Over 1 million tech questions and answers.

Virus - Bazooka Scan / DDS scan / GMER scan - %#^#%^#

Q: Virus - Bazooka Scan / DDS scan / GMER scan - %#^#%^#

Below are Bazooka scanner, dds and gmer scan results. Exe files are not working properly. Any executable I open immediately asks for a file to open the program. I can run some programs by browsing for the executable again but does not work for everything. Some programs won't work or install. here is my latest scan results using bazooka / dds / and gmer.BAZOOKA SCAN--------------------------------------------------------------------------------------------------------------------------------********************************************************************************************************************************************Result when scanning:SystemDir.explorer 545.505.000 %SystemDir%\explorer.exeC:\Windows\system32\\explorer.exehttp://www.kephyr.com/spywarescanner/library/systemdir.explorer/index.phtmlSystemDir.regedit 544.500.000 %SystemDir%\regedit.exeC:\Windows\system32\\regedit.exehttp://www.kephyr.com/spywarescanner/library/systemdir.regedit/index.phtml********************************************************************************************************************************************DDS SCAN------------------------------------------------------------------------------------------------------------------------------------********************************************************************************************************************************************.DDS (Ver_2011-06-23.01) - NTFSAMD64 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22Run by Dan at 20:29:14 on 2011-07-03Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3950.2172 [GMT 9:00].SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}.============== Running Processes ===============.C:\PROGRA~2\AVG\AVG10\avgchsva.exeC:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\atieclxx.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files (x86)\AVG\AVG10\avgwdsvc.exeC:\Program Files (x86)\Bonjour\mDNSResponder.exeC:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeC:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exeC:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exeC:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exeC:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exeC:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exeC:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exeC:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exeC:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exeC:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exeC:\Windows\SysWOW64\DllHost.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exeC:\Windows\system32\wbem\unsecapp.exeC:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exeC:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exeC:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXEC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Program Files (x86)\AVG\AVG10\avgnsa.exeC:\Program Files (x86)\AVG\AVG10\avgemca.exeC:\Windows\system32\conhost.exeC:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exeC:\Windows\system32\svchost.exe -k bthsvcsC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exeC:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exeC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exeC:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exeC:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exeC:\Program Files\Sony\VAIO Care\VCPerfService.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeC:\Program Files\Sony\VAIO Power Management\SPMService.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Program Files\Sony\VAIO Care\VCSpt.exeC:\Windows\system32\taskeng.exeC:\Windows\Explorer.EXEC:\Program Files\Sony\VAIO Power Management\SPMgr.exeC:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exeC:\Program Files\Sony\VAIO Care\listener.exeC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Windows\system32\DllHost.exeC:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exeC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\PROGRA~2\AVG\AVG10\avgrsa.exeC:\Program Files (x86)\AVG\AVG10\avgcsrva.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files\Sony\VAIO Care\VCsystray.exeC:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exeC:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exeC:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exeC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Bazooka Scanner\spywarescanner.exeC:\Windows\sysWOW64\wbem\wmiprvse.exeC:\Program Files\Sony\VAIO Update 5\VUAgent.exeC:\Windows\system32\wbem\WmiApSrv.exeC:\Windows\sysWOW64\wbem\wmiprvse.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exeC:\Windows\SysWOW64\cmd.exeC:\Windows\system32\conhost.exeC:\Windows\SysWOW64\cscript.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.google.com/uDefault_Page_URL = hxxp://sony.msn.comuInternet Settings,ProxyOverride = *.localuURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dllmURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dllmWinlogon: Userinit=userinit.exeBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dllBHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dllBHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dllBHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dllBHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dllBHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dllBHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllBHO: Somoto Toolbar: {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} - C:\Program Files (x86)\somototoolbar\vmntemplateX.dllBHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dllBHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllTB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dllTB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dllTB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dllTB: Somoto Toolbar: {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} - C:\Program Files (x86)\somototoolbar\vmntemplateX.dllTB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dllTB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No FileuRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silentuRun: [Elbserver] C:\Program Files (x86)\Sony\Media Gallery\ElbServer.exe /StayuRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /backgrounduRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeuRun: [3955552480] C:\Users\Dan\AppData\Local\vkw.exemRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exemRun: [SmartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartupmRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exemRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resumemRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunmRun: [SHTtray.exe] C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exemRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimemRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"mRun: [NapsterShell] C:\Program Files (x86)\Napster\napster.exe /systraymRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exeuPolicies-explorer: HideSCAHealth = 1 (0x1)mPolicies-explorer: NoActiveDesktop = 1 (0x1)mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dllIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllIE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dllDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cabDPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} - hxxp://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cabDPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabTCP: DhcpNameServer = Interfaces\{E87A7E97-F964-4C99-9896-E42B2ECE0710} : DhcpNameServer = avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dllHandler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dllHandler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLLHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllBHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO-X64: AcroIEHelperStub - No FileBHO-X64: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dllBHO-X64: AskBar BHO - No FileBHO-X64: Winamp Toolbar Loader: {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dllBHO-X64: Winamp Toolbar Loader - No FileBHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dllBHO-X64: WormRadar.com IESiteBlocker.NavFilter - No FileBHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dllBHO-X64: Search Helper - No FileBHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dllBHO-X64: AVG Security Toolbar BHO: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dllBHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllBHO-X64: SkypeIEPluginBHO - No FileBHO-X64: Somoto Toolbar: {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} - C:\Program Files (x86)\somototoolbar\vmntemplateX.dllBHO-X64: Somoto Toolbar - No FileBHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dllBHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllTB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dllTB-X64: Winamp Toolbar: {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dllTB-X64: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dllTB-X64: Somoto Toolbar: {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} - C:\Program Files (x86)\somototoolbar\vmntemplateX.dllTB-X64: AVG Security Toolbar: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dllTB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No FilemRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exemRun-x64: [SmartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartupmRun-x64: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"mRun-x64: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exemRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resumemRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunmRun-x64: [SHTtray.exe] C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exemRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimemRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"mRun-x64: [NapsterShell] C:\Program Files (x86)\Napster\napster.exe /systraymRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun-x64: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe.================= FIREFOX ===================.FF - ProfilePath - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\sstf431i.default\FF - prefs.js: browser.search.selectedEngine - AVG Secure SearchFF - prefs.js: browser.startup.homepage - hxxp://www.google.com/FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4e0b8e07&v= - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLLFF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dllFF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dllFF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dllFF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllFF - plugin: C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\sstf431i.default\extensions\{394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B}\plugins\npLightshot.dllFF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll.