Over 1 million tech questions and answers.

Virus scanner probably not working and have detected zperm in the past

Q: Virus scanner probably not working and have detected zperm in the past

This topic has a bit of history, if you would like to see it, the thread is
 
http://www.bleepingcomputer.com/forums/t/512145/strange-disk-behavior-and-win32zperm/
 
I had been using AVG internet security as my primary defense and Ad-aware anti-virus in its compatibility setting which Ad-aware says is okay with AVG.  I also use WinPatrol and SpybodSD's tea timer.
 
There was an infection a month or so ago that I thought we had delt with but now I am not so sure.
http://www.bleepingcomputer.com/forums/t/508728/dds-and-combofix-logs-as-requested/?hl=requested#entry3174075
About a week ago my primary hard drive started giving a "boot disk not found error".  I ran chkdsk and it seemed okay.  I got the error a second time the next day, powered down the computer and rebooted and have had no problem since.
 
However, yesterday I got a recurring virus detection of win32/zperm from AVG.  I cleaned it several times and it came back.
 
Next, WinPatrol gave me messages that AdAware AV, WinPatrol, Spybot Search and Destroy Tea Timer, AVG Toolbar and RTHDCPL.exe had been removed from my startup.  Since that time I have had no virus detections.
 
On instruction by the previous person, I removed AdAware AV, Gomez Peer, Antimalware engine (a part of AdAware), uTorrent and some other things.
 
The AdAware AV. I had a tremendous amount of trouble removing.  I uninstalled, deleted the folder, scoured the system every way I could think of and it still shows up as being installed on Security Check.

There is an issue with the Panzilla component of Gomez Peer showing as a virus on some scanners but I researched this and no one said it was a problem.  I have ran the program for over 10 years with no problems.
 
Now WinPatrol, SpybotSD and AVG internet Security are showing on my taskbar but I suspect they are not working.  The last MiniToolbox check I ran showed several AVG drivers as not being loaded.
 
I have never downloaded anything but jpg and pdf files on the uTorrent and the last person said all my jpgs and pdfs were infected???  According to research at Symantec and Adobe, it is impossible to get a virus from a jpg, or a pdf without clicking a link inside the pdf.  I have never done this.
 
Ok, on to the logs.
 
