 1169609 ----a-w- c:\windows\unins000.exe
.
============= FINISH: 20:17:14.61 ===============
attach log
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume3
Install Date: 12/28/2011 4:00:23 PM
System Uptime: 3/1/2014 7:09:24 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0RY206
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4000+ | Socket AM2 | 1800/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 223 GiB total, 91.885 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 4.943 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Image File Execution Options =============
.
IFEO: k9filter.exe - svchost.exe
IFEO: MpCmdRun.exe - svchost.exe
IFEO: MpUXSrv.exe - svchost.exe
IFEO: MSASCui.exe - svchost.exe
IFEO: msconfig.exe - svchost.exe
IFEO: msmpeng.exe - svchost.exe
IFEO: msseces.exe - svchost.exe
.
==== Installed Programs ======================
.
3D Fish School Screen Saver 4.991
3D Volcano ScreenSaver
Adobe AIR
Adobe Flash Player 12 ActiveX
Adobe Reader X (10.1.9)
AOL Toolbar
ArcadeCandy
avast! Free Antivirus
Bird Hunter 2003
Bonjour
Cabela's Dangerous Hunts
ConnectSo Toolbar for IE
Coupon Printer for Windows
CouponBar
Dealply
DealPly (remove only)
Deer's Revenge
Deer's Revenge XP Sp2 Fix
Deer Drive
Deer Hunt Challenge SE
Deer Hunter
Deer Hunter - The 2005 Season
DefaultTab
Delta toolbar
Download Updater (AOL Inc.)
Driver Pro v3.0
DriverUpdate
EA Network Play System
Easy Media Player 1.1.12
ExFriendAlert
Facebook Video Calling 2.0.0.447
Feven 1.8
Flash Player Pro V5.4
FlashPlayer
Gameoff-games Toolbar for IE
GameSpy Arcade
GetSavin
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hunting Unlimited
iLivid
InfoAtoms
Internet Explorer Toolbar 4.7 by SweetPacks
IWantThis
JFileManager
jollywallet
KODAK Share Button App
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4.5.1
Microsoft Silverlight
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mobogenie
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music Remote
Music remote Addon (remove only)
NewPlayer
Norton PC Checkup
Oddly Enough - Pied Piper
PlayFizz
Plus-HD-1.2
RingtoneJunkiez Desktop
ScorpionSaver
Search-Results Toolbar
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Sendori
Snap.Do
Snap.Do Engine
Software Updater version 1.8.3
Software Version Updater
StartNow Toolbar
Strongvault Online Backup
SUPERAntiSpyware
Torch
Turkey Hunter
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Updater By SweetPacks 2.0.0.566
USA Bass
Video Downloader version 1.9.1.12
VideoPlayer v2.0.6
Windows Driver Package - Eastman Kodak KODAK Digital Camera (01/29/2010 1.4.1.0)
Wizard101
Yahoo! Software Update
Yahoo! Toolbar
Yontoo 2.05
.
==== Event Viewer Messages From Past Week ========
.
3/1/2014 8:00:06 AM, Error: Service Control Manager [7034] - The sndappv2 service terminated unexpectedly. It has done this 1 time(s).
3/1/2014 7:45:52 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: iSafeNetFilter Null
3/1/2014 7:45:52 PM, Error: Service Control Manager [7022] - The Service Sendori service hung on starting.
3/1/2014 7:44:13 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the sndappv2 service to connect.
3/1/2014 7:44:13 PM, Error: Service Control Manager [7000] - The WajamUpdaterV3 service failed to start due to the following error: The system cannot find the path specified.
3/1/2014 7:44:13 PM, Error: Service Control Manager [7000] - The sndappv2 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/1/2014 7:44:13 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
3/1/2014 7:44:13 PM, Error: Service Control Manager [7000] - The DefaultTabUpdate service failed to start due to the following error: The system cannot find the path specified.
3/1/2014 6:48:01 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Null
3/1/2014 6:46:18 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Computer Backup (MyPC Backup) service to connect.
3/1/2014 6:46:18 PM, Error: Service Control Manager [7000] - The Computer Backup (MyPC Backup) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/1/2014 6:42:53 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswRvrt aswSnx aswSP aswTdi aswVmm DfsC iSafeNetFilter NetBIOS netbt nsiproxy Null PSched RasAcd rdbss SASDIFSV SASKUTIL Smb spldr tdx Wanarpv6 ws2ifsl
3/1/2014 6:42:53 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/1/2014 6:42:53 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
3/1/2014 6:42:53 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
3/1/2014 6:42:53 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
3/1/2014 6:42:53 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
3/1/2014 6:42:53 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
3/1/2014 6:42:53 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
3/1/2014 6:42:53 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
3/1/2014 6:42:53 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/1/2014 6:42:53 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
3/1/2014 6:42:53 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/1/2014 6:42:53 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/1/2014 6:42:53 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
3/1/2014 6:42:53 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
3/1/2014 6:42:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
3/1/2014 6:42:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
3/1/2014 6:42:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
3/1/2014 6:42:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
3/1/2014 6:41:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/1/2014 6:41:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
3/1/2014 5:53:06 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetbiosSmb because another computer on the network has the same name. The server could not start.
3/1/2014 5:53:05 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.2.6 for the Network Card with network address 001E4F46CBAD has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
3/1/2014 5:50:13 PM, Error: Service Control Manager [7031] - The Service Sendori service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/27/2014 9:20:01 PM, Error: EventLog [6008] - The previous system shutdown at 9:13:52 PM on 2/27/2014 was unexpected.
2/27/2014 8:03:50 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
2/27/2014 8:03:50 PM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/27/2014 7:30:52 PM, Error: EventLog [6008] - The previous system shutdown at 6:43:21 PM on 2/27/2014 was unexpected.
2/25/2014 9:08:13 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume HP SimpleSave.
2/25/2014 9:08:13 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume F:.
2/25/2014 9:04:10 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.2.2 for the Network Card with network address 001E4F46CBAD has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
2/23/2014 7:56:28 PM, Error: EventLog [6008] - The previous system shutdown at 10:48:39 PM on 2/22/2014 was unexpected.
.
==== End Of File ===========================

ark.txt
GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-03-02 21:49:26
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\00000051 ST325031 rev.3.AD 232.83GB
Running: z7ph4iyj.exe; Driver: C:\Users\GEORGE~1\AppData\Local\Temp\kwtyruow.sys
---- System - GMER 2.1 ----

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwAddBootEntry [0x8D4FAACC]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0x8D4FB5AA]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateEvent [0x8D507692]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateEventPair [0x8D5076DE]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0x8D507878]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateMutant [0x8D507600]
SSDT \??\C:\Windows\system32\drivers\aswSP.sys ZwCreateSection [0x8DE16426]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateSemaphore [0x8D507648]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateThread [0x8D4FBAE0]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateTimer [0x8D507832]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0x8D4FC398]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0x8D4FAB32]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwDuplicateObject [0x8D4FFBE4]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwLoadDriver [0x8D4FA71E]
SSDT \??\C:\Windows\system32\drivers\aswSP.sys ZwMapViewOfSection [0x8DE16506]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwModifyBootEntry [0x8D4FAB98]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0x8D4FFFDA]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0x8D4FCEDE]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenEvent [0x8D5076BC]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenEventPair [0x8D507700]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0x8D50789C]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenMutant [0x8D507626]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenProcess [0x8D4FF4DE]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenSection [0x8D5077B0]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenSemaphore [0x8D507670]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenThread [0x8D4FF8C6]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenTimer [0x8D507856]
SSDT \??\C:\Windows\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0x8DE162AA]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwQueryObject [0x8D4FCCF4]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwQueueApcThread [0x8D4FC84A]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0x8D4FABFE]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSetBootOptions [0x8D4FAC64]
SSDT \??\C:\Windows\system32\drivers\aswSP.sys ZwSetContextThread [0x8DE16602]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSetSystemInformation [0x8D4FA7B8]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0x8D4FA98A]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwShutdownSystem [0x8D4FA918]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSuspendProcess [0x8D4FC562]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSuspendThread [0x8D4FC6C4]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSystemDebugControl [0x8D4FAA12]
SSDT \??\C:\Windows\system32\drivers\aswSP.sys ZwTerminateProcess [0x8DE16378]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwTerminateThread [0x8D4FC1F2]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwVdmControl [0x8D4FACCA]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwWriteVirtualMemory [0x8D4FB606]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateThreadEx [0x8D4FBCFC]

---- Kernel code sections - GMER 2.1 ----

.text ntkrnlpa.exe!KeSetEvent + 10D 828FB758 4 Bytes [CC, AA, 4F, 8D]
.text ntkrnlpa.exe!KeSetEvent + 191 828FB7DC 4 Bytes [AA, B5, 4F, 8D]
.text ntkrnlpa.exe!KeSetEvent + 1D1 828FB81C 8 Bytes [92, 76, 50, 8D, DE, 76, 50, ...]
.text ntkrnlpa.exe!KeSetEvent + 1DD 828FB828 4 Bytes [78, 78, 50, 8D]
.text ntkrnlpa.exe!KeSetEvent + 1F5 828FB840 4 Bytes [00, 76, 50, 8D]
.text ...
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 82A8900F 4 Bytes CALL 8D4FD5C5 \??\C:\Windows\system32\drivers\aswSnx.sys
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 82A8CC83 4 Bytes CALL 8D4FD5DB \??\C:\Windows\system32\drivers\aswSnx.sys
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8C803000, 0x3BEEC5, 0xE8000020]
? C:\Users\GEORGE~1\AppData\Local\Temp\mbr.sys The filename, directory name, or volume label syntax is incorrect. !