============= SERVICES / DRIVERS ===============.R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-4-18 7398752]R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520]R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-4 13336]R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-4-26 2151640]R2 Oasis2Service;Oasis2Service;C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [2011-2-15 47104]R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-6-1 367456]R2 regi;regi;\??\C:\Windows\system32\drivers\regi.sys --> C:\Windows\system32\drivers\regi.sys [?]R2 rimspci;rimspci;C:\Windows\system32\drivers\rimssne64.sys --> C:\Windows\system32\drivers\rimssne64.sys [?]R2 risdsnpe;risdsnpe;C:\Windows\system32\drivers\risdsne64.sys --> C:\Windows\system32\drivers\risdsne64.sys [?]R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2011-1-13 252416]R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-4-24 483688]R2 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-6-21 108400]R2 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-6-19 423280]R2 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-6-21 67952]R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-1-13 104960]R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-1-13 2320920]R2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2011-1-13 575856]R2 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-6-18 851824]R2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-6-10 537456]R2 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-6-10 384880]R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys --> C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [?]R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]R3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\system32\drivers\btwampfl.sys --> C:\Windows\system32\drivers\btwampfl.sys [?]R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]R3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys --> C:\Windows\system32\drivers\Impcd.sys [?]R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2011-4-26 17152]R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\DRIVERS\SFEP.sys --> C:\Windows\system32\DRIVERS\SFEP.sys [?]R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-4-24 209768]R3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-6-7 304496]R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [2011-1-13 1250160]R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-6-30 1025352]S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]S3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-6-10 101232]S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184].=============== Created Last 30 ================.2011-07-03 09:50:25 388096 ----a-r- C:\Users\Dan\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe2011-07-03 09:50:25 -------- d-----w- C:\Program Files (x86)\Trend Micro2011-07-03 09:45:26 92672 ----a-w- C:\KillBox.exe2011-07-03 09:11:25 -------- d-----w- C:\VundoFix Backups2011-07-03 08:47:15 -------- d-----w- C:\QUARANTINE2011-07-02 21:40:17 -------- d-----w- C:\Program Files (x86)\Bazooka Scanner2011-07-02 15:20:12 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll2011-07-02 15:20:12 1998168 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_43.dll2011-06-30 20:30:15 -------- d-----w- C:\Users\Dan\AppData\Local\AVG Security Toolbar2011-06-29 21:45:29 -------- d--h--w- C:\$AVG2011-06-29 21:07:51 -------- d-----w- C:\Users\Dan\AppData\Roaming\AVG102011-06-29 20:41:48 -------- d--h--w- C:\ProgramData\Common Files2011-06-29 20:41:42 -------- d-----w- C:\ProgramData\AVG Security Toolbar2011-06-29 20:41:33 -------- d-----w- C:\Windows\SysWow64\drivers\AVG2011-06-29 20:40:55 -------- d-----w- C:\Windows\System32\drivers\AVG2011-06-29 20:40:55 -------- d-----w- C:\ProgramData\AVG102011-06-29 20:40:17 -------- d-----w- C:\Program Files (x86)\AVG2011-06-29 20:24:15 -------- d-----w- C:\ProgramData\MFAData2011-06-27 19:31:48 16432 ----a-w- C:\Windows\System32\lsdelete.exe2011-06-27 18:17:29 -------- d-----w- C:\Users\Dan\PSP BACKUP2011-06-24 15:31:07 8873296 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{17F9365D-BA42-43B8-B606-1A3EFE65870B}\mpengine.dll2011-06-19 03:56:22 26624 ----a-r- C:\Users\Dan\AppData\Roaming\Microsoft\Installer\{2602B4DC-7F39-4116-941F-7BFCC60D703F}\Icon2602B4DC1.exe2011-06-19 03:56:20 -------- d-----w- C:\Users\Dan\AppData\Roaming\2009 PDG Studyware2011-06-17 04:53:59 981504 ----a-w- C:\Windows\SysWow64\wininet.dll.==================== Find3M ====================.2011-06-29 02:51:17 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys2011-06-05 15:33:20 952 --sha-w- C:\ProgramData\KGyGaAvL.sys2011-05-30 20:48:02 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2011-05-28 03:25:16 1638912 ----a-w- C:\Windows\System32\mshtml.tlb2011-05-28 03:07:01 3133952 ----a-w- C:\Windows\System32\win32k.sys2011-05-28 03:00:02 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb2011-05-24 11:21:59 404992 ----a-w- C:\Windows\System32\umpnpmgr.dll2011-05-24 10:34:20 64512 ----a-w- C:\Windows\SysWow64\devobj.dll2011-05-24 10:34:20 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll2011-05-24 10:34:00 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll2011-05-24 10:32:46 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe2011-05-24 10:14:10 270720 ------w- C:\Windows\System32\MpSigStub.exe2011-05-04 05:30:38 2326016 ----a-w- C:\Windows\System32\tquery.dll2011-05-04 05:28:07 779264 ----a-w- C:\Windows\System32\mssvp.dll2011-05-04 05:28:07 2228224 ----a-w- C:\Windows\System32\mssrch.dll2011-05-04 05:28:06 75264 ----a-w- C:\Windows\System32\msscntrs.dll2011-05-04 05:28:06 491520 ----a-w- C:\Windows\System32\mssph.dll2011-05-04 05:28:06 288256 ----a-w- C:\Windows\System32\mssphtb.dll2011-05-04 05:24:09 593408 ----a-w- C:\Windows\System32\SearchIndexer.exe2011-05-04 05:24:09 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe2011-05-04 05:24:09 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe2011-05-04 04:53:10 1553920 ----a-w- C:\Windows\SysWow64\tquery.dll2011-05-04 04:52:59 666624 ----a-w- C:\Windows\SysWow64\mssvp.dll2011-05-04 04:52:59 59392 ----a-w- C:\Windows\SysWow64\msscntrs.dll2011-05-04 04:52:59 337408 ----a-w- C:\Windows\SysWow64\mssph.dll2011-05-04 04:52:59 197120 ----a-w- C:\Windows\SysWow64\mssphtb.dll2011-05-04 04:52:59 1401856 ----a-w- C:\Windows\SysWow64\mssrch.dll2011-05-04 04:52:12 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe2011-05-04 04:52:12 428032 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe2011-05-04 04:52:12 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe2011-05-04 02:51:08 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys2011-05-04 02:51:08 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys2011-05-04 02:51:05 126464 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys2011-05-03 05:21:22 976896 ----a-w- C:\Windows\System32\inetcomm.dll2011-05-03 04:50:29 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll2011-04-29 03:13:10 461312 ----a-w- C:\Windows\System32\drivers\srv.sys2011-04-29 03:12:54 399872 ----a-w- C:\Windows\System32\drivers\srv2.sys2011-04-29 03:12:37 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys2011-04-27 02:57:40 102400 ----a-w- C:\Windows\System32\drivers\dfsc.sys2011-04-25 05:32:22 1896832 ----a-w- C:\Windows\System32\drivers\tcpip.sys2011-04-25 02:44:02 499712 ----a-w- C:\Windows\System32\drivers\afd.sys2011-04-22 20:18:47 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys2011-04-22 20:18:28 1197056 ----a-w- C:\Windows\System32\wininet.dll2011-04-22 20:14:08 57856 ----a-w- C:\Windows\System32\licmgr10.dll2011-04-22 19:31:26 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll2011-04-22 18:49:57 482816 ----a-w- C:\Windows\System32\html.iec2011-04-22 18:23:59 386048 ----a-w- C:\Windows\SysWow64\html.iec2011-04-14 12:28:24 118864 ----a-w- C:\Windows\System32\drivers\AVGIDSDriver.sys2011-04-09 06:58:56 142336 ----a-w- C:\Windows\System32\poqexec.exe2011-04-09 06:45:48 5509504 ----a-w- C:\Windows\System32\ntoskrnl.exe2011-04-09 06:13:06 3957632 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe2011-04-09 06:13:06 3901824 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe2011-04-09 05:56:38 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe2011-04-06 07:26:58 96544 ----a-w- C:\Windows\System32\dnssd.dll2011-04-06 07:26:58 69408 ----a-w- C:\Windows\System32\jdns_sd.dll2011-04-06 07:26:58 237856 ----a-w- C:\Windows\System32\dnssdX.dll2011-04-06 07:26:58 119584 ----a-w- C:\Windows\System32\dns-sd.exe2011-04-06 07:20:16 91424 ----a-w- C:\Windows\SysWow64\dnssd.dll2011-04-06 07:20:16 75040 ----a-w- C:\Windows\SysWow64\jdns_sd.dll2011-04-06 07:20:16 197920 ----a-w- C:\Windows\SysWow64\dnssdX.dll2011-04-06 07:20:16 107808 ----a-w- C:\Windows\SysWow64\dns-sd.exe2011-04-04 15:59:54 377936 ----a-w- C:\Windows\System32\drivers\avgtdia.sys.============= FINISH: 20:29:44.56 ===============********************************************************************************************************************************************GMER SCAN-----------------------------------------------------------------------------------------------------------------------------------********************************************************************************************************************************************GMER - http://www.gmer.netRootkit scan 2011-07-03 21:05:51Windows 6.1.7600 Running: gmer.exe---- Registry - GMER 1.0.15 ----Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076a27abb Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\18f46ad7fc86 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076a27abb (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\18f46ad7fc86 (not active ControlSet) ---- EOF - GMER 1.0.15 ----********************************************************************************************************************************************I am using Windows 7.bazooka scan detects regedit.exe and explorer.exe to be malicious due to location which is c:\windows\system32. I have backed up the files in question and found the original window files which are located in c:\windows. I just cant delete regedit and explorer from the system32 folder, they won't let me even in safe mode / administrator with killbox. Are there any bad DLL files anyone else recognizes that I should unregister? Any suggestions on deleting the viral files?EDIT: Posts merged ~Budapest

