Over 1 million tech questions and answers.

soft.update365.us - soft.update999.cn - alman.nad virus

Q: soft.update365.us - soft.update999.cn - alman.nad virus

hi there ,

Inspite of being very careful , I'm having troubles with that stupid trojan and virus alerts for 2 days now.. I tried kaspersky6 and nod32 to detect and clean the reason but had no luck till then..

well, here are the details..

I cannot see temporary internet files folder which should be in :

C:\Documents and Settings\Administrator\Local Settings folder.


and those gifs are created periodically , after deleting , they appear again some time later in C:\Documents and Settings\Administrator\Local Settings\Temp folder.



nod32 is alerting like crazy about those gifs , you can see the quarantine screenshots below






finally, you can see the combofix and hijackthis logs below..


Quote:




Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 04:39:06, on 01.06.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Autodesk\Data Management Server 5\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
C:\Program Files\Autodesk\Data Management Server 5\Server\Webserver\Connectivity.EDMWS.Server.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Dassault Systemes\B17\intel_a\code\bin\CATSysDemon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe
C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlservr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SolidWorks\COSMOSFloWorks\FloWorks\binCFW\StandAloneSlv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis_v2__2.02\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" class="wLink">http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Append to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E8171A73-9B72-4831-9CC4-D09BAFD783BD}: NameServer = 4.2.2.2,4.2.2.4
O21 - SSODL: JavaView - {DA191DE0-AA86-D04E-4B87-2A3D4928BE99} - C:\WINDOWS\AppPatch\Jview.dll
O21 - SSODL: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Data Management Job Dispatch - Autodesk Inc - C:\Program Files\Autodesk\Data Management Server 5\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
O23 - Service: Autodesk EDM Server - - C:\Program Files\Autodesk\Data Management Server 5\Server\Webserver\Connectivity.EDMWS.Server.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Backbone Service (BBDemon) - Dassault Systemes - C:\Program Files\Dassault Systemes\B17\intel_a\code\bin\CATSysDemon.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2008 32-bit 32-bit (mi-raysat_3dsMax2008_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Remote Solver for COSMOSFloWorks 2007 - Unknown owner - C:\Program Files\SolidWorks\COSMOSFloWorks\FloWorks\binCFW\StandAloneSlv.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe

--
End of file - 8596 bytes





Quote:




ComboFix 08-05-29.1 - Administrator 2008-06-01 4:09:50.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1254.1.1055.18.497 [GMT 3:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-TRK.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrator\ravmonlog
C:\WINDOWS\system32\gmnait.cfg
C:\WINDOWS\system32\jyjlt.cfg
C:\WINDOWS\system32\lariytrz.cfg
C:\WINDOWS\system32\oqrthc.cfg
C:\WINDOWS\system32\sehhter.cfg
C:\WINDOWS\system32\smmhbsrv.sys
C:\WINDOWS\system32\xfgnxfn.cfg

.
((((((((((((((((((((((((( Files Created from 2008-05-01 to 2008-06-01 )))))))))))))))))))))))))))))))
.

2008-06-01 03:03 . 2008-06-01 03:03 <DIR> d-------- C:\WINDOWS\system32\tr
2008-06-01 03:03 . 2008-06-01 03:03 <DIR> d-------- C:\WINDOWS\system32\bits
2008-06-01 03:03 . 2008-06-01 03:03 <DIR> d-------- C:\WINDOWS\l2schemas
2008-06-01 03:00 . 2008-06-01 03:00 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-06-01 02:46 . 2004-08-03 22:29 25,471 --------- C:\WINDOWS\system32\drivers\watv10nt.sys
2008-06-01 02:46 . 2004-08-03 22:29 22,271 --------- C:\WINDOWS\system32\drivers\watv06nt.sys
2008-06-01 02:46 . 2004-08-03 22:29 11,935 --------- C:\WINDOWS\system32\drivers\wadv11nt.sys
2008-06-01 02:46 . 2004-08-03 22:29 11,871 --------- C:\WINDOWS\system32\drivers\wadv09nt.sys
2008-06-01 02:46 . 2004-08-03 22:29 11,807 --------- C:\WINDOWS\system32\drivers\wadv07nt.sys
2008-06-01 02:46 . 2004-08-03 22:29 11,295 --------- C:\WINDOWS\system32\drivers\wadv08nt.sys
2008-06-01 02:44 . 2004-08-04 00:36 327,040 --------- C:\WINDOWS\system32\drivers\ati2mtaa.sys
2008-06-01 02:08 . 2008-06-01 02:08 <DIR> d-------- C:\fsaua.data
2008-05-31 21:08 . 2008-05-31 21:08 <DIR> d-------- C:\Program Files\Lavasoft
2008-05-31 21:08 . 2008-05-31 21:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-31 21:07 . 2008-05-31 21:07 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-31 11:43 . 2008-05-31 11:43 <DIR> d-------- C:\Program Files\Marsu-Fix
2008-05-31 11:43 . 2008-05-31 11:43 159,847 --a------ C:\WINDOWS\Marsu-Fix Uninstaller.exe
2008-05-31 11:39 . 2008-05-31 11:39 <DIR> d-------- C:\Program Files\ESET
2008-05-31 11:30 . 2008-05-31 11:30 2,828 --ahs---- C:\WINDOWS\klif.spi
2008-05-31 05:20 . 2003-05-31 06:15 280 ---hs---- C:\WINDOWS\system32\ydgn.cfg
2008-05-31 05:20 . 2008-05-31 05:20 280 ---hs---- C:\WINDOWS\system32\dhugtj.cfg
2008-05-30 19:33 . 2008-05-30 19:33 18,048 --a------ C:\WINDOWS\system32\drivers\eth8023.sys
2008-05-30 19:28 . 2008-05-31 06:15 552 ---hs---- C:\WINDOWS\system32\sthth.cfg
2008-05-30 19:28 . 2008-05-30 19:28 280 ---hs---- C:\WINDOWS\system32\dscef.cfg
2008-05-30 19:28 . 2008-05-30 19:28 144 ---hs---- C:\WINDOWS\system32\xfgnfx.cfg
2008-05-30 19:28 . 2008-05-30 19:28 144 ---hs---- C:\WINDOWS\system32\kduy.cfg
2008-05-30 19:28 . 2008-05-30 19:28 144 ---hs---- C:\WINDOWS\system32\chmfcmh.cfg
2008-05-30 19:20 . 2008-05-30 19:20 144 ---hs---- C:\WINDOWS\system32\ghjkdr.cfg
2008-05-30 19:20 . 2008-05-30 19:35 24 --a------ C:\WINDOWS\system32\pzwmaime.sys
2008-05-30 17:45 . 2008-05-30 17:45 45,748 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-05-30 17:38 . 2008-05-30 17:39 <DIR> d-------- C:\Program Files\Picasa2
2008-05-30 17:38 . 2008-05-30 17:38 <DIR> d-------- C:\Program Files\Google
2008-05-30 17:16 . 2008-05-30 17:17 <DIR> d-------- C:\Program Files\eMule
2008-05-19 01:03 . 2008-05-19 01:03 <DIR> d-------- C:\Program Files\Total Training
2008-05-18 08:23 . 2008-05-18 08:23 <DIR> d-------- C:\WINDOWS\system32\3Planesoft
2008-05-18 08:23 . 2008-05-18 08:23 <DIR> d-------- C:\Program Files\Flag 3D Screensaver
2008-05-18 08:23 . 2008-05-18 08:23 <DIR> d-------- C:\Program Files\3Planesoft Screensaver Manager
2008-05-16 19:40 . 2008-05-16 19:54 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\My Games
2008-05-13 19:57 . 2008-05-13 19:57 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Printer Info Cache
2008-05-13 19:57 . 2008-05-22 13:07 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Image Zone Express