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Possumsjagger at 19:50:35 on 2013-10-29
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3327.2118 [GMT -5:00]
.
AV: Ad-Aware Antivirus *Disabled/Outdated* {22CB8761-914A-11CF-B705-00AA0062CBB7}
AV: AVG Internet Security 2014 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Internet Security 2014 *Enabled*
FW: Ad-Aware Firewall *Disabled*
.
============== Running Processes ================
.
\??\C:\PROGRA~1\AVG\AVG2014\avgrsx.exe
\??\C:\Program Files\AVG\AVG2014\avgcsrvx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\1.3.21.165\GoogleCrashHandler.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\AVG\AVG2014\avgui.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\AVG\AVG2014\avgfws.exe
C:\Program Files\AVG\AVG2014\avgidsagent.exe
C:\Program Files\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\AVG\AVG2014\avgnsx.exe
C:\Program Files\AVG\AVG2014\avgemcx.exe
\??\C:\Program Files\AVG\AVG2014\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AVG\AVG2014\avgmfapx.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - <orphaned>
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>
TB: &RoboForm Toolbar: {724D43A0-0D85-11D4-9908-00400523E39A} - c:\program files\siber systems\ai roboform\roboform.dll
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
EB: {855F3B16-6D32-4FE6-8A56-BBB695989046} - <orphaned>
uRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AVG_UI] "c:\program files\avg\avg2014\avgui.exe" /TRAYONLY
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: Customize Menu - c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: Save Forms - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: Show RoboForm Toolbar - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1351291633796
TCP: NameServer = 10.0.0.2 192.168.1.1
TCP: Interfaces\{6AF5D1E5-4A96-4D5C-91F2-62C0D52E389A} : NameServer = 66.38.0.240,66.38.1.240
TCP: Interfaces\{6AF5D1E5-4A96-4D5C-91F2-62C0D52E389A} : DHCPNameServer = 10.0.0.2 192.168.1.1
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Notify: AtiExtEvent - Ati2evxx.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\30.0.1599.101\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\possumsjagger\application data\mozilla\firefox\profiles\58hjwsem.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxps://duckduckgo.com/
FF - prefs.js: keyword.URL - hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_4&hsimp=yhs-lavasoft&ent=bs&q=
FF - prefs.js: network.proxy.ftp_port - 8001
FF - prefs.js: network.proxy.http_port - 8001
FF - prefs.js: network.proxy.socks_port - 8001
FF - prefs.js: network.proxy.ssl_port - 8001
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\possumsjagger\application data\sony online entertainment\npsoe.dll
FF - plugin: c:\documents and settings\possumsjagger\application data\sony online entertainment\npsoeact.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npArtistScope42.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npArtistScopeDRM11.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1200112.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll
FF - ExtSQL: 2013-09-29 13:32; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; c:\documents and settings\possumsjagger\application data\mozilla\firefox\profiles\58hjwsem.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - ExtSQL: 2013-09-29 13:32; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\documents and settings\possumsjagger\application data\mozilla\firefox\profiles\58hjwsem.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-9-2 145720]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-9-2 223032]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-8-20 102200]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-9-8 27448]
R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-9-29 13560]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2013-8-1 120632]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2013-9-2 209208]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2013-9-10 22840]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-9-2 176952]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-8-1 193848]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-9-29 37664]
R1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2cIo.sys [2012-10-24 8192]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2012-8-23 158552]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2012-8-23 91992]
R2 avgfws;AVG Firewall;c:\program files\avg\avg2014\avgfws.exe [2013-9-25 1358944]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2014\avgidsagent.exe [2013-10-3 3538480]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2014\avgwdsvc.exe [2013-9-25 301152]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-10-28 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-10-28 701512]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2012-4-4 103040]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2012-1-12 30944]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-10-28 22856]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2012-8-20 104792]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\drivers\VBoxNetFlt.sys [2012-8-20 116056]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2012-4-4 1691480]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2012-1-12 30944]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
S4 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2013-5-14 266240]
.
=============== Created Last 30 ================
.
2013-10-29 13:07:53    --------    d-----w-    c:\program files\common files\Lavasoft
2013-10-29 02:02:52    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-10-29 02:02:51    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2013-10-28 18:04:33    --------    d-sha-r-    C:\cmdcons
2013-10-28 18:02:30    98816    ----a-w-    c:\windows\sed.exe
2013-10-28 18:02:30    256000    ----a-w-    c:\windows\PEV.exe
2013-10-28 18:02:30    208896    ----a-w-    c:\windows\MBR.exe
2013-10-28 17:39:12    --------    d-----w-    C:\AdwCleaner
2013-10-15 01:24:11    25088    -c----w-    c:\windows\system32\dllcache\hidparse.sys
2013-10-15 01:24:11    14976    -c----w-    c:\windows\system32\dllcache\usbscan.sys
2013-10-15 01:23:20    60160    -c----w-    c:\windows\system32\dllcache\usbaudio.sys
2013-10-15 01:23:20    46848    -c----w-    c:\windows\system32\dllcache\irbus.sys
2013-10-15 01:23:20    123008    -c----w-    c:\windows\system32\dllcache\usbvideo.sys
2013-10-15 01:22:45    5376    -c----w-    c:\windows\system32\dllcache\usbd.sys
2013-10-15 01:22:45    32384    -c----w-    c:\windows\system32\dllcache\usbccgp.sys
2013-10-15 01:22:45    30336    -c----w-    c:\windows\system32\dllcache\usbehci.sys
2013-10-15 01:22:45    144128    -c----w-    c:\windows\system32\dllcache\usbport.sys
2013-10-09 14:48:33    17813896    ----a-w-    c:\windows\system32\FlashPlayerInstaller.exe
2013-10-01 00:37:15    --------    d-----w-    c:\documents and settings\all users\application data\Licenses
2013-10-01 00:37:06    129872    ----a-w-    c:\windows\system32\MSSTDFMT.DLL
2013-10-01 00:37:06    --------    d-----w-    c:\program files\SpywareBlaster
2013-09-30 18:45:30    --------    d-----w-    c:\documents and settings\all users\application data\IObit
2013-09-30 18:45:18    --------    d-----w-    c:\program files\IObit
.
==================== Find3M  ====================
.
2013-10-13 18:50:00    37664    ----a-w-    c:\windows\system32\drivers\avgtpx86.sys
2013-10-09 15:48:41    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-09 15:48:41    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-09-29 21:00:20    44424    ----a-w-    c:\windows\system32\sbbd.exe
2013-09-29 21:00:20    13560    ----a-w-    c:\windows\system32\drivers\gfibto.sys
2013-09-26 01:57:14    120632    ----a-w-    c:\windows\system32\drivers\avgdiskx.sys
2013-09-23 18:33:58    920064    ----a-w-    c:\windows\system32\wininet.dll
2013-09-23 18:33:57    43520    ------w-    c:\windows\system32\licmgr10.dll
2013-09-23 18:33:57    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2013-09-23 18:33:56    18944    ----a-w-    c:\windows\system32\corpol.dll
2013-09-23 18:06:48    385024    ------w-    c:\windows\system32\html.iec
2013-09-11 03:11:44    22840    ----a-w-    c:\windows\system32\drivers\avgidsshimx.sys
2013-09-09 03:12:16    27448    ----a-w-    c:\windows\system32\drivers\avgrkx86.sys
2013-09-02 15:39:32    176952    ----a-w-    c:\windows\system32\drivers\avgldx86.sys
2013-09-02 15:28:06    145720    ----a-w-    c:\windows\system32\drivers\avgidshx.sys
2013-09-02 15:28:04    209208    ----a-w-    c:\windows\system32\drivers\avgidsdriverx.sys
2013-09-02 15:28:00    223032    ----a-w-    c:\windows\system32\drivers\avglogx.sys
2013-08-29 01:31:44    1878656    ----a-w-    c:\windows\system32\win32k.sys
2013-08-09 01:56:45    386560    ----a-w-    c:\windows\system32\themeui.dll
2013-08-09 00:55:08    144128    ----a-w-    c:\windows\system32\drivers\usbport.sys
2013-08-09 00:55:07    32384    ----a-w-    c:\windows\system32\drivers\usbccgp.sys
2013-08-09 00:55:06    5376    ----a-w-    c:\windows\system32\drivers\usbd.sys
2013-08-05 13:30:32    1289728    ----a-w-    c:\windows\system32\ole32.dll
2013-08-01 21:08:52    193848    ----a-w-    c:\windows\system32\drivers\avgtdix.sys
.
============= FINISH: 19:51:06.42 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/4/2012 11:50:49 AM
System Uptime: 10/29/2013 9:07:25 AM (10 hours ago)
.
Motherboard: BIOSTAR Group |  | TA780G M2+
Processor: AMD Athlon™ 7750 Dual-Core Processor | CPU 1 | 2700/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 73 GiB total, 32.315 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
S: is FIXED (NTFS) - 186 GiB total, 14.833 GiB free.
Y: is FIXED (NTFS) - 74 GiB total, 43.434 GiB free.
Z: is FIXED (NTFS) - 195 GiB total, 53.605 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: USB Device
Device ID: USB\VID_4348&PID_5512\5&CF8D8DA&0&1
Manufacturer:
Name: USB Device
PNP Device ID: USB\VID_4348&PID_5512\5&CF8D8DA&0&1
Service:
.
==== System Restore Points ===================
.
RP1: 10/29/2013 7:56:40 AM - System Checkpoint
RP2: 10/29/2013 8:06:22 AM - AA11
RP3: 10/29/2013 8:07:55 AM - AA11
RP4: 10/29/2013 8:11:05 AM - Removed Microsoft Silverlight
RP5: 10/29/2013 8:11:40 AM - Configured Microsoft Flight Simulator X Demo
.
==== Installed Programs ======================
.
135 HP Piper Tripacer, N3343A
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.05)
Adobe Shockwave Player 12.0
Age of Conan: Unchained
AMD Catalyst Install Manager
AMD Processor Driver
AntimalwareEngine
ArtistScope Plugin FX
ATI AVIVO Codecs
ATI Parental Control & Encoder
AVG 2012
AVG 2014
AVG SafeGuard toolbar
Beechcraft Bonanza F33A For FS2004
Belarc Advisor 8.1
BTGuard 2.6
calibre
Carenado C 152 II
Carenado Mooney M20J
Carenado Piper Dakota 236
Carenado Premium Cessna 210M Centurion II
CCleaner
Cisco Connect
CloneSpy 2.7
Defraggler
EditVoicepack
EQ2MAP Updater 1.2.10
EverQuest
EverQuest II
Explorer Suite IV
EZ Scenery Library
FSGenesis Afghanistan - North 19m Terrain Mesh for FS2004
FSGenesis Afghanistan - South 19m Terrain Mesh for FS2004
FSGenesis Alabama 19m Terrain Mesh for FS2004
FSGenesis Alaska 38.2m Terrain
FSGenesis Alaska 76.4m Terrain
FSGenesis Alberta 19m Terrain Mesh for FS2004
FSGenesis Alps 19.1m Terrain
FSGenesis Andes Mountains 76.4m Terrain
FSGenesis Appalachians & Northeast 38m Terrain
FSGenesis Arizona 19m Terrain Mesh for FS2004
FSGenesis Arkansas 19m Terrain Mesh for FS2004
FSGenesis Atlantic Canada 38.2m Terrain
FSGenesis Australia 76.4m Terrain
FSGenesis Belarus 19m Terrain Mesh for FS2004
FSGenesis Brazilian Highlands 76.4m Terrain
FSGenesis British Columbia - NE 19m Terrain Mesh for FS2004
FSGenesis British Columbia - NW 19m Terrain Mesh for FS2004
FSGenesis British Columbia - SE 19m Terrain Mesh for FS2004
FSGenesis British Columbia - SW 19m Terrain Mesh for FS2004
FSGenesis Bulgaria 19m Terrain Mesh for FS2004
FSGenesis California 19m Terrain Mesh for FS2004
FSGenesis Canada 76.4m Terrain
FSGenesis Canada Interior Plains 38.2m Terrain
FSGenesis Central Africa 76.4m Terrain
FSGenesis Colorado 19m Terrain Mesh for FS2004
FSGenesis Cordillera Canada 38.2m Terrain
FSGenesis Cuba 19m Terrain Mesh for FS2004
FSGenesis Cypress 19m Terrain Mesh for FS2004
FSGenesis Eastern Hemisphere - North 153m Terrain
FSGenesis Eastern Hemisphere - Southeast 153m Terrain
FSGenesis Eastern Hemisphere - Southwest 153m Terrain
FSGenesis Eastern Hemisphere 306m Terrain
FSGenesis Eastern Siberia Terrain Mesh for FS2004
FSGenesis Egypt - North 19m Terrain Mesh for FS2004
FSGenesis Egypt - South 19m Terrain Mesh for FS2004
FSGenesis Ethiopia - North 19m Terrain Mesh for FS2004
FSGenesis Ethiopia - South 19m Terrain Mesh for FS2004
FSGenesis Europe 76.4m Terrain
FSGenesis Florida 19m Terrain Mesh for FS2004
FSGenesis Georgia 19m Terrain Mesh for FS2004
FSGenesis Greece 19m Terrain Mesh for FS2004
FSGenesis Hawaiian Islands 10m Terrain & Landclass
FSGenesis Himalayas 76.4m Terrain
FSGenesis Hungary 19m Terrain Mesh for FS2004
FSGenesis Idaho 19m Terrain Mesh for FS2004
FSGenesis Illinois 19m Terrain Mesh for FS2004
FSGenesis Indiana 19m Terrain Mesh for FS2004
FSGenesis Iowa 19m Terrain Mesh for FS2004
FSGenesis Iran - North 19m Terrain Mesh for FS2004
FSGenesis Iran - South 19m Terrain Mesh for FS2004
FSGenesis Iraq 19m Terrain Mesh for FS2004
FSGenesis Israel 19m Terrain Mesh for FS2004
FSGenesis Jordan 19m Terrain Mesh for FS2004
FSGenesis Kansas 19m Terrain Mesh for FS2004
FSGenesis Kentucky 19m Terrain Mesh for FS2004
FSGenesis Lebanon 19m Terrain Mesh for FS2004
FSGenesis Libya - Central 19m Terrain Mesh for FS2004
FSGenesis Libya - North 19m Terrain Mesh for FS2004
FSGenesis Libya - South 19m Terrain Mesh for FS2004
FSGenesis Louisiana 19m Terrain Mesh for FS2004
FSGenesis Madagascar 19m Terrain Mesh for FS2004
FSGenesis Maine 19m Terrain Mesh for FS2004
FSGenesis Manitoba 19m Terrain Mesh for FS2004
FSGenesis Maryland-Delaware 19m Terrain Mesh for FS2004
FSGenesis Massachutsetts-Connecticut-Rhode Island 19m Terrain Mesh for FS2004
FSGenesis Mexico 38.2m Terrain
FSGenesis Michigan 19m Terrain Mesh for FS2004
FSGenesis Middle East 76.4m Terrain
FSGenesis Minnesota 19m Terrain Mesh for FS2004
FSGenesis Mississippi 19m Terrain Mesh for FS2004
FSGenesis Missouri 19m Terrain Mesh for FS2004
FSGenesis Montana 19m Terrain Mesh for FS2004
FSGenesis Nebraska 19m Terrain Mesh for FS2004
FSGenesis Nevada 19m Terrain Mesh for FS2004
FSGenesis New Brunswick 19m Terrain Mesh for FS2004
FSGenesis New Hampshire 19m Terrain Mesh for FS2004
FSGenesis New Jersey 19m Terrain Mesh for FS2004
FSGenesis New Mexico 19m Terrain Mesh for FS2004
FSGenesis New York 19m Terrain Mesh for FS2004
FSGenesis Newfoundland 19m Terrain Mesh for FS2004
FSGenesis North Asia 76.4m Terrain
FSGenesis North Atlantic Terrain for FS2004
FSGenesis North Carolina 19m Terrain Mesh for FS2004
FSGenesis North Dakota 19m Terrain Mesh for FS2004
FSGenesis Northern Africa 76.4m Terrain
FSGenesis Northern Canada 76.4m Terrain
FSGenesis Northern Russia Terrain Mesh for FS2004
FSGenesis Northwest Territories - Central 19m Terrain Mesh for FS2004
FSGenesis Northwest Territories - North 19m Terrain Mesh for FS2004
FSGenesis Northwest Territories - South 19m Terrain Mesh for FS2004
FSGenesis Nova Scotia 19m Terrain Mesh for FS2004
FSGenesis Ohio 19m Terrain Mesh for FS2004
FSGenesis Oklahoma 19m Terrain Mesh for FS2004
FSGenesis Oman 19m Terrain Mesh for FS2004
FSGenesis Ontario - North 19m Terrain Mesh for FS2004
FSGenesis Ontario - South 19m Terrain Mesh for FS2004
FSGenesis Ontario 38.2m Terrain
FSGenesis Oregon 19m Terrain Mesh for FS2004
FSGenesis Pacific Islands 76.4m Terrain
FSGenesis Pakistan - North 19m Terrain Mesh for FS2004
FSGenesis Pakistan - South 19m Terrain Mesh for FS2004
FSGenesis Pennsylvania 19m Terrain Mesh for FS2004
FSGenesis Poland 19m Terrain Mesh for FS2004
FSGenesis Quebec - Central 19m Terrain Mesh for FS2004
FSGenesis Quebec - North 19m Terrain Mesh for FS2004
FSGenesis Quebec - South 19m Terrain Mesh for FS2004
FSGenesis Romania 19m Terrain Mesh for FS2004
FSGenesis Russia 76.4m Terrain
FSGenesis Saskatchewan 19m Terrain Mesh for FS2004
FSGenesis Saudi Arabia - Central 19m Terrain Mesh for FS2004
FSGenesis Saudi Arabia - North 19m Terrain Mesh for FS2004
FSGenesis Saudi Arabia - South 19m Terrain Mesh for FS2004
FSGenesis Scandinavia Terrain Mesh for FS2004
FSGenesis Slovakia 19m Terrain Mesh for FS2004
FSGenesis South Asia & Indonesia 76.4m Terrain
FSGenesis South Carolina 19m Terrain Mesh for FS2004
FSGenesis South Dakota 19m Terrain Mesh for FS2004
FSGenesis Southern Africa 76.4m Terrain
FSGenesis Syria 19m Terrain Mesh for FS2004
FSGenesis Tennessee 19m Terrain Mesh for FS2004
FSGenesis Texas & Southeast 38m Terrain
FSGenesis Texas 19m Terrain Mesh for FS2004
FSGenesis The Balkans 19m Terrain Mesh for FS2004
FSGenesis The Great Plains 38m Terrain
FSGenesis The Orient 76.4m Terrain
FSGenesis The Rockies 38m Terrain
FSGenesis The West Coast 38m Terrain
FSGenesis Turkey - East 19m Terrain Mesh for FS2004
FSGenesis Turkey - West 19m Terrain Mesh for FS2004
FSGenesis Ukraine - East 19m Terrain Mesh for FS2004
FSGenesis Ukraine - West 19m Terrain Mesh for FS2004
FSGenesis United States 76.4m Terrain
FSGenesis Utah 19m Terrain Mesh for FS2004
FSGenesis Venezuela & Angel Falls 76.4m Terrain
FSGenesis Vermont 19m Terrain Mesh for FS2004
FSGenesis Virginia 19m Terrain Mesh for FS2004
FSGenesis Washington 19m Terrain Mesh for FS2004
FSGenesis West Virginia 19m Terrain Mesh for FS2004
FSGenesis Western Hemisphere - North 153m Terrain
FSGenesis Western Hemisphere - South 153m Terrain
FSGenesis Western Hemisphere 306m Terrain
FSGenesis Western Siberia Terrain Mesh for FS2004
FSGenesis Wisconsin 19m Terrain Mesh for FS2004
FSGenesis Worldwide LOD 4/5/6 Terrain
FSGenesis Wyoming 19m Terrain Mesh for FS2004
FSGenesis Yemen 19m Terrain Mesh for FS2004
FSGenesis Yukon Territory - N 19m Terrain Mesh for FS2004
FSGenesis Yukon Territory - S 19m Terrain Mesh for FS2004
FSGenesis Yukon Territory 38.2m Terrain
FSNavigator
FSrealWX lite version 1.06.1469
Google Chrome
Google Drive
Google Earth Plug-in
Google Update Helper
Hawker Hurricane IIA for FS2004
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954550-v5)
ICQ7M
ImgBurn
IrfanView (remove only)
LibreOffice 4.0 Help Pack (English)
LibreOffice 4.0.1.2
LightScribe  1.4.142.1
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Combat Flight Simulator
Microsoft Flight
Microsoft Flight Simulator 2004 A Century of Flight
Microsoft Sync Framework 2.0 Core Components (x86) ENU
Microsoft Sync Framework 2.0 Provider Services (x86) ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Mozilla Firefox 25.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MyDefrag v4.3.1
MySQL Server 5.5
OpenAL
Oracle VM VirtualBox 4.1.20
PeerBlock 1.1 (r518)
Plan-G
Plan-G v3
PowerISO
Radio Range v4.0
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek HDMI Audio Driver for ATI
Realtek High Definition Audio Driver
RIFT
RoboForm 7-9-0-0 (All Users)
Rwy12 Library
SecondLifeViewer (remove only)
Secure Download Manager
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB2862772)
Security Update for Windows Internet Explorer 8 (KB2870699)
Security Update for Windows Internet Explorer 8 (KB2879017)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2868038)
Security Update for Windows XP (KB2883150)
Security Update for Windows XP (KB923789)
Skyhawk 172R by Flight One Software
Spybot - Search & Destroy
SpywareBlaster 5.0
Star Wars: The Old Republic
Strongvault Online Backup
swMSM
SyncToy 2.1 (x86)
T Utility Over Clock II
Tseries BIOS Update
Tweak UI
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB2632503)
VC 9.0 Runtime
Visual Studio 2012 x86 Redistributables
VLC media player 2.0.3
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Management Framework Core
Windows Media Format Runtime
WinPatrol
WinRAR archiver
Xtreme RDP ActiveX Control
Yahoo! Messenger
Youtube Downloader HD v. 2.9.6
ZoneAlarm Firewall
ZoneAlarm Security
.
==== Event Viewer Messages From Past Week ========
.
10/29/2013 7:54:51 AM, error: Service Control Manager [7000]  - The Ad-Aware Service 11 service failed to start due to the following error:  The system cannot find the file specified.
10/29/2013 7:44:23 AM, error: DCOM [10005]  - DCOM got error "%1058" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/29/2013 7:43:10 AM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
10/29/2013 7:43:04 AM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AmdPPM Avgdiskx AVGIDSDriver AVGIDSShim Avgldx86 BANTExt BS_I2cIo Fips SCDEmu VBoxDrv VBoxUSBMon
10/29/2013 7:43:04 AM, error: Service Control Manager [7001]  - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error:  A device attached to the system is not functioning.
10/29/2013 7:41:50 AM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/29/2013 7:36:32 AM, error: Service Control Manager [7034]  - The Ad-Aware Service 11 service terminated unexpectedly.  It has done this 1 time(s).
10/28/2013 1:48:13 PM, error: MRxSmb [8003]  - The master browser has received a server announcement from the computer ZERO that believes that it is the master browser for the domain on transport NetBT_Tcpip_{6AF5D1E5-4A96-4D5C-91F2. The master browser is stopping or an election is being forced.