---- User code sections - GMER 2.1 ----

.text C:\Windows\system32\taskeng.exe[12] kernel32.dll!GetBinaryTypeW + 70 763E2447 1 Byte [62]
.text C:\Windows\Explorer.EXE[272] kernel32.dll!GetBinaryTypeW + 70 763E2447 1 Byte [62]
.text C:\Windows\system32\csrss.exe[484] KERNEL32.dll!GetBinaryTypeW + 70 763E2447 1 Byte [62]
.text C:\Windows\system32\csrss.exe[556] KERNEL32.dll!GetBinaryTypeW + 70 763E2447 1 Byte [62]
.text C:\Windows\system32\wininit.exe[564] kernel32.dll!GetBinaryTypeW + 70 763E2447 1 Byte [62]
.text ...
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2816] ntdll.dll!LdrLoadDll 77B99378 5 Bytes JMP 001401F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2816] ntdll.dll!LdrUnloadDll 77BAB680 5 Bytes JMP 001403FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2816] KERNEL32.dll!GetBinaryTypeW + 70 763E2447 1 Byte [62]
.text C:\Windows\system32\NOTEPAD.EXE[2832] kernel32.dll!GetBinaryTypeW + 70 763E2447 1 Byte [62]
.text C:\Program Files\Mobogenie\DaemonProcess.exe[2872] kernel32.dll!GetBinaryTypeW + 70 763E2447 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2908] kernel32.dll!GetBinaryTypeW + 70 763E2447 1 Byte [62]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2928] kernel32.dll!GetBinaryTypeW + 70 763E2447 1 Byte [62]
.text ...
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4252] ntdll.dll!LdrLoadDll 77B99378 5 Bytes JMP 002A01F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4252] ntdll.dll!LdrUnloadDll 77BAB680 5 Bytes JMP 002A03FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4252] ntdll.dll!NtCreateFile + 6 77BD426A 4 Bytes [28, 0C, 24, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4252] ntdll.dll!NtCreateFile + B 77BD426F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4252] ntdll.dll!NtMapViewOfSection + 6 77BD49BA 4 Bytes [28, 0F, 24, 00] {SUB [EDI], CL; AND AL, 0x0}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4252] ntdll.dll!NtMapViewOfSection + B 77BD49BF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4252] ntdll.dll!NtOpenFile + 6 77BD4A4A 4 Bytes [68, 0C, 24, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4252] ntdll.dll!NtOpenFile + B 77BD4A4F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4252] ntdll.dll!NtOpenProcess + 6 77BD4ACA 4 Bytes [A8, 0D, 24, 00] {TEST AL, 0xd; AND AL, 0x0}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4252] ntdll.dll!NtOpenProcess + B 77BD4ACF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4252] ntdll.dll!NtOpenProcessToken + B 77BD4ADF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4252] ntdll.dll!NtOpenProcessTokenEx + 6 77BD4AEA 4 Bytes [A8, 0E, 24, 00] {TEST AL, 0xe; AND AL, 0x0}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4252] ntdll.dll!NtOpenProcessTokenEx + B 77BD4AEF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4252] ntdll.dll!NtOpenThread + 6 77BD4B3A 4 Bytes [68, 0D, 24, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4252] ntdll.dll!NtOpenThread + B 77BD4B3F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4252] ntdll.dll!NtOpenThreadToken + 6 77BD4B4A 4 Bytes [68, 0E, 24, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4252] ntdll.dll!NtOpenThreadToken + B 77BD4B4F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4252] ntdll.dll!NtOpenThreadTokenEx + B 77BD4B5F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4252] ntdll.dll!NtQueryAttributesFile + 6 77BD4BEA 4 Bytes [A8, 0C, 24, 00] {TEST AL, 0xc; AND AL, 0x0}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4252] ntdll.dll!NtQueryAttributesFile + B 77BD4BEF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4252] ntdll.dll!NtQueryFullAttributesFile + B 77BD4C9F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4252] ntdll.dll!NtSetInformationFile + 6 77BD517A 4 Bytes [28, 0D, 24, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4252] ntdll.dll!NtSetInformationFile + B 77BD517F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4252] ntdll.dll!NtSetInformationThread + 6 77BD51CA 4 Bytes [28, 0E, 24, 00] {SUB [ESI], CL; AND AL, 0x0}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4252] ntdll.dll!NtSetInformationThread + B 77BD51CF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4252] ntdll.dll!NtUnmapViewOfSection + 6 77BD546A 4 Bytes [68, 0F, 24, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4252] ntdll.dll!NtUnmapViewOfSection + B 77BD546F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4252] KERNEL32.dll!GetBinaryTypeW + 70 763E2447 1 Byte [62]
.text C:\Windows\system32\taskmgr.exe[4528] kernel32.dll!GetBinaryTypeW + 70 763E2447 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!LdrLoadDll 77B99378 5 Bytes JMP 004501F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!LdrUnloadDll 77BAB680 5 Bytes JMP 004503FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtCreateFile + 6 77BD426A 4 Bytes [28, D0, 30, 00] {SUB AL, DL; XOR [EAX], AL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtCreateFile + B 77BD426F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtMapViewOfSection + 6 77BD49BA 4 Bytes [28, D3, 30, 00] {SUB BL, DL; XOR [EAX], AL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtMapViewOfSection + B 77BD49BF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtOpenFile + 6 77BD4A4A 4 Bytes [68, D0, 30, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtOpenFile + B 77BD4A4F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtOpenProcess + 6 77BD4ACA 4 Bytes [A8, D1, 30, 00] {TEST AL, 0xd1; XOR [EAX], AL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtOpenProcess + B 77BD4ACF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtOpenProcessToken + B 77BD4ADF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtOpenProcessTokenEx + 6 77BD4AEA 4 Bytes [A8, D2, 30, 00] {TEST AL, 0xd2; XOR [EAX], AL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtOpenProcessTokenEx + B 77BD4AEF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtOpenThread + 6 77BD4B3A 4 Bytes [68, D1, 30, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtOpenThread + B 77BD4B3F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtOpenThreadToken + 6 77BD4B4A 4 Bytes [68, D2, 30, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtOpenThreadToken + B 77BD4B4F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtOpenThreadTokenEx + B 77BD4B5F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtQueryAttributesFile + 6 77BD4BEA 4 Bytes [A8, D0, 30, 00] {TEST AL, 0xd0; XOR [EAX], AL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtQueryAttributesFile + B 77BD4BEF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtQueryFullAttributesFile + B 77BD4C9F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtSetInformationFile + 6 77BD517A 4 Bytes [28, D1, 30, 00] {SUB CL, DL; XOR [EAX], AL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtSetInformationFile + B 77BD517F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtSetInformationThread + 6 77BD51CA 4 Bytes [28, D2, 30, 00] {SUB DL, DL; XOR [EAX], AL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtSetInformationThread + B 77BD51CF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtUnmapViewOfSection + 6 77BD546A 4 Bytes [68, D3, 30, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtUnmapViewOfSection + B 77BD546F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] KERNEL32.dll!GetBinaryTypeW + 70 763E2447 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5544] ntdll.dll!LdrLoadDll 77B99378 5 Bytes JMP 005101F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5544] ntdll.dll!LdrUnloadDll 77BAB680 5 Bytes JMP 005103FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5544] ntdll.dll!NtCreateFile + 6 77BD426A 4 Bytes [28, CC, 4B, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5544] ntdll.dll!NtCreateFile + B 77BD426F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5544] ntdll.dll!NtMapViewOfSection + 6 77BD49BA 4 Bytes [28, CF, 4B, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5544] ntdll.dll!NtMapViewOfSection + B 77BD49BF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5544] ntdll.dll!NtOpenFile + 6 77BD4A4A 4 Bytes [68, CC, 4B, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5544] ntdll.dll!NtOpenFile + B 77BD4A4F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5544] ntdll.dll!NtOpenProcess + 6 77BD4ACA 4 Bytes [A8, CD, 4B, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5544] ntdll.dll!NtOpenProcess + B 77BD4ACF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5544] ntdll.dll!NtOpenProcessToken + B 77BD4ADF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5544] ntdll.dll!NtOpenProcessTokenEx + 6 77BD4AEA 4 Bytes [A8, CE, 4B, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5544] ntdll.dll!NtOpenProcessTokenEx + B 77BD4AEF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5544] ntdll.dll!NtOpenThread + 6 77BD4B3A 4 Bytes [68, CD, 4B, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5544] ntdll.dll!NtOpenThread + B 77BD4B3F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5544] ntdll.dll!NtOpenThreadToken + 6 77BD4B4A 4 Bytes [68, CE, 4B, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5544] ntdll.dll!NtOpenThreadToken + B 77BD4B4F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5544] ntdll.dll!NtOpenThreadTokenEx + B 77BD4B5F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5544] ntdll.dll!NtQueryAttributesFile + 6 77BD4BEA 4 Bytes [A8, CC, 4B, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5544] ntdll.dll!NtQueryAttributesFile + B 77BD4BEF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5544] ntdll.dll!NtQueryFullAttributesFile + B 77BD4C9F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5544] ntdll.dll!NtSetInformationFile + 6 77BD517A 4 Bytes [28, CD, 4B, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5544] ntdll.dll!NtSetInformationFile + B 77BD517F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5544] ntdll.dll!NtSetInformationThread + 6 77BD51CA 4 Bytes [28, CE, 4B, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5544] ntdll.dll!NtSetInformationThread + B 77BD51CF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5544] ntdll.dll!NtUnmapViewOfSection + 6 77BD546A 4 Bytes [68, CF, 4B, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5544] ntdll.dll!NtUnmapViewOfSection + B 77BD546F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5544] KERNEL32.dll!GetBinaryTypeW + 70 763E2447 1 Byte [62]
.text C:\Windows\system32\NOTEPAD.EXE[5844] kernel32.dll!GetBinaryTypeW + 70 763E2447 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6092] ntdll.dll!LdrLoadDll 77B99378 5 Bytes JMP 00D801F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6092] ntdll.dll!LdrUnloadDll 77BAB680 5 Bytes JMP 00D803FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6092] ntdll.dll!NtCreateFile + 6 77BD426A 4 Bytes [28, 9C, D2, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6092] ntdll.dll!NtCreateFile + B 77BD426F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6092] ntdll.dll!NtMapViewOfSection + 6 77BD49BA 4 Bytes [28, 9F, D2, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6092] ntdll.dll!NtMapViewOfSection + B 77BD49BF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6092] ntdll.dll!NtOpenFile + 6 77BD4A4A 4 Bytes [68, 9C, D2, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6092] ntdll.dll!NtOpenFile + B 77BD4A4F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6092] ntdll.dll!NtOpenProcess + 6 77BD4ACA 4 Bytes [A8, 9D, D2, 00] {TEST AL, 0x9d; ROL [EAX], CL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6092] ntdll.dll!NtOpenProcess + B 77BD4ACF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6092] ntdll.dll!NtOpenProcessToken + B 77BD4ADF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6092] ntdll.dll!NtOpenProcessTokenEx + 6 77BD4AEA 4 Bytes [A8, 9E, D2, 00] {TEST AL, 0x9e; ROL [EAX], CL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6092] ntdll.dll!NtOpenProcessTokenEx + B 77BD4AEF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6092] ntdll.dll!NtOpenThread + 6 77BD4B3A 4 Bytes [68, 9D, D2, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6092] ntdll.dll!NtOpenThread + B 77BD4B3F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6092] ntdll.dll!NtOpenThreadToken + 6 77BD4B4A 4 Bytes [68, 9E, D2, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6092] ntdll.dll!NtOpenThreadToken + B 77BD4B4F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6092] ntdll.dll!NtOpenThreadTokenEx + B 77BD4B5F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6092] ntdll.dll!NtQueryAttributesFile + 6 77BD4BEA 4 Bytes [A8, 9C, D2, 00] {TEST AL, 0x9c; ROL [EAX], CL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6092] ntdll.dll!NtQueryAttributesFile + B 77BD4BEF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6092] ntdll.dll!NtQueryFullAttributesFile + B 77BD4C9F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6092] ntdll.dll!NtSetInformationFile + 6 77BD517A 4 Bytes [28, 9D, D2, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6092] ntdll.dll!NtSetInformationFile + B 77BD517F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6092] ntdll.dll!NtSetInformationThread + 6 77BD51CA 4 Bytes [28, 9E, D2, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6092] ntdll.dll!NtSetInformationThread + B 77BD51CF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6092] ntdll.dll!NtUnmapViewOfSection + 6 77BD546A 4 Bytes [68, 9F, D2, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6092] ntdll.dll!NtUnmapViewOfSection + B 77BD546F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6092] KERNEL32.dll!GetBinaryTypeW + 70 763E2447 1 Byte [62]