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-01 00:39 9,216 ----a-w C:\WINDOWS\AppPatch\AcXtrnel.dll
2008-05-31 23:03 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-05-31 19:49 --------- d-----w C:\Program Files\QuickTime
2008-05-31 18:10 --------- d-----w C:\Documents and Settings\Administrator\Application Data\uTorrent
2008-05-31 08:44 13,824 ----a-w C:\WINDOWS\AppPatch\Jview.dll
2008-05-31 02:16 --------- d-----w C:\Program Files\Save Flash
2008-05-30 16:33 27,136 ----a-w C:\WINDOWS\AppPatch\AcPlugin.dll
2008-05-23 12:48 --------- d-----w C:\Documents and Settings\Administrator\Application Data\IM
2008-05-16 18:13 --------- d-----w C:\Program Files\Macromedia
2008-05-16 16:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-13 16:47 --------- d-----w C:\Documents and Settings\Administrator\Application Data\HP
2008-05-04 16:30 --------- d-----w C:\Documents and Settings\Administrator\Application Data\BSplayer PRO
2008-05-04 15:22 --------- d-----w C:\Documents and Settings\Administrator\Application Data\ICQ
2008-04-26 19:11 --------- d-----w C:\Program Files\ICQ6
2008-04-23 22:21 --------- d-----w C:\Program Files\Windows Desktop Search
2008-04-21 00:19 --------- d-----w C:\Program Files\Common Files\Macromedia Shared
2008-04-21 00:19 --------- d-----w C:\Program Files\Common Files\Macromedia
2008-04-14 16:15 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 16:03 331,264 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 16:01 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 16:01 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 16:01 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 16:01 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 16:01 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 16:01 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 16:01 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 15:59 9,344 ----a-w C:\WINDOWS\system32\framebuf.dll
2008-04-14 15:58 3,072 ----a-w C:\WINDOWS\system32\dpnlobby.dll
2008-04-14 15:58 3,072 ----a-w C:\WINDOWS\system32\dpnaddr.dll
2008-04-14 15:58 285,696 ----a-w C:\WINDOWS\system32\atmfd.dll
2008-04-14 15:58 16,896 ----a-w C:\WINDOWS\system32\cfgmgr32.dll
2008-04-14 15:44 80,256 ----a-w C:\WINDOWS\system32\drivers\parport.sys
2008-04-14 15:44 73,344 ----a-w C:\WINDOWS\system32\drivers\sr.sys
2008-04-14 15:44 68,480 ----a-w C:\WINDOWS\system32\drivers\pci.sys
2008-04-14 15:44 46,464 ----a-w C:\WINDOWS\system32\drivers\p3.sys
2008-04-14 15:44 120,064 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys
2008-04-14 15:43 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-14 15:43 2,147,328 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-14 15:43 2,025,984 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-14 15:42 799,872 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
2008-04-14 15:42 154,112 ----a-w C:\WINDOWS\system32\drivers\dmio.sys
2008-04-14 15:40 78,336 ----a-w C:\WINDOWS\system32\msxml6r.dll
2008-04-14 15:40 78,336 ------w C:\WINDOWS\system32\msshavmsg.dll
2008-04-14 15:40 40,576 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys
2008-04-14 15:40 37,376 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys
2008-04-14 15:40 24,704 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys
2008-04-14 15:39 49,152 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-14 15:39 40,192 ----a-w C:\WINDOWS\system32\drivers\intelppm.sys
2008-04-14 15:38 64,896 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-14 15:38 552,960 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-14 15:38 51,840 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-14 15:37 65,536 ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-14 15:37 272,896 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-14 15:37 25,600 ------w C:\WINDOWS\system32\drivers\hidbth.sys
2008-04-14 15:36 9,728 ----a-w C:\WINDOWS\system32\gpkrsrc.dll
2008-04-14 15:36 57,600 ----a-w C:\WINDOWS\system32\drivers\redbook.sys
2008-04-14 15:36 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-14 15:35 52,352 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys
2008-04-14 15:35 44,672 ----a-w C:\WINDOWS\system32\drivers\fips.sys
2008-04-14 15:35 41,472 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys
2008-04-14 15:35 41,088 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys
2008-04-14 15:34 39,680 ----a-w C:\WINDOWS\system32\drivers\processr.sys
2008-04-14 15:33 30,208 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-14 15:33 23,168 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys
2008-04-14 15:33 187,776 ----a-w C:\WINDOWS\system32\drivers\acpi.sys
2008-04-14 06:00 988,160 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-14 06:00 424,960 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-14 06:00 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe
2008-04-13 23:52 --------- d-----w C:\Documents and Settings\Administrator\Application Data\VidaOne
2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 19:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 19:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 19:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-13 19:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 19:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 19:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 18:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-13 18:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-13 18:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-13 18:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-13 18:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-13 18:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-13 18:57 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-13 18:56 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-13 18:56 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
2004-08-08 16:20 520 --sh--w C:\WINDOWS\system32\fxwmbime.sys
2004-08-08 02:21 520 --sh--w C:\WINDOWS\system32\xzfhbjpg.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{97421D0D-E07F-40DF-8F07-99597B9585AD}]
2008-06-01 01:59 45056 --a------ C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 19:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 12:33 16132608 C:\WINDOWS\RTHDCPL.exe]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 16:48 1443072]
"Ad-Watch"="C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe" [2008-05-31 21:09 4579328]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 19:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"JavaView"= {DA191DE0-AA86-D04E-4B87-2A3D4928BE99} - C:\WINDOWS\AppPatch\Jview.dll [2008-05-31 11:44 13824]
"ThunderAdvise"= {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll [2008-06-01 01:59 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll
"msacm.divxa32"= divxa32.acm
"SENTINEL"= snti386.dll
"VIDC.ACDV"= ACDV.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programlar^Başlangı?^SolidWorks Task Scheduler Engine.lnk]
path=C:\Documents and Settings\Administrator\Start Menu\Programlar\Başlangı?\SolidWorks Task Scheduler Engine.lnk
backup=C:\WINDOWS\pss\SolidWorks Task Scheduler Engine.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programlar^Başlangı?^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programlar\Başlangı?\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programlar^Başlangı?^Adobe Acrobat Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programlar\Başlangı?\Adobe Acrobat Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programlar^Başlangı?^AutoCAD Startup Accelerator.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programlar\Başlangı?\AutoCAD Startup Accelerator.lnk
backup=C:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programlar^Başlangı?^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programlar\Başlangı?\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programlar^Başlangı?^Service Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programlar\Başlangı?\Service Manager.lnk
backup=C:\WINDOWS\pss\Service Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programlar^Başlangı?^Windows Desktop Search.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programlar\Başlangı?\Windows Desktop Search.lnk
backup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2008-01-11 20:54 623992 D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2006-09-25 10:12 90112 C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-09-20 16:35 202024 C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bittorrent]
C:\WINDOWS\bittorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2008-04-14 19:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
--a------ 2007-09-06 16:08 136136 C:\Program Files\DAEMON Tools Pro\DTProAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2006-12-10 22:52 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 12:35 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-09-20 10:51 1836328 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 16:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
d:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Real Desktop]
C:\Program Files\Real Desktop\Real Desktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SolidWorks_CheckForUpdates]
-ra------ 2007-09-10 15:15 6460696 C:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 02:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
d:\Program Files\Winamp\winampa.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Nero\\Nero8\\Nero Home\\NeroHome.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Dassault Systemes\\B17\\intel_a\\code\\bin\\orbixd.exe"=
"C:\\Program Files\\Dassault Systemes\\B17\\intel_a\\code\\bin\\CNEXT.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"C:\\Program Files\\Autodesk\\3ds Max 2008\\3dsmax.exe"=
"C:\\Program Files\\Autodesk\\Maya2008\\bin\\maya.exe"=
"C:\\Program Files\\seba14mods\\?torrent 1.7.2 Leecher Pack\\utorrent 1.7.2_mult10_leecher.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\seba14mods\\?torrent 1.7.2 Leecher Pack\\utorrent 1.7.2_original.exe"=
"C:\\Program Files\\seba14mods\\?torrent 1.7.2 Leecher Pack\\utorrent 1.7.2_mult100_leecher.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\eMule\\emule.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12697:TCP"= 12697:TCP:NortonAV
"18203:TCP"= 18203:TCP:NortonAV
"13088:TCP"= 13088:TCP:NortonAV

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-10-17 15:22]
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-10-18 12:39]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-03-13 16:52]
R1 LUMDriver;LUMDriver;C:\WINDOWS\system32\drivers\LUMDriver.sys [2006-10-13 23:53]
R2 BBDemon;Backbone Service;"C:\Program Files\Dassault Systemes\B17\intel_a\code\bin\CATSysDemon.exe" -service []
R2 MSSQL$AUTODESKVAULT;MSSQL$AUTODESKVAULT;"C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlservr.exe" -sAUTODESKVAULT []
R2 Remote Solver for COSMOSFloWorks 2007;Remote Solver for COSMOSFloWorks 2007;"C:\Program Files\SolidWorks\COSMOSFloWorks\FloWorks\binCFW\StandAloneSlv.exe" [2007-07-23 10:05]
S2 cdralw;NVIDIA Compatible Windows Miniport Driver;C:\WINDOWS\system32\DRIVERS\nvmini.sys []
S3 eth8023;eth8023;C:\WINDOWS\system32\drivers\eth8023.sys [2008-05-30 19:33]
S3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys []
S3 SQLAgent$AUTODESKVAULT;SQLAgent$AUTODESKVAULT;"C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlagent.EXE" -i AUTODESKVAULT []
S3 V0330VID;WebCam Vista;C:\WINDOWS\system32\DRIVERS\V0330Vid.sys [2006-09-12 20:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-01 04:13:15
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Ad-Watch Real-Time Scanner]
"ImagePath"="\??\C:\WINDOWS\system32\drivers\AWRTPD.sys"
.
Completion time: 2008-06-01 4:17:10
ComboFix-quarantined-files.txt 2008-06-01 01:16:57

10 Dizin 96,321,646,592 bayt boş
14 Dizin 96,291,745,792 bayt boş

WindowsXP-KB310994-SP2-Pro-BootDisk-TRK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

313 --- E O F --- 2008-05-31 08:46:13





well, any idea please?

I don't want to format my pc,I have almost 50 gb program data installed

RELEVANCY SCORE 200
Preferred Solution: soft.update365.us - soft.update999.cn - alman.nad virus

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: soft.update365.us - soft.update999.cn - alman.nad virus

Hello and welcome to TSF.

Sorry for the delay in response. The forum has been very busy.