10/28/2013 1:05:38 PM, error: Service Control Manager [7016]  - The BrSplService service has reported an invalid current state 0.

10/26/2013 7:31:08 PM, error: sr [1]  - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'.  It has stopped monitoring the volume.

10/25/2013 12:52:45 AM, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the avgwd service.

10/25/2013 12:21:18 AM, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the TrkWks service.

10/23/2013 12:15:57 AM, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the ShellHWDetection service.

10/23/2013 12:14:57 AM, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the dmserver service.

.

==== End Of File ===========================

 












removedtype='text/javascript'>
ipb.global.registerReputation( 'rep_post_3194002', { domLikeStripId: 'like_post_3194002', app: 'forums', type: 'pid', typeid: '3194002' }, parseInt('') );
removed


















BC AdBot (Login to Remove)










removedtype="text/javascript">
removed
removedtype="text/javascript"
src="//pagead2.googlesyndication.com/pagead/show_ads.js">
removed










removedtype="text/javascript">
var pid = parseInt(3194002);
if ( pid > ipb.topic.topPid ){
ipb.topic.topPid = pid;
}

// Show multiquote for JS browsers
if ( $('multiq_3194002') )
{
$('multiq_3194002').show();
}

if( $('toggle_post_3194002') )
{
$('toggle_post_3194002').show();
}

// Add perm data
ipb.topic.deletePerms[3194002] = { 'canDelete' : 0, 'canSoftDelete' : 0 };

removed















http://www.bleepingcomputer.com/forums/t/512309/virus-scanner-probably-not-working-and-have-detected-zperm-in-the-past/#entry3196215' rel='bookmark' title='Virus scanner probably not working and have detected zperm in the past: post #2'>

#2
http://www.bleepingcomputer.com/forums/public/style_images/master/icon_share.png'" target="_blank" class="wLink">http://www.bleepingcomputer.com/forums/public/style_images/master/icon_share.png' class='small' title='Virus scanner probably not working and have detected zperm in the past: post #2' />





nasdaq







nasdaq






  • http://www.bleepingcomputer.com/forums/uploads/profile/photo-thumb-72247.gif?_r=0' class='ipsUserPhoto ipsUserPhoto_large' />




  • Malware Response Team




  • 31,750 posts


  • OFFLINE











  • Gender:Male






  • Location:Montreal, QC. Canada




  • Local time:08:17 PM









Posted 01 November 2013 - 10:41 AM




Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Double-click on TDSSKiller.exe to run the application.
    tdss1.png
  • Click Change parameters
    settings20121003115955.png
  • Check the boxes next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
    tdss3.png
  • Click on the Start Scan button to begin the scan and wait for it to finish.
    NOTE: Do not use the computer during the scan!
  • During the scan it will look similar to the image below:
    tdss4.jpg
  • When it finishes, you will either see a report that no threats were found like below:
    tdss5.jpg
    If no threats are found at this point, just click the Report selection on the top right of the form to generate a log. A log file report will pop which you can just close since the report file is already saved.
  • If any infection or suspected items are found, you will see a window similar to below:
    tdss7.jpg
    • If you have files that are shown to fail signature check do not take any action on these. Make sure you select Skip. I will tell you what to do with these later. They may not be issues at all.
    • If Suspicious objects are detected, the default action will be Skip. Leave the default set to Skip.
    • If Malicious objects are detected, they will show in the Scan results. TDSSKiller automatically selects an action (Cure or Delete) for malicious objects
    • Make sure that Cure is selected. Important! - If Cure is not available, please choose Skip instead. Do not choose Delete unless instructed to do so.
  • Click Continue to apply selected actions.
  • A reboot may be required to complete disinfection. A window like the below will appear:
    tdss6.jpg
    Reboot immediately if TDSSKiller states that one is needed.
  • Whether an infection is found or not, a log file should have already been created on your C: drive (or whatever drive you boot from) in the root folder named something like TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt which is based on the program version # and date and time run.
  • Paste the log to your next reply, DO NOT ATTACH IT.
===

Download http://public.avast.com/~gmerek/aswMBR.exe' class='bbc_url' title='External link' rel='nofollow external'>http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.
  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please paste the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
===

--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
Please post the logs for my review.









removedtype='text/javascript'>
ipb.global.registerReputation( 'rep_post_3196215', { domLikeStripId: 'like_post_3196215', app: 'forums', type: 'pid', typeid: '3196215' }, parseInt('') );
removed
















removedtype="text/javascript">
var pid = parseInt(3196215);
if ( pid > ipb.topic.topPid ){
ipb.topic.topPid = pid;
}

// Show multiquote for JS browsers
if ( $('multiq_3196215') )
{
$('multiq_3196215').show();
}

if( $('toggle_post_3196215') )
{
$('toggle_post_3196215').show();
}

// Add perm data
ipb.topic.deletePerms[3196215] = { 'canDelete' : 0, 'canSoftDelete' : 0 };

removed















http://www.bleepingcomputer.com/forums/t/512309/virus-scanner-probably-not-working-and-have-detected-zperm-in-the-past/#entry3197838' rel='bookmark' title='Virus scanner probably not working and have detected zperm in the past: post #3'>

#3






jefferysitz







jefferysitz


  • Topic Starter




  • http://www.bleepingcomputer.com/forums/public/style_images/master/profile/default_large.png' class='ipsUserPhoto ipsUserPhoto_large' />




  • Members




  • 35 posts


  • OFFLINE















  • Local time:07:17 PM









Posted 03 November 2013 - 01:30 PM




Ok, I forgot to mention one symptom.  When I am watching Netflix on fullscreen, the screen will pop out to normal and they blue bar at the top gets dim like another window is taking focus.  There is no other window to be found though and nothing in task manager.  This has not happened in a couple of days though.


 


TDSSKiller asked to update so I allowed it.  It had one new box "use ksn to scan objects."  It was checked by default so I left it alone.  If this is not right let me know and I will do it again.


 


aswMBR also asked to update definitions which I allowed.


 


Roguekiller made 2 logs, I included both.


 


I normally use WinRar, so I got 7zip to make the zip file.  Hopefully that is a safe program.


 


11:33:28.0502 0x1440  TDSS rootkit removing tool 3.0.0.16 Nov  1 2013 15:53:38

11:33:34.0377 0x1440  ============================================================

11:33:34.0377 0x1440  Current date / time: 2013/11/03 11:33:34.0377

11:33:34.0377 0x1440  SystemInfo:

11:33:34.0377 0x1440  

11:33:34.0377 0x1440  OS Version: 5.1.2600 ServicePack: 3.0

11:33:34.0377 0x1440  Product type: Workstation

11:33:34.0377 0x1440  ComputerName: POSSUM

11:33:34.0377 0x1440  UserName: Possumsjagger

11:33:34.0377 0x1440  Windows directory: C:\WINDOWS

11:33:34.0377 0x1440  System windows directory: C:\WINDOWS

11:33:34.0377 0x1440  Processor architecture: Intel x86

11:33:34.0377 0x1440  Number of processors: 2

11:33:34.0377 0x1440  Page size: 0x1000

11:33:34.0377 0x1440  Boot type: Normal boot

11:33:34.0377 0x1440  ============================================================