---- Devices - GMER 2.1 ----

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.sys
AttachedDevice \Driver\tdx \Device\Udp aswTdi.sys
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys

---- EOF - GMER 2.1 ----

RELEVANCY SCORE 200
Preferred Solution: possible virus on a machine that was given to me

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: possible virus on a machine that was given to me

okay - thanks

Read other 2 answers
RELEVANCY SCORE 47.6

I have spend the last 10 stupid days, all of which were stupid, trying to analyze what happened.
I thought it was a corrupted windows file. As it turns out, and I have examined my boot log file which I created, this file is a new virus, hxxp://vil.nai.com/vil/content/v_157111.htm
which was detected by Mcafee on 5/20/09. I have just updated my .dat file for my virus scan and I'm now scanning, again..... all 370,000 files on my seagate hard drive. This first time I ran the scan, there were about 24 files which were quaranteened. I'm not sure where they are placed.

My machine will not boot. Here is the boot log from ntbtlog.txt:

Service Pack 210 30 2005 12:13:01.375
Loaded driver \WINDOWS\system32\ntkrnlpa.exe
Loaded driver \WINDOWS\system32\hal.dll
Loaded driver \WINDOWS\system32\KDCOM.DLL
Loaded driver \WINDOWS\system32\BOOTVID.dll
Loaded driver ACPI.sys
Loaded driver \WINDOWS\System32\Drivers\WMILIB.SYS
Loaded driver PCI.sys
Loaded driver isapnp.sys
Loaded driver PCIIde.sys
Loaded driver \WINDOWS\System32\Drivers\PCIIDEX.SYS
Loaded driver MountMgr.sys
Loaded driver Ftdisk.sys
Loaded driver dmload.sys
Loaded driver dmio.sys
Loaded driver Fdc.sys
Loaded driver PartMgr.sys
Loaded driver VolSnap.sys
Loaded driver atapi.sys
Loaded driver cercsr6.sys
Loaded driver \WINDOWS\System32\Drivers\SCSIPORT.SYS
Loaded driver disk.sys
Loaded driver \WIN... Read more

A:Machine will not boot- black screen with which mouse- PCIDump.sys virus has clobbered my machine..

Questions:
1. What version of Windows are you using?
2. What anti virus are you using? I see you mention McAfee but only in that they detected it (unless you're saying that YOUR McAfee scanner found it).
3. Have you tried booting into safe mode?
4. If its a virus, you know you were infected. Is there a way for you to scan that drive for spyware? (either hook it up in another computer, hook it up as an external drive to another computer, or create a boot disk with spyware scanning on it such as UBCD)

Read other 4 answers
RELEVANCY SCORE 38.4

SOS....I was wondering if anyone could help me? Im a newbie so bear with me, My Dell dimesion 2400 desk top has caught loads of virus's , i managed to install Adaware and Spybot in safemode/normal mode but it won't let me open the programmes or if it does it scans so slowy up to 2 hrs to finish, says its found and deleted the virus's but when i boot it up their still their and its becoming more and more slow.

I then tryed to remove the hard drive and connect it via a IDE interface with a usb on the other end to remotly scan it from my laptop, but when I went to open up the case Dell have glued the screws so iam unable to remove it.

I bought the computer a few years ago second hand and it came with no other disks, so i cant do a recovery/repair with a windows disk. My question is(sorry to be long winded) if i buy a copy of windows xp OEM can i just put it on? or would i have to format the drive first(which im gussing i should do) how do i format the hard drive if i cant remove it???...if any one can help with some ideas or what software to use in order to door is the computer still savagable?? this would be great

Read other answers
RELEVANCY SCORE 38.4

I am running Windows XP SP3 Lenovo desk top standalone machine. I run Windows Security Essentials, Comodo firewall, and Immunet Protect (cloud AV program). I was surfing the web on Monday and apparently malware confiscated my machine, because now I cannot launch any programs, nor can I launch a browser. I tried safe mode to no avail. All I get is a unidentified "scanner" that pops up and starts scanning my hard drive, and asks me to "download updates" to an anti-virus program. I am very suspicious that this is a scam and malware. I am now connected to your forum on my laptop, running Windows 7. I am wondering if there is some program I can download onto a CD with my laptop and then insert it in the desktop at start in safe mode to disinfect my machine. Otherwise, is there another suggestion for resolving this issue, cleaning my computer, and getting back control of my machine again? I would appreciate any help I can get tonight or tomorrow before the end of the month (June). Thanks.