Please note that Combofix is a very powerful tool and should never be used without supervision by a trained analyst. Under certain conditions, it may render the machine unbootable. If you haven't received help elsewhere and still need assistance, please proceed with the following instructions:

Now, run HijackThis. Close all windows and browsers except HijackThis.
Click on Open Misc Tools
Click on Delete a File On Reboot
Click once on the file below to select it, if listed:

C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll

do the same for this one, if listed:

C:\WINDOWS\AppPatch\Jview.dll

Click on the Back button to exit Process Manager

Now, back at the main screen of HijackThis, click on Scan and put a check in front of the following

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll
O21 - SSODL: JavaView - {DA191DE0-AA86-D04E-4B87-2A3D4928BE99} - C:\WINDOWS\AppPatch\Jview.dll
O21 - SSODL: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll

Close all browsers and windows other than HijackThis and click on "fix checked".

===============================

Restart your computer.

===============================

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
Please attach extra.txt to your post.
To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box:C:\Deckard\System Scanner\extra.txt

Click Upload.

Read other 1 answers
RELEVANCY SCORE 91.6

I freshly reinstalled my windows 7.
before and after the install,
when I watch videos on youtube.com (that's the only example atm),
the videos play great, flawless framerate, no matter the quality.
but they will randomly lockup. pause. only while in fullscreen.
high speed internet, videos have completed downloading, streaming speed isn't the issue.

if i press ESC to the video minimizes to a smaller display and works flawlessly,
if i press full screen again, the video continues flawlessly, untill 5 or 10 seconds later,
no specific time, they may more may not pause again.

no other system annoyances that i can recall.
i tried updating divx, although Ive never had to install those to watch youtube.

any ideas what could cause full screen video lockup?
ESC and a refullscreen instantly solves the issue, but i have to do it a few times throughout some videos.

reinstall java maybe? seems like I had to install java to watch youtube. i forget.

A:full screen youtube video lockup (soft soft)

I would make sure my Java script was OK. Do you run Trend A/V by any chance. This can block Java! What's you broadband speed? Does this happen at all times of the day or only at specific times?

Read other 5 answers
RELEVANCY SCORE 88.8

Best soft to recover 3TB HDD of GPT on wondows 7 ? free soft most like


hii I am using my Seaget 3TB HDD over 9 months , I just conevert MBR to GPT from acronics Disk directory to fully utilize 3 TB 3 weeks ago ______it runs great over 2 weeks but

now when i turn on PC i see win 7 pop-up massage to format disk and select MBR-GPT WTHElll !!

win 7 com. manager detect it but as unformatted disk
(I also try to use this HDD on different machine and also on win 8 Pro and also via SATA--to--USB adaptor but i am having same issue ____win 7 and all softs says it is unformatted and need to be format )

please guys help me to recover this HDD

free soft will be most welcome___and priced soft also welcome

A:Best soft to recover 3TB HDD of GPT on wondows 7 ? free soft most like

I just recently had a problem similar to yours, just mine was a bit more complex and have put it on the 'backburner' untill I have more time. I havent found a reason why my disk did 'fail' but dont worry, it can be recovered. Greg recommended this program to solve my solutions, Partition Wizard. This comes in many 'formats' Home version is what you want, it is free and allows you to do the tasks you will need. There is also a more advanced 'bootable' cd which can aslo be foudn on their website. By following this link to a video guide, you have lots of chances of recovering most-all of your data, only downside is that you must have a seperate hdd to copy the recovered files onto, be it your internal HDD or an external one. DONT COPY YOUR RESTORED FILES STRAIGHT BACK ONTO THE DRIVE as this may lead to permenante data loss. It is upto you if you choose the cd/normal one. Could i recommend you ask gregrocker to have a say in this thread as he knows alot in this area,

Partition wizard - Best Free Partition Manager Freeware and free partition magic for Windows 7, Windows 8, Windows Vista and Windows XP 32 bit & 64 bit. MiniTool Free Partition Manager Software Home Edition.
-Bootable CD - Partition Wizard Bootable CD allows user to manage partition directly with partition manager bootable CD.
How To Guide - How to activate Partition Recovery Wizard of partition magic? Partition Wizard Partition Recovery Wizard Video Help.

Read other 7 answers
RELEVANCY SCORE 82.8

https://skydrive.live.com/redir?resi...4LBOC9*NPyA%24

https://skydrive.live.com/redir?resi...4LBOC9*NPyA%24


above is my Eyefinity setup 5760*1080 with HD 7950 OC 3GB( 4th monitor is shut down because AMD strictly need Active adaptors and its very very hard to find in India . I will buy active adaptor on amazon later just like last one )

I always face problem of software launching UI
e.g. when I click on my any desktop soft -it open on 3 monitors , sometimes on 1st monitor or middle , and they didnt remember my setting when I close them just like "My Computer"" etc

I want to put lock of those softs so that they will open only on particular display like 1st-2nd-3rd monitor with unque size lock

I tried AMD Hydra little bit
but no help , its not that easy and contains many Crazy-Buggs

so any recommended software or tricks for me ?

A:soft to manage launching of soft on 5760*1080 and manage, its so panic

displayfusion.com

I bought it 2 weeks back, home license of Pro, you can get free/trial to check it out.

I have 3 monitors going on a 7950, also.

Read other 3 answers
RELEVANCY SCORE 77.2

It looks like this vicious thing is making the rounds. At any rate, I was hit by it 2 days ago. Before I was totally hijacked, I was able to run Malwarebytes which picked up 10 trojans and removed them. My system then became stable again. I ran Avast and it picked up 5 more trojans. I am running xp,sp3, avast av, malwarebytes, no-script and spywareblaster. I have never had such a virulent virus and really don't know for sure how I got it. I don't go to exotica on the internet and was visiting my usual sites so don't have a notion as to how. My question is, do you think this is gone or could there still be remnants of it on my pc? I have absolutely no symptoms - pc is still fast and everything loads easily. I am hesitant to use anything of a financial nature that requires password entry, i.e., Paypal. I would like to purchase the full version of MWB and Avast5 using my Paypal account but hesitate to do so at this point. Any thoughts would be appreciated. Thanks very much.
 

A:AV soft virus

Read other 16 answers
RELEVANCY SCORE 76

So I don't know what I did, but I got the notorious Spyware Soft Antivirus Virus (Oximoron?) onto my computer. I was able to disable it during start up, but I need to clean it out of the system. I'm also get random redirects to other websites when I go on to a certain few. What happens is that I'll be on the website for 5 seconds and then it begins to redirect. My google links are also redirected whenever I click them. For some websites, I get a pop up to download an Online Protection Tool which just turns out to be me saving a "Setup.exe" file which I know is a virus/trojan/malware of some sort. Any and all help is appreciated. Here is the info needed for this:

1. I don't have access to a Windows Install/Boot Disc.

DDS (Ver_10-03-17.01) - NTFSx86
Run by Blue Fox at 7:07:56.99 on Fri 05/07/2010
Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_17
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.2037.986 [GMT -4:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:... Read more

A:Spyware Soft Virus

Howdy there and welcome to TSF Forums

I'm Steve and I will be helping you throughout this fix.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. It is IMPORTANT that you don't miss a step. Please perform everything in the correct order/sequence.

Vista users please make sure you all run commands with administrator rights (right click icon - run as administrator)

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription

Please note that the forum is very busy and if I don't hear from you within three days from this initial posting then the thread will be closed.

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please ensure you install the recovery console if requested

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Read other 11 answers
RELEVANCY SCORE 76

Hi I was wondering if I could get help... I run windows Vista and today all of a sudden up popped a window which was a virus scanner, platinum soft. Since this started I am continually getting alerts that files are infected. When you click the link it takes me to this website:

http://platinumsoft2010.com/purchase?r=59.20

I googled it and found a number of articles showing it is a fake program. It stated that you can use Malwarebytes to remove. I downloaded and tried it however it does not work...

I can not use internet explorer anymore as every website gets blocked...

Any suggestions or guidance would be appreciated!
Thanks

A:Help Please!! Platinum Soft Virus

Hello and Welcome.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed. I currently have as many open topics as I can effectively handle; this will have you back in queue with the proper logs so an available helper would be able to assist.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

It's possible you have a variant which blocks our tools from running. If so....


If you have an active internet connection, copy/paste the links below into your browser, don't click them or the rogue might redirect. If you don't have an active internet connection, download the tools from another machine, and transfer them to the affected machine via USB flash drive.


Please download and run the following tool to hel... Read more

Read other 1 answers
RELEVANCY SCORE 76

My home PC is infected with antivirus soft and is now stuck in a continuous reboot loop. I followed the instructions on the bleepingcomputer site, and was able to use a boot disk to get to a dos prompt. When I try to rename the boot.ini file I get "file not found - c:\boot.ini. Can you help me? Thanks in advance.