11:33:36.0315 0x1440  System UUID: {0E457B2C-8CFF-ABF1-EF9C-8D0557538E74}
11:33:37.0158 0x1440  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
11:33:37.0174 0x1440  Drive \Device\Harddisk1\DR1 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
11:33:37.0190 0x1440  ============================================================
11:33:37.0190 0x1440  \Device\Harddisk0\DR0:
11:33:37.0190 0x1440  MBR partitions:
11:33:37.0190 0x1440  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x927B5DA
11:33:37.0190 0x1440  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x927B619, BlocksNum 0x1869E598
11:33:37.0190 0x1440  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x21919BB1, BlocksNum 0x1731991E
11:33:37.0190 0x1440  \Device\Harddisk0\DR0\Partition4: MBR, Type 0x6, StartLBA 0x38C334CF, BlocksNum 0x1751772
11:33:37.0190 0x1440  \Device\Harddisk1\DR1:
11:33:37.0190 0x1440  MBR partitions:
11:33:37.0190 0x1440  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x94FE97E
11:33:37.0190 0x1440  ============================================================
11:33:37.0205 0x1440  C: <-> \Device\Harddisk0\DR0\Partition1
11:33:37.0252 0x1440  Z: <-> \Device\Harddisk0\DR0\Partition2
11:33:37.0299 0x1440  S: <-> \Device\Harddisk0\DR0\Partition3
11:33:37.0346 0x1440  Y: <-> \Device\Harddisk1\DR1\Partition1
11:33:37.0346 0x1440  ============================================================
11:33:37.0346 0x1440  Initialize success
11:33:37.0346 0x1440  ============================================================
11:34:18.0924 0x1474  ============================================================
11:34:18.0924 0x1474  Scan started
11:34:18.0924 0x1474  Mode: Manual; SigCheck; TDLFS;
11:34:18.0924 0x1474  ============================================================
11:34:18.0924 0x1474  KSN ping started
11:34:21.0252 0x1474  KSN ping finished: true
11:34:21.0830 0x1474  ================ Scan system memory ========================
11:34:21.0830 0x1474  System memory - ok
11:34:21.0830 0x1474  ================ Scan services =============================
11:34:21.0924 0x1474  Abiosdsk - ok
11:34:21.0924 0x1474  abp480n5 - ok
11:34:21.0955 0x1474  [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:34:22.0190 0x1474  ACPI - ok
11:34:22.0221 0x1474  [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
11:34:22.0299 0x1474  ACPIEC - ok
11:34:22.0346 0x1474  [ A283108E14F3970432C21AF4C0CB1BCE, 1D3219EF916D54232838870EDE557296AACB714B456ED0AAE0DE3CE3822F4643 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:34:22.0362 0x1474  AdobeFlashPlayerUpdateSvc - ok
11:34:22.0362 0x1474  adpu160m - ok
11:34:22.0393 0x1474  [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec             C:\WINDOWS\system32\drivers\aec.sys
11:34:22.0487 0x1474  aec - ok
11:34:22.0518 0x1474  [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
11:34:22.0533 0x1474  AFD - ok
11:34:22.0533 0x1474  Aha154x - ok
11:34:22.0549 0x1474  aic78u2 - ok
11:34:22.0549 0x1474  aic78xx - ok
11:34:22.0565 0x1474  [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
11:34:22.0643 0x1474  Alerter - ok
11:34:22.0658 0x1474  [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG             C:\WINDOWS\System32\alg.exe
11:34:22.0752 0x1474  ALG - ok
11:34:22.0752 0x1474  AliIde - ok
11:34:22.0830 0x1474  [ 267FC636801EDC5AB28E14036349E3BE, CFEF5DF5F9BE820283376BB86DB3CF6609C02D316A742E17459A2BFA42E724E0 ] Ambfilt         C:\WINDOWS\system32\drivers\Ambfilt.sys
11:34:22.0908 0x1474  Ambfilt - ok
11:34:22.0940 0x1474  [ 6E58654CB25730B2579E45E1FD116A47, F8E99959421E81B5F730647A5D6D1783BE0CFE92CFA6A53A8482F36901BE152C ] amdide          C:\WINDOWS\system32\DRIVERS\amdide.sys
11:34:22.0940 0x1474  amdide - ok
11:34:22.0987 0x1474  [ 033448D435E65C4BD72E70521FD05C76, A5462C22D5461F1BA06E81CD7E1ECE5409092DE53A8E4D3E78D089B65CB474D4 ] AmdPPM          C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
11:34:23.0002 0x1474  AmdPPM - ok
11:34:23.0018 0x1474  amsint - ok
11:34:23.0033 0x1474  [ D8849F77C0B66226335A59D26CB4EDC6, 4990031453204C57E36E850252A39B05D6ECDAB9E71A8136FB4900F17E59C9CA ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
11:34:23.0127 0x1474  AppMgmt - ok
11:34:23.0127 0x1474  asc - ok
11:34:23.0127 0x1474  asc3350p - ok
11:34:23.0127 0x1474  asc3550 - ok
11:34:23.0205 0x1474  [ 776ACEFA0CA9DF0FAA51A5FB2F435705, 72DF7ED6B085BC468994F5B3189506FD726A9A17A9C42ACA1E420D787691361D ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
11:34:23.0221 0x1474  aspnet_state - ok
11:34:23.0221 0x1474  [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:34:23.0315 0x1474  AsyncMac - ok
11:34:23.0330 0x1474  [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
11:34:23.0424 0x1474  atapi - ok
11:34:23.0424 0x1474  Atdisk - ok
11:34:23.0471 0x1474  [ 809B0EB83C75061C9DE2E528C65A1575, 7AB4CC3303111832C7CC16FAE310C07112EED6A41B0ABAAB498804BFA48CB399 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
11:34:23.0518 0x1474  Ati HotKey Poller - ok
11:34:23.0752 0x1474  [ 032F23B133B680B06861329C5A176EE0, 1288ABF05A960671C13AC00E0F296D7FD27018CF0E02C9C8A39E42BEE0B5000A ] ati2mtag        C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
11:34:24.0096 0x1474  ati2mtag - ok
11:34:24.0127 0x1474  [ 924971A182E07463765EF9FA8876F24F, 62B849254390411AB33B2F0E209971970ADDD95D176803ADD9AFD19C493B3228 ] AtiHDAudioService C:\WINDOWS\system32\drivers\AtihdXP3.sys
11:34:24.0143 0x1474  AtiHDAudioService - ok
11:34:24.0158 0x1474  [ D9BC8892B9440A2551B8148C57AA039E, FC5EFB83D62FEFEFE5D82EA33611659851B4F5E1C126C164A9650F8E2F83DF93 ] AtiHdmiService  C:\WINDOWS\system32\drivers\AtiHdmi.sys
11:34:24.0190 0x1474  AtiHdmiService - ok
11:34:24.0205 0x1474  [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:34:24.0283 0x1474  Atmarpc - ok
11:34:24.0299 0x1474  [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
11:34:24.0377 0x1474  AudioSrv - ok
11:34:24.0393 0x1474  [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
11:34:24.0471 0x1474  audstub - ok
11:34:24.0502 0x1474  [ 8A7DC10E81E73994AF8D8FB4E921BA20, C9905638CC3CACAE77E907DAE061EC3D2A8AACC412004E905D0CD2BEA418EC91 ] Avgdiskx        C:\WINDOWS\system32\DRIVERS\avgdiskx.sys
11:34:24.0518 0x1474  Avgdiskx - ok
11:34:24.0533 0x1474  [ 8BE661C16FBF84A73BCEC84B6B4A9DB5, 7C93BB50B6EDDEAABB149045A52BDAE5DD9262DC87EEE537D766714E793292C5 ] Avgfwdx         C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
11:34:24.0549 0x1474  Avgfwdx - ok
11:34:24.0549 0x1474  [ 8BE661C16FBF84A73BCEC84B6B4A9DB5, 7C93BB50B6EDDEAABB149045A52BDAE5DD9262DC87EEE537D766714E793292C5 ] Avgfwfd         C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
11:34:24.0565 0x1474  Avgfwfd - ok
11:34:24.0690 0x1474  [ 55985B78AB0B3CC406C8BFDF772E05C2, AEC927EEFF7ED5B4B510E776D4A2C6BCEC6C6DB21B301FF86F7BF0247FB3499A ] avgfws          C:\Program Files\AVG\AVG2014\avgfws.exe
11:34:24.0752 0x1474  avgfws - ok
11:34:24.0846 0x1474  [ 332AEB8F6F9595C8886A7AA7A62322DC, CC2F2856257D10B72558660161732EB5FB5D8CCD8AC78EFED8263895A2529CC9 ] AVGIDSAgent     C:\Program Files\AVG\AVG2014\avgidsagent.exe
11:34:24.0971 0x1474  AVGIDSAgent - ok
11:34:25.0033 0x1474  [ E2D441E3F58C04DD91286F38916CE102, C03F50CE5BDFCBC2B0DB062D6517ADE99DFF8EB65859CF6122DC95D3167E7C7E ] AVGIDSDriver    C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
11:34:25.0049 0x1474  AVGIDSDriver - ok
11:34:25.0096 0x1474  [ 7E7E946C5620BD398BFCFA41E435545B, 0B2F496367F36BE20AD075DF0054E8DE083E690179F9C5C9ECF9B3677069D6CF ] AVGIDSHX        C:\WINDOWS\system32\DRIVERS\avgidshx.sys
11:34:25.0112 0x1474  AVGIDSHX - ok
11:34:25.0127 0x1474  [ C3828E5C49924969799ED8B1E123A267, 26713E308FC9BBDF28BD4E47234002D6928AAA234F73B2248BB2466EBA41747E ] AVGIDSShim      C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
11:34:25.0143 0x1474  AVGIDSShim - ok
11:34:25.0158 0x1474  [ A997D4A7361F4870A4F13BA5BF36F388, 1DF529F4207081E154BC377154A02FD641C20EF8BDB913C232465519AAC48827 ] Avgldx86        C:\WINDOWS\system32\DRIVERS\avgldx86.sys
11:34:25.0174 0x1474  Avgldx86 - ok
11:34:25.0205 0x1474  [ 62C926243D7875BDE097904E4DE4FFAD, 32730FEB5133F51A62DEDB9528EDE5A8F9A3C8121753D09699C5EEB930E4E217 ] Avglogx         C:\WINDOWS\system32\DRIVERS\avglogx.sys
11:34:25.0221 0x1474  Avglogx - ok
11:34:25.0252 0x1474  [ 02C25C2974F728391E33A2E45A23FFA4, B36A9601BF855ABAC4855023913A8D977567AD15EDCC3FFAB3028A9B6FE5D2CA ] Avgmfx86        C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
11:34:25.0268 0x1474  Avgmfx86 - ok
11:34:25.0283 0x1474  [ 9745AD34365318593909EDDEDAE66B9A, 16374BF9789053AA0124CB8437E1192442F44E46D14435BF80A049CD0D47F16A ] Avgrkx86        C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
11:34:25.0299 0x1474  Avgrkx86 - ok
11:34:25.0330 0x1474  [ E98603F9D1F412F38ADF2F76053F9E5A, 1CE4668E0202ADD8C4C3D7D883DC837F7888F5D6E3B6FEE8338E15A86FE6AC22 ] Avgtdix         C:\WINDOWS\system32\DRIVERS\avgtdix.sys
11:34:25.0346 0x1474  Avgtdix - ok
11:34:25.0362 0x1474  [ 15ACA2AD17ACECA4814F249783E63AD3, AB8E74A5B8FC2FD04BA2B495610A8BE76408E9362A447D7069D5AAB8F3512F33 ] avgtp           C:\WINDOWS\system32\drivers\avgtpx86.sys
11:34:25.0377 0x1474  avgtp - ok
11:34:25.0408 0x1474  [ 07646F5F37F18F1F978CE3B0378EF1C9, 0BC440C3E8E617FA5D70D28413F091678E9FD4CF9F87CB8ED686609A0291D95B ] avgwd           C:\Program Files\AVG\AVG2014\avgwdsvc.exe
11:34:25.0424 0x1474  avgwd - ok
11:34:25.0455 0x1474  [ 5D7BE7B19E827125E016325334E58FF1, 76AE80C91BF53DF4EE18C92D47EDC6541C2013E3669278166079D1A4A24F9FB6 ] BANTExt         C:\WINDOWS\System32\Drivers\BANTExt.sys
11:34:25.0455 0x1474  BANTExt - detected Unsign

RELEVANCY SCORE 200
Preferred Solution: Virus scanner probably not working and have detected zperm in the past

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Virus scanner probably not working and have detected zperm in the past

Your previous logs are clean.Totally uninstall [Ad-Aware], using the Revo Uninstaller.Download and run the free version of Revo Uninstaller.Select [Ad-Aware] and click Uninstall.Set it to 'Advanced' and click Scan.Revo will do this:Step 1. Create restore point.Step 2. Run the official [Ad-Aware] uninstaller.Step 3. When uninstaller finishes, click Scan in Revo and it will search for remnants. Delete everything found (Select All, Delete All).Reboot if asked to.===Please download ComboFix from one of these locations:Link 1Link 2IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.Double click on ComboFix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.htmlDo not mouse click ComboFix's window while it's running. That may cause it to stallNote: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.===Please let me know what problem persists.