A:Virus taken over machine

Hello and welcome to Tech Support Forum.

My name is km2357 and I will be helping you to remove any infection(s) that you may have.

I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.

Please do not start another thread or topic, I will assist you at this thread until we solve your problems.

Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.

Sorry for the delay in replying, the forum is very busy. If you still need help, please do the following:



Step # 1 Download and run DDS

Download DDS and save it to your desktop from here or here.
Disable any script blocker, and then double click dds.scr to run the tool.When done, DDS will open two (2) logs: DDS.txt
Attach.txt

Save both reports to your desktop. Post them back to your topic.



Step # 2: Download and Run Gmer

Please download gmer.zip from Gmer and save it to your desktop.

***Please close any open programs ***

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOTKIT" entries unless advised by a trained Security Analyst

If possible rootkit activity is found, y... Read more

Read other 3 answers
RELEVANCY SCORE 38.4

Hello all,

it started yesterday when I kept getting a pop-up from my antivir that it was detecting a trojan named "doboheki.dll". I could not delete the file, it was locked. I booted in safe mode, searched for it in the registry, found it and deleted it,then scanned the file with antivir and antivir said it would delete it upon the next reboot, which it appeard to do. But now antivir is finding other viruses:

TR/Monder.agtr [trojan] - dugiwise.dll
TR/Click.MRV [trojan] - wpv801229907443.cpx

I allowed it to delete those, which were not locked and seemed to delete okay.

Whatever this (or these) are, they are producing seemingly random websites to pop up in new browser windows while I'm on the internet. The antivir popups always seem to come up when I'm using a browser or otherwise communicating on the internet. They're running amok, opening windows and popping up bogus virus alerts which are trying to direct me to bogus websites and install stuff when I try to close them.

Appreciate any help. I've read the new instructions and according to them I am posting the log and attaching the files. Thank you!

DDS.txt =
------------------

DDS (Version 1.1.0) - NTFSx86
Run by DanTheManAdmin at 10:55:09.46 on Sun 01/04/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1375 [GMT -6:00]

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Update... Read more

A:ACK!! Virus(es) on my machine! Need help, please.

Hi and welcome to TSF.

My name is Iain and I will be helping you clean your system.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

Combofix
We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please read all the information carefully!

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Please include the log C:\ComboFix.txt in your next reply for further review.

Read other 15 answers
RELEVANCY SCORE 38

Have not fired up my xp machine in quite a while, it is running extremely slow. Is there a downloadable and transferable to cd a virus/malware program that would run from the cd on bootup.

A:virus checker for xp machine

You can always try Kaspersky
Download Kaspersky Rescue Disk 10

Read other 1 answers
RELEVANCY SCORE 38

Hi, I am hoping I can get some help with this issue I'm having. I am having the FBI virus pop-up asking me to pay, and it locks up the computer the moment I log-in. I tried looking up solutions, but I'm unable to log into safe mode as it restarts as soon as I log in. Even Safe Mode with Command prompt asks me to log-in then it restarts.
 
Can anyone provide me any help please?

A:FBI Virus on Windows 8 machine

bump

Read other 5 answers
RELEVANCY SCORE 38

I am running Windows XP SP3. I have an administrator account and a general use account. Any time I log into the general use account I get the following pop-ups...

"Error loading C:\WINDOWS\system32\pewafahu.dll"
The specified module could not be found.

"Error loading C:\WINDOWS\system32\barihuye.dll"
The specified module could not be found.

Often when I do a Malwarebytes scan on both sides (admin and gen use) an item or two will be listed and will be deleted.

I tried running RootRepeal but didn't have any success in getting it to work. Below you will find log.txt results, and dds.txt results from DDS. Attached is the zip file for attach.txt.

Volume in drive C is PRESARIO
Volume Serial Number is 7C3B-A681

Directory of C:\WINDOWS\$NtServicePackUninstall$

08/04/2004 08:00 AM 180,224 scecli.dll

Directory of C:\WINDOWS\$NtServicePackUninstall$

08/04/2004 08:00 AM 407,040 netlogon.dll

Directory of C:\WINDOWS\$NtServicePackUninstall$

08/04/2004 08:00 AM 55,808 eventlog.dll
3 File(s) 643,072 bytes

Directory of C:\WINDOWS\ServicePackFiles\i386

04/13/2008 08:12 PM 181,248 scecli.dll

Directory of C:\WINDOWS\ServicePackFiles\i386

04/13/2008 08:12 PM 407,040 netlogon.dll

Directory of C:\WINDOWS\ServicePackFiles\i386

04/13/2008 08:11 PM 56,320 eventlog.dll
3 File(s) 644,608 bytes

Directory of C:\WINDOWS\sy... Read more

A:I have virus/malware on my machine

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 16 answers
RELEVANCY SCORE 38

First Thank you for you help and service you are greatly respected for what you do!!

It has been reported that this machine has tried to log in to other machines on a network that it is on. We also have note that it is running slower than normal. This is a pretty OLD machine running W2k, with not a whole lot of memory. The machine is normally used to test email/SMS services so we set up scripts on it to work and it does not have a lot of human activity on it.
Thanks Phil

Attached are the logs.

DDS (Ver_10-03-17.01) - NTFSx86
Run by sqal at 22:13:18.25 on Fri 2010/03/26
Internet Explorer: 5.00.3700.1000
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.256.51 [GMT 0:00]


============== Running Processes ===============

C:\WINNT\system32\spoolsv.exe
C:\Program Files\Avsynmgr.exe
C:\WINNT\system32\Hummingbird\Connectivity\7.10\Inetd\inetd32.exe
C:\WINNT\system32\Hummingbird\Connectivity\7.10\Jconfig\jconfigdnt.exe
C:\WINNT\system32\lkcitdl.exe
C:\WINNT\system32\lkads.exe
C:\WINNT\system32\lktsrv.exe
C:\ePOAgent\naimas32.exe
C:\Program Files\NetTime\NeTmSvNT.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINNT\system32\nisvcloc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\VsStat.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\Avconsol.exe
C:\WINNT\system32\CCM\CcmExec.exe
C:\WINNT\Explorer.EXE
C:\ePOAgent\naimag32.exe
C:\Program Files\Macro Express3\MacExp.ex... Read more

A:Suspected Virus on my machine...

Hello, and welcome to the forums.

There is a virus on this machine, looks possibly like Conficker, which could be due to the fact that this machine is so very outdated with regards to security patches on the OS and Internet Explorer.

As it's a company machine, I'd advise you to of course immediately remove it from the network, and reimage it.

Conficker is network aware, and can spread. As this is a company environment, this is not something we typically support. We're here to support home users and single machines, for the most part.

This is your bad guy

From GMER:


Code:
Service C:\WINNT\system32\svchost.exe (*** hidden *** ) [AUTO] ixfbab <-- ROOTKIT !!!

Reg HKLM\SYSTEM\CurrentControlSet\Services\ixfbab\[email protected] C:\WINNT\system32\tumik.dll
From DDS:

R?2 ixfbab;Support Shell;c:\winnt\system32\svchost.exe -k netsvcs [1999-12-7 7952]

2004-03-24 02:17:04 164737 --sha-r- c:\winnt\system32\tumik.dll

Read other 4 answers
RELEVANCY SCORE 38

Hello,

Yesterday, I put a cd in the disk drive and almost instantly my computer went into shutdown mode. The cd I put in the drive is an install disk for my digital camera which is several years old and been installed on many machines, so I don't think it was the camera cd that caused the problem, but now I'm stuck. When I turn on my computer, after 30 seconds or so, it goes into shutdown mode again. If I boot in safe, or debugging mode (which I'm in now) the computer seems to run fine, except that my Norton antivirus software doesn't seem to be operational. When I try to start Norton manually, the computer locks up. I think I followed your instructions for getting updates, running ad aware (which found 6 tracking cookies but that was it), on-line scanning at Trend Micro (which found no viruses or trojans, but one vulnerability with asp.net bypass, but the "how to fix" page couldn't load), and running HiJackThis and the analyser program, can you please help me?

Thank You.

Here is the "new" log from the HiJackThis Analyser program:

====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 6/3/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program F... Read more

A:I think I Have a virus, my machine keeps shutting down.

This log is clean for the most part. Lets look a little deeper..

Run an online scan at http://www.pandasoftware.com/actives..._principal.htm
Choose the "AutoFix" button. Once thats done..save the activescan log and post it here along with the logs from the following tools..