A:Antivirus Soft Virus

Hi, rhenegar Welcome.Lets give this a try. Just one rule. Do not run programs or use boot CDs unless I ask you until the system is clean.You will need a flash drive to move information from the sick computer to a working computer, so we can see the progress of our actions. Save these instructions in your flash drive as a text file (use notepad) so you can have access to these while in an external environment (PE).Here is what you need to do.Two programs to downloadFirst Download ISOBurner. Click Here for ISOBurner Instructions. Install the program, and follow the next set of steps. SecondDownload OTLPE.iso and burn to a CD using ISO Burner. NOTE: This file is 276.7MB in size so it may take some time to download.When downloaded double click and this will then open ISOBurner to burn the file to CDBoot the Non working computer using the boot CD you just created.In order to do so, the computer must be set to boot from the CD firstNote : For information click hereYour system should now display a REATOGO-X-PE desktop.Double-click on the OTLPE icon.When asked "Do you wish to load the remote registry", select YesWhen asked "Do you wish to load remote user profile(s) for scanning", select YesEnsure the box "Automatically Load All Remaining Users" is checked and press OKOTL should now start. Change the following settingsChange Drivers to AllChange Registry to AllUnder the Custom Scan box paste this in/md5starteventlog.dllscecli.dllnetlogon.dllcngaudit... Read more

Read other 4 answers
RELEVANCY SCORE 76

I'm trying to help my mom get the AntiVirus Soft Virus off of her computer. I went through hijack this and removed the obvious ones, but I'm still missing something because the virus is still there. Thank you in advance for the help. Here is the log:

Edited to add the symptoms of the virus. From what I can tell it's the typical antivirus soft virus. Before I did some work with hijack this I would get a "windows security alert" anytime I tried to open any program ("Application cannot be executed. The file "insert file name here" is infected. Do you want to activate your antivirus software now"). Now that I've done some work, and programs can be opened. But after the computer is on for a little while a "Resident Shield Alert" pops up. It says "Thread Detected" and a filename, etc.

Logfile of HijackThis v1.99.1"
Scan saved at 11:33:36 PM, on 5/14/2010
Platform: Unknown Windows (WinNT 6.00.1906 SP2)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\Explorer.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Soft... Read more

A:AntiVirus Soft Virus

I think that I solved this now so we can go ahead and mark this thread as solved. Thank you.
 

Read other 1 answers
RELEVANCY SCORE 76

Hi~

My computer was infected with the Antispyware Soft virus.
I did some research online and I ran Hijack This and then selected a O4 thread that had tssd.exe from the scan results to be fixed (or deleted?).
After doing this, the pop-ups stopped and I was able to run programs again.

Unsure if I removed the virus from my system completely, I ran some scans.

My computer was not clean as Superantispyware detected the Antispyware Soft virus and now I'm worried and confused.

Attached is the DDS log...would the computer gurus please look over it and give me some advice? Thanks so much.

My computer suffered a blue screen crash in the middle of the gmer scan so I'm a bit scared to run it again.
Please let me know what I should do.
I couldn't catch what the blue screen said...everything happened too quickly.
However, once my computer restarted, there was an error message with something that was similar to atpow.sys (might have missed a few letters).
And then my computer screen went black so now I'm REALLY scared..................

Please help me~~~
I also included a HijackThis log file...let me know what else I can do to provide more information.
Thank you very much for your time and expertise.




DDS (Ver_10-03-17.01) - NTFSx86
Run by Debby at 2:50:32.33 on 06/05/2010 Sat
Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_20
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: AntiVir D... Read more

A:Antispyware soft virus...help~

Please try this scan:

Please download this file, and save it to your Desktop. Once you have downloaded it, save and close all other programs and run it by double-clicking on the file named "RootRepeal.exe".

Once the main window shows up, please click on the "Report" button on the bottom of the window. Next, please click the "Scan" button.

Another window will pop up asking you to select what to include in the scan. Please uncheck everything except for the "Stealth Code" checkbox, and then click OK.

Once the program has finished scanning, the results will appear. Click on the "Save Report" button, and save the report to your desktop.

Finally, please open this report with Notepad, and post it here.

Read other 2 answers
RELEVANCY SCORE 76

'Antispyware Soft' virus loaded itself onto PC. Puts up a green shield with a tick on taskbar, then pops up messages saying PC is infected - opens a webpage with advert to pay for antivirus.
Keeps opening fake warnings ... Avast found many JS: fakewarn-c (trj)

Ran spybot search and destroy and her is the HJT log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:40:49 PM, on 6/5/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
R1 - HKCU\Software\Microsoft\Intern... Read more

A:Antivirus Soft Virus

Read other 16 answers
RELEVANCY SCORE 76

My computer has been infected by Anti-virus soft - It keeps trying to get me to download an anti-virus program & keeps taking me to some porn & viragra sites. I can't stop any of them. I have Avast anti virus installed & it couldn't find any viruses.I then thought is must be malware. We follwed all your instructions and went into safe mode and installed rkill & malware bytes anti malware. After going into safe mode - We ran rkill which only ran for 10 seconds then we ran anti - malware which took ages. It found 29 but when we told it to repair the count was closer to 60.We went back to normal mode but the problem was still there, so we repeated the two processes again with the same result.We thought our firewall was up but it wasn't - rectified now & firewall is up.We read your preperation guide & downloaded the two programs (DDS + GMER) both have been run & results saved. I have two main drives C and E,On GMER we checked both of them.Please find attached result logs as per instructions.We aren't very computer savy, so any help would be greatly appreciated. Thank You.DDS (Ver_09-12-01.01) - NTFSx86 NETWORK Run by Axel at 19:13:57.03 on Sun 02/14/2010Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_18Microsoft Windows XP Home Edition 5.1.2600.3.1252.61.1033.18.511.340 [GMT 11:00]AV: avast! antivirus 4.8.1368 [VPS 100211-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}AV: Kaspersky Int... Read more

A:anti-virus soft

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEnetsvcsmsconfigsafebootminimalsafebootnetworkactivexdrivers32%systemroot%�... Read more

Read other 42 answers
RELEVANCY SCORE 76

Hi~My computer was infected with the Antispyware Soft virus.I did some research online and I ran Hijack This and then selected a O4 thread that had tssd.exe from the scan results to be fixed (or deleted?).After doing this, the pop-ups stopped and I was able to run programs again.Unsure if I removed the virus from my system completely, I ran some scans.My computer was not clean as Superantispyware detected the Antispyware Soft virus and now I'm worried and confused.Attached is the DDS log...would the computer gurus please look over it and give me some advice? Thanks so much.My computer suffered a blue screen crash in the middle of the gmer scan so I'm a bit scared to run it again.Please let me know what I should do.I couldn't catch what the blue screen said...everything happened too quickly.However, once my computer restarted, there was an error message with something that was similar to atpow.sys (might have missed a few letters).And then my computer screen went black so now I'm really scared..................Please help me~~~I also included a HijackThis log file...let me know what else I can do to provide more information. Thank you very much for your time and expertise.

A:Antispyware Soft virus... please help~

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 76

OK, so last night I apparently got owned by the antispyware soft virus. It downloaded onto my computer, tried to run its fake scan, wouldn't let me use my actual antivirus (AVG), etc.

So here's what I did:

Turned off computer, then restarted in safe mode with networking.

Downloaded all sorts of junk (Spyware Doctor, Avira, Malware Bytes Anti-Malware) and ran these programs. Spyware Doc tried to make me pay to do stuff, and Avira kept claiming it didn't find anything. MBMA cleaned some of the malware off my computer. After I used MBMA I restarted the computer in normal mode. Antispyware soft stopped popping up, so I could at least use it.

I woke up this morning to realize I couldn't get on the internet. Couldn't figure out why. After some frustration (power cycled connection, tried to repair by right-clicking on connection in control panel), I restarted the computer.

After this, I was able to use the internet, but at an incredibly slow speed (didn't test, I just know it took websites like ESPN about 1-2 minutes to open....). Anything on the computer actually ran at a superslow speed.

So then I decided to try a system restore. That's where I'm at now; my computer functions, except for a few problems:

1. My taskbar got changed to gray and my desktop looks like the old Windows 2000 desktops. (I run windows xp pro edition).

2. When I use search engines to find stuff, I click on the link and it takes me to sketchy websites (standard g... Read more

A:Antispyware Soft virus

Read other 13 answers
RELEVANCY SCORE 76

One of my PC's seems to be infected with this virus posing as an antivirus sofftware. It started sunday when my daughter was online. She says firefox crashed twice and then she got the Antivirus Soft notices.

It wants me to activate the Antivirus Soft, and I am getting false notifications of my virus protection being out of date, and
I am struggling to perform the first steps.
I am posting from my machine but was able to do part of the steps on his.

Its my husbands PC. A Dell Dimension 8400 running windows XP

I first tried to boot up in safe mode, and ran my normal virus program.

It found a trojan called tr/spy.ursnif.77824I I quarantined it and deleted and restarted the machine.
It still has the problem and warning pop ups continue, it is opening porn sites ect.

So I came here for help.
I did see another post with the exact same issue.

I downloaded the rkill tool and ran it to stop the mess.
It seemed to work.
I downloaded the DDS and GMER
and have been able to run them on his machine. (moved from mine with a zip drive)
The DDS worked okay.
The Gmer seems to work, but it is EXTREMLY Slow.
Once it finishes I try to save the report as ark.txt.

That seems to lock it up. It never gets past that.

I can access the internet. It wont let me run any other software besides the tools.

I just tried to copy the DDS report, and zip the second part of it and the machine seems locked up.
What can I do next to get the needed info ... Read more

A:Antivirus Soft Virus

Hello and welcome to TSF.

