Over 1 million tech questions and answers.

MULTIPLE THREATS - Trojan horse Patched_c.LXT, Trojan horse BackDoor.Generic15.AXLA

Q: MULTIPLE THREATS - Trojan horse Patched_c.LXT, Trojan horse BackDoor.Generic15.AXLA

Trojan horse Patched_c.LXT
Trojan horse BackDoor.Generic15.AXLA
Trojan horse Generic28.ANIC

Hello,

My AVG has found multiple threats on my laptop that cannot be removed. This is what pops up on my screen,

AVG Resident Shield Alert
!Multiple threat detection

c:\Windows\System32\services.exe - Trojan horse Patched_c.LXT - Object is white-listed (critical/system file that should not be removed)

c:\Windows\assembly\GAC_32\Desktop.ini - Trojan horse BackDoor.Generic15.AXLA - Infected

c:\Windows\assembly\GAC_64\Desktop.ini - Trojan horse Generic28.ANIC - Infected

I've tried everything in my knowledge to fix this but have had no success. I've tried researching online but I keep getting redirected to different sites. I followed your NEW INSTRUCTIONS before posting and have included the requested logs in this post (I hope they attached). I do not have access to a Windows Install Disc or Boot CD, I don't know why but my laptop did not come with one when I purchased it last year. I figured I would give you a try first before doing anything else. I would greatly appreciate any help you can give me.

Thank you,

Jorge
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by 1 at 23:52:48 on 2012-07-28
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.2280 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.5.60\ccSvcHst.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
C:\windows\system32\svchost.exe -k HPService
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.5.60\ccSvcHst.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\windows\splwow64.exe
C:\windows\system32\igfxext.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
"C:\windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\windows\system32\taskeng.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://start.toshiba.com/g/
uDefault_Page_URL = hxxp://start.toshiba.com/g/
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll"
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [AdobeBridge]
mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [NBAgent] "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
LSP: mswsock.dll
Trusted Zone: secureserver.net\login
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{B4099BBC-0A1D-4AFD-A843-5C8C70CBCF76} : DhcpNameServer = 192.168.88.1
TCP: Interfaces\{F011F990-F353-44C2-AB49-911009329328} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F011F990-F353-44C2-AB49-911009329328}\16474777966696 : DhcpNameServer = 192.168.6.1 64.134.255.2 64.134.255.10
TCP: Interfaces\{F011F990-F353-44C2-AB49-911009329328}\2656C6B696E6534376 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{F011F990-F353-44C2-AB49-911009329328}\35562716C61676F60284F64756C60223 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F011F990-F353-44C2-AB49-911009329328}\3716E63686F6 : DhcpNameServer = 192.168.15.1
TCP: Interfaces\{F011F990-F353-44C2-AB49-911009329328}\A5978554C4 : DhcpNameServer = 192.168.10.1
TCP: Interfaces\{F011F990-F353-44C2-AB49-911009329328}\C696E6B6379737 : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{F011F990-F353-44C2-AB49-911009329328}\E4544574541425 : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO-X64: Canon Easy-WebPrint EX BHO - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll"
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File
mRun-x64: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun-x64: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [NBAgent] "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\6rkxyofo.default\
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B64ddca3e-23f7-4b42-a8b8-ccf9a3721739%7D&mid=498bbc6da71e47d1a4a8b1a22f0161cf-687ca726ef8776e3bfdd96c9cb858c18f51bf937&ds=AVG&v=10.0.0.7&lang=us&pr=fr&d=2011-12-11%2009%3A24%3A48&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Users\1\AppData\Roaming\Mozilla\Plugins\npoff.dll
FF - plugin: C:\Users\1\AppData\Roaming\Mozilla\plugins\npoff.dll
FF - plugin: C:\Users\1\AppData\Roaming\Mozilla\plugins\npoff64.dll
FF - plugin: C:\Users\1\AppData\Roaming\Mozilla\Plugins\npoff64.dll
FF - plugin: C:\Users\1\AppData\Roaming\Mozilla\Plugins\npwbe.dll
FF - plugin: C:\Users\1\AppData\Roaming\Mozilla\plugins\npwbe.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\windows\system32\DRIVERS\avgidsha.sys --> C:\windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\system32\DRIVERS\avgrkx64.sys --> C:\windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\windows\system32\DRIVERS\avgldx64.sys --> C:\windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\system32\DRIVERS\avgmfx64.sys --> C:\windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\windows\system32\DRIVERS\avgtdia.sys --> C:\windows\system32\DRIVERS\avgtdia.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-7-4 5160568]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-3-25 490280]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.5.60\ccSvcHst.exe [2011-3-14 126392]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-2-25 252928]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-3-13 2320920]
R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-7-9 935008]
R3 AVGIDSDriver;AVGIDSDriver;C:\windows\system32\DRIVERS\avgidsdrivera.sys --> C:\windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\windows\system32\DRIVERS\avgidsfiltera.sys --> C:\windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]
R3 HECIx64;Intel(R) Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 QIOMem;Generic IO & Memory Access;C:\windows\system32\DRIVERS\QIOMem.sys --> C:\windows\system32\DRIVERS\QIOMem.sys [?]
R3 rtl8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\system32\DRIVERS\rtl8192Ce.sys --> C:\windows\system32\DRIVERS\rtl8192Ce.sys [?]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-3-13 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-2-23 835952]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-15 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-27 250056]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-4-27 167264]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-15 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-30 113120]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\windows\system32\DRIVERS\VSTAZL6.SYS --> C:\windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\windows\system32\DRIVERS\VSTDPV6.SYS --> C:\windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-07-22 06:17:36 -------- d-sh--w- C:\windows\SysWow64\%APPDATA%
2012-07-22 04:24:11 -------- d-----w- C:\Users\1\AppData\Roaming\Yamb
2012-07-15 07:54:34 -------- d-----w- C:\Users\1\AppData\Local\Windows Live
2012-07-11 07:05:26 3148800 ----a-w- C:\windows\System32\win32k.sys
2012-07-11 02:55:08 2004480 ----a-w- C:\windows\System32\msxml6.dll
2012-07-11 02:55:08 1881600 ----a-w- C:\windows\System32\msxml3.dll
2012-07-11 02:55:08 1390080 ----a-w- C:\windows\SysWow64\msxml6.dll
2012-07-11 02:55:07 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll
2012-07-11 02:55:06 2048 ----a-w- C:\windows\SysWow64\msxml3r.dll
2012-07-11 02:55:06 2048 ----a-w- C:\windows\System32\msxml3r.dll
2012-07-10 21:48:10 -------- d-----w- C:\ProgramData\B7E85886000001B9000017D9B4EB2367
2012-07-07 09:46:43 -------- d-----w- C:\Users\1\AppData\Local\Chromium
2012-07-07 04:55:27 -------- d-----w- C:\Users\1\My Software
2012-07-07 01:48:26 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
2012-07-07 01:48:25 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-07-05 07:02:39 -------- d-----w- C:\Users\1\AppData\Roaming\PCCUStubInstaller
2012-07-03 23:59:02 -------- d-----w- C:\Users\1\AppData\Roaming\NeroDigital(TM)
2012-06-30 06:53:14 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-06-30 06:53:12 68576 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-06-30 06:53:12 573920 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-06-30 06:53:12 157608 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-06-30 06:53:12 113120 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
.
==================== Find3M ====================
.
2012-07-27 00:14:13 70344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-27 00:14:13 426184 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-07-03 17:46:44 24904 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-06-06 06:02:54 1133568 ----a-w- C:\windows\System32\cdosys.dll
2012-06-06 05:03:06 805376 ----a-w- C:\windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\windows\System32\wudriver.dll
2012-06-02 19:19:42 186752 ----a-w- C:\windows\System32\wuwebv.dll
2012-06-02 19:15:12 36864 ----a-w- C:\windows\System32\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w- C:\windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
2012-05-04 1122 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\windows\System32\profsvc.dll
.
============= FINISH: 23:53:19.92 ===============

RELEVANCY SCORE 200
Preferred Solution: MULTIPLE THREATS - Trojan horse Patched_c.LXT, Trojan horse BackDoor.Generic15.AXLA

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: MULTIPLE THREATS - Trojan horse Patched_c.LXT, Trojan horse BackDoor.Generic15.AXLA

BUMP, please

Read other 19 answers
RELEVANCY SCORE 208

My browser keeps redirecting to various sites. From google and other sites.