Read other 13 answers
RELEVANCY SCORE 62

i keep getting a virus called zperm. i ran AVG and ad-aware. here is a copy of hijackthis. do i need to do anything else?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:10:41 PM, on 2/7/2015
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
c:\PROGRA~1\AVG\AVG2015\avgrsx.exe
C:\Program Files\AVG\AVG2015\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG2015\avgidsagent.exe
C:\Program Files\AVG\AVG2015\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe
C:\Program Files\AVG\AVG2015\avgui.exe
C:\Program Files\AVG SafeGuard toolbar\vprot.exe
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\WINDOWS\system32\svchost.ex... Read more

A:zperm virus

Read other 6 answers
RELEVANCY SCORE 61.6

I wonder if you pros can help with this urgent matter please?

On my old AMD machine, windows 98SE i have AVG free antivirus and enabled bootup scanner which has detected a virus;

C:\WINDOW~1.EXE @EID_Id_adw Generic.NDD

The problem is i took the recommend path of restarting with the bootable disks AVG prompts to create when 1st installing AVG antivirus and so ran a scan however did no detect it?

I have spybot search and destroy installed as well as Lavasoft adware remover and have done scans of both and with the anitvirus a couple weeks ago. The computer is mainly used by my bro for web surfing (forums, emails and msn and research for his school work) and my sister for the same. Doesnt use any p2p or torrents and also have Zonealarm freeware firewall. I have it going through a WAG54G linksys.

Now i can either boot up the PC so meaning the virus code runs, but try in safe mode but then i dont know what to do OR let the computer in DOS mode rescan using AVG floppy disk utility but nothing was found last time....?

What do i do? Please help, much appreciated!

(note i am posting with my new PC).
 

A:Virus detected by AVG 7.0 Bootup Scanner.........help?

Read other 7 answers
RELEVANCY SCORE 60.8

Early this morning (May 2nd, around 2:56am), Norton Internet Security detected and quarantined something called Trojan.ByteVerify on my computer. Later, I ran a full system scan and it didn't pick up the trojan virus or anything else. To play it safe, I also ran a scan using Malwarebytes' Anti-Malware, which didn't pick up anything. So far, there have been no problems with my computer since Norton picked up the virus.

I have a PC running Windows XP. I need to know what else I can do to make sure I don't have anything else lurking on my computer.

Thank you for your time.

A:Trojan.ByteVerify detected by virus scanner

Your scan results indicate a threat(s) was found in the Java cache.When a browser runs an applet, the Java Runtime Environment (JRE) stores the downloaded files into its cache folder for quick execution later and better performance. Both legitimate and malicious applets, malicious Java class files are stored in the Java cache directory and your anti-virus may detect them as threats. The detection can indicate the presence of malicious code which could attempt to exploit a vulnerability in the JRE. For more specific information about Java exploits, please refer to Virus found in the Java cache directory.Notification of these files as a threat does not always mean that a machine has been infected; it indicates that a program included the viral class file but this does not mean that it used the malicious functionality. As a precaution, I recommend clearing the entire cache manually to ensure everything is cleaned out:Clear the Java cacheHow to Clear Java Cache in Windows 7Clear the browser cache in Internet ExplorerSafely Delete the Temporary Internet Files <- for Internet Explorer 8How to Clear Your Browser's Cache <- for other versions of Internet Explorer, Firefox and different browsersHow to Clean out Windows temporary filesHow to Clean out Windows 7 temporary filesAlternatively, you can download and use TFC (Temp File Cleaner) by Old Timer, ATF Cleaner by Atribune for Windows 2000/XP/Vista or Browser-Cleaner.Also be aware that older versions of Java have vulnerabi... Read more

Read other 3 answers
RELEVANCY SCORE 60.8

Hi, and thanks in advance,A few days ago I started having problems with extra tabs opening to spam sites in Firefox. At the same time Norton (AV gamer edition) started blocking intrusion attempts.I was able to find and remove the trojan using Malwarebytes AM, but after the restart Norton reported 'Backdoor.Tidserv!inf detected by virus scanner' and reported 'manual removal required'.The Symantec help page suggests using my Windows XP CD and Recovery Console to replace the infected file(s); unfortunately I'm a student and don't have my original windows install CDs here with me.I have way too much music and documents on my hard drive to effectively back it all up and reformat so anything you can do to help me locate and remove the backdoor would be immensely appreciated.DDS (Ver_10-03-17.01) - NTFSx86 Run by Oscar at 11:28:49.35 on Sun 06/13/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3583.2673 [GMT -7:00]AV: Norton AntiVirus Gaming Edition *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system3... Read more

A:Backdoor.Tidserv!inf detected by virus scanner

Hi Ozkarian,Welcome to Virus/Trojan/Spyware/Malware Removal (VTSMR) forum and apologies for the delay. I am going to assist you with your problem.Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. Please let me know in your next reply if you agree with this.If the issue is not resolved please update me on the current condition of your computer.

Read other 17 answers
RELEVANCY SCORE 60.4

My AVG anti virus has been periodically flagging with a 'threat' called win32/zperm. It appears to be in C:\Windows\temp\ I always click remove it and it says its successful but periodically it returns.

I also have the issue of various popups while browsing the internet in Firefox (Its the only browser I use). Anything from this computer has been locked due to suspicious activity call this number to reactivate to various random popups.

Before coming here I've tried updating + running in safe mode AVG Anti Virus. Malware bytes, Spybot S&D and Adaware. They either don't find a threat or one of them find 'tracking cookies' which it removes but doesn't fix the problem.



I ran DDS and attached the two required text files. I've moved since I purchased this computers so I'm not entirely sure where my Window's disk is. I'm on Windows 10 Home 64bit if it matters. Any help would be appreciated, thanks.

Read other answers
RELEVANCY SCORE 60.4

My AVG anti virus has been periodically flagging with a 'threat' called win32/zperm. It appears to be in C:\Windows\temp\ I always click remove it and it says its successful but periodically it returns.

I also have the issue of various popups while browsing the internet in Firefox (Its the only browser I use). Anything from this computer has been locked due to suspicious activity call this number to reactivate to various random popups.

Before coming here I've tried updating + running in safe mode AVG Anti Virus. Malware bytes, Spybot S&D and Adaware. They either don't find a threat or one of them find 'tracking cookies' which it removes but doesn't fix the problem.


I ran DDS and attached the two required text files. I've moved since I purchased this computers so I'm not entirely sure where my Window's disk is. I'm on Windows 10 Home 64bit if it matters. Any help would be appreciated, thanks.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.14393.0 BrowserJavaVersion: 11.91.2
Run by Nicholas at 12:28:54 on 2016-12-22
Microsoft Windows 10 Home 10.0.14393.0.1252.1.1033.18.8102.2929 [GMT -6:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG AntiVirus Free Edition *Enabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
SP: Spybot - Search and Destroy *Enabled/Outdated* {A16C3F68-9280-E053-1818-342707FECF4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG ... Read more

A:Win32/Zperm virus & popups.

Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.Run AdwCleaner and select Scan
Once the Scan is done, select Clean
Once done it will ask to reboot, please allow the reboot.
On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
Make sure the Addition.txt button is ticked.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
It also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------

Read other 11 answers
RELEVANCY SCORE 56.4

The pc gets to the blue hp screen, then freezes. It says <setup f10> <esc boot menu> <f11 system recovery> <f9 diagnostics>. If nothing is pushed then the screen will go to a black screen "Reboot and select proper boot devise or insert boot media in selected boot device and press a key". Nothing seems to work. Do I need a new hard drive?
The PC was working till the kids found a site to watch movies on then it froze and when it restarted this is how it has been.
Any help will be used and I will be thankfull.
 

A:Hp Virus? Pc not working past Startup menu

In the diagnostics section it states " BIOHD-2 No drives detected" Please help The pc is only 15 months old and not under warrenty.
 

Read other 2 answers
RELEVANCY SCORE 51.6

Hi for about 5 days now i've being unable to access any of my antivirus programs and after doing a bit of reading it seems to be some kind of virus/malware that edits the .exe file of the antivirus program and renders it unable to run. I first noticed a problem when Trend Micro stopped working and when i tried to launch it nothing would happen. I then tried installing Mbam as that's proven to be good in the past, the program would install but then when i tried to run it comes up with Windows cannot access the specified device, path or file you may not have the appropriate permission to access this item.

That rang immediate alarm bells as i only run this computer in admin mode, i've tried posting in another forum for help but haven't had any reply since i made the post over 54 hours ago so here i am hoping for some help.

A:anti virus software including gmer rootkit scanner no longer working

Welcome aboard Restart computer in Safe Mode with Networking.Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run. There are 4 different versions. If one of them won't run then download and try to run the other one. Vista and Win7 users need to right click Rkill and choose Run as AdministratorYou only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.* Rkill.com* Rkill.scr* Rkill.exe* Double-click on the Rkill desktop icon to run the tool.* If using Vista or Windows 7 right-click on it and choose Run As Administrator.* A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.* If not, delete the file, then download and use the one provided in Link 2.* If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.* Do not reboot until instructed.* If the tool does not run from any of the links provided, please let me know.Try to run Malwarebytes right away.

Read other 1 answers
RELEVANCY SCORE 51.2

My husbands little sisters computer started acting up, first upon restart a error was popping up saying a file was missing from system tray there was a error, it would then lock the computer for a few minutes. I started task manager to see what was running, upon trying to end process to a few applications it kept telling me error access denied and wouldnt shut anything down. I ran malwarebytes and eset, 9 problems were found on eset and 7 others on malwarebytes, they were cleaned and computer was restarted. After restart the system tray error no longer occured but no internet access, no movie files can be played and the task bar still doesnt work. I went to malwarebytes via safe mode w/ networking and ran the rootkit finder beta version, it found a Alureon VBR rootkit, (It doesnt keep a log so the exact version i'm not sure of) It was cleaned, computer was restarted but is only getting worse. Please Help
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 10.0.9200.16611
Run by kidd at 21:56:21 on 2013-06-25
Microsoft Windows 7 Home Basic   6.1.7601.1.1252.1.1033.18.8061.5761 [GMT -4:00]
.
AV: ESET NOD32 Antivirus 6.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 6.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Spybot - Search and Destroy *Disabled/Outdated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Ru... Read more

A:Rootkit Virus detected , cleaned, computer still not working

Hello lilbit2604 and welcome to Bleeping Computer!I am D-FRED-BROWN and I will be helping you. Please print or save this topic. It will make it easier for you to follow the instructions and complete all of the necessary steps.----------Step 1----------------Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!Double-click on TDSSKiller.exe to run the tool for known TDSS variants.Vista/Windows 7 users right-click and select Run As Administrator.If TDSSKiller does not run, try renaming it.To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.Click the Start Scan button.Do not use the computer during the scanIf the scan completes with nothing found, click Close to exit.If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).Copy and paste the contents of that file in your next reply.----------Step 2----------------Please download Malw... Read more

Read other 12 answers
RELEVANCY SCORE 51.2

I think after i downloaded a game online my computer got infected with a virus. This virus stopped my security center from working and its telling me to download a vista virus scan which is like 90 dollars and i cannot afford that at the moment. The virus doesn't let me do anything on the administrative account like go on the internet or get my documents but it does let me do those things in the guest account. What can i do? what can i download to get rid of this virus. btw i cannot download on the guest side of the computer since it does not have administrative power to do so. please help.