I am currently assessing your situation and will be back with a fix for your problem as soon as possible.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this, click Thread Tools, then click Subscribe to this Thread. Under the Notification Type: title, make sure it is set to Instant notification by email, then click Add Subscription.

Please be patient with me during this time.

Read other 19 answers
RELEVANCY SCORE 76

I get a popup on wednesday saying I have a possible virus and to click yes to scan. I immediately did a search for it and tried cleaning it off myself, but couldn't find the items in my registry that were listed. It wouldn't allow me to open taskmanager as well as run. Rebooted and was able to get into startup in order to stop it from starting upon bootup. Computer is running a little slow and redirects pages in firefox. Haven't really been using it other than to run gmer so don't know what other symptoms it has. Attached are my logs.

Thanks


DDS (Ver_10-03-17.01) - NTFSx86
Run by me at 22:41:45.82 on Wed 06/02/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3455.2720 [GMT -7:00]

AV: McAfee VirusScan *On-access scanning enabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\ms... Read more

A:Antispyware soft virus

Howdy there and welcome to TSF Forums

I'm Steve and I will be helping you throughout this fix.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. It is IMPORTANT that you don't miss a step. Please perform everything in the correct order/sequence.

Vista users please make sure you all run commands with administrator rights (right click icon - run as administrator)

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription

Please note that the forum is very busy and if I don't hear from you within three days from this initial posting then the thread will be closed.

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please ensure you install the recovery console if requested

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Read other 5 answers
RELEVANCY SCORE 76

Hello Tech Guy,

Last night my computer was attacked by this blasted bug, Antispyware Soft! My teenager was using it at the time and unfortunately clicked the window to close it. I took over and immediately and ran my Norton scan, which I now realize was also high-jacked by the virus.

I rebooted in safe mode and ran a full system scan again. It isolated and removed this virus. However, my IE no longer works. I tried to do a system restore, but it could not restore to an earlier date; an error message stated that it could not load the files. I installed Firefox via jump drive and have been trying to find solutions for this thing. I did download SUPERantispyware free edition and it also picked up this antiSoft virus and deleted it. So any suggestions on the system restore and the IE?

I am running Vista, Service Pack 2, IE 7, 32-bit.
 

A:Antispyware Soft Virus

Read other 16 answers
RELEVANCY SCORE 76

I have been fighting the antispryware soft virus for a couple days now...I have tried micro trend, malwarebytes, spybot, and spy doctor. I think the virus is now gone because Im not getting any pop ups, however I still can not get on IE without changing my LAN settings. I have a Toshiba Laptop with windows xp and wireless internet. Some help would be appreciated!
 

A:Antispyware Soft Virus help!!!

Read other 16 answers
RELEVANCY SCORE 76

My desktop appears to have been hijacked by a fake antivirus calling itself the antispyware soft virus. It has basically shut down all .exe commands, such that I cannot get online. I am on my laptop typing this now.

Per the prep guide, I attempted to run the defogger, DDS, and Gmer (via a flash drive) to post a log of the desktop, but the virus is preventing me from running each of these, saying that the found a problem running the program, and inviting me to activate them (the fake antivirus).

Any assistance is appreciated.

A:Antispyware Soft Virus

Hello,I found the summary instructions to remove antispyware soft virus here:http://www.bleepingcomputer.com/virus-remo...ntispyware-softand it appears that the virus has been removed.In addition to the malwarebyte's antimalware scan, should I run anything else to make sure my desktop is not carrying anything bad that may come online at a later point?Thanks again.

Read other 1 answers
RELEVANCY SCORE 76

hi. i have gotten a bunch of virus which i cannot remove i have followed the preparation guide but i cant get any off the progams to run.. the virus wont let me run anything it blocks everything. i believe i got the virus out of a torrent....... any help would be great.

also i have gotten a new icon on my taskbar bottom right of my screen it is antispyware soft and it keeps popping up saying stuff lie svchost.exe is infected cannot run..... explore.exe is infected when i open control panel i get the message control.exe is infected and so on.

A:antispywar soft and virus help

i would upload a screen hot but i cant open any .exe files atm....... and none of my hotkeys/keyboard commands will work

Read other 12 answers
RELEVANCY SCORE 75.2

I had anti soft on my Windows XP computer and thought I had removed it. I was able to remove it on my vista computer by locating the virus' file and deleting, running mbam as a secondary precaution. But my xp seems to have gotten much sicker. I'm pretty comfortable with computers and can usually solve my own problems, but this is beyond my capabilities. Symptoms include:java-based work program through internet explorer crashes after login. I have to login and click a link and then IE crashes.google chrome gets redirected on every linkgoogle chrome crashes when anything remotely close to *security* or *malware-removal* or etcetera pages are opened.I cannot run MBAM no matter how many ways I try to run it, rename it, use a flash drive and transfer, email, or the like. Here is my DDS log. DDS (Ver_10-03-17.01) - NTFSx86 Run by OPERA at 15:24:16.23 on Thu 08/05/2010Internet Explorer: 7.0.5730.11Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.254 [GMT -5:00]AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Outdated) {FB06448E-52B8-493A-90F3-E43226D3305C}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\... Read more

A:Anti Soft Virus or the like is on my computer

Hi kbonta,Welcome to Bleeping Computer!My name is mpascal, and I will be helping you fix your problem.Before we begin, I would like give a few guidelines so that we can fix your problem as quickly and efficiently as possible:Be sure to follow all my instructions carefully! If there is anything you don't understand, don't hesitate to ask.Please do not do anything or perform other steps unless I have asked you to do so.Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.Don't attach any logs unless asked. Posting them in the forums will make them easier to analyze.If you are unsure of how to reply, or need help with anything regarding the website, please look here.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below I will review and take the steps ne... Read more

Read other 15 answers
RELEVANCY SCORE 75.2

Hey all.. Please someone help me get rid of this evil virus. It's the fake virus that has pop-ups for "Virus Alert" and then starts scanning.. and has ton of pop-ups for Viagra and porn sites. I installed malwarebytes and ran it this is what i got

Malwarebytes' Anti-Malware 1.43
Database version: 3458
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/23/2010 12:03:22 AM
mbam-log-2010-02-23 (00-03-22).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 264819
Time elapsed: 2 hour(s), 32 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3aa42713-5c1e-48e2-b432-d8bf420dd31d} (Rogue.AntiVirus2008) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{bd4f7a6d-0107-4bdf-b72b-021b717b06ce} (Trojan.FakeAlert) -> Quarantined and deleted succ... Read more

A:Anti-Virus Soft Infection PLEASE HELP!

Use ATF Cleaner:http://www.atribune.org/index.php?option=c...5&Itemid=25Instructions for use copied/pasted from atribune.org's website: Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button.If you use Firefox browser Click Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser Click Opera at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt.Notes for Windows Vista users:On Windows Vista that "Windows Temp" is disabled, to empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator"----------------------------------------------------------------------------------------------------Remove Antivirus Soft (Uninstall Guide)Posted by Grinler on January 30, 2010http://www.bleepingcomputer.com/virus-remo...-antivirus-softAfter following all the steps in the above removal guide, please reply back with the Malwarebytes' log, and whether you are still experiencing symptoms.

Read other 7 answers
RELEVANCY SCORE 75.2

I CANNOT PERFORM THE FIRST STEPS. I am told everything is infected do I want to activate Antivirus Soft. This is the second request for help

After booting computer a message came up asking if I wanted to activate Antivirus Soft. I answered no. I was then notified that my virus protection was out of date did I want to activate Antivirus Soft. Microsoft firewall then advised that my virus protection was out of date. According to the system tray my installed virus protection is working properly.

This Antivirus soft will not let me access any functions on the computer. I can access the internet. I cannot install or run any other software. I cannot perform any of the first steps listed above as requested.

It activates IE and brings up porn sites. I also receive messages about threats from various IP's and ports:

Threat Win32/nugel.E IP:203.71.129.109 Port 32897 Attacked port 60242

There are many of these reports, they occur even if I physically disconnect the cable from the modem.

A:unwanted antivirus soft virus

More details about the machine are required. What Operating System?

If you have an active internet connection, copy/paste the links below into your browser, don't click them or the rogue might redirect. If you don't have an active internet connection, download the tools from another machine, and transfer them to the affected machine via USB flash drive.


Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.


http://download.bleepingcomputer.com/grinler/rkill.exe
http://download.bleepingcomputer.com/grinler/rkill.com
http://download.bleepingcomputer.com/grinler/rkill.scr
http://download.bleepingcomputer.com/grinler/rkill.pif


Note:

You will likely see a message from this rogue telling you the file is infected. Ignore the message. Leave the message OPEN, do not close the message. Run rkill repeatedly until it's able to do it's job. This may take a few tries. You'll be able to tell rkill has done it's job when your desktop (explorer.exe) cycles off and then on again.

At this point, you should now be able to run analysis tools.

Once the tool has run, do NOT reboot the machine, and then try once again to run DDS and GMER.

If for some reason the machine reboots, repeat... Read more

Read other 19 answers
RELEVANCY SCORE 75.2

I caught a virus earlier tonight and quarantined much of it, but I didn't get it all. So rather than hijacking my browser and sending it to a porn site like it was, every few minutes, it will open a new browser window within my tabs (I'm running Firefox 3.0.3) which reads www.soft.php/ with a string of referral characters after it. The URL doesn't bring up the porn site like it did before (I didn't get the URL of the porn site), and instead I get a connection error to that URL.