AVG has detected that ../system32/services.exe is infected with trojan horse patched_c.lxt
It has also detected that ../windows/assembly/GAC_32/desktop.ini is infected with trojan.generic15.axla

Malware bytes detected that a file in the windows/installer/ folder was infected with trojan.dropper.bcmilner and healed it.

problem Still remains please help!

DDS and GMER logs are attached.

Below is the DDS log.

Any help is much appreciated!

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by LesH at 14:26:59 on 2012-06-25
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4001.1993 [GMT 1:00]
.
AV: AVG Internet Security Business Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security Business Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG10\avgchsva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\W... Read more

A:services.exe infected trojan horse patched_c.lxt, and ../windows/assembly/GAC_32/desktop.ini with trojan.generic15.axla

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

Read other 16 answers
RELEVANCY SCORE 170

Please help, I'm running AVG 2012 Free Edition on Windows 7 and I have been infected with Trojan horse Dropper.Generic_c.MMI, which is in services.exe, I don't even know where to begin!

EDIT: I've resolved the Backdoor trojan, still need help with Dropper.Generic_c.MMI

A:Infected with Trojan horse Dropper.Generic_c.MMI and Trojan Horse Backdoor.Generic15.BHGZ

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.Orange Blossom

Read other 3 answers
RELEVANCY SCORE 160

I used to think that I knew quite a bit about how to properly maintain a healthy computer. But that was until my laptop became infested with these trojans and whatever else they are. It started out with a couple notifications from my AVG and this was not out of the ordinary. My internet started acting up and booting me offline every 30 minutes or so. Then the websites that I was trying to look at were "redirected" to http://bts.scour.com/index.html?3. I thought I'd be smart and block bts.scour.com in my Internet Options but it simply chose another route. So I blocked that site. Then it sent in another reroute site. These sites remind me of popups or those annoying "scan your computer for faster service" sites. Y'know the ones that would entice you to scan your computer and make you believe there was something wrong with your computer, but there wasn't.(that is until you scanned with their program and it would take control of your computer at the worst of times.) The Trojan Horse Back Door Generic 15 made its entrance right after the "bt.scour" did. AVG 's only option was to ignore it, but I still wasnt worried.Everytime I blocked at redirect, the more intense the attack on my computer became. I gradually lost control of my computer. When I thought I should check Windows firewall, it was to late for any security measures. It was turned off and when I tried to turn it back on, it would give me an error(0x8000ffff). It wou... Read more

A:HELP!! UNINVITED GUESTS: Lune.Sirefef.A,Trojan horse Patched_C.LYU, Trojan horse Generic_r,Trojan horse Back Door Gener...

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the ... Read more

Read other 13 answers
RELEVANCY SCORE 151.6

Hello, there! First up, I have to mention how glad I am at coming across this amazing forum. I have a problem so I thought I'd do a Google about what could be done about it.Came across the forum, here, and read through several topics that had virus/malware trouble. Was quite amazed, and very pleased, to see how each topic was dealt with, in such a personal, step-by-step manner giving positive results in all cases. Anyway, here goes my bit of a kerfuffle........ Downloaded a file which I required. Checked the ZIP file using my AVG Internet Security 2011. All was fine. Opened up the file and placed on my desktop temporarily. Inside the file were the setup.exe and other files I required. On opening one of them (the setup.exe was fine, by the way, and was exactly what I needed) a Malicious Threat warning popped up from my AVG. I had AVG deal with it but now this important file had vanished! I had to re-download the ZIP file again. This I did and followed the same procedure as outlined previously. Yet, again, the AVG popped up! Same thing happened. By the time I downloaded the third time the file was allowed upon my decision: Yep, you guessed it............! The file opened for a split second and then it vanished again. It was late at night so I left everything and turned off the PC until the next day. When I started my PC this is when I noticed I had a problem: Very slow start (about 3 minutes), HDD chattering away for... Read more

A:INFECTED WITH MULTIPLE THREATS: Trojan Horse Agents, Crypt, Generic 26 and 27 as well as Backdoor

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.The first thing I would like you to do is run this for me - http://download.bleepingcomputer.com/grinler/unhide.exe after it is complete restart the computer and continue with these stepsDownload and run OTLDownload OTL by Old Timer and save it to your Desktop.Double click on OTL.exe to run it.Under Output, ensure that Minimal Output is selected.Under Extra Registry section, select Use SafeList.Click the Scan All Users checkbox.Under the Custom Scan box paste this in

%TEMP%\smtmp&... Read more

Read other 49 answers
RELEVANCY SCORE 150.4

Hello , i'm Thee and i need help from you guys
 
I will start by telling when did that trojan came up and how my system is now.
 
I have this new Windows 8 laptop , 64bit , Dell Inspiron 14 . Its new and only 2 weeks old . Before the trojan was detected , i have AVG Free Antivirus 2013 installed . 2 days ago , when i start to turn on my laptop ,  it detected this Trojan Horse BackDoor.Generic15.BPGV in User files and its process name is under Windows/System , i moved it to virus vault and deleted the trojan there , but this trojan pops out again as Threat Detected from AVG everytime i start up my laptop for the next 4 / 5 times i restarted , until it didn't appear again when i restart so i thought it's gone for good , and then a new problem occurred . I couldn't open regedit and msconfig , it opens but closes very quickly , so i downloaded some antivirus stuffs like , Malwarebytes Anti Malware , Avast setup , ADW , HouseCall , and i cant run any one of them too , therefore i downloaded VIPRERESCUE and this could run so it scanned my laptop and detected 6 infections but none of it was the Trojan Horse BackDoor.Generic15.BPGV .
 
Next, a friend of mine suggested me Windows Defender Offline booting using a USB drive , so i went to another clean laptop and installed it in a USB , i plugged in the USB drive and restarted the computer a few times before i managed to boot it from USB drive cause i missed the BIOS button , and so the Full Scan of Windows Def... Read more

A:Trojan Horse BackDoor.Generic15.BPGV

Welcome aboard   Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.* Double-click mbam-setup.exe and follow the prompts to install the program.* At the end, be sure a checkmark is placed next to Up... Read more

Read other 11 answers
RELEVANCY SCORE 150.4

Hi there. I found a thread in this forum similar to an issue I'm experiencing, but I want to register and open a new topic just in case this may be a slightly different case. I believe this file is a result of a virus I was sent via an IM messenger (Skype) disguised as an image file. I have already scanned my PC with AVG and HitMan two times, and removed all suspicious files, but AVG continues to alert me that this file still exists. I run a Windows 7, 64 Bit as my operating system.The threat name is described as Trojan Horse BackDoor.Generic15.BPGV, and upon restarting my computer I'll be alerted of the file in multiple locations. Afterwards I do not continue to be alerted until I reboot my computer once again. If you wish for me to reboot my PC to gather details, I can provide that. It's worth noting in contrast to the topic linked above, I (believe I) have not received an alert regarding a services.exe file, and did not appear in my HitMan scans to my knowledge.Any help would be very much appreciated. System restore is not an option due to the fact the my restore points before receiving the suspicious file were inexplicably deleted. Unfortunately, I did not save my logs of the previous scans, and am unsure if it's possible for them to be retrieved.