Download Silent runners.Vbs http://www.silentrunners.org/
1. Make sure you have any script blocking software disabled
2. Run the program. It will take a few minutes to complete.
3. Once complete it will produce a log named ?StartupPrograms? with Your user and date in the filename. Open that txt file and posts it contents in your next post.


Open hijackthis...click...config..misctools. Check the 2 box?s next to "Generate Startup List" and then click "Generate Startup List". Post that log in your next post.

Also please check your event viewer and see which program or APP is causing the crash. Did you add any software or hardware right before this issue appeared? If so...remove it and see if it corrects the problem.

Read other 4 answers
RELEVANCY SCORE 38

We have had no issues whatsoever on this machine, running Avira and Spybot. Just yesterday a screen flashed with that FBI lock out window but we quickly closed the window and it did not reappear. We ran Malwarebytes and it found 3 entries and removed. However, today, openign any program is difficult, it will delay or stutter then all of a sudden 4-5 programs will open. Mozilla firefox will sometimes open, sometimes will not, other times there is a "stuck-delay" HELP!!!

A:VIRUS hit on Windows XP machine- HELP!!!

We have had no issues whatsoever on this machine, running Avira and Spybot. Just yesterday a screen flashed with that FBI lock out window but we quickly closed the window and it did not reappear. We ran Malwarebytes and it found 3 entries and removed. However, today, openign any program is difficult, it will delay or stutter then all of a sudden 4-5 programs will open. Mozilla firefox will sometimes open, sometimes will not, other times there is a "stuck-delay" HELP!!!
 
@ stonemanjr:
 
 
Regarding your fake F.B.I. browser scare.
Here are solutions that work:
 
https://www.google.com/search?q=your+browser+has+been+locked.+All+activities+have+been+recorded%2F&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a
 
Also:
 
http://www.bleepingcomputer.com/download/adwcleaner/
.
 
I also recommend BC's ComboFix. However, it's best you discuss that prog with one of our qualified moderators first. After that, let them advise you a/o offer the link after their instructions to you about using it correctly on your own.
 
Good luck!
 
Re,
 
/MH~

Read other 43 answers
RELEVANCY SCORE 38

This is my first post so please pardon me for my mistakes.A few days ago(about 10)I saw many programs starting to open even though I didn't click them.Then I did power off and later started the machine and used my symentec endpoint antivirus.It couldn't scan beyond a file.I saw the same result many times.So I started scanning drives individually.The scanner couldn't scan C and E drives while D and F were scanned.I deleated the files on which my scan used to stop in C and E drives.Besides,even my antivirus wouldn't update properly.Now the scanner could complete the scan.However,I had to frequently recover webpages(specially yahoo and facebook)as they would hang. But a few days later again different programs started popping up again and this time the scan to got completed without showing any viruses in its result.Though it showed presence of Trojen ADH(most probabally)in its quarantine.As a result I used combofix .Everytime it would delete some files.Soon I started deleting Temp files of C drive manually.Still I was not sure so I did the following things
1)Downloaded comodo firewall and system cleaner.
2)Saw steps from your website to remove virus manually at- http://www.bleepingcomputer.com/tutorials/how-to-remove-a-trojan-virus-worm-or-malware/
after that I scanned with combo fix and again it deleted a file-c:\windows\cscmondump.bin
I have also attached the combofix log
so please help me out soon and contact for all the info you require.
Your help,ef... Read more

A:virus infected machine

Hello and welcome to Bleeping Computer We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. Please take note: If you have since resolved the original problem you were having, we would appreciate you letting us know. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available. If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far. Upon completing the steps below another staff member will review your topic an do their best to resolve your issues. If you have already posted a DDS log, please do so again, as your situation may have changed. Use the '... Read more

Read other 28 answers
RELEVANCY SCORE 38

Hi there,

I was hoping that someone could please help me!

I seem to have caught a virus of which the symptoms are:
Reboot after login due to RPC failure (blaster?)
Unable to copy and delete files
IE does not start cleanly
Google redirection in firefox
Certain services dont seem to work properly, eg windows media, windows installer etc.
I am running zone alarm and avast anti virus software Which regularly reports a file called (tdlcmd.dll).

If anyone could please help me I'd be very grateful. Many thanks in advance!

Rich

Here is the contents of a Hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:03:59, on 08/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\Program Files\Razer\razerhid.exe
C:\Program Files\Common Files\... Read more

A:RPC machine reboot virus

Hi again,

Just another couple of pieces of information. First the machine seemed to recover for a few days. I bit strange I know but I think that windows managed to somehow download and install an update, and then everything started to behave normally again. However after a couple of days all the symptoms returned.

Also, the machine doesn't seem to go into safe mode - just restarts itself after its loaded all the dlls.

Finally I am using shutdown -a to continue using the machine as 'normal' when it attempts to shutdown, but so much isn't working that its very difficult.

I know everyone is very busy, but if someone could find time to lend assistance in time for the weekend, then Id be extremely grateful!

Thanks,
Rich
 

Read other 2 answers
RELEVANCY SCORE 38

Virus had infected only on one user ,
when I log in as an Administrator it shows no virus and system works absolutely fine.
but when log into the system as user virus exists
virus and anti spyware logs shows a continous attack of Trojan.Zefarch was listened .

using the web url tried to download the noton power earser but could not run the exe .

http://security.symantec.com/nbrt/npe.asp?lcid=1033&origin=default

also used the trojan.zefarch removal tool

http://www.symantec.com/security_response/writeup.jsp?docid=2009-012801-2706-99

but could not used the tool also on the machine.
how do we get rid of this situation .????
 

A:virus affected on one machine .

Hi,

Sorry for delayed response. Forums have been really busy. If you still need help with this do following, please.
Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds file to run the tool.
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt

Save both reports to your desktop. Post them back to your topic.

 

Read other 1 answers
RELEVANCY SCORE 38

Hi,

I have Microsoft Security Essentials (MSE) installed on my physical computer, everytime I start my Win7 VM the MSE keeps poping up saying it has detected threats and they have been cleaned, no action needed. However next time I start it, the messages pop up again.

I have ran Malware Bytes (full scan) and MSE (full scan) on the VM and removed threats - however the messages still keep coming.

Any ideas?

A:Virus in Virtual Machine

Hello KamakaZ,
While we sure can check out your host machine for malware, we do not clean malware on VMs, there is no point in that as you can easily restore the OS. Especially since you use VirtualPC there's no way we'll be able to clean everything with settings as they are now.

Please disable all sharing features (XP mode, shared folders) and post the DDS log for your host machine only. I recommend you to either restore the guest machine to an uninfected version or attempt to clean it without sharing enabled.

Read other 13 answers
RELEVANCY SCORE 38

I've got the same one here..

That scan gives me this:
C:\WINDOWS\system32\ld????.tmp FOUND !
C:\WINDOWS\system32\ot.ico FOUND !
C:\WINDOWS\system32\regperf.exe FOUND !
C:\WINDOWS\system32\stdole3.tlb FOUND !
C:\WINDOWS\system32\ts.ico FOUND !
C:\WINDOWS\system32\1024\ FOUND !Click to expand...
 

A:Solved: Virus on my machine

Read other 6 answers
RELEVANCY SCORE 38

I've picked up at least one virus (supekede) on my old Win Me machine. I read the preparation guide and began following those directions.In the preparation guide, we're told how to install and run DDS. I saved it to my Win Me desktop, but when I click on it, it produces an error message that it can't find CMD. (Maybe that's because the command line on my Me is invoked by command, not CMD.)Anyway, DDS won't run, so I can't generate a DDS report. And that means I can't get started in submitting a proper request for help removing the infectiion.Suggestions?

A:supekede (and maybe others) virus on old Win Me machine

http://www.bleepingcomputer.com/files/hija...s-installer.phpPlease download and install HJThttp://www.bleepingcomputer.com/tutorials/...2.html#HowToUseOnce you have the log please post it in the HJT forum not here

Read other 4 answers
RELEVANCY SCORE 38

Seems over the past 2-3 months the machine has gotten very sluggish. No pop-ups to speak of, just sluggish. Could be hard drive woes, but drive does not seem to have any different sound than when new. I am suspect that the problem may be viral, and you guy's are far better than I to assess the logs.

I have updated and run Spybot, as well as Malwarebytes (Malwarebytes under both normal and safe boot.). 6 errors and cleared with Spybot, and I beleive 3 errors detected and removed with Malwarebytes.

Your help is much appreciated!