Preferred Solution: Virus - Bazooka Scan / DDS scan / GMER scan - %#^#%^#

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Virus - Bazooka Scan / DDS scan / GMER scan - %#^#%^#


Sorry for delayed response. Forums have been really busy. If you still need help with this post fresh dds logs, please.

Read other 2 answers


My McAfee Real-Time Scan will not remain enabled. When I try to run either Quick Scan or Full Scan, an error message comes up, telling me to return to the McAfee Internet Security Home and to try to run the scan again.

I have followed their instructions for re-enabling the Real-Time Scan to the best of my abilities, by trying to restart the McShield Service, and by running the oas-disabled-fix.cmd utility that they instructed me to download. The oas-disabled-fix.cmd utility will not run.

I have contacted McAfee and they have told me that it is a problem with Windows Update. I have contacted Microsoft and told them that as well, but they seem to be trying to rule out any other possible cause, than what McAfee says is the actual cause of the problem, thereby dragging this out even longer.

Microsoft is supposed to be getting back to me again tomorrow, but any other help would be appreciated.

Thank you for your time.

Read other answers

Good afternoon,

I have been experencing really low internet speeds on my computer. I have ran many tools such as HiJack this, ComboFix, AVG (Including rootkit) and Malwarebytes. Several of these tools found things here and there which seemed to have been removed.

I have set my computer up to dual boot WIN XP/WIN 7. I only experience the low speeds while using Win 7 which seems to make me thing that something is taking the majority of my bandwidth usage.

Could any take a look at my logs and see if there is anything going on before I decide to reinstall the os.

P.S I have also included my HijackThis log file.

Thanks in advance!

A:DDS scan and GMER scan log files.

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===This process looks suspicious.C:\Users\James\Desktop\Security Tools\mb9soxkz.exeDo you know what it is?Did you installed this driver or do you know which application needs it.R1 enport;enport;c:\windows\system32\drivers\enport.sysIt may be valid but I cannot find sufficient information on it.===Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofixLink 1Link 2* IMPORTANT !!! Save ComboFix.exe to your DesktopIMPORTANT....1. Close any open browsers.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.3. Do not install any other programs until this if fixed.How to : Disable Anti-virus and Firewall...http://www.bleepingcomputer.com/forums/topic114351.htmlDouble click on ComboFix.exe & follow the prompts. When finished, it will produce a report for you. Please post the C:\ComboFix.txt Note:Do not mouse click ComboFix's window while it's running. That may cause it to stallNote: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleeping... Read more

Read other 2 answers

Almost every time I do quick scan and got nothing and I think it is good. However, I just read online, it says that when quick scan does not find anything then you do deep scan. It confuses me, since it means I should do deep scan all the time. ?

A:quick scan vs deep scan/full scan ( antivirus )

the 1000$ question is
which anti-virus
ON windows defender and malwarebytes and many others only a quick scan is necessary
The converse of what you have read is usually the case eg. You do a quick scan and only if that finds something should you then need to follow it with a full scan
For instance a threat scan on Malwarebytes paid for edition or the scan on the free version will scan up to 99% of the system
A full scan also scans the system restore points and other unusual places to detect, or at least try to detect, all possible traces of infection.
As I said it depends on the AV and to some extent the OS which I presume is not Windows 2000 as indeed commented on by my colleague Cookiegal in another of your topics
Also, it appears you're running Windows 7 and if you don't still have your Windows 2000 computer you should visit your profile and change that information so that it's current which makes it easier to help you in some casesClick to expand...

Read other 13 answers

I'm fixing my aunt's computer and I just find this out that formatting the partition isn't going to work out due to the fact that that they unfortunately lost all recovery cd's.... I do not wanna go through the trouble of special ordering them so I was wondering if anyone could help. So the problems with the computer are these: McAfee virus scan and all options are disabled, when I tried running Malwarebyte's it said that I have no permission and to contact the administrator, and when I try uninstalling something, it just says "cannot run plug in. please try again later" I'm starting to get frustarted because i scanned the HDD through another computer and it deleted all visible trojans and what now but it still has the same problems. Someone help!

A:All Permissions Blocked! Virus scan, System restore, malware scan, all are off!

please bump

Read other 19 answers

I have windows vista, and whenever i run my virus scan or spyware scan, my computer locks up when it gets to a specific folder. that folder is program files/common files/microsoft shared/office 12. If i try to go to that folder, the computer locks up as well. I have no idea what to do about it. Any help would be appreciated, thanks.

A:Computer Freezes And Restarts When I Run Virus Scan Or Spyware Scan

Try running your scans in safe mode. The Advanced Boot Options menu lets you start Windows in advanced troubleshooting modes. You can access the menu by turning on your computer and pressing the F8 key before Windows starts. Select safe mode there, and run the scan.

Read other 4 answers

I did a scan 3 days ago with pctools and was told there was a virus trojan Backdoor.Retro64 but I had to pay to remove it.

I came across HijackThis tonight and have followed instructions.

This is my logfile:-

Logfile of HijackThis v1.99.1
Scan saved at 21:28:33, on 24/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\Program Files\VoipCheapCom\VoipCheapCom.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTa... Read more

A:Did scan before and was told virus backdoor.retro64 on pc. This is Hijackthis scan.

Hello, and welcome to the HijackThis Help Forum.

Apologies for any delay in replying, but we have been rather busy lately.

Since it has been a few days since you first posted, please post a fresh HijackThis Log if you still need assistance.

Thank you.