(I was testing to make it it was gone before posting this, and it's still here. just popped up a browser window for horny singles *sigh*)

Here's my HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:44:07 PM, on 10/28/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTu... Read more

A:Virus keeps trying to pop up www.soft.php and other porn in browser

Read other 11 answers
RELEVANCY SCORE 75.2

I have 2 PC's infected with Anti Virus Soft......I was previously working with Icrontic but they have closed their forum. Can you help?Here is the first log- Down:Logfile of Trend Micro HijackThis v2.0.4Scan saved at 1:37:22 PM, on 7/17/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.17023)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Dell\EUSW\Support.exeC:\Program Files\Real\RealPlayer\RealPlay.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exeC:\PROGRA~1\AVG\AVG9\avgtray.exeC:\WINDOWS\system32\ctfmon.exeC:\PROGRA~1\Comcast\COMCAS~1\data\Xtras\mssysmgr.exeC:\Program Files\CreataCard\Plus\FMRemind.exeC:\Program Files\Common Fi... Read more

A:2 PC's infected with Anti Virus Soft

Hello michgal2k ,Sorry for the delay. If you still need help, please post a new DDS/HijackThis log and I'll be happy to look at it. Thanks,tea

Read other 2 answers
RELEVANCY SCORE 75.2

Yesterday, a fake anti-virus software program popped up and started scanning my pc. I tried to close it but was unable to. Then a blue screen popped up and said it needed to shut down my PC to avoid damage.

My PC restarted, but that same blue screen popped up before it could reach the welcome page (even when I tried safe-mode). I used my boot disk to repair my PC with a system restore. My PC worked for a little while after that but the blue screen came back. I can start the PC in safe-mode now but the virus comes back if I try to start normally.

I already have combofix on my desktop, but didn't want to use it without checking here first.



DDS (Ver_10-03-17.01) - NTFSx86 MINIMAL
Run by Ethan at 20:33:06.43 on Mon 05/24/2010
Internet Explorer: 7.0.6001.18000

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Windows\Explorer.EXE
C:\Users\Ethan\Desktop\dedes.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.imdb.com/
mStart Page = hxxp://www.yahoo.com
mDefault_Page_URL = hxxp://www.sony.com/vaiopeople
mSearch Bar = hxxp://us.rd.yahoo.co... Read more

A:Anti virus soft issue!

I will be out of town until saturday, please don't close this topic.

Read other 19 answers
RELEVANCY SCORE 75.2

Hello!

I just started experiencing this problem today, but man is it a big one. When I try to run a program, it says "Application cannot be executed. The file is infected. Do you want to activate your antivirus software now?" It then opens a program called Antispyware Soft, which I know is a fake antispyware program. It also is blocking Internet Explorer from accessing the internet, saying that there might be malicious content on the site I am trying to enter, but then it opens a new page with adult content. Down in the bottom right hand corner of my screen, I can see about 15 yellow shields with a black exclamation mark, or sometimes 15 red ones with a white x. In the middle of all those, a green shield pops up that is linked to the Antispyware Soft program.

I read the post in this forum about what logs to have prepared in advance, but I am posting this from a different computer as I cannot access the internet on my normal one to download dds and gmer.

Please advise me on what to do next, and I will follow any and all instructions given. I know this is a lot of information to digest, but I am slightly panicking right now. Thanks for any help!

A:Virus Problem - Antispyware Soft

If you have an active internet connection, copy/paste the links below into your browser, don't click them or the rogue might redirect. If you don't have an active internet connection, download the tools from another machine, and transfer them to the affected machine via USB flash drive. If you transfer files, run this tool on the machine you're communicating with, to help prevent spread of infection to the good machine.

Download Flash_Disinfector.exe from here and save it to your desktop. Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
Wait until it has finished scanning and then exit the program.

================================

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 3 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.


http://download.bleepingcomputer.com/grinler/rkill.exe
http://download.bleepingcomputer.com/grinler/rkill.com
http://download.bleepingcomputer.com/grinler/rkill.scr


Note:

You will likely see a message from this rogue telling you the file is infected. Ignore the message. Leave t... Read more

Read other 16 answers
RELEVANCY SCORE 75.2

Hello,

My home computer has been infected by a Trojan identified by Avast as JS: fakewarn-E (trj) and has the associated locked file iahide5.dll which I've been unable to remove. Avast seems to be running fine, and catches the symptoms .. but the root cause is not eradicated and it recreates itself.

The primary symptom is false antivirus warnings that any application I try to run is infected and aborts the app - intending to redirect the user to buy their Antivirus Soft product.

The net effect is that I can't run anything in normal start-up mode. In safe mode, I was able to delete iahide5.dll from two locations, which temporarily got rid of the green/yellow shield in the Quick Launch bar although the main warnings issue remaind - but even that shield came back after a second reboot.

I am not able to install or uninstall anything as the virus just pops up a warning that the .exe or .msi driving the install is infected and aborts it. And installations in safe mode were unsuccessful. I have Avast 4 and MalwareByte Anti-malware (last update several months ago) as tools available (MBAM only in safe mode).

Any help would be appreciated. I need help badly!!.
 

Read other answers
RELEVANCY SCORE 75.2

Hi, I have been working on my friend's computer and I need help. I cannot run any programs to remove this issue, and I am now in safe mode trying to do what I can. Unfortunately for some reason, Malwarebytes won't work due to a registry error in any mode (can't install it either), but I've done a HijackThis log. The HJT log is below. This is very urgent. Thank you for your time, have a nice day.Logfile of Trend Micro HijackThis v2.0.4Scan saved at 8:44:49 PM, on 5/25/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.17023)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\AVG\AVG9\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\drivers\dcfssvc.exeC:\... Read more

A:Help with Anti Spyware Soft Virus

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 5 answers
RELEVANCY SCORE 75.2

A month or two ago i believe i acquired the antivirus soft infection. The symptoms were that i was unable to update any of my spyware programs or visit their websites. Each time i tried to visit there websites, it gave me the typical server not found page. A friend of mine told me to download combofix and run it. Doing so found the exe to the virus (lvkusftav.exe), and removed it. After removing i was still unable to update or visit the webpages to my antispyware programs. Since then i also believe i have become infected with another type of malware since iexplorer.exe wants to keep randomally connecting to the internet. Also i have 4 or so iexplorer.exe processes running even though the real iexplorer is not even running. Im also getting some random redirects to pornsites and other bogus search engines.

Im running windows xp with sp3

A:possible "antivirus soft" virus infection?

Hello,Please read this topic: http://www.bleepingcomputer.com/forums/t/273628/combofix-usage-questions-help-look-here/ which discusses the use of ComboFix.Please follow the instructions in ==>This Guide<== starting at step 6.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Since you have run ComboFix, please include the ComboFix log in the new topic.If you cannot produce any of the other logs, then please create the new topic anyway, include the information that you were unable to produce the other logs and why and include the ComboFix log along with a description of your computer issues.Orange Blossom

Read other 1 answers
RELEVANCY SCORE 75.2

I'm typing this from my clean desktop, my laptop is useless right now. I have it completely disconnect from the internet (wireless and cable) as I can't do anything, this Platinum Soft 2010 crap keeps blocking all sites and anything I try to do. I can't get rkill to work, dds, nothing. I saved them onto cd from my clean pc and tried to run it that way, it wants to run, it brings up the box saying that it's doing something and to be patient, the box only remains up for a millisecond and then closes so I can't read the whole message through. I can't do anything at all from the laptop right now. I haven't restarted it yet for fear of making it worse. Should I try restarting in safe mode first? I'm not doing anything (can't anyways) until someone tells me but I need help asap as I work 4 jobs from home and use that computer for 2 of them.

A:Platinum Soft 2010 virus

You can close this, I was able to remove it myself.

Read other 2 answers
RELEVANCY SCORE 75.2

Hi,
This is a friends computer and somehow she got this horrible little virus that redirects, locks up the virus scanner (Norton), changes internet settings to proxy, etc.
I installed Malwarebytes in Safemode, changed the .exe file-name, ran it installed SuperAntiSpyware and McAfee Stinger. CC-Cleaner and TFC temp cleaner. Removed it all I thought but the HijackThis log still has entries I don't think should be there.
Would you have a look and give suggestions what else I can do?