A:Trojan Horse BackDoor.Generic15.BPGV

Hi, MuddyMaestro! I'm going to try to help you out. This could potentially be a pretty nasty infection, but I'm going to run some things to check and clean some things before jumping to any conclusions.TDSSKillerI need you to run a scan using TDSSKiller.Download TDSSKiller from here, and save it to your desktop.Double click the file to launch the program. Once the program starts, click Start Scan. Don't change any default scan settings.Once the scan is finished, you'll find a log in your root drive (usually C: ) that will start with TDSS in the file name, please copy and paste it into your reply.MalwarebytesI need you to run a scan with Malwarebytes Anti-Malware.Download MBAM from here, and save it to your desktop.Double-click the installer to run it. During the installation, simply follow the prompts and let the program install. However, if you do not want to start a trial of the full version, please decline, and if offered any external toolbars/programs, feel free to uncheck to install them, unless you want them.Once the program is done installing and updating, select the Perform full scan option on the main interface. The click the Scan button, hit Scan, and let the scan run.Once the scan is finished, a log will pop up. If any malware was found, click the Show Results button, and make sure everything present is checked and click Remove Selected. If MBAM asks you to reboot, do so immediately. Either way, please copy and paste the log into your reply. If ... Read more

Read other 13 answers
RELEVANCY SCORE 144.4

Must have got these a week ago. Noticed after my google search results links would bring me to adsites half the time.

A:"Trojan horse BackDoor.Generic11.IZW" "Trojan horse SHeur2.ADCY" "Trojan horse PSW.Agent.ZSP"

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_Sca... Read more

Read other 2 answers
RELEVANCY SCORE 141.2

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No inp... Read more

A:Infection of Trojan horse Generic15.AULT and Trojan horse BH0.JEW

Due to lack of feedback, this topic is now closed.

If you are the original topic starter and you need this topic re-opened, please send me a PM.

Everyone else, please start a new topic.

Read other 16 answers
RELEVANCY SCORE 138.8

Hi there!Like many others lately my laptop has been infected with Bamital Trojan.Date of infection: 2nd, October 2010Detected by: AVG 9 Infected Files: Explorer.exe with Trojan horse Patched_c.JEE and Winlogon.exe with Trojan horse Patched_c.JESAVG Result: "Object is white-listed (critical/system file that should not be removed)"OS: Windows XPThe only things i can remember leading up to the infection was...1. My IE browser sometimes opens up different sites on other tabs2. I had downloaded a part of a movie3. I updated AVG 9 (even though it was just updated approx 2 days prior)Attempted Resolutions:1. I've updated and ran malwarebytes but it couldn't detect the virus.2. I realised my google search results are constantly being redirected to dodgy sites so i've run tdsskiller to remove the malware (but it keeps coming back, not sure if bamital is responsible for this)Additional Notes:1. This is the topic the that notified me that i am dealing with the Bamital infection : htttp://www.bleepingcomputer.com/forums/topic351001.html 2. Users in the topic has suggested the use of Kaspersky Tool to remove the infections but i'm not confident to do it on my own3. This is my friend's laptop so i don't have a copy of his Window's CD...e4. I cannot close AVG as it keeps detecting the threats over and overYour help is much appreciated!! Thanks in advance!! DDS (Ver_10-03-17.01) - NTFSx86 Run by Albert Chung at 22:29:04.35 on Wed 06/... Read more

A:Trojan horse Patched_c.JEE & Trojan horse Patched_c.JES / Bamital Infection

Good evening. Take a trip to this webpage for download links and instructions for running Combofix by sUBs.* Please be aware that this tool may require the PC to be rebooted so close any programs you have open before you start. When CF has finished, it will produce a log - C:\ComboFix.txt - copy and paste it into your next reply. Let me know how the PC is behaving.* There are two points to note from the instructions page:1) The Recovery Console.It is recommended that you install this as, in certain circumstances, it may be the difference between a successful repair and a reformat. If you are uncertain as to whether or not you already have the Recovery Console installed, simply run CF and it will prompt you if it does not detect it.CF will complete some, but not all, of it's removal tasks without the installation of the Console so, should you choose not to allow the installation, you may not get the results you hoped for.2) Disabling your Anti-Virus.CF has been the victim of false-positive detections on occasion and a resident AV may incorrectly identify and delete part of the tool which won't do it much good. If you don't disable your AV, you may not get the results you hoped for either.

Read other 29 answers
RELEVANCY SCORE 132

Trojan Horse Generic7.VWR, Adware Generic.ANL, Trojan Horse generic 10.BDQU, YLG & ARQZ, Backdoor Generic9.UXL, Trojan Horse SHeur.AZUV & JS/PsymeMy wifes freind complained that her computer was too slow and needed some new hardware. She wanted me to have a look> I was thinking check for RAM, Vid card, Sound card kind of stuff. What I found instead was a computer that was so slow it was near unusable and virus/ad/mal/spyware infested. Further research found that this was one of the Packard Bell's that was shipped with Norton Internet Security 2004, but she had not updated the license. So basicaly, since 2006, she has been online with no protection at all. I wwent to the Packard Bell site and got the application to uninstall Norton and replaced it with AVG (Free version) and Sygate Personal Firewall (Free version) and turned off Windows Firewall.I have scanned with AVG, installed and ran ad-aware, Spybot S&D, Bit Defender, Mcafee Stinger, Updated the OS and installed HiJack this. Here is the log:Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:27:20, on 03/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS ... Read more

A:Trojan Horse Generic7.vwr, Adware Generic.anl, Trojan Horse Generic 10.bdqu, Ylg & Arqz, Backdoor Generic9.uxl, Trojan Hors...

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please reply to this topic stating that you still need help and I will work with you on resolving your computer problems.

Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, feel free to create a new one.

Once again, I apologize for the delay in responding to this topic.

Read other 1 answers
RELEVANCY SCORE 131.6

I went away for a couple days, came back and found these. AVG can't remove them, says they're whitelisted. Symptom is, every time I try to google the file names I get redirected, and I keep getting a windows security asking if I want to unblock stuff.Thanks, Tom

A:"Trojan horse generic22.BEWG" and "Trojan horse BackDoor.Generic13.BKVZ

Looks like you have a redirected infection. Have you try running Malwarebytes yet?

Read other 16 answers
RELEVANCY SCORE 129.6

I have 2 trojans Trojan horse Generic5.GUH,Trojan horse BackDoor.Agent.IQL would like to remove I have external hard drive.could not run the online scans except stinger, house call made a load bleeping noise?Laptop used for sensetive stuff banking etc. will change passwords on other machine.Thank youLogfile of Trend Micro HijackThis v2.0.2Scan saved at 11:54:43 PM, on 24/07/2007Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Windows Defender\MSASCui.exeC:\Windows\AGRSMMSG.exeC:\Program Files\Grisoft\AVG7\avgcc.exeC:\Program Files\LogMeIn\LogMeInSystray.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Picasa2\PicasaMediaDetector.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Windows\ehome\ehtray.exeC:\Program Files\Skype\Phone\Skype.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\DAEMON Tools\daemon.exeC:\Windows\ehome\eh... Read more

A:Infected With Trojan Horse Generic5.guh,trojan Horse Backdoor.agent.iql

Hi mrpugowski,

If you still need help please post a fresh HijackThis log and I'll be happy to look at it for you.