A:virus detected windows secuirty center not working help me!

I dont mean to be a jerkous but - Google is your friend. I have seen viruii similar to this, and its usually for a fake 'Cleaner' which they charge you for.

I hate this new breed of malware...
-Me

Read other 4 answers
RELEVANCY SCORE 48.8

I have a HP ScanJet 3400C scanner,and recently i decided to scan a picture. But when i went to scan it, a window popped up that said "Scanner could not be initialized(Scanner not found). I have tried disconnecting,and reconnecting the scanner, along with reintalling the software, but nothing seems to work.

What could be wrong?
 

A:Scanner not detected

Read other 8 answers
RELEVANCY SCORE 48.8

Hi,

I have a multifunctional printer epson cx8300 and have it connected to a print server TP-LINK TL-PS310U in a hope that every PCs on the network can share the printer to do printing and scanning. When I did a test to check if I can send a job to the printer, I could actually print it through the print server. However, the problem now is I can not scan a document. When I went to open windows Fax and Scanner window, unable to see any scanner there. So my question is whether this is the limitation of the epson printer itself or the print server or the scanners do not work on the network. Just wonder if anyone would be kind to share some ideas with me.

By the way, my PCs run on win 7 64 bit. Any help would be greatly appreciated.

Thank you
 

A:scanner not being detected

I'm not sufficiently ambitious to read the user manuals. Generally, scanning will not work over a network except for network ready multifunction printers. Unless the print server and printer explicitly say that scanning is supported over the network in their specs or user manuals you can probably give up this idea.
 

Read other 1 answers
RELEVANCY SCORE 48.4

Is this where I post? I am not entirely sure...

I am asking from work because I can no longer use my home PC because.....

I changed my internet provider and after 3 months it finally got up and running....
only to be attacked by at least 24 viruses (along with a pop-up cheerfully reminding me that my McAffee expired on Dec. 31!!!)
I downloaded a Beta sweep (?) from Microsoft which detected 24 items...so many win32 and an Rbot too!!

Anyway I would paste the log, but I got off the internet as quickly as possible, tried to do a system restore but my computer failed on me and then the last thing I remember doing was loading fail safe options...

I woke up to a computer that when I turn it on doesn't leave the original black screen (says energy saver master and slave ports and down at the bottom says "press DEL..."

I HAVE pressed DEL and it restarts and takes me back to the almost frozen initial black screen...

I tried loading the OS software during the frozen screen and whilst off...neither has worked..they just go to that black screen...interestingly enough, I get a red light (running) on my tower as well as a normal green light for power on...and the red light does not go off...

Is there any help out there?

Read other answers
RELEVANCY SCORE 48.4

I upgraded to Windows Ulimute 7. MY Epson pinter bombed out. I bought a HP Officejet j4580 all in one. At first the OS was not compatible. I downloaded the compatable driver and installed it. It prints like a dream now. The scanner is the problem. At first it did scan, but then it bombed out. It gives me a message of no scanner detected and that a I need a WIA cable. Where on earth to I get that cable?????? I worked ar first, now nada, nothing.

Please advice

Thank you

Demurin, ZAR

A:No scanner detected and that a I need a WIA cable

You may have a little trouble, as a "WIA cable" does not exist.

WIA drivers, yes.

I hope that better drivers exist. (TWAIN, perhaps.) The WIA drivers I've seen have had limited features.

Read other 1 answers
RELEVANCY SCORE 48

hi, i have a weird problem, my computer won't detect my scanner (Umax Astra 610P (standard) but my test scan is successful! But when i attempt an actual scan of a picture, i get a "Warning: No Image Found" message. I was able to installation the software cd-rom (Vistascan v1.01) but my scanner is not listed in the Device Manager. Has anyone else had this problem?
 

A:test successful but scanner not detected?

hi maggiemayeye

try to add your device through add new hardware option from the control panel..selct hardware from the list rather allowing the windows to detect your device.try insatlling the drivers then.
 

Read other 3 answers
RELEVANCY SCORE 48

Last night, at around 10pm Hawaii time on July 18th, something or someone emailed all of the contacts on my AOL contacts list an email that contained a link to a website. I was unaware of this until a few hours later on July 19th when I checked my email and found over a dozen emails that said the email that was send was undeliveable or the receipient was out of office. One of the emails was from a friend who told me that I had an email bug and that someone had hacked into my email account and was the one that sent all the random emails. Since it was late (around 2am or so), I decied to wait until it was later to start checking it out.

I began scanning my computer maybe around 11am with Norton Internet Security 2012 or 2013. It's whatever is the lastest version that is on the shelf, so more than likely, it's the 2012 version. An hour later, it picked up that there was a virus on my computer. The scanner labeled it as tdlfix.exe (Trojan.Gen) and that it had resolved it. I ran a few additional scans using a combination of Norton Power Eraser, which picked up no risks, and then I used Malwarebytes Anti-Malware to see if it could pick up anything. No luck there. Sometime around 1:20pm, I then decided to email my friend back with an update on my situation when Norton Auto-Protect picked up a0254131.exe (Trojan.Gen) and removed it. I then ran two full scans with Norton IS. It would run for less than ten minutes each time and then cut off saying that it was comple... Read more

A:Trojan.gen detected by antivirus scanner

Hello, please run this next.Please download TDSSKiller.zip and and extract it.Run TDSSKiller.exe. Click on Change Parameters Put a check in the box of Detect TDLFS file system Click Start scan.When it is finished the utility outputs a list of detected objects with description.
The utility automatically selects an action (Cure or Delete) for malicious objects.
The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click ContinueLet reboot if needed and tell me if the tool needed a reboot.Click on Report and post the contents of the text file that will open.

Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log has a name like: TDSSKiller.Version_Date_Time_log.txt.NowPlease download aswMBR ( 511KB ) to your desktop.Double click the aswMBR.exe icon to run itClick the Scan button to start the scanOn completion of the scan, click the save log button, save it to your desktop and post it in your next reply.And some system info...Please download MiniToolBox, save it to your desktop and run it. Checkmark the following checkboxes: Flush DNS Report IE Proxy Settings Reset IE Proxy Settings Report FF Proxy Settings Reset FF Proxy Settings List content of Hosts List IP configuration List Winsock Entries List last 10 Event Viewer log List Installed Programs List Users, Partitions and Memory size.Click Go and post the... Read more

Read other 20 answers
RELEVANCY SCORE 48

Hi,

Just bought a new EPSON V330 Scanner. Installed as indicated, plugged it in, turned it on and...nothing.
I tried everything, un-installed, re-installed, re-started, it's still not detected.
Anything else I should try before I return this POS?

Thank you.

A:Epson V330 scanner not detected by Win 8

Hello Technoir,

We also have a Windows 8 forum. Here's the link: EightForums

1) Check to see if there are other pre-installed Print and Imaging drivers by looking in Add/Remove Programs. If so, these other drivers could be what's stopping installation. They would need to be removed so they do not cause any driver conflict for the new installation.

2) Does the software version your using support Windows 8. Here is a web download of the newest version. Compare to the version printed on your install CD.

Epson Perfection V330 Photo Scanner

Hope this helps,
John

Read other 3 answers
RELEVANCY SCORE 47.6

Hello!
 
I have had an internet connectivity problem for about a week now. First off, my internet connection randomly disconnects, goes silent for 5-10 seconds every few minutes, and then reconnects. Secondly, and I don't know if this is related, but I have two active connections now, which I never noticed before. My first connection is to my wireless router, and other than the aforementioned problems it behaves normally. My second connection is to Network 3, which I don't remember ever having and cannot control; it acts kind of like a hard line connection from a router in that I can't turn it off, but has no network access and serves no known purpose - I have no wired connection.
 
I ran AVG free, which detected win32/zperm, quaranteened it and removed it. I ran it again and it found it again. I then ran Ad-Aware which found and removed it several more times. Then I ran AdwCleaner, Junkware Removal Tool and finally ComboFix. The problem seemed to go away for about two days, then the internet connectivity issues returned, and now AVG nor Adaware can seem to find win32/zperm, but the problem persists.

A:win32/zperm

Hello having run ComboFix on your own we will need to see that log to determine what it removed. Please repost here ....Virus, Trojan, Spyware, and Malware Removal Logs. Include your above info and the CF log.

Read other 5 answers
RELEVANCY SCORE 47.2

Hello all,

Just run a online Kaspersky scanner and the results came positve for different types of Trojan.

I run antivirus (Avira) and malware scanner (Malware bytes) daily along with Spyware blaster, windows update, and a-square free weekly. None are detecting any infection. In fact, just last week I finished working with Sundavis to clean up a nasty virus and we both thought my PC was clear.

Any ideas what to do next?

Thanks,

A:Kaspersky on line scanner detected Trojan

Hello,I am moving this to the Am I Infected for scans. What trojan did the Kaspersky scanner find?Next run MBAM:Please download Malwarebytes Anti-Malware (v1.32) and save it to your desktop.alternate download link 1alternate download link 2If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, lea... Read more

Read other 5 answers
RELEVANCY SCORE 47.2

I upgraded my PC from Windows XP to Windows 7. My printer is Hp 1610xi. The printer and scanner were working fine earlier with OS XP but now only my Printer is working with Windows 7. Not detecting Scanner. Downloaded software PS_AIO_02_NonNET_Full_Win_130_140 that took 3 hrs. Switched off PC turned it on but still not able to detect Scanner. My printer is not net work connected. Please help
 

A:HP 2610xi printer, scanner not detected with Windows 7

Can you scan using the Windows Fax and Scanner wizard ?????
 

Read other 2 answers
RELEVANCY SCORE 47.2

I have a pretty similar problem like another user, but decided to post here, because I am not sure if the same fix applies to me (his thread was: http://www.bleepingcomputer.com/forums/t/480470/avg-quarantined-win32zperm/)
 
My problem is same or similar. I have an AVG and ad-aware. Whenever I scan with AVG alone (even in safe mode), it doesn't  find anything, but whenever I scan with ad-aware, my AVG finds win32/zperm, detects it as a virus and quarantines it. However, each time I scan, each time I find it there, so it keeps on being there. The file, which gets quarantined is in C:\Windows\Temp\(folder with many numbers, which every time are different)\(folder tmp with more numbers)\(tmp with more numbers). 
 
I am not sure if it's a false positive or not, but I'd rather hear the opinion of professionals. Another thing is that my videos online also freeze from time to time. Maybe this might be the cause... Issue started just a few days ago.
 