Results of DDS.txt scan -

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Run by Markie at 9:21:12 on 2012-01-17
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Search Toolbar: {9d42... Read more

A:Sluggish machine, not sure if virus

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===Please let me know what you are using as the operating system, XP. Vista or Windows 7.Please DownloadTDSSKiller.zip>>> Double-click on TDSSKiller.exe to run the application.Click on the Start Scan button and wait for the scan and disinfection process to be over.If an infected file is detected, the default action will be Cure, click on Continue
If a suspicious file is detected, the default action will be Skip, click on Continue
If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) ( 511KB ) to your desktop. Double click the aswMBR.exe to run it Click the "Scan" button to start scan. Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANTPlease post the contents... Read more

Read other 13 answers
RELEVANCY SCORE 38

Have a Toshiba laptop which was badly filled with trojans, rogue spyware etc..
Ran Malwarebytes on it and it removed over 200 infections. It needed another scan as still some problems remained.
However, after a second scan and reboot- the system decided it had a password for both the user account and the administrator account. Both in normal and in safe mode.
Whilst I know 'password' issues are not discussed on this site??
Has anyone come across this before where passwords are set without user action. I'm presuming by one of the 'bugs' that I was trying to remove. Thanks
 

A:Virus locked machine?

You are correct, we no longer provide any help with passwords. Obviously, we can't determine the real intent here, so our policy is to abstain from any assistance in these matters.

Since you can not get into the machine you can try a Repair installation or Last known good configuration on the boot up.
 

Read other 1 answers
RELEVANCY SCORE 37.6

Please help, I can't seem to be able to kill this, am running avast, which picks it up but can't remove it?
 

A:Please help, win32:Zlob-bn virus on my machine

Read other 12 answers
RELEVANCY SCORE 37.6

I have a windows 8.1 machine with "Ads by Edeals" virus. I have reset IE,removed extensions, and uninstalled unknown programs.I still get Edeals popups.Edit: Topic moved from Windows 8 to the more appropriate forum. ~ Animal

A:I have a windows 8.1 machine with edeals virus

eDeals is not a virus...it is adware that is commonly bundled with other free programs that you download and is classified as a Potentially Unwanted Program (PUP).
Please download the following tools to your desktop and use them in the order listed. They will search for and remove many potentially unwanted programs (PUPs), adware, toolbars, browser hijackers, extensions, add-ons and other junkware as well as related registry entries (values, keys) and remnants.RKill created by Grinler (aka Lawrence Abrams), the site owner of BleepingComputer.Malwarebytes Anti-Malware 2.0AdwCleaner created by Xplode.Junkware Removal Tool created by thisisu.
1. Double-click on RKill to launch the tool. A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully. A log file will be created and saved to the root directory, C:\RKill.log. Copy and paste the contents of RKill.log in your next reply.Important: Do not reboot your computer until you complete the next step.
2. Install Malwarebytes Anti-Malware and perform a THREAT SCAN following these instructions.
If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.
When finished, post the complete log in your next reply to include the top portion which shows dat... Read more

Read other 1 answers
RELEVANCY SCORE 37.6

I believe my Windows 7 (SP1) machine has been infected (Dell Precision 370 with ssd). The CPU runs at 100% and fluctuates periodically to 50-60%, then back to 100%. I have applied all windows updates ad checked for driver updates - the machine conttines to run at max cpu. I have run the dds and gmer.exe's and attached the files to this thread. I as run Malwarebytes and Windows Essentials. No trojans/viruses/malware found. Please help.
Thanks,
Chris

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.17041
Run by theParents at 19:51:52 on 2014-04-15
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3070.1351 [GMT -7:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Micr... Read more

A:Virus? Windows 7 Machine running at 100% CPU

Hi, cowenez. Welcome to TSF. I'm not seeing anything in the logs to suggest malware is the cause of the issue. Let's look with a different tool.

Download TDSSKiller.exe to your desktop
http://media.kaspersky.com/utilities...tdsskiller.exe
Execute TDSSKiller.exe by doubleclicking on it.
Click Accept on the End User License Agreement.
Click Accept or Decline on the KSN Statement
Press Start Scan
If Malicious objects are found, select Skip by changing the default Cure selection at the upper right
Once complete, a log will be produced at the root drive which is typically C:\
For example, C:\TDSSKiller.3.0.0.19_date_time_log.txt
Attach that log, please.

Something I do see in the logs is that the system had a crash on 4/15.


Quote:




4/15/2014 7:08:47 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x00000003, 0x85a6aa58, 0x85a6abc4, 0x82c59eb0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 041514-45770-01.





You may need to contact our BSOD team to help identify the cause and resolution for that crash, once we've ruled out malware as cause.

BSOD, App Crashes And Hangs

Read other 2 answers
RELEVANCY SCORE 37.6

My machine has been taken over by a virus that will not let me read e-mail, download utilities, monitor Task Manager or MSConfig without being in Safe Mode.

I have run Registry Macanic, Spy Sweeper, Norton Anti Virus but no luck. I also tried the Virus / Trojain sweeper recomended by Techspot which did identify and remove problems, but I am still in limbo.

Any Help would be greatly appreciated.

Steve O...
 

A:Virus Infection Controling Machine

Go HERE and follow the instructions exactly.

Once you have done that then go HERE for instuctions on how to post your Hijackthis log.


Regards Howard :wave:
 

Read other 1 answers
RELEVANCY SCORE 37.6

Hi Folks,

My machine just got hit with a virus called SpywareRemover2009_Installer_Dual_Rezer_en.exe.

Can anyone help me remove it?

I would appreciate any helpful hints.

I'm backing up my data at the present time.

Thanks,
Dave
 

Read other answers
RELEVANCY SCORE 37.6

Gentlemen and Ladies,

I signed on once too often to Yahoo Im using a virus corrupted machine. IM dumped my account (for good reason) and now is asking for a new account number and sign on. I have 13 years invested in using my old address. How do I get it restored and be back in the good graces of Yahoo IM?

The bothersome machine will be restored, cleansed as soon as the owner returns home from a temporary assignment out of town.

Sincerely,

Herman Whowho (Owl)
 

A:Dumped because of virus laden machine.

More than likely you'll have to email Yahoo directly, giving your username and what your story is.

What you can try, though is uninstall and reinstall Yahoo Messenger, and re-create your Yahoo account in the program (or whatever method you use to sign up to the Yahoo Messenger service).
 

Read other 1 answers
RELEVANCY SCORE 37.6

Hello!

Last night, my wife's machine was infected by a Google redirect virus. After doing some poking around, it looks like what is commonly referred to as the Shopica Virus, after the website that Google commonly redirects to.

I've done a fair amount of troubleshooting on my own and I simply cannot get it removed. To save time, I feel I've about exhausted the standard removal software options: MalwareBytes, AdAware, SuperAntiSpyware, etc.

Included below are the required logs.

.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Laurie at 13:17:29 on 2011-06-28
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3071.1688 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k NetworkService
c:\Program Files (x86)\AMD\AMD Fusion Utility for Desktops\FusionSVC.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system... Read more

A:Machine is directed by the Shopica virus

Hello, Welcome to TSF.
I'm nasdaq and will be helping you.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

Please do not install or uninstall any programs, or run any other scanners or software, unless I specifically ask you to do so. Also please copy and paste logs into the thread, rather than add them as attachments.
===


Please download ComboFix from any of the links below, and save it to
your desktop. For information regarding this download, please visit this web page: A guide and tutorial on using ComboFix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.

How to : Disable Anti-virus and... Read more

Read other 2 answers
RELEVANCY SCORE 37.6

To Whom It May Concern:
 
I have always had one all-in-one security solution running on my machine (e.g. Norton, McAfee, Kaspersky, etc…). I have also always used a variety of on-demand and real-time anti-adware, anti-malware, anti-spyware and antivirus solutions on my machine. Typically I allow my all-in-one solution to do most of the work in protecting my machine. In addition to this I use the on-demand and real-time solution weekly to deal with anything that the all-in-one solution missed or couldn't handle. Up until recently this general scheme has worked well for me as I have not had any major issues. However, over the last few months I have become rather lacking in my efforts to maintain the security of my machine.
 
About one month ago I start to notice issues in the performance of my machine; including a few odd error messages,  several random program crashes, slow operation in general, web browser pop-ups (which are blocked, supposedly), OS crash (one time), and odd hard drive activity. At this point it occurred to me that my lackadaisical approach to machine security might have allowed some unwanted programs to infect my machine. Unfortunately, I did not copy the error messages I received when they occurred because I did not think much of them at the time. 
 
To eliminate the possibility of a malware/virus infection I ran all of my security software (all-in-one, on-demand, and real-time) to identify and eliminate any possible problems.... Read more

A:Possible Malware/Virus Infection on Machine?

Hello, please post the full ASWmbr log.also do these.MiniToolBoxPlease download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.TDSSKillerDownload TDSSKiller and save it to your desktop.Extract (unzip) its contents to your desktop.Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.If an infected file is detected, the default action will be Cure, click on Continue.If a suspicious file is detected, the default action will be Skip, click on Continue.It may ask you to reboot the computer to complete the process. Click on Reboot Now.If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.AdwCleanerPlease download AdwCleaner by Xplode and save to your Desktop.Double click on AdwCleaner.exe to run the too... Read more

Read other 9 answers
RELEVANCY SCORE 37.6

It's been awhile since I have been here, but I once again have an infected laptop - same laptop, same friend from June of last year.