Thanks

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:13:32 AM, on 5/26/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Windows\SysWow64\Macromed\Flash\FlashUtil10e.exe
C:\Program Files (x86)\Skype\Toolbars\Shared\SkypeNames.ex... Read more

A:Redirects Soft Virus Protection

Read other 16 answers
RELEVANCY SCORE 75.2

I don't like Avast! because it slows my computer down but I couldn't get it to uninstall so I found an Avast removal tool from company name Alwil Software. Then I tried to download AVG and couldn't so I downloaded a program called ClamWin Free Antivirus and along with that came a little program called Antivirus Soft and it's taken over everything. I downloaded Avast 4.8 from a disk but I can't update it. It says the package is broken It won't let me open any of my anti spyware programs either. I tried to download HiJack this but it also won't let me do that.
This is the log I copied when I tried to update Avast. Any help will be greatly appreciated. I can't open my system information because I get Windows Security alerts saying the computer is infected. I have Windows XP and I use Firefox.
18.03.2010 17:23:19 general: Started: 18.03.2010, 17:23:19
18.03.2010 17:23:19 general: Running setup_av_pro-510 (1296)
18.03.2010 17:23:19 system: Operating system: WindowsXP ver 5.1, build 2600, sp 3.0 [Service Pack 3]
18.03.2010 17:23:19 system: Memory: 70% load. Phys:153752/523568K free, Page:800964/1278864K free, Virt:2069344/2097024K free
18.03.2010 17:23:19 system: Computer WinName: JAMIE-WHOETZY7R
18.03.2010 17:23:19 system: Windows Net User: JAMIE-WHOETZY7R\Jamie
18.03.2010 17:23:19 general: Cmdline: /downloadpkgs /noreboot /updatevps /silent /progress
18.03.2010 17:23:19 general: DldSrc set to inet
18.03.2010 17:23:19 general: Operation set... Read more

A:Antivirus soft/Clamwin virus

Okay, I finally got in safe mode and got this.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:20:04 PM, on 3/18/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CitiUSBrowserHelper Class - {387EDF53-1CF2-4523-BC2F-13462651BE8C} - C:\WINDOWS\system32\BhoCitUS.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Google ... Read more

Read other 1 answers
RELEVANCY SCORE 75.2

Is there a version out there of AVG Internet Security that works with Vista? I already have 2 licensed versions of AVG for XP and I want to use it on my new Vista laptop.

A:Gri Soft Avg Anti-virus And Vista

According to this, no.http://www3.grisoft.com/doc/products-avg-i...ng/us/tpl/tpl01PlatformAVG Internet Security Operational System MS Windows 98Yes MS Windows MeYes MS Windows NTYes MS Windows 2000Yes MS Windows XPYes MS Windows XP Pro x64 EditionYes MS Windows VistaNo MS Windows Vista x64 EditionNo MS Windows NT Server 4.0No MS Windows 2000 ServerNo MS Windows 2003 ServerNo MS Windows 2003 Server x64 EditionNo Linux i386No FreeBSDNo SymbianNo

Read other 3 answers
RELEVANCY SCORE 75.2

Hello, I have a really bad virus that infected my computer that claims its a anti spy ware program. It has a green shield with a check mark in the right bottom corner. It wont let me use any programs that can remove the virus, such as malawarebytes, spybot search d destroy etc.Also, i would provide a screenshot , but it wont let me open up paint, photoshop, or even word. When i try opening a program, it claims it's infected, it also does false scans, and false reports. Not only that, it directs me to internet explorer to porn websites, or Viagra websites. It's really frustrating because, I'm not so computer smart. It started doing this just yesterday, and before that i had the bad image .exe virus that pops up for every program you want use, but then it disappeared when this virus appeared.I looked up what others suggest, such as changing file names, which i tried but it still didn't work. I'm sure I just didn't do it right.And another thing, it wont let me use control panel, or let me uninstall any programs.Also, this program calls itself "Antispyware Soft".Please help me!!!! I will try to provide more information if needed.Please if you can, provide specific instructions because im pretty.... dumb D: .EDIT: Moved from XP to Am I Infected, more appropriate forum ~ Hamluis.

A:Antispyware Soft Virus, I dont know how to get rid of it!!!! Help!

Download this file and save it to your desktop:http://download.bleepingcomputer.com/grinler/rkill.scrDouble-click the file to run it. A command window will open briefly. Then run a quick scan with Malwarebytes. Post the Malwarebytes log.

Read other 7 answers
RELEVANCY SCORE 75.2

On June 1st, 2010 my computer was visciously attacked by a predator trojan, or atleast that's when it was activated, anyway. I feverishly searched the internet for possible solutions, even though the rogue "anti" virus tried to halt my plans in doing so. You see, I realized early on that the anti-virus was in fact the virus so I did a 1-2-3. ALT + CNTL+DEL that is, and shut it down as soon as possible.Then a located the files under local settings and the app data folder, and deleted the folder that looked suspicous, as i had been alerted earlier by people posting on forums who had previously undergone the same things.I did my research and followed their instructions to the best of my ability, which included downloading the following: Malwarebytes, Combofix, Hijackthis, amongst others.At las, I thought finally the culprite has been found and destroyed, but that is not so because my broswer is still hijacked, and it keeps redirecting me to various sites. Included in the post is the log file left by combo fix, if you need one from malware let me know.Also, how did this trojan download to my pc without my knowledge?((((((((((((((((((((((((( Files Created from 2010-05-07 to 2010-06-07 ))))))))))))))))))))))))))))))).2010-06-04 23:53 . 2010-06-04 23:53 -------- d-----w- c:\documents and settings\Theda Richardson\Application Data\Malwarebytes2010-06-04 23:52 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamsw... Read more

A:infected with the antispyware soft virus

CAN SOMEONE PLEASE HELP ME!!!!!!!!!!!!!!!!!11ALSO I CANNOT USE COMBOFIX IN NORMAL MODE, ONLY IN SAFE MODE.

Read other 3 answers
RELEVANCY SCORE 75.2

I made a bad mistake and accidentally fell for the Anti Virus Soft fake virus software that actually is a virus itself. I even paid money for it

The computer wouldn't even get into XP when it happened. Luckily my brother has got most of everything back together but there are still remnants of it on here and I am worried it will come back in full force.

I tried using MalwareBytes Anti-malware and Spybot - Search & Destroy but it only seemed to cure some of the issues. I tried following the directions on this site: http://deletemalware.blogspot.com/2010/01/how-to-remove-antivirus-soft-fake.html, but it hasn't cured everything.

Now everytime I start the computer, I get a series of error messages saying something to do with a variety of .exe files;
cnslmain.exe, nerocheck.exe, CliStart.exe, hpcmpmgr.exe, hpztsb10.exe, fwupdate.exe, BJMyPrt.exe, AdobeARM.exe, hpwuschd2.exe

I would really appreciate any feedback
 

A:Trying to Recover from Anti Virus Soft

Read other 11 answers
RELEVANCY SCORE 74.4

I believe that the virus that I have is "Antispyware soft." It started a few minutes ago. I am getting

-a fake green Windows icon in my toolbar
-fake "Antivirus software alert" popups
-when I try to access things in my Control Panel, I receive an alert that says "Application cannot be executed. The file rundll32.exe is infected. Do you want to activate your antivirus software now?"
-I also noticed that I cannot even keep Notepad open. It opens for about a second, then closes.
-I am getting popups from a fake Windows Security Center, and when that happens, my other browser, IE, opens to a porno site. My primary browser is FF, by the way.

Right now, there is the "Antivirus software alert" still sitting in my window because it asks if I want to block the attack. I obviously don't want to click "Yes" and have it install more software, but I'm scared of what it will do if I click "No." I have no anti-virus software. I know that is bad. Please help.

A:Antispyware soft virus - Popups & can't use programs

I just ran Rkill (http://www.bleepingcomputer.com/forums/topic308364.html) and that allowed me to now open Notepad, Control Panel and run the anti-virus software AVG. But, I'd still like help making sure that the virus is completely removed. Thanks.

Read other 2 answers
RELEVANCY SCORE 74.4

I am currently in widows safe mode with networking. so far i have switched my proxy options so I could get on the web again. Now I was told I need to download rkill so I can attempt to end the processes that belong to antivirus soft. I have done this but when i run the program it goes for 2 seconds and then says it was terminated by rkill. What does this mean? I am following the steps from this page : http://www.bleepingcomputer.com/viru...antivirus-soft . Any and all help is much appreciated.

A:Antivirus Soft malware, fake virus

I have since answered my own questions and the malware is fully removed. Moderator pls lock this thread

Read other 1 answers
RELEVANCY SCORE 74.4

Hi ... I am having a problem with my Dell Inspiron laptop running Windows XP. Last week I got the dreaded Antispyware Soft virus. I was able to remove it using HijackThis and Malwarebytes but every couple of days it comes back again. Additionally, I have been afflicted with the Google redirect which never went away even during the days in between Antispyware Soft popping up. I have also noticed that my laptop won't hibernate (if I try to do it, the blue "Preparing to hibernate" screen comes up and then within a few seconds the computer is "up" again). Finally I have also noticed heavy CPU usage by svchost.exe

I have run Malwarebytes, Super Antispyware, ATF-cleaner, and Panda and they all come up clean despite ongoing redirect issues.

Here is the DDS log:


DDS (Ver_10-03-17.01) - NTFSx86
Run by Owner at 16:46:26.08 on Tue 06/01/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.498 [GMT -4:00]

AV: Panda Cloud Antivirus *On-access scanning enabled* (Updated) {5AD27692-540A-464E-B625-78275FA38393}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Fi... Read more

A:Antispyware Soft + Google Redirect virus

Hello, I am jimi and welcome to TSF.

I am currently reviewing your log. I will be back with a fix for your problem as soon as possible.

Please *subscribe to this thread* to get immediate notification of replies as soon as they are posted. To do this click *Thread Tools*, then click *Subscribe to this Thread*. Make sure it is set to *Instant Notification*, then click *Subscribe*.