 
My DDS log:
 
 
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.45.2
Run by home-pc at 17:51:08 on 2013-11-12
Microsoft Windows 7 Ultimate   6.1.7601.1.1257.370.1033.18.16259.14133 [GMT 0:00]
.
AV: AVG AntiVirus 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}
SP: Ad-Aware Antivirus *Disabled/Outdated* {631A84A5-349B-D56... Read more

A:Infected with Win32/Zperm

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Click the Report button and the report will open in Notepad.IMPORTANTIf you click the Clean button all items listed in the report will be removed.If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Check off the element(s) you wish to keep.Click on the Clean button follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleaner[Sn].txt (n is a number). Please downloadJunkware Removal Tool to your Desktop.Please close your security software to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.The tool will open and start scanning your system.Please be patient as this can take a while to complete, depending on your system's specifica... Read more

Read other 10 answers
RELEVANCY SCORE 47.2

Hi,
I ve been wrestling with the removal of the win32/Zperm virus and came across the posting from Gabrielrock nov12 2013 that seems to be a similar problem to mine. see http://www.bleepingcomputer.com/forum/t/513821/infected-with-win32/zperm
As with above, Ad-Aware detects the win32/Zperm virus and appears to deal with it only for it to re-instates itself in a windows/temp/file. Please advise how I can get rid of it.
I am operating on windows Vista and being relatively PC niave would appreciate guidance.
Many Thanks
 

A:Infected with win32/Zperm

Hello DaidaftI'm Seedy21 and I will be helping you with your issues.Please note the following information about the malware forum:From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by mePlease do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.Please reply within 48 hours, if you are going to be away for longer please let us know or the topic will be closed for been inactiveIf you are using Cracked or Illegal software your thread will be closedLastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close.Note:There are both 32-bit and 64-bit versions of Farbar Recovery Scan Tool available. Please pick the version that matches your operating system's bit type.If you are unsure what you're system bit type is..... click Here for help.For x32 bit systems download Farbar Recovery Scan Tool and save it to your Desktop.For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your Desktop.Double-click the downloaded icon to run the tool.When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it also makes another log (Addition.txt).... Read more

Read other 21 answers
RELEVANCY SCORE 47.2

ComboFix 14-08-19.01 - repeat 08/20/2014  21:24:48.2.8 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.32719.29329 [GMT -5:00]
Running from: c:\users\repeat\Downloads\ComboFix.exe
AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
SP: Ad-Aware Antivirus *Disabled/Outdated* {631A84A5-349B-D564-3A83-A0F22C2DF32B}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2014-07-21 to 2014-08-21  )))))))))))))))))))))))))))))))
.
.
2014-08-21 02:28 . 2014-08-21 02:28    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-08-18 03:37 . 2014-08-18 03:37    --------    d-----w-    c:\program files\Common Files\Lavasoft
2014-08-17 00:29 . 2014-08-17 00:29    --------    d-sh--w-    c:\users\repeat\AppData\Local\EmieUserList
2014-08-17 00:29 . 2014-08-17 00:29    --------    d-sh--w-    c:\users\repeat\AppData\Local\EmieSiteList
2014-08-16 23:55 . 2014-08-1... Read more

A:win32/zperm Combofix Log

ComboFix 14-08-15.01 - repeat 08/16/2014  18:36:07.1.8 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.32719.29682 [GMT -5:00]
Running from: c:\users\repeat\Downloads\ComboFix.exe
AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
SP: Ad-Aware Antivirus *Disabled/Outdated* {631A84A5-349B-D564-3A83-A0F22C2DF32B}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\tmp5AEB.tmp
c:\windows\SysWow64\tmp5BD6.tmp
E:\install.exe
.
.
(((((((((((((((((((((((((   Files Created from 2014-07-16 to 2014-08-16  )))))))))))))))))))))))))))))))
.
.
2014-08-16 23:39 . 2014-08-16 23:39    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-08-16 23:30 . 2014-08-16 23:30    --------    d-----w-    c:\windows\ERUNT
2014-08-16 23:28 . 2010-08-30 13:34    536576    ----a-w-    c:\windows\SysWow64\sqlite3.dll
2014-08-16 23:15 . 2014-08-16 2... Read more

Read other 12 answers
RELEVANCY SCORE 47.2

Hello everyone. Recently AVG quarantined a file called Win32\Zperm. Should i be worried about this? Also, i noticed that when i watch a video online, it's not uncommon for the video to freeze. I than have to close the program and restart internet explorer to get it to work. I orginally started another thread with a Rkill log and was kindly directed, to the proper procedure of starting a thread.

This is the original post: http://www.bleepingcomputer.com/forums/topic480398.html/page__pid__2937102#entry2937102

Here is the DDS log:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16448
Run by Elan at 21:23:28 on 2013-01-02
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.3999.1711 [GMT -4:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestric... Read more

A:AVG quarantined Win32\Zperm

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top o... Read more

Read other 16 answers
RELEVANCY SCORE 46.8

Hello,
Thanks so much in advance for helping me.

Running XP and keep getting redirected when I search via yahoo. AVG has detected 'exploit rogue scanner type 1652'.
Ran malwarebytes anti-malware but nothing is found.

A:Exploit rogue scanner type 1652 detected by AVG

Here is my DDS log...
DDS (Ver_10-12-12.02) - NTFSx86
Run by Mark at 7:03:11.82 on Fri 02/04/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.347 [GMT -5:00]

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
svchost.exe
C:\WINDOWS\system32\s... Read more

Read other 3 answers
RELEVANCY SCORE 46.8

I was running ESET Online scanner today when it told me that I had some Anti Virus software running which could hinder the performance and quality of the scan. I clicked on the list and it told me that Windows Defender was the only thing running. This confuses me for two reasons:

1. Windows Defender is turned off
2. I am running AVG Free and that did not show up?

Why on earth would it detect a program I'm not using and not detect a program I am using?
Thanks for your help.

A:ESET Online Scanner detected something that I dont have turned on?

Other anti-virus and anti-spyware progams running on your computer can interfere with the scan. As such ESET notifies you so they can be disabled first.If you have other anti-virus, anti-spyware or anti-malware programs running on your computer, they may intercept the scan being performed by the ESET Online Scanner and slow it down. You may wish to disable the real-time protection components of your other security software before running the ESET Online Scanner. Remember to turn them back on after you are finished!ESET Online Scanner FAQsIf ESET did not recognize the existing security programs properly, that is a question better asked of Eset Support so they can investigate and answer.Contact Technical Support & submit questionESET Customer Care

Read other 1 answers
RELEVANCY SCORE 46.4

DDS does work on Vista 64bit so i have to use Hijackthis. Anyways AVG detected after I clicked a link by mistake while googling. Avg hasn't detected it before this happened and hasn't since.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:53:54 PM, on 3/19/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\AVG\AVG8\avgtray.exe
C:\Program Files (x86)\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cnnb
R1 - HKLM\Software\Micr... Read more

A:AVG just detected: exploit rogue spyware scanner (type 621). Vista 64 bit

Hello and Welcome to TSF.

We no longer use HijackThis as our initial analysis tool.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please start a new thread in our Virus/Trojan/Spyware forum along with the required logs

Read other 1 answers
RELEVANCY SCORE 46.4

A few weeks ago you aided me in cleaning an infection off my computer and I thought it was clean.  However, the last week strange things have been happening.  Here is the original thread http://www.bleepingcomputer.com/forums/t/508728/dds-and-combofix-logs-as-requested/?hl=requested#entry3174075
 
I am running Windows XP Pro SP3, AVG internet security, Ad-Aware antivirus in compatibility mode and from time to time I run I-obit antivirus and Mal-warebytes free version.
 
Within the last week,

1.  I several times got a boot disk not found error while booting.  I thought it was the hard drive going bad but after a couple of days it was fine.
 
2.  AVG has several times detected and quarentined Win32/Zperm.  It seems to come back.
 
The last full system virus scans with I-Obit picked up a few things, I think Trojans, most of which I think are false positive, in old data files in an external backup.   These files have not been accessed for years except for copying them from one place to another.
 
3 This morning WinPatrol informed me that a number of things had been removed from my startup.  These included WinPatrol, AVG Toolbar, RTHDCPL.exe, Ad-Aware AV (set in compatiblity mode), spybot search and destroy's tea timer and maybe some more that I can't remember.
 
The programs were still in my system tray but I am reinstalling them just in case now.
 
Any help would be appreciated.
Thank you in advance... Read more

A:Strange disk behavior and Win32\Zperm

Hi -
Download Security Check by Screen317 from HERE
* Save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.Note: If a security program requests permission to access the Internet, allow it to do so.
 
 
Download MiniToolBox, Save it to your desktop and run it.
Checkmark the following boxes:
•Flush DNS
•List last 10 Event Viewer log
•List Installed Programs
•List Users, Partitions and Memory size.
•List Minidump Files
 Click Go and copy / paste the result (Result.txt).
 
 
Please download Malwarebytes Anti-Malware Free (a.k.a. MBAM) and save it to your desktop.NOTE : Do not accept the Free Trial Version at this time
* Follow these instructions for doing a Quick Scan in Normal Mode.
* Check for database Updates through the program's interface before scanning.
* Click on Scanner > Place a dot in Perform Quick Scan > Click Scan
* After completing the scan, a log report will open in Notepad.
* The log is automatically saved and can be viewed by clicking the Logs tab .
* Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
* Exit Malwarebytes when done.
* Note: If Malwarebytes encounters a file that is difficult to remove, y... Read more

Read other 11 answers
RELEVANCY SCORE 46.4

Hello,
 
I have both AVG and Ad-Aware installed (Ad-Aware is in compatibility mode so the real-time protection is off). AVG resident shield keeps reporting that Win32/Zperm has been found in the temp folder and this is due to the Ad-Aware Service. I choose the action to remove it, which it says is successful but then it reports the same thing again a little while later. An actual scan by AVG does not find anything, neither does a scan by Ad-Aware.
 
AVG resident shield report: Virus found Win32/Zperm, c:\Windows\Temp\... (actual folder and file changes every time)
 
The process name: C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareService.exe
 
I have also tried scanning with Malwarebytes Anti-Malware and that too doesn't give any postives. Could you help me remove it please or is it a compatabilty issue between AVG and Ad-Aware?
 
Thanks
 
My DDS log:
 
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16520  BrowserJavaVersion: 10.45.2
Run by Paulette at 13:17:06 on 2013-11-22
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.44.1033.18.2038.701 [GMT 0:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}
SP: Ad-Aware Antivirus *Disabled/Outdated* {631A84A5-349B-D564-3A83-A0F22C2DF32B}
SP: Windows Defender *Enabled/... Read more

A:AVG keeps finding Win32/Zperm in temp folder

Actually, I forgot that Malwarebytes did find some PUPs which I deleted but ir didn't seem to have any affect.
 
Here is the log:
 
Malwarebytes Anti-Malware (Trial) 1.75.0.1300www.malwarebytes.org
Database version: v2013.11.20.06
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Paulette :: PAULETTE-PC [administrator]
Protection: Enabled
20/11/2013 10:50:45
mbam-log-2013-11-20 (10-50-45).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 201716
Time elapsed: 13 minute(s), 38 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 2
C:\Users\Paulette\AppData\Local\Temp\ct3288691 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Paulette\AppData\Local\Temp\ct3297861 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
Files Detected: 9
C:\ProgramData\YouTube Downloader\ytd_installer.exe (PUP.Optional.Spigot.A) -> Quarantined and deleted successfully.
C:\ProgramData\YTD Video Downloader\ytd_installer.exe (PUP.Optional.Spigot.A) -> Quarantined and deleted successfully.
C:\Users\Paulette\Local Settings\Tempo... Read more

Read other 22 answers
RELEVANCY SCORE 46

I did a stupid thing yesterday. I downloaded an icon pack APK file on my computer to upload to my mobile. Anyway, the thing is, when I double clicked on it, BlueStacks (Android Emulator) opened up, and Avast started giving me lots of warnings about BlueStacks accessing Trojan URLs (it blocked them of course).
 