Below is the HijackThis log and this is what I have done so far:
Dumped Temp files, Uninstalled the programs I knew weren't needed, ran CrapCleaner, tried running Windows Updates (not sure if I got them all yet), McAfee is up to date and ran SpyBot.

Then in Safe Mode, ran Pocket Killbox, SmitRem, Cleanup40 and Ewido - I don't think Ewido ever finished, I let it run over night but never was able to save a log.

So, there must be something here that needs a special cleaner.

Help!

Logfile of HijackThis v1.99.1
Scan saved at 7:12:38 PM, on 2/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\StdKeyPad.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\igps.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\windows\winsysban9.exe
C:\WINDOWS\system32\hpsw.exe
C:\Program Files\Microsoft Acti... Read more

A:Solved: Another virus infected machine

Read other 16 answers
RELEVANCY SCORE 37.6

My PC has been doing some unusual things. One of them is when i move a window to the right of the screen i see a transparent blue window take up the right of the screen. Also programs I have been running such as Video games have been interupted. To describe it best the game has been put on hold followed by the desktop displaying then something flies from the center of the screen down diagonaly to the Tray in the bottom right hand side of the screen were the clock and date are. Also I have a Wireless N USB WiFi adapter and an N Router connected to 2mb cable internet.
I am only getting 5.5mbps connection speed. This gives me reason to beleive either someone is hitching out network and vampiring our bandwidth or perhaps my PC is infected with Spyware Malware or a Trojan. I have attached a HiJackThis log. Any assistance on the situation will be greatly apreciated.

A:I believe my machine is infected with a Virus or Malware

C:\Users\Zidigen\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbar4ie.exe Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\Users\Zidigen\AppData\Local\Temp\ICReinstall\cnet2_nfscarbon_pc_na_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Users\Zidigen\AppData\Local\Temp\is324156961\MyBabylonTB.exe Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\Users\Zidigen\Desktop\NFSPS v1.1+11_Trainer(v2).exe probably a variant of Win32/Agent.EJFGJM trojan cleaned by deleting - quarantined
C:\Users\Zidigen\Downloads\cnet2_nfscarbon_pc_na_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Users\Zidigen\Downloads\Need for Speed ProStreet 1.0 14 TRAINER.exe probably a variant of Win32/Agent.IIQUKJJ trojan cleaned by deleting - quarantined
C:\Users\Zidigen\Downloads\setup-mediaplayerlite-ic-0.2.exe a variant of Win32/InstallCore.T application cleaned by deleting - quarantined
C:\Users\Zidigen\Downloads\War_Rock_10182011_G1_Xfire.exe a variant of Win32/Packed.Themida application deleted - quarantined
C:\Users\Zidigen\Downloads\Need for Speed ProStreet 1.0 14 TRAINER\Need for Speed ProStreet 1.0 14 TRAINER.exe ... Read more

Read other 34 answers
RELEVANCY SCORE 37.6

Hi Everyone,

I downloaded Oracle Virtual Machine and set up a machine,
guest OS is Windows XP.

Afterwords I installed firefox and avira anti-virus.

Since installing avira my machine won't start and I keep getting
error messages...

I deleted the machine and will make a new one... (same guest OS)

Should I install anti-virus and are there any low memory usage
programs with real-time protection ?

Useful Info:

1. Host OS: Windows xp RAM of host machine: 2 GB

Therefore guest ram can be less than 1 GB. Guest HDD will
be set to 5 GB only!

2. I only plan to install firefox and antivrus (if required)

Thanks for reading, please advise.
 

A:anti-virus with virtual machine

Read other 7 answers
RELEVANCY SCORE 37.6

Hello Guys,

Is a virtual machine completely isolated from the host. If a virus/worm or rogue software infected a virtual installation is it possible for it to spread to the host machine?

Thanks

Tony

A:Virus inside virtual machine

If completely isolated, meaning no shares and no networking, it should be just fine.

Read other 2 answers
RELEVANCY SCORE 37.6

Hello,
Could any body let me know, which any virus free for computer clients?
I mean, we have 60 pcs that are clients and we want to get free antivirus for those machine..
Could you help me please?
Thanks

A:Any Virus free for business machine

List of Free Antivirus for Commercial use in Corporate and Business

Read other 3 answers
RELEVANCY SCORE 37.6

Hello,Looks like there is a virus and malware on my windows XP SP2 machine!The machine is very slow and I get repeated popups from myspyware guard that some BHO tried to change my IE settings.Thanks!!Here is the HiJack logLogfile of Trend Micro HijackThis v2.0.2Scan saved at 9:36:32 AM, on 3/29/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exeC:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exeC:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Lexmark 8300 Series\lxcjmon.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\SpywareGuard\sgmain.exeC:\PROGRA~1\Webshots\webshots.scrC:... Read more

A:Help! Virus, Malware On My Windows Xp Machine!

Hi,* Please download Malwarebytes' Anti-Malware from Here or HereDouble Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply along with a fresh HijackThis log.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Read other 2 answers
RELEVANCY SCORE 37.6

Hi,
I got bamital.k infected on a window 7 x32 machine.
microsoft security essentials quarantined the virus but couldnt do anything.
Can someone assist with this.
thanks.

A:Bamital.K virus on window 7 machine, help

Hello adrowa.Please run thos scan and then post its log along with a DDS log.ESET Online ScanNote: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.Please go here then click on:
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.Select the option YES, I accept the Terms of Use then click on: When prompted allow the Add-On/Active X to install.Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.Now click on Advanced Settings and select the following:Scan for potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth TechnologyNow click on: The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.When completed the Online Scan will begin automatically. Do not touch either the Mouse or keyboard during the scan otherwise it may stall. When completed select Uninstall application on close if you so wish, make sure you copy the logfile firs... Read more

Read other 4 answers
RELEVANCY SCORE 37.2

Hello Everyone. New to this forum, been reading it for a few days and couldn't find anything on what I'm about to ask.

First let me thank everyone who gives of their time helping others.

A lot of us have an older computer sitting around. The question is about setting up this box to use in cleaning our computers.
Can a machine be set up to accept the hard drive from an infected computer for cleaning? Does Ad-Aware/SpyBot/etc. need to be running on the infected machine; or will
they work on the drive from another, infected computer?

What tools would you install on the cleaning machine? Would you allow the cleaning machine to go online - Housecall, etc? Or keep it completely offline?

What other question did I neglect to ask?

Thanks for reading this.

A:Dedicated Spyware/virus Removal Machine

Or not...

Read other 1 answers
RELEVANCY SCORE 37.2

Ok, so my website got hacked, a virus was embedded and foisted upon anyone who went to my page, fantastic.
So I think I have my page cleaned up but one of my machines was infected with the two part attack.
Its a windows XP Pro
I have run spybot and AVG both of which found viruses including something called
netsh.exe

So I rebooted in safe mode after the cleanup, reran all scans, and they came up with nothing.
But.........I can't update windows now, I get an error page whenever I try to do automatic updates. So something has either turned off services that I need or is still running.



DDS (Ver_09-06-26.01) - NTFSx86
Run by craig at 19:17:03.26 on Sun 07/12/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2433 [GMT -4:00]

AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax200... Read more

A:my website was jacked, and then embeded virus on my machine

bump, no word in a few days on this.

Read other 1 answers
RELEVANCY SCORE 37.2

I did a system scan in HJT and SpyDoctor a few weeks ago, and found nothing but a couple adware cookies. To my novice eyes, my HJT log was clean, too. I did the scan because my machine was running oddly, startup was slow, and it would freeze periodically. It's running fine now.

However, I have just been told that I sent one of those "This looks like you! (url here)" links - I make it a point not to click on strange links that are sent to me, but I thought I'd post my HJT log as of just now and see if you professionals can help me get rid of this ridiculous virus (and tell me how, so I can clean my friend's machines as well).

Thank you SO MUCH. You're all godsends.