Thanks for your patience.

Read other 3 answers
RELEVANCY SCORE 129.6

Hello,

This is my first post here. Hopefully, this will resolve my problems.

According to AVG Anti-Virus, I have these Trojan horses, neither of which is not "healable." There is a virus called "Virus identified exploit" that I noticed in the AVG Virus Vault as well. How can I fix these issues? Might it help to mention that the latter has been in the Vault since October 5, 2007 (I only noticed it now, when I was running a scan, but I-or the laptop-run scans often). The first Trojan since March 6, 2008 and the second trojan, since today.

Attached is my HJT Log. I did attempt to complete a Panda ActiveScan but an "Update error" prevents it, saying "Sorry, updating is incomplete due to an error. Please try again." I've tried several times to re-update but my attempts have been futile.

Logfile of HijackThis v1.99.1
Scan saved at 6:13:02 PM, on 5/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~... Read more

A:Trojan horse BackDoor.Ircbot.DME & Trojan horse Downloader.Zlob

This is the offender:

O2 - BHO: CIEObjectObj Object - {CA13D72F-2DAC-4D99-B08D-C5EA1C920E89} - C:\WINDOWS\IECodecPlg.dll


Ok.We need to download ComboFix.exe. This will give me a better view to the files that are running and also the ones that are hidden on your computer.

Please visit this webpage for download links, and instructions for running ComboFix


When the tool is finished, it will produce a report for you. Please copy and paste the "C:\ComboFix.txt" along with a new 'HijackThis' log so that we can continue to do any further cleaning that your system may require.

Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Mal use can cause serious computer problems

NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.

Read other 1 answers
RELEVANCY SCORE 129.6

Both of these trojans found through AVG. First, Backdoor.Generic11.BBDE a couple of weeks ago, now Crypt.HOS. All moved to Virus Vault except for file c:\windows\system32\drivers\asyncmac.sys; AVG states object is white-listed (critical system file not to be removed). I Goggled to research these and it's made me worried/parnoid about all the banking and bill paying I do online. One site said to change all passwords via another computer. Should I? I've gone through my Add/Remove Programs and do not see anything unusual installed.

I have a Dell Desktop Dimension 2400 40GB hard drive, 1 GB RAM, Windows XP Pro Version 2002 SP3, Intel Pentium 4 2.66 GHz.

I installed, uninstalled, and reinstalled three times Malwarebytes Anti-malware and keep getting "Error 703, 0, 13".

My Hijack This log follows. Any help and advice is much appreciated.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:45:01 PM, on 11/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.... Read more

Read other answers
RELEVANCY SCORE 126.4

I came online today and suddenly my AVG antivirus popped up saying that a threat was detected. It then said that i was infected with a trojan horse generic15.BHFL .
I have tried to find out information about this trojan but cant find it any anywhere.
I tryed to move it to the vault and to heal it but AVG said that it was unable to, so now i am worried that it has not been removed. Im on a Windows Vista laptop.
Please help!
Thankyou

A:trojan horse generic15.BHFL

I did not see it on AVG update list so...Next run MBAM (MalwareBytes):NOTE: Before saving MBAM please rename it to zztoy.exe....now save it to your desktop.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" ... Read more

Read other 1 answers
RELEVANCY SCORE 126

Hello,
I have run Superantispyware, AVG antivirus and AVG antispyware on my PC. AVG has detected Trojan Horse Backdoor Generic6 AMA and Trojan Horse IRC Backdoor Sdbot2 REN and XIN. That is it, however I feel something is still in me (strage outgoing traffic). Could you pls check my HJT log and say if everyting is OK or not?

Thanks!
 

A:Trojan Horse Backdoor Generic6 and Trojan Horse IRC Backdoor Sdbot2

Read other 12 answers
RELEVANCY SCORE 124.8

Thanks in advance for your help, it is very appreciated. I accidentally accessed a video file that had a trojan in it. I've tried combofix and sdfix.exe and neither have worked. I've tried avg spyware and virus, Malwares, spybot, adaware, and none of them detect or allow me to remove the infection. Please Help!

I receive a popup every 2 minutes from AVG web shield alert stating "threat detected"

File Name: 91.212.226.178/1inst.exe
Threat Name: Trojan Horse Generic15.AVLU

Process Name: C:\Windows\system32\svchost.exe
Process ID: 940

Hijack Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:38 PM, on 11/17/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Sprint\Mobile Broadband\SMBAUtilSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\dlcxcoms.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Java\jre6\bin\... Read more

A:TROJAN Horse Generic15.AVLU - Infected my XP! HELP to FIX!?!

Hello and welcome to TSF.

HijackThis is no longer the preferred initial analysis tool in this forum.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Read other 1 answers
RELEVANCY SCORE 124.8

Hi all,Im new here so please bear with me. I have a trojan (see topic title) and I cannot get rid of it.AVG's resident shield alert highlighted it when i started my PC. I ran a full AVG scan but cant get rid. I then ran Spybot search & destroy scan and it did not pick up on it. Finally I ran Malwarebytes Anti malware on it and that did pick up on a few things but not this particular trojan. I also turned off my system restore but then put it back on as i wasnt confident it was right thing to do.I use Firefox browser and have Windows XP operating system, alongside this I also have Scotty WinPatrol running in the background. I have not added any programmes recently.Is there a way I can manually delete this? I had a recent prob with the SDRA (I think thats what it was called) bug and i managed to manually delete that, with some online help, so im pretty confident(ish) that I could do the same with this (if given some step by step guidance).Here is the full description if what AVG is telling me:File - C:\WINDOWS\system32\userinit.exeInfection - Trojan horse Generic15.FCTResult - object is white listed (critical/system file that should not be removed)Can anyone help?I have included a Hijack this log if it helps?? - see belowLogfile of Trend Micro HijackThis v2.0.2Scan saved at 21:08:16, on 23/10/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.e... Read more

A:manual deletion of Trojan horse Generic15.FCT ???

Hello,We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up.My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if youwould let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)Then please post back here with the following: log.txt info.txtThanks

Read other 17 answers
RELEVANCY SCORE 124.8

Hi all,

Im new here so please bear with me. I have a trojan (see topic title) and I cannot get rid of it.

AVG's resident shield alert highlighted it when i started my PC. I ran a full AVG scan but cant get rid. I then ran Spybot search & destroy scan and it did not pick up on it. Finally I ran Malwarebytes Anti malware on it and that did pick up on a few things but not this particular trojan. I also turned off my system restore but then put it back on as i wasnt confident it was right thing to do.

I use Firefox browser and have Windows XP operating system, alongside this I also have Scotty WinPatrol running in the background. I have not added any programmes recently.

Is there a way I can manually delete this? I had a recent prob with the SDRA (I think thats what it was called) bug and i managed to manually delete that, with some online help, so im pretty confident(ish) that I could do the same with this (if given some step by step guidance).

Here is the full description if what AVG is telling me:

File - C:\WINDOWS\system32\userinit.exe

Infection - Trojan horse Generic15.FCT

Result - object is white listed (critical/system file that should not be removed)

Can anyone help?

Please advise if you require any further info but please be aware that you may need to give me guidance if I have to go further into my system to provide this.