Read other 1 answers

i tried to do the on-line Panda scan a few times, once my dial-up connection disconnected it, and i couldnt get it back, and I tried it 2 more times and it stalled about 3/4 of the way thru, even tho i was still connected. When i do Spybot S&D scan it stalls midway too, several times, i have to keep moving my mouse around for a while to get it to start again. Why do u think this keeps happening on my computer?( Virus scan was negative, and i deleted some adware with a scan i did a day before.) I know the Panda scan used Actixe X which i had to download to do the scan. Should i delete it now? What would it look like and where would it be on the computer.?
I have an old Dell OptiPlex GX1 Pentium 2 with 350 MHZ, with 256 RAM and WIN ME O.S. with 10 G. storage with a slow dial-up connection. Thank in advance. ZUZU2

A:Panda scan and Spybot-S&D scan stalls mid-scan

This is my HJT log after running (sluggishly) Sbybot-S&D and finding no problem:
Logfile of HijackThis v1.99.1
Scan saved at 9:56:31 PM, on 2/2/2006
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: I... Read more

Read other 1 answers

Hi.When I do a sweep of my computer with Spysweeper and it gets to file C:\Acer\Empowering Technology\ET-UI-NB-NL.EXE the scan stops/freezes and my computer stops responding.If I do a virus scan with Windows Defender when it gets to file ET-UI-NB-NO.EXE it freezes as well and I have to do a hard reboot each time to get computer running again. However if I run a virus scan with Kaspersky there are NO problems and it does not show up any viruses etc. I have Kaspersky as my main internet security and just like to sweep every so often with the other 2 obviously keeping them updated.Anyone out there have any ideas as I have uninstalled/installed Spysweeper with no fix and have just noticed I have lost all restore backups to try and recover to any earlier date! Here is my HJT LOG for extra info:-

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:53:56, on 21/07/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:... Read more

A:Computer Freeze during Spysweeper scan & virus scan

Any help would be greatly appreciated!!

Read other 1 answers

I have been having a few problems with my computer recently. It has become very slow and freezes a lot. A few days ago, my hotmail account was hacked and an email sent to every one of my friends. So I tried to run Virus Scan to see if I had a virus and it never completes a scan; instead, it always says that it unexpectedly stoppped and to please close and try again. I've tried running both full and quick scans to no avail and also tried in safe mode with no success. Please help! Thanks!

A:McAfee Virus Scan Cannot Get Through A Full Or Quick Scan

Hello and welcome. Let's try a Safe Mode scan.Next run ATF and SAS: If you cannot access Safe Mode,run in normal ,but let me know.Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".From your regular user account..Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..DO NOT run yet.Open SUPER from icon and install and Update itUnder Scanner Options make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.Now reboot into Safe Mode: How to enter safe mode(XP)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox or Opera browser click that browser at the top and choose: Select AllClick th... Read more

Read other 8 answers

Hello! After over a year virus free I now have a great big one and I need a little help getting rid of it please...

When I start my computer my wallpaper was hijacked with a screen which says "Warning: Spyware threat has been detected by your PC" with another couple of lines and a blue screen. I have also been having a problem opening programs (they just don't open) and when I CTRL+ALT+DEL it says "task manager has been disabled by your administrator" - I am the administrator. In fact, I am the only user on this computer. I have also been getting stupid anti-virus-like popups for example the "scan integrity scan wizard" and "system security warning". Thank god I have a laptop to help me...

Below I included the hijack log from after my PCCillian virus scan. If you would like the one from before my scan I have that as well.

Logfile of HijackThis v1.99.1
Scan saved at 10:38:43 PM, on 4/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Documents and Settings\All Users\Application Data\rubojyjg\nkzwxelq.exe
C:\Program ... Read more

A:Scan integrity scan wizard and other popup virus'

Read other 16 answers

This is all about ZoneAlarm Suite v. with all the bells and whistles. I apologize up front for the length of this message, but I feel it's needed to make a point or a better query. Thanks in advance for any help I can get.Virus check log, for instance ZALog2005.06.14.txt, every time it runs it looks the same. I can't even tell if anything gets scanned other than a final report about no viruses. There are tons of entries about scan failed. For instance :1. These are segments of a text file log:AV/treatment,2005/06/14,20:36:30 -4:00 GMT,,C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask>Ad-Aware SE Default.skn,Scan Failed,AutoAV/treatment,2005/06/14,20:36:30 -4:00 GMT,,C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask>arrow1.bmp,Scan Failed,AutoAV/treatment,2005/06/14,20:36:30 -4:00 GMT,,C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask>arrow2.bmp,Scan Failed,AutoorAV/treatment,2005/06/14,20:35:20 -4:00 GMT,,C:\Program Files\PestPatrol\Spyware.dat>r,Scan Failed,AutoAV/treatment,2005/06/14,20:36:30 -4:00 GMT,,C:\Program orGMT,,C:\WINDOWS\$NtUninstallKB826939$\ole32.dll,Scan Failed,AutoAV/treatment,2005/06/14,20:28:56 -4:00 GMT,,C:\WINDOWS\$NtUninstallKB826939$\osk.exe,Scan Failed,AutoAV/treatment,2005/06/14,20:28:56 -4:00 GMT,,C: ... Read more

A:Virus scan logs puzzle me-scan errors

I'll try to help you with this.Virus check logThose entries that you show indicate that ZA can't access Ad-Aware program files, PestPatrol\Spyware.dat (definition files), C:\WINDOWS\$NtUninstallKB826939 (Windows Update uninstall info), Spybot - Search & Destroy\Recovery\DSOExploit.zip>sbRecovery.reg,Scan Failed,Auto (Spybot Backups). This is not a concern.Alerts and Logs paneIf these are all errors about Spybot I wouldn't be concerned. Again it may be reporting that it can't access the Spybot backups.vsmon_2nd_2005_06_09_20_39_06.dmp.zipThese are dump files created for error reporting purposes. If you need to contact ZA about a problem they may ask for them.Your #4.I don't see anything there to be concerned about either. It seems that ZA can't scan within archives, which many other AV's are able to do. Pagefile.sys is your swap file so thats never a problem. Your not scanning D: drive, is this a Compaq or HP? I get the impression you are looking for space on your drive. If so, have a look at Hiberfil.sys. If you do a scan and no problems are found you don't need to keep the log file for that scan. The logs for the scans that find problems can be kept for a while for diagnostic purposes. I would only keep the last "vsmon_2nd_2005_06_09_20_39_06.dmp.zip" for troubleshooting.

Read other 3 answers


This morning I ran a full virus scan with the AVAST virus program on my system and then ran a spybot check as well. Nothing turned up except an error in a backup file.

My computer runs fine, except I can not run a scan disk check or defrag the two hard drive partitions.

When I try to run a scan disc, I get the message:

"Windows unable to complete the disk check."

When I try to defrag, I get the mesage:

"Disk fragmenter could not start."

I tried booting to safe mode and I get the same messages when I try to run both programs in the safe mode.

I have run chkdsk from the command line and it runs ok, but when I use the /f and /r parameters it gives me the usual locked drive message and asks if I would like the volume checked on the next start up, wich I indicate "yes"

On the next startup it starts to run chkdsk momentarily, then stops and boots to the windows screen?

I have removed my antivirus program and and unchecked and turned off sytem restore on the hard drives - but it does nothing.