Please be patient with me during this time.

Read other 19 answers
RELEVANCY SCORE 74.4

I was hit two days ago by the Antispyware Soft virus. I managed to remove the visible effects of it by rebooting into the safe mode, using Malwarebytes' Anti-malware, and then doing system restore to a week ago. The remaining evidence of the virus presence is the fact that the search bars of both Firefox 3.6.3 and IE8 are still hijacked - if I search through them, then clicking on the links displayed takes to various shady sites. While I do not see the virus itself anymore, I now experience much more sluggish startup and shutdown, and after I log in, a number of services that are configured to start automatically, are not started. In particular, this is the case with the DHCP client service, and therefore the computer does not get a network connection. I can use services.msc to start services manually. If that works, the computer will go on the Internet. Firefox will work normally. Chrome will not work at all. IE seems to be mostly working, but connecting to Microsoft update does not work. Outlook seems to work. It often happens that I cannot start services manually. Then if I log off and log back on (without rebooting), I will often be able to start services manually. I attach the list of services both before and after starting some of them manually. Finally, when I start my computer, just before the Windows XP logo is shown, I now see the progressing strip of bars along the bottom of the screen - as when a laptop wakes up from hibernation. This computer is a desktop (De... Read more

A:Antispyware Soft virus side effects

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 8 answers
RELEVANCY SCORE 74.4

Hey again, I was infected with Antispyware Soft about a week ago, and I removed it, but then it came back, and my computer BSOD on me about 10 seconds after it came back.

I removed it with MalwareBytes Anti-Malware, but when going to the normal boot version of Windows 7, it still BSODs after 1 minute of booting up. I'm posting this while I'm in Safe Mode. The BSOD is IRQL_NOT+LESS_OR_EQUAL 0x000000a FWIW.

There seems to be a redirect virus as well, for instance, when I look up on Google "computer virus" and click on the first link (wikipedia page), it redirects me to some kind of a search engine site.

Note: I tried running GMER but about 5 seconds after starting the scan, boom, BSOD.

Please help!

DDS (Ver_10-03-17.01) - NTFSx86 NETWORK
Run by Gian at 19:53:34.90 on Fri 05/28/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3071.2276 [GMT -4:00]

AV: avast! antivirus 4.8.1335 [VPS 090409-0] *On-access scanning enabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: avast! antivirus 4.8.1335 [VPS 090409-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe... Read more

A:Antispyware Soft, BSOD, and redirect virus

Hi,

Please run the following program:


Please download this file, and save it to your Desktop. Once you have downloaded it, save and close all other programs and run it by double-clicking on the file named "RootRepeal.exe".

Once the main window shows up, please click on the "Report" button on the bottom of the window. Next, please click the "Scan" button.

Another window will pop up asking you to select what to include in the scan. Please uncheck everything except for the "Stealth Code" checkbox, and then click OK.

Once the program has finished scanning, the results will appear. Click on the "Save Report" button, and save the report to your desktop.

Finally, please open this report with Notepad, and post it here.

Read other 14 answers
RELEVANCY SCORE 74.4

Hi there, about a week ago I was infected with the ANTISPYWARE SOFT. I seemed to get rid of it all and followed your unistall guide on the site here which worked perfect...until I opened up IE and whenever I load a web page, it comes up on the bottom waiting on about:blank then continues to the correct page however it hangs for a few seconds. How can I get rid of this nasty malware! I tried to run the gmer app that was told to execute however it says during midway into the scan that there is a program and windows is going to close the program. However, I did run DDS and attach the file. Thank you for your help in advance! Adam DDS (Ver_10-03-17.01) - NTFSx86 Run by Adam at 13:31:58.40 on 20/05/2010Internet Explorer: 8.0.6001.18904Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.2.1033.18.1470.735 [GMT -6:00]SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:&#... Read more

A:MALWARE ---ABOUT:BLANK VIRUS/ ANTISPYWARE SOFT

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. HijackThis logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that it happens. Somethings to remember while we are working together.1.Please do not run any other tool untill instructed to do so!2.Please reply to this thread, do not start another!3.Please tell me about any problems that have occurred during the fix.4.Please tell me of any other symptoms you may be having as these can help also.5.Please try as much as possible not to run anything while executing a fix.If you follow these instructions, everything should go smoothly.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Gmer is the best but can be hard to get a log lets try this and see what we get.Scan With RKUnHookerPlease Download Rootkit Unhooker Save it to your desktop.Now double-click on RKUnhookerLE.exe to run it.Click the Report tab, then click Scan.Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.Wait till the scanner has finished and then click File, Save Report.Save the report somewhere where you can find it. Click Close.Copy the entire contents of the report and paste it in a reply here.Gringo

Read other 15 answers
RELEVANCY SCORE 74.4

I was hit today by the Antispyware Soft virus. I managed to remove the visible effects of it by rebooting into the safe mode, using Malwarebytes' Anti-malware, and then doing system restore to a week ago. While I do not see the virus anymore, I now experience much more sluggish startup and shutdown, and after I log in, a number of services that are configured to start automatically, are not started. In particular, this is the case with the DHCP client service, and therefore the computer does not get a network connection. I can use services.msc to start services manually. If that works, the computer will go on the Internet. Firefox will work normally. Chrome will not work at all. IE seems to be mostly working, but connecting to Microsoft update does not work. Outlook seems to work. It often happens that I cannot start services manually. Then if I log off and log back on (without rebooting), I will often be able to start services manually. Finally, when I start my computer, just before the Windows XP logo is shown, I now see the progress strip of bars along the bottom of the screen - as when a laptop wakes up from hibernation. This computer is a desktop (Dell Precision T3400) and this started happening only after this infection. Is there any hope to fix all these problems, or reinstalling Windows is the only option?

Many thanks for your help!
 

A:Antispyware Soft virus side effects

I forgot to add my Hijack This log. Here it comes.
Many thanks for your help!
--------------------
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:23:01 PM, on 5/29/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\PatchLink\Update Agent\GravitixService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\WebDrive\wdService.exe
C:\Program Files\TightVNC\WinVNC.exe
C:\Program Files\Live Mesh\Remote Desktop\wlcrasvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.e... Read more

Read other 1 answers
RELEVANCY SCORE 74.4

Hello, and thank you for the excellent site. I recently had an encounter with the anti-virus soft virus. When I first discovered I had been infected it was the type that effectively locked down the entire computer and prevents use until purchase of the software. I was able to stop this component of the virus using the guide listed on your site, but am finding that it was unsuccessful in completely removing the infection. I will still occasionally have my web searches redirected to random blank web pages which are obviously nothing but junk sites intended to re-infect my computer. Further, I have had the virus attempt to re-install itself, with the anti-virus soft pop-up window appearing on my desktop after having closed the internet. I switched over to Mozilla Firefox and started running no-script specifically to block the pages the virus attempts to open and that appears to at least prevent the virus from opening the pop-up window, however, the internet search redirects still persist. I have tried both malwarebytes and ad-aware scans to fix the problem and neither seems to completely repair my computer. Any help you can provide would be most welcome at this point, thanks in advance!DDS (Ver_09-12-01.01) - NTFSx86 Run by LES WELCH at 3:14:08.53 on Mon 03/01/2010Internet Explorer: 8.0.6001.18882Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.3069.2300 [GMT -8:00]AV: PC-cillin Internet Security - Virus Protection *On-access scanning enabled* (Updated) ... Read more

A:Anti-Virus Soft Redirects Web Searches

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.We need to create an OTL ReportPlease download OTL from hereSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Under the Custom Scan box paste this innetsvcs%SYSTEMDRIVE%\*.exe/md5starteventlog.dllscecli.dllnetlogon.dllcngaudit.dllsceclt.dllntelogon.dlllogevent.dlliaStor.sysnvstor.sysatapi.sysIdeChnDr.sysviasraid.sysAGP440.sysvaxscsi.sysnvatabus.sysviamraid.sysnvata.sysnvgts.sysiastorv.sysViPrt.syseNetHook.dllahcix86.sysKR10N.sys/md5stop%systemroot%\*. /mp /s%systemroot%\system32\*.dll /lockedfilesCREATERESTOREPOINTClick the "Quick Scan" button.The scan should take just a few minutes.Please copy and paste both logs back here in your next reply.=============The next log will show us any hidden files that are present.Download GMER from here:Unzip it to the desktop.Open the program and click on the Rootkit tab.Make sure all the boxes on the right of the screen are checked, EXCEPT for the following boxes. Please uncheck these boxes. Sections IAT/EAT Drives/Partition other than Systemdrive, which is typically C:\ Show All (This i... Read more

Read other 16 answers
RELEVANCY SCORE 74.4

So this is the 2nd time this week this has happened, first it was eco-anitvirus, and now it's Anti -virus soft, telling me that my current antivirus protection is out of date and that I need their program to protect my computor... how convenient.

I currently use Symentec to protect my computor and it does fairly well but for some reason this week it has kind of failed me.

Suggestions?

A:Anti-Virus Soft infecting my computor

Yeah, I am having the same problem, except I have Symentec and it just won't let me delete or quarantine this crap, it also blocks me sometimes from opening up certain applications. Except say firefox, thank god.

Read other 2 answers