Thank you

A:manual deletion of Trojan horse Generic15.FCT

HelloI see that you have an HJT log posted here: http://www.bleepingcomputer.com/forums/t/266458/manual-deletion-of-trojan-horse-generic15fct/ We do not allow more than one topic for the same computer and the same issue as this causes confusion, and in this case may make the disinfection process more difficult.This leaves you with a choice:1) Have this thread reopened and the HiJack This log topic deletedOR2) Keep this thread closed and wait for assistance in the HiJack This log forum. Please note that that forum is VERY busy.Please send a Private Message indicating your choice.Assuming you wish assistance in the HiJack This forum, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.Please be patient. It may take a while to get a response because the HJT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possibl... Read more

Read other 1 answers
RELEVANCY SCORE 124.4

Good morning,

I am currently running Windows XP and am having trouble with trojans. After scanning with AVG (free 8.5) last night, I received a warning about several trojan infections. AVG was able to remove all of them but six. These are all Trojan horse BackDoor.Generic11.ZNE They are located in the following files:

C:\WINDOWS\SYSTEM32\rundll32.exe (6068)
C:\WINDOWS\SYSTEM32\svchost.exe (1156)
C:\Program Files\AVG\AVG8\avgscanx.exe (2980)
C:\Program Files\AVG\AVG8\avgui.exe (1544)
C:\Program Files\AVG\AVG8\avgcsrvx (6020)

All these locations are copied directly from the AVG results screen.

The only apparent effect of these trojans is that, once every five minutes or so, a page will open in Internet Explorer to a random advertisement ("find your old classmates," "erectile dysfunction," "hot college girls," and that sort of thing). I have both IE and Firefox on my computer, but I only use Firefox for browsing and nothing that I can see has happened to it. Aside from this, I have observed no changes to my computer or my browsers. In order to prevent the popups, I have disabled the Internet connection on the infected computer, but have taken no other action.

A:Multiple Trojan horse BackDoor.Generic11.ZNE infections

I have a new development. When I run a Google search for anything, I cannot follow the resulting links. I click on a result link and instead of opening it, a new tab opens to a "virus removal" site and the original tab does nothing. This happens only in Firefox. IE will not bring up a search engine at all.

Read other 2 answers
RELEVANCY SCORE 121.6

My computer is infected with the Trojan Horse Patched_c.Jed and Patched_c.JEQ and has been for a little while. After the initial infection I attempted a few rudimentary removal techniques including the Kaspersky removal tool. Kaspersky was able to identify the infection (as is AVG, which notifies me constantly) but both it and AVG are unable to remove the virus. It seems to be situated in my explorer.exe and winlogon.exe files. There are no obvious side effects to infect except that Google searches (as well as other search engines) are redirected to ad sites. I do not know how I contracted this virus. Looking through the only thread I could see on this subject I was not able to find a solution that resolved this for me.

Thank you in advance for your help with this.
DDS (Ver_10-12-12.02) - NTFSx86
Run by andrew at 18:47:21.06 on Sat 12/18/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.318 [GMT -5:00]

AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\... Read more

A:Infected with Trojan Horse Patched_c.JED / Patched_c.JEQ

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic and do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for postin... Read more

Read other 2 answers
RELEVANCY SCORE 121.6

Hello all,I have noticed my computer freezing and going to sites (www.abigaildiets.com) so fat loss site I didnt click, So I installed AVG 8.5 and PC-Tool Spyware docter, they pick up most of the viruses but there were 3 viruses that just wont go away, it detects it, but everytime i start up it picks it up again, as if it was never deleted.The 3 infections are (as detected by AVG Anti-Virus everytime I start up):Virus Identified Packed.NoperTrojan horse Generic14.ZYFTrojan horse SpamBot.wMy HJT is as follows:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:51:31 AM, on 8/25/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\DOCUME~1\WENTAO~1\LOCALS~1\Temp\d .exeC:\DOCUME~1\WENTAO~1\LOCALS~1\Temp\d.exeC:\WINDOWS\msd.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Pr... Read more

A:Multiple Trojans and Virus that just Won't go Away(Virus Identified Packed.Noper--Trojan horse Generic14.ZYF--Trojan horse...

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.We need to create an OTL ReportPlease download OTL from hereSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the "Run Scan" button.The scan should take just a few minutes.Copy the log that opens up and paste it back here in your next reply.=============The next log will show us any hidden files that are present.Download RootRepeal from the following location and save it to your desktop.Direct Download (Recommended)Primary MirrorSecondary MirrorSecondary MirrorSecondary MirrorZip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)
Primary MirrorSecondary MirrorSecondary MirrorRar Mirrors - Only if you know what a RAR is and can extract it.
Primary MirrorSecondary MirrorSecondary MirrorExtract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).Open on your desktop.Click the tab.Click the button.Check all seven boxes: Push OkCheck the box for your main system drive (Usually C:), and press Ok.Allow RootRepeal to run a scan of your system. This may take some time.Once the sc... Read more

Read other 1 answers
RELEVANCY SCORE 121.2

Thanks in advance for your help, it is very appreciated. I accidentally accessed a video file that had a trojan in it. I've tried combofix and sdfix.exe previously and neither have worked. I've tried avg spyware and virus, Malwares, spybot, adaware, and none of them detect or allow me to remove the infection. Please Help!

I Do Not have boot disk, however, I have factory recovery install built into the board...I think I can F8 a boot, maybe?

**I receive a popup every 2 minutes from AVG web shield alert stating "threat detected"

File Name: 91.212.226.178/1inst.exe
File Name: C:\Windows\temp\kxdn.tmp
File Name: C:\Windows\temp\whut.tmp

Threat Name: Trojan Horse Generic15.AVLU

Process Name: C:\Windows\system32\svchost.exe
Process ID: 940

Instructions (DDS) as requested and attached logs:



DDS (Ver_09-10-26.01) - NTFSx86
Run by Owner at 10:48:49.51 on 11/18/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17

============== Running Processes ===============

C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Sprint\Mobile Broadband\SMBAUtilSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\dlcxcoms.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32... Read more

A:Trojan Horse Generic15.AVLU svchost.exe Infecting my XP System - HELP!? Revised

Hi,

i see from your logs ComboFix was run, can you please post the log(s)

You can find them at C:\combofix.txt or C:\qoobox\combofix2.txt, C:\combofix.txt or C:\qoobox\combofix3.txt etc.

Thank-you

Read other 16 answers
RELEVANCY SCORE 120.8

Hi all,

First of I'd like to say that it is very noble of you professionals who volunteer your otherwise precious time in helping out clueless people like me with their computer problems. I'll greatly appreciate any help I can get.

Well the situation is as such, recently I started my new job at a new workplace. And I believe the previous employee went to certain undesirable websites and was not aware of the implications to the computer terminal.

I installed an anti-virus programme (AVG), for safety purposes, and almost instantly it detected these trojan horses in the system.
Trojan horse Lop.4.k
Trojan horse BackDoor.Hupigon3.wyw
As my workplace is an off-site location, I do not have tech support. The computer is also unnaturally laggish in starting programmes. I have tried running AVG both in safe and normal mode but to no avail.

Also, I apologise for not being able to attach the Panda scan log but for some reason this terminal does not allow me to scan it via Panda scan.

Without further ado, here is the DSS log:


Deckard's System Scanner v20071014.68
Run by AdminNUS on 2008-06-10 11:39:03
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 255 MiB (512 MiB recommended).