Any idea why I can't scan or defrag my hard drive? Everything else works fine and I am sure it had something to do with the virus scan..........

Thanks for any help guys!


Read other answers

I have an issue with being redirected to other sites when I search the internet with IE or Firefox.
I was following your Preparation Guide, but I have an issue when I run GMER scan.
I started the GMER scan. After a few seconds the screen went blue.

I could not print the error message, but the pertinent parts seemed to be:

Step: 0x00000050 (0xF898B008, Ox0000000, 0xB770F3CB, 0X00000000)
pxtdypog.sys Address B770F#CB base @ B77013000 Date Stamp 4dc139C7

Should I try to run GMER scan again?

A:Redirect virus. Computer crashed running GMER scan

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 28 answers

Right, this started yesterday when I attempted to restart my computer. It refused to do so, so I decided for a hard reset.

After being stuck in the windows splash screen for over 10 minutes, I thought something was wrong and booted it up using the last known good configuration. After I booted up several things refused to work.

I can't access my network center, the backup and restore center, or even open up the task manager. I can't even open up either of the web browsers I have nor can I open up Steam to use it's built in browser. They either refuse to work or simply open up a blank window and stay busy without allowing me to close them. I also can't exit or use some of Window's built in utilities, like the Side Bar or the Picture Viewer.

Currently I'm only able to post here thanks to ASUS ExpressGate. I am still able to boot into Windows, just not open up any of the previous programs. Following the instructions from the top thread in this forum, I downloaded both DDS and Gmer. DDS didn't run thanks to my operating system and when I tried running Gmer, this error popped up:

C:\Windows\system32\config\systems: The process cannot access the file because it is being used by another process.
C:\Users\Victor\ntuser.dat: The process cannot access the file because it is being used by another process.

Any ideas? I just started up school again and not being able to use this laptop is going to be problematic.

A:Suspected Virus/Malware GMer cannot start scan. 64bit Vista

Well it's been past the 72 hour mark, Gmer still refuses to run (Most of the options besides the last three are grayed out for some reason and I'm still receiving the error)

HJT runs perfectly normal as I've found out, so heres the log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:00:11 AM, on 9/17/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Hamachi\hamachi.exe
C:\Program Files (x86)\Stardock\Impulse\Now\ImpulseNow.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Progra... Read more

Read other 1 answers


I was using Windows Vista a couple of months back and use McAfee as my anti-virus program, I trust McAfee because unlike Norton it doesn't use so much system resource but I change to Win 7 because a spy-ware infected my computer and Mcafee wasn't able to remove it or detect it so I use this chance to change to Win 7 and unfortunately Mcafee isn't compatible with Win 7 yet so I change my anti-virus software to ESET smart security and now when I use ESET to scan my pc a lot of items came and I don't know if I should remove them or not as when I use Macfee before nothing usually comes up. So my question is whether or not I should do a regular scan or do nothing? I do trust ESET to remove any harmful material without me doing any regular scan so I'm hesitant. Thank You.

A:Solved: virus scan or no scan

Read other 8 answers

Hello and hopefully someone can help. I have spent some time searching and cant find the answer.
I ran AVG and scanned whole system. 4 Trojan Horses were found.
1 was a false positive
1 was secured
and 2 said take action, couldnt remove(something like that)(still have report result)
Now I update avg, rescan whole computer 2 times and nothing is found.
I scaned each file seperatly and it said pass.
Where the other 2 trojans removed or not being detected now?
They were called Trojan Horse Generic32.EGL
Please help me understand the result and what to do
these were the two results in question

"";"Trojan horse Generic32.EGL, C:\Windows\Installer\7883.msi";"Infected"
"";"Trojan horse Generic32.EGL, C:\ProgramData\{E91883C8-8CDC-46A4-A45F-CB40EB82ED60}\HP Support Assistant.msi";"Infected"

A:AVG Scan found Trojan first scan, second scan none

I just addressed the very same issue on another board.
Definitely false positives as it happens with AVG too often.

Read other 1 answers

My GMER anti-rootkit scan resulted in the following message 'GMER has found system modification caused by ROOTKIT activity'. How do I address/correct this problem? It is not specific.

Read other answers

In the past day, my computer has been very tempermental. I am running Vista Home Premium and have been for about 2 months without any issues. I run Avira Antivir and Kaspersky Internet Security in the background. I ran a full Kaspersky scan and have no issues. Antivir has not found anything either, except for HP false positives. When I run Ad-Aware and Spybot scans, nothing shows up. I also ran CCleaner to scrub temp files and registry. Also, a quick scan with MBAM was clean.

But when I try to run a full scan in MBAM or SuperAntiSpyware, the computer hangs. This usually happens when the screen saver kicks in. So I disabled the screen saver, but it still happens. I cannot access anything at that point and have to power off from the power supply (ctl alt delete won't work).

Does anyone have any thoughts?

A:Computer Freezes When Running Full MBAM Scan or Super AntiSpyware Scan

Try disabling your anti-virus for the scans
Just remember to turn it back on
Also disable Spybot's Teatimer function if you use it

Read other 7 answers

no scan options-you need to install hp software for features-hp officejet 6110xi; dell e6500 laptop; O.S=windows 7 pro 64 bit. hp support directs me to use windows 7 drivers and then i still get this error; there no viruses/malware ect on the computer. how may i obtain the software/driver needed to resolve this problem. thank-you
does anyone have the cd-rom with the firmware and drivers for the hp officejet 6110 all-in one printer?

A:hp officejet 6110 no scan options after engaging start scan button on printer

Have you tried scanning the way HP has recommended: http://h10025.www1.hp.com/ewfrf/wc/...=en&lc=en&os=4063&product=79477&sw_lang=#N385

Expand the "How do I scan, fax, print, or use a memory card?" section, then expand the "How do I scan with an in-OS driver?" to see the HP recommended way to scan.

Read other 1 answers

Receive bad pool caller when attempting to run registry scan and norton full/quick scan.

Latest dump error:

0x000000c2 (0x00000040, 0x00000000, 0x80000000, 0x00000000)
Thought it might have been problem with linksys software - pc locked up on a linksysfile. Removed/unistalled product; rebooted machine. Attempted Norton full scan - still received 0c2 abend. Approximately 5900 files are successfully scanned before it tanks.

Machine: Gateway GT5228
OS: Windows XP SP3

Any help would be greatly appreciated.

If you need additional information, let me know.

Best Regards

A:bad pool caller during registry scan and norton full/quick scan

Leafs22 said:

Receive bad pool caller when attempting to run registry scan and norton full/quick scan.

Latest dump error:

0x000000c2 (0x00000040, 0x00000000, 0x80000000, 0x00000000)
Thought it might have been problem with linksys software - pc locked up on a linksysfile. Removed/unistalled product; rebooted machine. Attempted Norton full scan - still received 0c2 abend. Approximately 5900 files are successfully scanned before it tanks.

Machine: Gateway GT5228
OS: Windows XP SP3

Any help would be greatly appreciated.

If you need additional information, let me know.

Best RegardsClick to expand...

Hi Leafs22,

This is Mike from the Norton Authorized Support Team.

Which Norton product and version do you currently have installed?

It sounds like there is a problem with the drivers on your system. Please follow the steps below to properly remove Norton. After you remove Norton, update all of the drivers on your system and then install the latest version of the Norton product for which you have a valid license.