Now, the thing is: I scanned the APK file both in Malware Bytes Anti Malware and Avast (and even Malware Bytes Anti Rootkit), and it showed no virus or malware found. But when I try to attach the the same APK file as a Gmail attachment (which I read on the net detects viruses, which is why I tried it), Gmail gives me a "Virus found" error.
 
So, my question is how come such reliable antivirus / anti-malware programs like MBAM and Avast didn't detect the virus but Gmail did? And more importantly, (though I have deleted the APK file in question from my computer) is my computer safe? Or has a rootkit / trojan been installed?

A:Virus not detected in Avast & MBAM, but detected when I upload the file to Gmail

Upload file in question here: https://www.virustotal.com/ for security check.

Read other 5 answers
RELEVANCY SCORE 45.6

ariolic software's disk scanner is a trojan-just detected it with clamwin. 2011.02.23
Warning! http://www.ariolic.com/disk-scanner.html
Warning! http://files.ariolic.com/diskscanner.exe

key words for google searches:
ariolic disk scanner review
ariolic disk scanner safety
ariolic disk scanner virus
ariolic disk scanner trojan
ariolic disk scanner unsafe

A:ariolic software's disk scanner is a trojan-just detected it with clamwin. 2011.02.23

Hi and welcome to TSF please go here for help with malware NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum post your info there not here

Read other 1 answers
RELEVANCY SCORE 45.2

Hi there Everyone,
I Have a 166 MHZ, 10MB Hardrive, and a 2.1 Hardrive, 64MB Ram, Epson Stylus 640 Printer on LPT1, and Artec Wheel mouse on Com1, USRobotics 33.6 Internal modem on Com2.
Now that this out of the Way. I have a Artec 6000C Plus Flatbed Scanner with a DTC3181X SCSI Host Adapter. I went to the Artec Web Site and downloaded the Newest Driver for my System Which installed the DTC3181X Host Adapter software, and the Artec Scanner Driver, but when I rebooted the Windows 95 Detected the Scanner 8X's in the System Properties. I tried to Disable the other 7 but that had no Effect.
The Scanner goes through its Calibration but when I do the prescan, it Does An Error, and shuts the program down.
So, what do I do now.
Why is it detecting the Artec 6000C Plus 8X's in the System properties.
HEEEEELLPPPP.........
I am really in need of an answer since i am a graphics Artist, and really need my scanner.
I am willing to trade a Custom Graphic for your web site for the answer to my problem.
Thank you for reading this....:0)
 

A:Artec 6000C Plus Detected In System Properties 8 Times! Scanner doesn't Work....

Read other 6 answers
RELEVANCY SCORE 42.8

Hello TSG,
So I've been trying to solve this since it randomly happened yesterday, but to no avail.
I have a Samsung Q430 Intel i5 with Windows 7 x64 Home Premium (SP1), and the computer randomly started to lag, so I restarted it. It logged in successfully the first few times, but became extremely laggy after login, until it froze up completely each time. I then tried the recovery CD, and it worked the first time, but nothing changed, and it was still laggy. However, the computer could not even get past the black loading screen anymore, and began on a continuous reboot cycle, each time ending with a flash of a BSOD that I couldn't catch. It restarts to two options: Launch startup repair or Start windows normally, both of which end up freezing and restarting.
I have tried:
-Safe Mode (worked first time, but was laggy, and now it just freezes during loading)
-Last Known good configuration (nothing happened)
-Recovery CD (becomes stuck while trying to find the OS, says "Drive E: 0 bytes, windows 7 and never finishes loading)
-Installation CD (stuck at entering setup screen)

The only thing that really works is the Ubuntu Live CD...
So, any suggestions?
 

A:Computer cannot get past boot, recovery CDs not working either

Hi and welcome,
While waiting for someone to read this who knows 'bout W7, why not use that Ubuntu live CD to backup all your important docs, pics, tunes etc etc to an external hard drive (if you haven't already?!) just in case ...

Sorry I can't be of more help.

Richard.
 

Read other 2 answers
RELEVANCY SCORE 42.8

Guys,

I haven't been able to update my AVG the past two days. The server comes up, closing connection and all the stuff that it tells me to check I have checked. My Yahoo also doesn't come up at all. Any ideas? All other sites and graphics work/load fine. Running DSL, Windows XP.

Jack
 

A:Solved: AVG Updates Not Working Past Two Days

Jack:FYI.I just went onto the Grisoft site and downloaded an update.I know that I have updated both my pc's over the last 2 days.Other than checking firewall settings,I don't have a clue.
 

Read other 1 answers
RELEVANCY SCORE 42.4

my computer has gotten some sort of virus my screen goes all black except the start bar on the bottom ( i cans till open programs from there) and a thing called system check keeps poping up saying i have a million errors and asking to scan my computer and buy the full version but it wont go away no matter what i do, unless i run in safe mode like im doing now. ive scaned with avg and malwarebytes and it still wont go away ( there not finding any thing ) and like 30-40 or so boxes keep poping up saying different system 32 files are corrupted but i can click those off.and when the computer first starts up it says somethings wrong with the ati catalyst drivers here is my hijackthis log


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:56:49 PM, on 1/27/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Safe mode with network support

Running processes:
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\matt\Downloads\HijackThis.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Li... Read more

A:bad virus acts like a virus scanner wont go away (hijack log included) help please!!

Read other 15 answers
RELEVANCY SCORE 42.4

Hi, I've been having problems on my computer with ads and anti-virus pop ups and now some kuykwyey.sys and it's opening my browsers and slowing my computer down. I can't get rid of it and I'm having a hard time cleaning this up. Any help would be fantastic.

Here's my HijackThis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:18:38 PM, on 11/19/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOW... Read more

A:Anti-Virus Doctor and fake Microsoft virus scanner

Hello and welcome to Bleeping Computer We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for postin... Read more

Read other 12 answers
RELEVANCY SCORE 42.4

I am trying to get my computer to boot but having problems. It gets to the title page of windows xp and stays there...I wanted to do a system restore but when I go onto log on page my mouse isn't working either.....what should I do?
 

A:can't boot past log in safe mode mouse not working

try another mouse.
 

Read other 3 answers
RELEVANCY SCORE 42

MS Office 2007 - Microsoft Office Document Scanning is not able to recognize the scanner.
Every time when given scan its giving error message "Scanner not responding".
But scanner working fine when using MS Office 2003 - Microsoft Office Document Scanning. Also it works with software called Desktop Bind V2.

OS: Windows XP 32-bit
Scanner: RICOH IS200e Network Scanner.
 

A:Scanner not detected by MS Office 2007 - Microsoft Office Document Scanning

check if you have installed all the office updates.
check if there are any latest scanner drivers, update the drivers for your scanner.
run office diagnostic and check if there are any errors
 

Read other 1 answers
RELEVANCY SCORE 42

So I have what seems to be somekind of trojan or malware or something that is slowing the computer to a crawl. Its keeping the CPU at 100% and its not the svchost.exe bug. What is taking up the cpu is a couple of exe files in the processes. They are RDACOA.exe RCNCOA.exe and a few more ending in COA.exe. theres tons of them all ovver the process list . If u try to kill process it doesn't go away. They all stay and jump around the process list. Now for some reason I uninstalled the virus software I once had........ and have none. The computer is just to slow to install AVG free. It can't do it. In safe mode the computer runs fine. But it won't let me finish installation in safe mode. I searched the exe files and they were in the C:\windows folder. I delete them and they come back. Its a very tricky situatiuon. Is there anything I can do besides wiping the system?

A:a very tricky one: bad virus/torjan on comp, no virus scanner

Hello and to BleepingComputer.Let's see what we're dealing with here.Please download RKill by Grinler from one of the 4 links below and save it to your desktop.Link 1Link 2Link 3Link 4Before we begin, you should disable any anti-malware software you have installed so it does not interfere with RKill running. This is because some anti-malware software mistakenly detects RKill as malicious. Please refer to this page if you are not sure how to disable your security software.Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed. If nothing happens or if the tool does not run, please let me know in your next reply***************************************************Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2IMPORTANT!!! - when you save the file, rename it to something random, such as bubbles.exe This must be done before beginning the download!MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the I... Read more

Read other 1 answers
RELEVANCY SCORE 41.6

A week ago or so a problem started when I booted up my windows 8 acer desktop and once it got to the log in screen the mouse and keyboard wouldn't work... Although I got that fixed somehow and it didn't happen again... until now. I've tried everything I can think of but it doesn't fix it. Please I need help fast

-snossy
 

A:My USB ports aren't working past boot on my acer windows 8. HELP PLEASE. IS THERE ANYTHING I CAN DO?

Can anyone help? Please I need to do work
 

Read other 1 answers
RELEVANCY SCORE 41.6

HiHave been loving my Yoga 900 but the touchscreen has started acting up.  While it seems there are lots of issues with Yoga touchscreens I didn't find one quite like myne.I realised it works okay in laptop mode but as soon as the screen gets to about 100 to 120 degrees rotation - so before reaching the switch point to tablet mode - the touchscreen becomes unresponsive.  If rotate it back so it's 90 degrees or so then it starts working again.  If I boot with screen rotated then device manager has an exclamation mark for an I2C HID device, status says "This device cannot start. (Code 10) A request for the HID descriptor failed."  If boot with screen around 90 degrees then I see the touchscreen device running normally.Any ideas?I'm thinking maybe the ribbon cable could be the problem?How doable is opening up the display panel? Thanks for any thoughts!  

Read other answers
RELEVANCY SCORE 41.6

A week ago or so a problem started when I booted up my windows 8 acer desktop and once it got to the log in screen the mouse and keyboard wouldn't work... Although I got that fixed somehow and it didn't happen again... until now. I've tried everything I can think of but it doesn't fix it. Please I need help fast

-snossy
 

Read other answers
RELEVANCY SCORE 41.6

Hi all,

I have a Genius ColorPage HR6X Scanner. My com is a PT 4 1.4GHz, OS Windows XP Pro SP2 (updated).
Last Friday I made an new clean install of my OS and updated Windows. Since that time however my computer doesn't detect my scanner anymore. I tried to install manually. First, the device was recognized and the device manger told me the device is working properly.
After reopening the device manager it was gone. When I aquired the device at the Page manager, I was told that the device could not be found. I restarted the computer and the computer started up until the windows page than it restarted again and again and again.
I could manage to go into the safe mode. Here the device was recognized in the device manager. But it also didn't work. So I uninstalled software and the device. Now the computer is working normal.
I also tried to unplug the device after uninstalling and restarted but nothing helped.
I went to the website of Genius and looked for new drivers but they don't have.
I hope that you can help me.
Thanks a lot.
 

A:Scanner not working

Read other 6 answers
RELEVANCY SCORE 41.6

It was working yesterady but my PC crashed while scanning a picture. Now that I got my pc to work again, the scanner won't work... It gets some error message.

Any ideas to make it work again?
 

A:Scanner isn't working...

any help, please?
 

Read other 3 answers