-- HijackThis (run as AdminNUS.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:39:39 AM, on 10/06/2008
Platform: Windows XP SP2 (W... Read more

Read other answers
RELEVANCY SCORE 118.8

Hello, I'm back with another infection on my parent's computer. They seem to have been infected with what AVG is calling patched_c.JED. It appears to have infected the explorer.exe file. AVG would pop up with an alert every 10-15 seconds, but since the file is whitelisted, nothing could be done. I have disabled the alerts, so I could work without interruption. The only other thing I have noticed that it's doing is redirecting links from google searches in Firefox. Google Chrome does not seem to be affected and they don't use IE. I have run Hitman Pro 3.5, and it did find the infection, but i am wary of having it fix the infection since it is a critical file. The computer is probably a good 8-10 years old and I'm not sure if the disks are still around. Computer is running XP Home w/ SP3. DDS logs attached. Tried running GMER twice, both times it caused the computer to restart before it was finished. When the computer came back on, a message popped up saying the system had recovered from a blue screen error. DDS (Ver_10-03-17.01) - NTFSx86 Run by Owner at 13:56:40.46 on Mon 10/04/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.179 [GMT -7:00]AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS ... Read more

A:Trojan Horse patched_c.JED

Good evening. Take a trip to this webpage for download links and instructions for running Combofix by sUBs.* Please be aware that this tool may require the PC to be rebooted so close any programs you have open before you start. When CF has finished, it will produce a log - C:\ComboFix.txt - copy and paste it into your next reply. Let me know how the PC is behaving.* There are two points to note from the instructions page:1) The Recovery Console.It is recommended that you install this as, in certain circumstances, it may be the difference between a successful repair and a reformat. If you are uncertain as to whether or not you already have the Recovery Console installed, simply run CF and it will prompt you if it does not detect it.CF will complete some, but not all, of it's removal tasks without the installation of the Console so, should you choose not to allow the installation, you may not get the results you hoped for.2) Disabling your Anti-Virus.CF has been the victim of false-positive detections on occasion and a resident AV may incorrectly identify and delete part of the tool which won't do it much good. If you don't disable your AV, you may not get the results you hoped for either.

Read other 10 answers
RELEVANCY SCORE 118.8

i am new and amature about how to remove it manually i try many antiviruses to remover trojan horse patched_c.lxt services. exe in system32 folder, i try to remove it from my AVG internet security but it didnt work and i also try PC TOOL SPYWARE DOCTOR WITH ANTIVIRUS 2012 it can detect the trojan and also removes but after removing when i restart my system it crashes and open in REPAIR MODE and it RESTORE my system and PC TOOL SPYWARE DOCTOR WITH ANTIVIRUS 2012 has been removed from my system and there is no antivirus left installed after it.I have also 1 more problem is that i also download NORTON 360 V6 befre downloading AVG and after some days i uninstall it and stall AVG now when i install PC TOOL SPYWARE DOCTOR WITH ANTIVIRUS 2012 it show me massege that your REAL TIME protection is already found NORTON 360 there and when i find it on my system at at ADD OR REMOVE PROGRAMS there is no NORTON present there. SO i request you to please please help me on this... ;(I am using WINDOWS 7 Home Premium and having same issue like this:[url="http://www.bleepingcomputer.com/forums/topic466087.html"]please guys i want you help please help me.... your help will be highly obliged...

A:trojan horse patched_c.lxt

Please do the following:download Farbar Recovery Scan Tool and save it to a flash drive.Plug the flashdrive into the infected PC.Enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand Prompt[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) ... Read more

Read other 2 answers
RELEVANCY SCORE 118.8

EDIT: Please read second post it's by me too before replying. Thanks for the help again. I found out some answers by doing some research.Hello I have recently been infected with this virus and AVG was able to pick up on it but it can only white-list the services since it is a key component Here are the log files:.DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 10.5.1Run by Hampton Bay Plaza at 11:28:49 on 2012-08-13Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.1975.480 [GMT -4:00].SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\atieclxx.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Program Files\Realtek\Audio\HDA\AERTSr64.exeC:\Windows\system32\svchost.exe -k apphostC:\Prog... Read more

A:Trojan horse Patched_c.LXT

Well after doing some research I saw similar problems with other people. So first I ran frst64, after that I used search to find the different services.exe.Here are the two logs:FRST:Scan result of Farbar Recovery Scan Tool Version: 09-08-2012Ran by SYSTEM at 13-08-2012 14:16:32Running from F:\Windows 7 Professional (X64) OS Language: English(US) The current controlset is ControlSet001========================== Registry (Whitelisted) =============HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [8067616 2009-08-18] (Realtek Semiconductor)HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [166424 2010-04-07] (Intel Corporation)HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [391192 2010-04-07] (Intel Corporation)HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [413720 2010-04-07] (Intel Corporation)HKLM\...\Run: [WrtMon.exe] C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe [20480 2006-09-20] ()HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)HKLM-x32\...\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2009-07-10] (Advanced Micro Devi... Read more

Read other 7 answers
RELEVANCY SCORE 118.8

Hello. Like some others, AVG has detected Trojan Horse Patched_C.LXT on my computer. Noticeable effects are that it redirects my browser sometimes and things just seem slow, in general.

Thank you for your help.

Here are the logs from DDS:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_32
Run by HP at 17:55:42 on 2012-07-28
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8183.4625 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour... Read more

A:Trojan Horse Patched_C.LXT

Hello and welcome to TSF.

The system is infected with what's commonly known as ZeroAccess Rootkit, which can sometimes be very difficult to remove.

This type of infection allows hackers to remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Do not change passwords or do any transactions from the infected computer until it has been cleaned.

Please read this: How Do I Handle Possible Identity Theft, Internet Fraud, and CC Fraud?

Please have your important data backed up before proceeding.

For this infection, formatting and reinstalling may be the only way to to ensure that the system is 100% clean.

If you would like to continue with the cleaning, please continue with the following instructions.

======================

Please note that more than one round may be needed to properly eradicate malware. In co-operation with the cleaning process, please: do not uninstall/install any programs unless asked to do so, to make it easier on us as it is more difficult when files/programs are appearing in/disappearing from the logs;
do not run any tools or scans other tha... Read more

Read other 10 answers
RELEVANCY SCORE 118.8

I am having problems with the Trojan horse patched_c.LXT virus. This has been whitelisted on AVG. It is on my computer in the location of:
C:\windows\system32\services.exe

I have run AVG and cleared some files already and Malwarebytes found 5 infections which I have cleared. I have restarted my computer to clear what I can.

I have access to the installation DVD in an .iso format

Thank you

====================---------------=======================

DDS.txt

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_33
Run by dbcottam at 16:14:49 on 2012-08-03
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.7931.4688 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system... Read more

A:Trojan horse patched_c.LXT

Please do the following:

download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Choose your language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Choose your language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.
On the System Recovery Options menu you will get the following options:Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

Select Command Prompt
In the command window type in notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst.exe (for... Read more

Read other 1 answers
RELEVANCY SCORE 118.8

(c:\windows\system32\services.exe) This is the location (I believe) AVG warns me that it is and that it can't be cleaned, and must be removed manually.
 
I've had this infection for a bit of time now, and have been able to keep it at bay with AVG.  I know that this is only a temporary stall, while said infection multiplies/spreads etc.  I am worried that this stall won't last forever, so I am here for help/guidance involving the removal of this infection and clean out of my computer. 
 
Any and all help will be greatly appreciated, thank you.

A:Trojan horse Patched_c.MIS

Hello astronomic I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the sam... Read more

Read other 34 answers
RELEVANCY SCORE 118.8

It started acting up just recently and I can't get it stay cleaned. AVG says it is resolved but every time I do a restart or open task manager AVG pops it up again.
It has managed to attach itself to services.exe, but resident shield blocks the use of the service......for now.
It has made firefox almost unusable due to all the redirects.
Any help would be greatly appreciated.
 