1. Click on the following link to download the Norton Removal Tool:

Norton Removal Tool and Instructions

2. After you run the tool, please restart your computer. Log into Windows again and run the removal tool again. Restart your computer after it is finished running the second time as well.

3. Update all of the drivers on your system.

4. Click on the link below and then select the "Download" button under the Norton product that you own. This ... Read more

Read other 1 answers

My computer was infected by SpywareQuake awhile ago, i followed the instruction step by step and the SpyQuake was removed, it was gone. And now it appears again in my active scan again (but i dont see any windows pop up in the bottom right of the screen saying that "my computer is seriously infected" like before). So im just wondering that there are something that i missed or my computer is infecting again. I greatly appreciate you guys can help me out, thank you so very much
Here is my Activescan log:

Incident Status Location

Potentially unwanted tool:Application/SpywareQuake Not disinfected C:\Documents and Settings\DJ Empty\Local Settings\Application Data\Mozilla\Firefox\Profiles\m60uft4t.default\Cache\551FE075d01
Adware:Adware/DollarRevenue Not disinfected C:\Documents and Settings\DJ Empty\Local Settings\Temporary Internet Files\Content.IE5\L1IC6IGI\drsmartload[1].exe
Adware:Adware/BrowserAid Not disinfected E:\RECYCLER\S-1-5-21-1644491937-1972579041-839522115-1003\De27\Temp\_ps_inst_exe.vir[rundll16.exe]
Adware:Adware/BrowserAid Not disinfected E:\RECYCLER\S-1-5-21-1644491937-1972579041-839522115-1003\De27\Temp\_ps_inst_exe.vir[rundll16.dll]

And Hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 6:44:24 AM, on 4/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\s... Read more

A:Scan found Spyware Quake in my system! (HJT and Active scan included)

Read other 16 answers

OK , having major difficulties getting these fixes to work. I have windows vista premium home, hjt will do the scan but halfway through says for some reason "your system denied write access to the Hosts file" I tried to set hjt to run as administrator but that is grayed out, so when I select "ok" it finishes the scan but no copy is posted in notepad. I did actually select a few known trash and it did remove them. dds appears to do its scan but doesn't post any results in notepad. And rootrepeal gives me a device controller error and wont scan. Does anyone have any suggesting on what to do? I did a system repair back to the 30 of December but that seemed to on reduce the popups.


A:corrupt system wont let me run nso when i select "ok" it finnishes it's scan but no copy of scan is posted in noteb...

Welcome to BCPlease try this:Please download RSIT by random/random and save it to your Desktop.Note: You will need to run this tool while connected to the Internet so it can download HijackThis if it is not located on your system. If you get a warning from your firewall or other security programs regarding Rist attempting to contact the Internet, please allow the connection.Close all applications and windows so that you have nothing open and are at your Desktop.Double-click on RSIT.exe to start the program.If using Windows Vista, be sure to Run As Administrator.Click Continue after reading the disclaimer screen.Leave the drop down box set to default: "List/folders created or modified in the last 1 month (30 days).When the scan is complete, a text file named log.txt will automatically open in Notepad.Save the log file to your desktop and copy/paste the contents into a new topic in the HijackThis Logs and Malware Removal forum, NOT here.Important: Be sure to mention that you tried to follow the Prep Guide but were unable to get DDS to run.If RSIT did not work, then reply back here.

Read other 1 answers

The Intel Driver & Support Assistant said that it had an update: Intel® Graphics Driver for Windows* [15.40]. When I did a scan with the Lenovo Companion app, it said there were no updates available. Why the difference of opinion betwee the two apps?

Read other answers

I have been having an issue with Symantec Leaving my logs full with scan Omissions 99% of which are compressed. After doing considerable research I find symantec gives a nice list of possabilities and things to look into. Personally none of these fixed my issue, but it may yours. If Anyone has any Ideas to add to Symantec's offical list of reasons for scan omissions please do.---------------------------------------------The following is From Symantec @ http://service1.symantec.com/SUPPORT/ent-s...002073015235648Event ID 6Solution:This event is typically encountered when any of the following occurs: You scan a compressed file that contains a password-protected file. The decomposer engine cannot provide the password required to gain access to the file, so it will be omitted during a scan. You scan files that have been locked for access by the operating system and access cannot be released to the scanner because the file is in use. You scan files that are recursively compressed to a depth that is more than the scan engine is set to scan. By default, the scan engine is set to scan a maximum depth of three levels (for example, a zip file contained within a zip file contained within another zip file). You scan files with LH7 compression, which is not a supported format. These compressed files commonly have an .lzh extension, and they are omitted by the scan. You scan files that are in use by another user. This is most commonly seen when you scan user directories and shared folders... Read more

Read other answers

Was working on the computer yesterday, running Firefox and suddenly went offline. Could not go online again with Firefox, IE or anything else. Did a system restore, didn't help. McAfee AV+ won't run a scan and real-time AV protection keeps turning itself off. I was able to connect to the 'net when I installed a wireless USB adapter and disconnected the ethernet cable.Now Ad-Aware has shut down too

A:McAfee AV+ scan won't run and real-time scan keeps turning off; browsers stopped working, Ad-Aware quit too

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the ... Read more

Read other 3 answers

I have Avast version 4.7 Home Edition Free installed on my computer.

When I ran a scan today with Avast, it detected a virus and I deleted it. I then ran another scan and there were no viruses reported.

Then I went to Kaspersky's online virus scanner and ran it and it detected 2 viruses on my computer, but of course the only way to get rid of the one's detected is to purchase Kaspersky Anti Virus.

Questions are.
1. How did the virus that Avast detected get on the computer in the first place? I have the on access protection control running with all of the modules activated with the exception of Outlook (I do not have Outlook on my computer).

2. Why is Kaspersky detecting 2 viruses on my computer at the present time and Avast detects none?

Do I need to ditch Avast Free and pay for Kaspersky as a better Virus protector.

Thanks for any ideas and suggestions,


A:Solved: Avast scan resuts vs Kaspersky scan results

Read other 6 answers

My computer was at a crawl, even step from booting to loading the desktop and beyond took at least 50x as long. But in Safe Mode, it was running only a little slower than usual, so I suspected a virus or malware. Attempts at using AVG antivirus's command line scan in Safe Mode was met with messages such as 'Boot Sector Hidden' or something like 'Processes scanning failed'.
Desperately I tried to run CHKDSK. Seemed to solve the problem, but just after that, AVG antivirus crashed while scanning. Next day, I try again, AVG seems to work detecting no threats, and Malwarebytes detected nothing too.
NOW I want to make sure my computer is virus or malware free. Please help me, this is my only laptop.
I have Hijack this logs, but there is some error message about hosts files, I can post them if you want.. I tried aswmbr anti root kit , but the program always crashes just as it's checking sysmain.dll
Some background: Awhile ago, I accidently installed some malware by not unchecking the right boxes while installing DAEMON tools. Found out it was messing with my browser, so used Spybot Search and Destroy plus Malwarebytes anti-malware, found some malware uninstalled them, also remove them through Control Panel. Seemed fine. until a day later when I accidently turned off the mains power to the laptop, without any battery in. Then the slow down suddenly appeared. I have accidently done this before but it never had this effect.