---

HJT Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:36:03 PM, on 2/7/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windo... Read more

Read other answers
RELEVANCY SCORE 37.2

I have now only three machine with the same kind of problem. after cleaning. Symptoms came back and the machine are worth.
 
best regards
Dominique

A:Infected machine Vinus, unknown virus

Hello and Welcome on board domipj ,my Name is Machiavelli and I will assist you with your problem.If you booted into safe mode on your computer then print my instructions!I'm in the 'Malware Staff Team' and will provide you with advice:To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.Below are a few tips:Removing Malware is usually very difficult.We need to search and analyse a lot of files. As this is done in our free time, please be patient especially if I don't answer every day!Please follow these instructionsIf you don't follow the instructions your computer may crash. If you fix your PC by yourself, this can be very risky!Please stay in contact with me until your problem is resolvedAs Malware may not be totally removed in one session or in one day, please stay in contact with me until the problem is resolved.Please don't run any other tools without consulting with me as this can complicate finding and removing all MalwareDon't run any tools while I'm fixing your PC. That is counter productive and again, will only complicate finding and removing all Malware!Read my post completelyIf you don't do so, you may make mistakes that could result in your System crashing by y... Read more

Read other answers
RELEVANCY SCORE 37.2

Hello all, I am having multiple issues with my machine, hence the reason that I am here. I have tried to do some minor damage control myself, but after reading some of the topics here I realize I am in way over my head. Any help is greatly appreciated. I should also tell you that I am unable to run ANY updates from any program that I have. Windows, iTunes, AVG. This is what started my thinking that I am infected with something and I am not sure what. Another odd thing that happens is that every week or so the computer goes to the BSOD and tells me that the computer encountered an error and it has to shut down and gives an error message of "0x0000007e."

According to the guidelines and steps to follow, here is my DDS.txt log.
------------------------------------------------------------------------------------
DDS (Ver_09-02-01.01) - NTFSx86
Run by Costco at 18:53:37.17 on Mon 02/09/2009
Internet Explorer: 7.0.6001.18000
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.2046.1160 [GMT -8:00]
============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k Local... Read more

A:Computer 1/ HP Vista Machine-trojan, virus, not really sure, help!

I really need some help as this problem is really getting out of hand. If there is anything else that I need to post or do to get the ball rolling I would appreciate the feedback.

Read other 4 answers
RELEVANCY SCORE 37.2

While browsing the web I all of a sudden had countless popups from urls advertising antivirus software... then my desktop turned to a big WARNING VIRUS DETECTED sign and will not change. I also can not access my task manager, it gives me an error when I ctrl, alt, dlt. I know a little bit about computers so I went to hijack this and fixed some fishy looking strings but no luck so far. Any sort of help would be greatly appreciated, here is my log!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:00:49 PM, on 1/13/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol

120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network

Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network

Monitor\WMP54Gv... Read more

Read other answers
RELEVANCY SCORE 37.2

everytime I try to open hijack this it opens then just dissapears, but I managed to get a log anyway, its hard to explain Lots of other things going wrong to popups etc. Heres the log thanks for any help

Logfile of HijackThis v1.97.7
Scan saved at 7:28:14 p.m., on 5/06/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
E:\Apps\PC-Cillin\Tmntsrv.exe
E:\Apps\PC-Cillin\PCCPFW.exe
C:\WINDOWS\Explorer.EXE
E:\Apps\PC-Cillin\pccguide.exe
E:\Apps\PC-Cillin\PCCClient.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\carpserv.exe
C:\WINDOWS\avserve2.exe
C:\WINDOWS\System32\enbiei.exe
C:\WINDOWS\System32\wnetlogin.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Neo's\Local Settings\Temp\Temporary Directory 27 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wave.co.nz/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 148.244.153.33:8080
R1 - HKCU\Software\M... Read more

A:some sort of virus on my other xp machine, Hijack log included

Try this sasser removal tool from symantec then post another log.

http://www.symantec.com/avcenter/venc/data...moval.tool.html
 

Read other 3 answers
RELEVANCY SCORE 37.2

xp home 32bit
1.3gig processor
640mb ram
 
i just downloaded the latest update for avast and its really slowing me down
 
i have a month speed upgrade from my service provider and stuff is loading slower
 
 
gonna look at one of those help things u guys have here
going to try to tweak the options and see if i can speed things up
i know that speeding it up means its not working at full power, which i dont want to do
but maybe some settings will work out ok
 
also
if i go to windows task manager
and click on firefox, what happens if i take the priority of normal and change it to high?
it gives me warning of possible malfunctions? i know they warn about anything that can change how
system works, buts its something ive never messed with before.
 
will any of these be good at taking the place of avast
http://www.bleepingcomputer.com/download/windows/anti-virus/
voodoo and sophos ones

A:whats a good anti virus for an old machine

These Anti-Virus Software Products Will Continue to Protect XP after the End of Support...The best news where this issue is concerned comes from the manufacturers of security software: with security suites continuing to provide updates for their software on XP systems after 8th April for at least one year or even longer depending on the manufacturer in question. Some companies have even promised to keep providing updates for two years and others have yet to plan any deadline whatsoever for the end of support. At the end of this article, you will find a list of all of the statements made by manufacturers of security software with regard to this matter that we have compiled for your information...Forced to use Windows XP past April? 10 ways to make the best of a bad situation...those XP users left out there are wondering what they can possibly do to mitigate their risks as much as possible. The best course of action without a doubt is moving to Windows 8.1 or Windows 7, but if you can't or won't make such a bold move, then here's the best of what's left on your plate of options.#1: Ditch the Free AV - Get a Paid SolutionESET NOD32 Anti-Virus and Emsisoft Anti-Malware both leave a small footprint...meaning they are not intrusive and do not utilize a lot of system resources.XP users should read these topics for more tips and suggestions...How to protect XP now that these new bugs in windows system have been foundIs my current Windows XP secure enough?What is EMET and How to Use i... Read more

Read other 4 answers
RELEVANCY SCORE 37.2

Hello all,

I am currently running a Dell Latitude D400 (ancient i know) with Windows XP SP2.

Off and on for the last few weeks I've been battling the malware "Internet Security 2010". Through internet research I was able to locate malwarebytes as well as Superantispyware and combofix and together they solved my problem..temporarily. As soon as the machine rebooted I would have to start all over again (usually just went into standby overnight).

Well yesterday I received a strange popup that c:windows/system32/services.exe had malfunctioned and the computer must be rebooted. My braniac decided it was part of malware and deleted the sys file. Well, instead of deleting the malware version, I'm afraid that i deleted an important system file??

Now when I attempt to boot up, all I get is a black screen with a cursor. Someone on another forum had a similar experience and was able to get a prompt pushing the shift key 5x and enabling sticky keys? Well, that also worked for me, though to completely go through the safe mode boot process took approx 10 min. Now that I'm in safe mode, the computer is booted but virtually worthless. I can't drag and drop, i can't run any major programs. If I double click on most things, it does nothing. I have no internet, and can't get it to recognize my flashdrive. I tried renaming malwarebytes but it goes through the load process, only to go into program files to an empty folder..won't even show me the exe.

I was able to run com... Read more

A:[SOLVED] Virus has practically disabled machine

Anyone? I don't have the ability to get logs so if anyone has any ideas...or some way to make it recognize my flash drive?

Read other 1 answers
RELEVANCY SCORE 37.2

Hey guys,

I'm unfortunately back! The office admin computer at my workplace started having these "Security Shield" windows pop up, and I went through the self-help removal guide in Safe Mode with Networking using Rkill and MBAM and I didn't get it. I need help! Here's the DDS log:

======
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Office at 15:25:21 on 2012-07-03
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8054.5526 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32... Read more

A:Security Shield Virus on Windows 7 Machine

Hi mjcritchfield,My name is Jason and I'll be helping you with your computer problems. You can call me by my screename jntkwx or Jason is fine.Some things to remember while we are working together.Do not run any other tool untill instructed to do so!Please do not attach logs or put logs in code boxes (unless explicitly asked to)Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can also help.Do not run anything while running a fix.If you don't understand a step, please ask for clarification before continuing with any future steps.Click on the Watch Topic button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Note to others: The instructions here are intended for the person who began this topic. If you need help, please create your own topic in the appropriate forum. You mentioned this is a work computer. I strongly recommend you to ask your IT suppport/network Administrator to fix this. After all they are paid to do so.I say this for several reasons:There may be restrictions and modifications installed on such machines that could be damaged or altered by the actions we take to remove Malware. Any infection could jump terminals in a computer network.There may also be legal issues regarding any loss of business data that I do not wish to deal with.Some people who come here use their comput... Read more

Read other 3 answers
RELEVANCY SCORE 37.2

I have googled the above file name and tried to follow through the suggestions as to remove it, but the instructions for doing so seem to be outdated - has anyone got any suggestions as to what i could try?

im running xp home if that makes any difference.

here is my HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:05:55, on 22/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Rundll32.... Read more

A:Sophos is picking up a virus on my machine geedd.dll

Read other 12 answers
RELEVANCY SCORE 37.2

NeoFix,

you help me earlier, this could be a virus, my machine is running sluggishly, application are loading slowly and at times crashing. Started Several Days Ago

I have used the following:

Sybot Search & Destroy - nothing found
Malwarebytes Anti-malwae - nothing found
McAfee - nothing found
Quicken 2010 application now displaying message "Quicken launcher not working"

Can you help?
 

A:Virus? Machine Running Slow....Sluggish

Read other 16 answers