A:Need help with Trojan horse Patched_c.LXT

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:27:27 PM, on 6/25/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
C:\Program Files\Logitech\G-Series Software\Applets\LCDMedia.exe
C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoCast.exe
C:\Program Files (x86)\Wondershare\MobileGo\MobileGoService.exe
C:\Users\Sean\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Stardock\ObjectDockPlus2\ObjectDock.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\Program Files (x86)\Roxio 2012\5.0\CPMonitor.exe
C:\Program Files (x86)\Roxio 2012\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sean\AppData\Local\Google\Chrom... Read more

Read other 3 answers
RELEVANCY SCORE 118.8

Hi, this is on a computer that I use for working at home and today I'm home, so if this thing goes nuts on me I'm pretty much dead. Backstory: AVG scanned last night and turned up nothing. Today I tried to download a file using uTorrent and things went nuts, saying I had the infection listed in the title. AVG wouldn't heal it or move it to the virus vault. I then ran a scan on my own with AVG and it did return the same results, unlike last night. After the scan was complete it WAS able to move the infected files, but since I have a deadline this afternoon I need to make sure nothing goes nuts on me if at all possible.Here is the hijack this log. I don't know how to read it:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:26:17 PM, on 1/8/2010Platform: Windows Vista SP2 (WinNT 6.00.1906)MSIE: Internet Explorer v8.00 (8.00.6001.18865)Boot mode: NormalRunning processes:C:\Windows\MHotKey.exeC:\Windows\ChiFuncExt.exeC:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exeC:\Program Files\My Lockbox\mylbx.exeC:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exeC:\Program Files (x86)\Steam\Steam.exeC:\Program Files (x86)\AVG\AVG8\avgtray.exeC:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exeC:\Program Files (x86)\Java\jre6\bin\jusched.exeC:\Program Files (x86)\Mozilla Thu... Read more

A:trojan horse Patched_c.CXX

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 118.8

Hello there. My AVG 9.0 has alerted me that I have an infection of "Patched_c.IWO" in c:\windows\system32\wininit.exe. I've run Malware (full, paid version) and no infections are found. AVG is unable to remove the infection because the file is white-listed. Please assist. Thanks!DDS (Ver_10-03-17.01) - NTFSx86 Run by User at 23:53:30.78 on Tue 09/07/2010Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_18Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3071.1789 [GMT -7:00]============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Program Files\Creative\Shared Files\CTAudSvc.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Program Files\Lavasoft\Ad-Aw... Read more

A:Trojan horse Patched_c.IWO

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.We need to create an OTL report,Please downloa... Read more

Read other 26 answers
RELEVANCY SCORE 118.8

So, around 2 days ago i started getting problems with my computer, such as, random pages being opened on my Firefox, weird page redirects, etc, like if i click a link to go to Facebook.com from google it would take me to Racoonrepelent.com or something along the lines of that.. Anyways AVG Resident shield keeps popping up saying im infected with Trojan horse Patched_c.JED. I tryed to fix it with avg and I hit delete viruses and after I restarted my comp and my desktop was gone.. Now I have NO desktop

Ive done some research on it looking on other forums and this one, and found people have been getting the same virus within the last 2 days, so it is a brand new virus apparently.. and it seems to be only people with XP
Im on XP, Service Pack 3..

Anyways here are my DDS scan results

[code=auto:0]
DDS (Ver_10-03-17.01) - NTFSx86
Run by Owner01 at 4:53:04.78 on Sun 10/03/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.702 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin... Read more

A:Trojan horse Patched_c.JED

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

Read other 3 answers
RELEVANCY SCORE 118.8

Hello!

I apologize for not posting this is in the correct location.
I need help removing this threat from my laptop. I have Win7 (32bit) and free AVG. AVG found the threat but could not remove it. It was white listed. I have access to a Windows 7 OS cdrom.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by itadmin at 20:52:19 on 2012-08-06
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3536.1063 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_450b431403c091e3\STacSV.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Program Files\Dell\DW WLAN Card\bc... Read more

A:Trojan horse patched_c.LYU

You have a really nasty rootkit so please be sure to have used a known clean computer to change passwords to all sites. Do not access any sites with this computer until the rootkit has been cleared.
Please do the following:

download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Choose your language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Choose your language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.
On the System Recovery Options menu you will get the following options:Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

Select Command Prompt
In the command window type in notepa... Read more

Read other 19 answers
RELEVANCY SCORE 118.8

A window from avg keeps popping up with a warning saying i have a [COLOR=blue !important][COLOR=blue !important]Trojan[/COLOR][/COLOR] Horse Patched_C.LZI with no option to remove it.
I've attached the requested files from the first steps page.
Any help would be greatly appreciated.
Thank you.

DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Owner at 10:12:11 on 2012-08-16
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.5879.1456 [GMT -5:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: STOPzilla Anti-Spyware *Disabled/Updated* {B2E69928-50DC-94CA-6A80-AAB054008761}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
c:\Program Files (x86)\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logi... Read more

Read other answers
RELEVANCY SCORE 118.8

http://www.bleepingcomputer.com/forums/topic465399.html/page__pid__2807444#entry2807444

My windows\system32\services.exe is infected with Trojan horse patched_c.LYU what can i do to remove it?
I'm running on Windows 7 ultimate.
please help me and thanks
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Alvin Kiang at 16:12:42 on 2012-08-16
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2047.844 [GMT 8:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svcho... Read more

A:Trojan horse patched_c.LYU

Please do the following:download Farbar Recovery Scan Tool and save it to a flash drive.Plug the flashdrive into the infected PC.Enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand Prompt[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) ... Read more

Read other 16 answers
RELEVANCY SCORE 118.8

Hello,

A window from avg keeps popping up with a warning saying i have a Trojan Horse Patched_C.LZI with no option to remove it. Malwarebytes has also detected it, but seems unable to remove it. Also I do not have access to a Windows Install disc, or a Boot CD. Any help and suggestions are very appreciated!

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Administrator at 19:05:12 on 2012-08-05
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.8190.5366 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService... Read more

A:Trojan Horse Patched_C.LZI help!

Hello and welcome to TSF.

I am currently reviewing your post. I will be back with a fix for your problem as soon as possible.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification then click Subscribe.

Please be patient with me during this time.
----------

I see that you have already run ComboFix? Please post the log that was created. It can be found at C:\ComboFix.txt

Read other 13 answers
RELEVANCY SCORE 118.8

As it seems a lot of others have lately, I have been infected by this as well.

The problems I am experiencing are a slowness in web-browsing (I haven't noticed slowness in other areas, but it might be there), redirecting to pages I do not want to go to... So far it's just been redirecting to advertisements. The redirecting usually happens when I use google and click on a link, but also happens as a random new tab that will appear after I type in a web address.

AVG will randomly pop-up with a warning that Trojan Horse Patched_C.LXT has been found in C:/Windows/System32/services.exe



What I have:
I have my Windows 7 OEM System Builder disc that I bought when I built my system.

I run my OS on my 65GB SSD, and use a 1TB and a 250GB HDDs for storage.

What I have done:
Before coming here, I have tried Spybot Search & Destroy, AVG and MalwareBytes.

Questions I have:
If I have my OEM disc, and my Windows is located on my SSD, can I reformat my SSD and still keep all the stuff on my HDD's? Or would I need to wipe those as well?

Thank you in advance!


.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.4.1
Run by Jordan at 9:14:52 on 2012-08-01
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8190.6783 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8... Read more

A:Trojan Horse patched_c.LXT

Hello again, ApocaRUFF.

One or more of the identified infections is a backdoor trojan/rootkit.

This type of infection allows hackers to remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Please refer to Microsoft's Online Safety article for tips on creating a strong password.