A:aswmbr can't scan, Antivirus can't scan, Computer at a crawl from startup

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/539424 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

Read other 2 answers

Hey all.
I was running a full scan on my Win8 system using Defender.  After 15 minutes, scan was three-quarters completed with no problems, so  I left the computer for five minutes.  When I returned, Defender had switched over to a Quick Scan in order to finish up. 
No threats found, either by Defender or by MBam, which I ran afterwards.  But is it unusual for Defender to switch from Full to Quick scan mid-operations? 

A:Windows Defender Full Scan Switches Over To Quick Scan

I never heard of that happening before so I'm not sure how it occurred.There are three types of scans offered by Windows 8/10 Defender and most other anti-virus/anti-malware programs:Quick Scan only checks the areas of your computer most likely to contain malware...the most prevalent and common places where malware typically hides. The length of time for performing a Quick scan will vary but it generally takes about 15-30 minutes so they can be performed daily.Full Scan is much more comprehensive since it scans the entire hard drive (all folders/files) which can number in the thousands. The length of time for performing a Full scan will also vary but because it is so comprehensive, this type of scan can take several hours. Most Full Scans can be scheduled to run late at night when not using the computer so you can perform a weekly scan without having to monitor it.Custom Scan allows the user to select any files and folders on the hard drive to be scanned.In most cases when performing routine security checks, only a Quick Scan is needed since it checks the areas of your computer most likely to contain malware...the most prevalent and common places where malware typically hides. A Full scan is generally recommended only for heavily infected systems.

Read other 1 answers

Ok after I scanned with super antispy software and removed everything, I started getting bad image file errors with .dlls popping on anything opened and on startup. I cant get DDS to run it just pops up a command prompt and never does anything. So I will attach the gmer txt and post my HJT log here.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 951 PM, on 12/3/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELServic... Read more

A:bad image files after scan with a super anti scan

bump please.

Read other 4 answers

We are using Windows Fax and Scan (Version 6.1 Build 7601: Service Pack 1) -- its the version included with our Windows 7 Enterprise 32 bit client OS

I just installed a scanner at a sleep lab , scanner works flawlessly. There are multiple sleep techs that will log into the one computer with the scanner (so in short multiple user profiles) and scan patient RXs.  Problem is the Sleep Manager wants
the scans to automatically save to a central location so no matter what tech logs in their scans will save to the same location as everyone else.

The key is AUTOMATIC saving.

So that's the background info -- the heart of the issue ... it appears a feature that Windows Fax and Scan offers is not working.

If you go into Fax and Scan there's an option in tools -> Scan Routing.  If you read about the feature its supposed to AUTOMATICALLY save to the network folder indicated, its not doing that.

So I check the box for "save to network folder" (don't know the exact wording)

(I'm using xxx's because I don't want to publically announced the real share location) \\xxx\xxxxx\xxxxx\Neuromuscular.

That is 100% a valid and working share name -- been in use for years many people save to it....Windows Fax and Scan says "Not valid Network Share"

So someone said just use \\server\share

Ok I create a folder on my computer let's call it Computer1 and name it sharefolder. I share it and give "everyone" read/write acc... Read more

Read other answers
A:Whats the difference between Quick Scan and Full Scan

A quick scan only scans areas known to be used by most malware infections. In most cases, a quick scan is all that's necessary for Malwarebytes to do its job. A full scan, as you might imagine, scans every file on the drive.~Blade

Read other 3 answers

The past few days, I have been having problems with my disk going to 100% usage (with little or no read/write activity) and then eventually the entire system crashes. This morning I unplugged the drive and plugged it into a different SATA port, and so far things seem to have been running fine.

However, I've found an additional issue. The action center is giving me a message that says "We found potential errors on a drive, and need to scan it.", and it accompanies this message with a "Run Scan" button. The problem, however, is that when I click the button, nothing happens. And the Task Manager is showing disk read/write activity at 0-1%, so it's not just failing to provide feedback.

A:Action Center Prompts for Scan, Won't Perform Scan

Are you talking about check disk? if so try option two: CHKDSK - Check a Drive for Errors in Windows 8

Read other 1 answers

I went to use PerfectDisc yesterday, it suggested I do a bootup scan, I did, allowed it to do pagefile scan too. Ran fine. Then rebooted, went to do regular scan. it locked up on the Blue Screen of Death.

"Bad_Pool_Header" and gave some error info... 0x00000019, and so on.

Computer runs fine though otherwise, which is funny.

Then when I try to go to Registry Mechanic and scan, it goes all the way through, and on I believe the deepscan, it always goes to BSOD there. I think while it's in the HKEY section of current user.

There may be other programs that will cause the BSOD, but these 2 are the only ones so far. Please guide me through this....Anyone.

Thanx in advance.

A:Please Help Me. BSOD during PerfectDisc Scan or Registry Mechanic Scan

Ok, I ran Diskeeper and it let me defrag. Then I reinstalled PerfectDisk, and it did a full defrag without going to the Blue Screen of Death.

Registry Mechanic still does the Blue Screen of Death though.

Read other 2 answers

Hiya I have some problems and I was working through the new instructions page trying to get the log and stuff and have tried to scan with dmer and every time it scans for about 3 secs and then my laptop restarts. What do I do to try and stop this happening and what does it mean for my laptop :S


Oh and here is the dds scan thing..

DDS (Ver_10-03-17.01) - NTFSx86
Run by Goldfish1000 at 18:45:49.40 on 01/10/2010
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_17
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.44.1033.18.2038.1006 [GMT 1:00]

============== Running Processes ===============

C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Progra... Read more

A:GMER won't scan

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.




Please note that tools are best Run from the Desktop. Save to the Desktop and then Run from the Desktop.

Easier to find and perform specialized functions which may be required. Thanks.


It appears you didn't attach the second dds log, Attach.txt, to your initial post. I need to see it in order to help you.

------------------------------------------------------Please download Rootkit Unhooker and save it to your desktop.
Right-click RKUnhookerLE.exe and choose 'Run as administator'.
Click the Report tab, then click Scan
Check Drivers and Stealth Code, Files, and Code Hooks
Uncheck the rest, then click OK
When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
Wait till the scanner has finished then go File > Save Report
Save the report somewhere you can find it. Click Close then Yes
Copy the entire contents of the report and paste it in your next... Read more

Read other 17 answers

How long should the GMER scan take?

I am going to post on my browser being hijacked etc. and have done the other two scans (hijackthis, dds) but when I went to do the GMER scan it took literally hours and hours and hours.

I am wondering if I did it right (more than a raw beginner, but not understanding most of this). After clicking "No" to the first GMER full scan request I ended up with a list of places to be scanned on the right. I made sure only "C" was checked, and that IAT/EAT was NOT checked.

And many hours later it was done with some end messages saying there were some things it could not do. But I could not copy the results because after hours and hours on my computer sometimes loses the ability to do certain things. (I had it uplugged from my DLS line to try to keep anything else from sneaking in while it was working.)

Could I have done something wrong?

I will try it again today, but my computer also checks out periodically so I have to fiddle with it to get back to the screen to see how the scan is progressing.

Your help is appreciated.

Anyway we sue the guys who do this? This browser hijacking thing gets by the security I have on two computers and this is the third time. (I had them in the shop for it previously.)

Read other answers

GMER - http://www.gmer.netRootkit scan 2008-06-24 17:00:45Windows 5.1.2600 Service Pack 3---- User code sections - GMER 1.0.14 ----.text C:\Program Files\Internet Explorer\iexplore.exe[532] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 42F0F301 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation).text C:\Program Files\Internet Explorer\iexplore.exe[532] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 430A1667 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation).text C:\Program Files\Internet Explorer\iexplore.exe[532] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 430A15E8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation).text C:\Program Files\Internet Explorer\iexplore.exe[532] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 430A162C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation).text C:\Program Files\Internet Explorer\iexplore.exe[532] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 430A1574 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation).text C:\Program Files\Internet Explorer\iexplore.exe[532] USER32.dll!MessageBoxExA 7E45085C 5 Bytes ... Read more

Read other answers

This is the first time I have used your website - it comes highly recommended to me. I have tried to follow your Guide for Malware Removal but each time I get to the step of completing a GMER scan it stops before I can save it to file labeled ark.txt. I have run the scan 3 times - each time taking several hours to run the scan - but then it restarts the computer before I can save it. I had run a malware program prior to trying your sight and it told me I had 2 Trojan Agents.1. C:\WINDOWS\cpnprt2.cid2. C:\WINDOWS/system32\cpnprt2.cidI was reluctant to allow the first malware program to delete these files because they looked important to me. Someone suggested I contact you and you would be able to help me.Thank youGinny

A:GMER scan

Hello,Don't worry about the GMER log for now. Please post the DDS logs as a reply. I will then merge them into your initial post and remove my reply so your topic doesn't get lost.Orange Blossom

Read other 2 answers

this is my first putting this on here. sorry if i get it wrong


i have not access to a windows install disc or a boot CD

A:i did a GMER scan

Hello pezzer,

I appreciate the gmer log, but I also need the logs produced by dds.scr. Please run that tool again and post the dds.txt, and attach the Attach.txt it produces.

Would you also please provide a description of the problems you are having?

Read other 1 answers

I have a WIN7 Home Premium computer that might have a rootkit infection. I have run malwarebytes and AdwCleaner, which found some things that i had the SW fix. However, when I tried to run GMER, the program stopped before finshing. I am still having pop ads. So I am still concerned that something bad is going on. Would appreciate any help in systematically diagnosing and fixing this problem. I await any instructions on tools to run and logs to post back. I really like to concept of your site to help walk people through the process of virus removal. I hope to learn the basics of keeping my computer protected. Right now I only use Microsoft essentials, MalwareBytes, AdwCleaner.and GMER. I never had a problem with GMER before so suspect something is wrong.
OK I forgot to post the DDS log
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17344  BrowserJavaVersion: 10.55.2
Run by Tom at 15:52:23 on 2014-11-10
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3839.1834 [GMT -6:00]
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Pro... Read more

A:PopUp ads and can't run GMER scan

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/555596 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

Read other 2 answers

I do not know what to make of the attached jpeg that summarizes the findings of a GMER scan. Machine is running Win 7 x64 Ultimate with Comodo Firewall and ESET. Adobe Acrobat Reader is not present on the machine. No other AV saw this thing, if it even is a "thing".Any opinions much appreciated.New to the forum,--GeneAKA "Starless"Well let's try a second time with getting the GMER scan attachment to go.--Starless
 Gmer Scan.JPG   55.09KB
  9 downloadsMerged posts. ~ OB

A:Interesting GMER Scan--what is it?

Well it might have been something after all, because my MBR got shredded and I could no longer pass an SFC/SCANNOW integrity check. Glad I had a clean week-old back up image. And glad that I image my drivse with two different brands of software, because the Acronis restore failed, and the Paragon did not.It's a jungle out there folks.Best,--Starless

Read other 2 answers

I followed all of the instructions for the Prep Guide & when I run the Gmer program I immediately get an error message that says "c:\windows\system32\config\system: the system cannot find the file specified." And all of the options arent available to scan. In fact, the only options checked are "Services, Registry, Files C:, and ADS". Where do I go from here in order to get the program to scan the area's needed to get a complete scan log?

A:Problem with Gmer Scan

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.Are you running Windows 7?Gmer won't run on this format, at the moment rootkits are not making inroads into this operating system. Instead run the follwoing programsDownload OTL to your desktop.Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.When the window appears, underneath Output at the top change it to Minimal Output.Under the Standard Registry box change it to All.Check the boxes beside LOP Check and Purity Check.Click the Run Scan button. Do not change any settings unless oth... Read more

Read other 23 answers

I'm cleaning up a computer as I do quite often.
This one started because the computer was being sluggish and the sounds are coming out slowly and broken up.
I ran Anti Malwarebytes as usual and removed a few parasites (that's what I call all of them).
I ran CCleaner cleanup tools.
I ran HiJackThis! and removed unecessary stuff.
I fixed the sound problem by removing the device and letting it reinstall. But after a reboot, the sound problem reappeared.
So for whatever reason I decided maybe a rootkit or other hard thing to remove....
I downloaded DDS, GMER and ComboFix as I do in this situation.
DDS started but would not run - pretty much froze up the computer except the mouse cursor.
GMER started but would not run - ditto
ComboFix starts but stops after saying this should take 10 minutes or more.
Not on normal mode. Not in Safe Mode.
I've not seen this problem before....

I ran a collection of Root Kit programs: McAfee, Sophos, RootKitRevealer, RootRepeal, etc. I didn't find anything that seemed compelling. And, none of these tools seemed to be able to *do* anything but generate a list!! Bummer (or maybe not, eh?).
So, I'm still unsure if thiss machine has a parasite remaining but I'm concerned because all those tools don't run.
And, I still have to fix the sound problem.


A:DDS, GMER, ComboFix don't scan

Heelo, please repost this here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.Run and post an OTL log.1. Please download OTL from one of the following mirrors: This is THE Mirror
2. Save it to your desktop.
3. Double click on the icon on your desktop.
4. Under the Custom Scan box paste this in
%systemroot%\*. /mp /s
5. Push the Quick Scan button.
6. Two reports will open, copy and paste them in a reply here: OTL.txt <-- Will be opened Extra.txt <-- Will be minimizedLet me know if that went well.

Read other 2 answers

I'm trying to help a friend, even less technical than I am, with her Acer Aspire laptop which seems to have been infected with something ugly. She uses IE, and Funmood sets itself as browser, home page, and she gets stackoverflow in line 864 messages. I've used Chrome to begin the process outlined here to get help. I've obtained and saved the files requested, down to scanning with GMER. How long should that take? I unchecked IAT/EAT, and clicked scan. It's been running for a very long time, exactly how long, I'm not sure. I think it's starting over when it gets to the end. Is that possible? I didn't understand when it said to close all pages but "this one." So I've tried closing the browser, and leaving only the page from which that scanner was downloaded. It doesn't seem to make a difference.

Thanks for help. (imagine your gray haired grandma here)

A:question re GMER scan

It shouldn't take that long and may have frozen. Closing all other windows means not to have anything else open in your browser when running GMER.

But for now, leave GMER aside and please post the DDS logs.

Read other 3 answers

How long does it typically take for the gmer scan to do its thing? I'm going on an hour now and no end in sight. I followed the instructions except where it said to un check drivers, I saw none except local C.

Read other answers