Do not change passwords or do any transactions from the infected computer until it has been cleaned.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

Emergency Backup Procedure - Tech Support Forum

------------------------------------------------------

Please download ComboFix and Save it to your Desktop. ... Read more

Read other 19 answers
RELEVANCY SCORE 118.8

Hello, first time posting and first time with what I believe to be a major infection. My AVG free 2012 is telling me that I have been infected with "Trojan horse patched_c.lzi" and that the object is white-listed (critical/system file that should not be removed) From what I've been reading on line, the problem is not gone and my pc is at great risk. Please advise how to proceed as I do not wish to have my pc damaged further.

Thank you so much in advance for any assistance you may have.

Jason.

A:trojan horse patched_c.lzi

from timt to time I get an AVG Residen Shield Alert popup that a threat has been detected!

File Name: c:\windows\system32\services.exe

Threat name: Trojan horse Patched_c.LZI
Detected on open.

it only gives me the option to ignore the threat.

Thanks!

Jason.

Read other 28 answers
RELEVANCY SCORE 118.8

Hi I am new to the site so if you could bare with meI have been infected with trojan horse patched_c.lxt in the services.exe in my system32 folderI am running windows 7 32bit any help in getting rid of this virus will be greatly appreciated

A:Trojan horse patched_c.lxt

Hello and welcome. I moved this from win 7 to the Am I Infected forum.First consider this..One or more of the identified infections is a backdoor trojan.This allows hackers to remotely control your computer, steal critical system information and download and execute files.I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?When Should I Format, How Should I ReinstallWe can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.To clean,,, We need a deeper look. Please go here....Preparation Guide ,do steps 6-9.Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malw... Read more

Read other 1 answers
RELEVANCY SCORE 118.8

Mod Edit: Moved from Vista to Am I Infected, I sse no record of prior post suggesting logs - Hamluis.I'm posting the log from my scan as I was previously instructed to do so......Here it is:22:41:20.0139 9444 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:3222:41:20.0478 9444 ============================================================22:41:20.0478 9444 Current date / time: 2012/07/31 22:41:20.047822:41:20.0478 9444 SystemInfo:22:41:20.0478 9444 22:41:20.0478 9444 OS Version: 6.0.6002 ServicePack: 2.022:41:20.0478 9444 Product type: Workstation22:41:20.0478 9444 ComputerName: FRIZAY222:41:20.0478 9444 UserName: Frizay22:41:20.0478 9444 Windows directory: C:\Windows22:41:20.0478 9444 System windows directory: C:\Windows22:41:20.0478 9444 Running under WOW6422:41:20.0478 9444 Processor architecture: Intel x6422:41:20.0478 9444 Number of processors: 422:41:20.0478 9444 Page size: 0x100022:41:20.0478 9444 Boot type: Normal boot22:41:20.0478 9444 ============================================================22:41:20.0916 9444 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x0000004022:41:20.0916 9444 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x0000004022:41:20.0939 9444 ========... Read more

A:Trojan Horse Patched_c.LZI

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-31 22:57:26
-----------------------------
22:57:26.056 OS Version: Windows x64 6.0.6002 Service Pack 2
22:57:26.056 Number of processors: 4 586 0x203
22:57:26.057 ComputerName: FRIZAY2 UserName: Frizay
22:57:30.842 Initialize success
22:59:06.864 AVAST engine defs: 12073102
23:00:00.133 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000058
23:00:00.136 Disk 0 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 8
23:00:00.138 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000005a
23:00:00.141 Disk 1 Vendor: WDC_WD50 12.0 Size: 476940MB BusType: 8
23:00:00.181 Disk 0 MBR read successfully
23:00:00.184 Disk 0 MBR scan
23:00:00.256 Disk 0 unknown MBR code
23:00:00.259 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 596962 MB offset 63
23:00:00.310 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 13515 MB offset 1222578630
23:00:00.356 Disk 0 scanning C:\Windows\system32\drivers
23:00:11.457 Service scanning
23:00:28.464 Modules scanning
23:00:28.471 Disk 0 trace - called modules:
23:00:28.492 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys storport.sys hal.dll nvstor64.sys
23:00:28.496 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800617d790]
23:00:28.501 3 CLASSPNP.SYS[fffffa600079dc33] -> nt!IofCallDriver -> [0xfffffa8004f8ad30]
23... Read more

Read other 2 answers
RELEVANCY SCORE 118.8

Greetings. My brother is having a small problem with the trojan in the title and I promised I'd help him. We would both appreciate any help. Thank you in advance!

My operating system is Windows 7 Professional Version 6.1 (Build 7601: SP1)

This might not be necessary, but I added the info just in case:
The symptoms I've noticed so far are:

1. AVG Resident Shield constantly alerts me of this, especially when navigating the Task Manager:

And this, a moment ago:

Also, this is the Resident Shield detection History:

Desktop.ini entries were from when I attempted to scan with other anti virus software. AVG asked to remove them, couldn't, couldn't force remove them either and then asked for a restart. I postponed it until after finishing the scans.

Malwarebytes Anti-Malware didn't find anything related to this. It did find some other problems and fixed them.

2. Malwarebytes Anti-Malware does not want to update. I understand that it might be because of the infection.

However, I did manage to update by manually downloading (mbam-rules.exe).

3. Windows Update fails as well.

And Windows Defender seems to hate me too:
I think these are all the symptoms I noticed so far.

Contents of DDS.txt

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by Max Cross at 15:53:54 on 2012-08-22
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8175.5842 [GMT 3:00]
.
AV: AVG Internet Security Busin... Read more

A:trojan horse patched_c.lxt

Hello MaxRavenclaw and welcome to TSG,

I'm kevinf80 and I will be helping with any malware issues you may have with your system.
Please be aware that some of the logs I may ask for can be very complex and can take a long time to decipher. I am a volunteer here with a job and family so I ask that you be patient when waiting for replies.
Please DO NOT run any scans/tools/fixes on your own as this will conflict with the tools we are going to use.
Either print or Save to Notepad all instructions and please follow them carefully, if there's something you don't understand or that will not work please let me know and we will go through it together.
Malware is often buggy and can be very unstable, with that in mind it is advisable to backup any important data before we begin. Go Here and follow the instructions specific for your operating system.

Please proceed as follows :-

Step 1

Close all windows, Select > start icon > all programs > accessories > Right click on "command prompt" > select > Run as administrator > ok any alerts > at the command prompt type or copy and paste sfc /scannow > then tap enter. Type exit Tap enter, re-boot your PC.

***Note the space between sfc and /scannow.

Step 2

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

Link 1
Link 2
Ensure that Combofix is saved directly to the Desktop <--- Very important

Disab... Read more

Read other 3 answers
RELEVANCY SCORE 118.8

My dad watched a you tube video and got infected with this virus. AVG says it is in services.exe and it can not be cleaned or moved to virus vault. While doing an AVG Scan other trojan horse viruses pop up and I am able to clean them.

I am running windows 7 home premium and I am currently scanning with Spybot Seek and Destroy please advise me as to what steps to do to recieve the best help possible.

Ken

A:Trojan Horse Patched_c.lxt

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results hereDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

Read other 2 answers
RELEVANCY SCORE 118.8

Hello,

I am new here and saw a few posts about this particular Trojan. (Trojan Horse Patched_C.lxt , as detected with AVG) Looks like all of the responses to these posts are different, as there is apparently no fix-all solution. This is the only computer issue I have not been able to handle by myself and it is bugging me immensely. Can someone please start me off in the right direction as far as what to do? Thanks.

A:Trojan Horse Patched_C.lxt

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) DownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results hereDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

Read other 5 answers