Over 1 million tech questions and answers.

Infected With Win32.virtumonde/win32.monde/win32.ircbot

Q: Infected With Win32.virtumonde/win32.monde/win32.ircbot

Hello all,Because of my careless actions while using my computer and IM i got infected and now i cant get rid of it. Im getting now ad pop-up's only, and i think i got rid of some infections that came but still there are left a few. I got this infection about a week ago. Computer hasnt been used much after that 'cos i had to go away for a week and didnt have time to try to fix it then. Now i tried to fight with this for a couple of days, but no glorious victory for me here.Kaspersky's online scan report is last in my postIf you have time and knowledge to help me, i would appreciate it.Thanks in advancemain.txt:Deckard's System Scanner v20071014.68Run by Jaybird on 2008-06-07 14:21:17Computer is in Normal Mode.---------------------------------------------------------------------------------- HijackThis (run as Jaybird.exe) ---------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 14:21:28, on 7.6.2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16640)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\ProgramFiles\Symantec Client Security\Symantec AntiVirus\DefWatch.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\PROGRA~2\SYMANT~1\SYMANT~2\VPTray.exeC:\WINDOWS\Mixer.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\WINDOWS\System32\svchost.exeC:\ProgramFiles\Symantec Client Security\Symantec AntiVirus\Rtvscan.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\ProgramFiles\Symantec Client Security\Symantec Client Firewall\SymSPort.exeC:\ProgramFiles\Mozilla Firefox\firefox.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Documents and Settings\Jaybird\Ty?p?yt?\dss.exeC:\DOCUME~1\Jaybird\TYPYT~1\UUSIKA~3\Jaybird.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LinkitO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\ProgramFiles\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {487C9905-26A8-42C8-8033-C58AD3D2AEC3} - C:\WINDOWS\system32\vtUopqNF.dllO2 - BHO: {281255ef-85d7-6baa-ed94-1752889a9ae5} - {5ea9a988-2571-49de-aab6-7d58fe552182} - C:\WINDOWS\system32\iqrfqgoi.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dllO2 - BHO: (no name) - {BAFCE6EE-3803-4AB9-9ECA-203ED2E28193} - C:\WINDOWS\system32\ddcdbXqP.dllO4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [vptray] C:\PROGRA~2\SYMANT~1\SYMANT~2\VPTray.exeO4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startupO4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /autoO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1157990340873O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cabO16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cabO20 - Winlogon Notify: vtUopqNF - C:\WINDOWS\SYSTEM32\vtUopqNF.dllO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeO23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\ProgramFiles\Symantec Client Security\Symantec AntiVirus\DefWatch.exeO23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXEO23 - Service: SAVRoam (SavRoam) - symantec - C:\ProgramFiles\Symantec Client Security\Symantec AntiVirus\SavRoam.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeO23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeO23 - Service: Symantec AntiVirus - Symantec Corporation - C:\ProgramFiles\Symantec Client Security\Symantec AntiVirus\Rtvscan.exeO23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\ProgramFiles\Symantec Client Security\Symantec Client Firewall\SymSPort.exe--End of file - 6505 bytes-- Files created between 2008-05-07 and 2008-06-07 -----------------------------2008-06-07 12:43:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab2008-06-07 12:43:46 0 d-------- C:\WINDOWS\system32\Kaspersky Lab2008-06-07 12:43:43 0 d-------- C:\WINDOWS\LastGood2008-06-07 11:53:47 108544 --a------ C:\WINDOWS\system32\iqrfqgoi.dll2008-06-06 19:07:18 0 d-------- C:\WINDOWS\pss2008-06-01 19:35:08 0 d-------- C:\Documents and Settings\J?rjestelm?nvalvoja\Application Data\Opera2008-06-01 19:34:55 0 d-------- C:\Documents and Settings\J?rjestelm?nvalvoja\Application Data\Adobe2008-06-01 19:34:44 0 d-------- C:\Documents and Settings\J?rjestelm?nvalvoja\Omat tiedostot2008-06-01 19:32:20 0 d--h----- C:\Documents and Settings\J?rjestelm?nvalvoja\Verkkoymp?rist?2008-06-01 19:32:20 0 d-------- C:\Documents and Settings\J?rjestelm?nvalvoja\Ty?p?yt?2008-06-01 19:32:20 0 d--h----- C:\Documents and Settings\J?rjestelm?nvalvoja\Tulostinymp?rist?2008-06-01 19:32:20 0 d-------- C:\Documents and Settings\J?rjestelm?nvalvoja\Suosikit2008-06-01 19:32:20 0 dr-h----- C:\Documents and Settings\J?rjestelm?nvalvoja\SendTo2008-06-01 19:32:20 0 d--h----- C:\Documents and Settings\J?rjestelm?nvalvoja\Recent2008-06-01 19:32:20 524288 --ah----- C:\Documents and Settings\J?rjestelm?nvalvoja\NTUSER.DAT2008-06-01 19:32:20 0 d--h----- C:\Documents and Settings\J?rjestelm?nvalvoja\Mallit2008-06-01 19:32:20 0 d--h----- C:\Documents and Settings\J?rjestelm?nvalvoja\Local Settings2008-06-01 19:32:20 0 dr------- C:\Documents and Settings\J?rjestelm?nvalvoja\K?ynnist?-valikko2008-06-01 19:32:20 0 d--hs---- C:\Documents and Settings\J?rjestelm?nvalvoja\Cookies2008-06-01 19:32:20 0 dr-h----- C:\Documents and Settings\J?rjestelm?nvalvoja\Application Data2008-06-01 19:32:20 0 d---s---- C:\Documents and Settings\J?rjestelm?nvalvoja\Application Data\Microsoft2008-06-01 19:32:20 0 d-------- C:\Documents and Settings\J?rjestelm?nvalvoja\Application Data\Apple Computer2008-06-01 16:55:59 385087 --ahs---- C:\WINDOWS\system32\PqXbdcdd.ini22008-06-01 16:55:37 373248 --a------ C:\WINDOWS\system32\ddcdbXqP.dll2008-06-01 16:51:29 57344 --a------ C:\WINDOWS\system32\iiffFxWP.dll2008-06-01 16:50:24 57344 --a------ C:\WINDOWS\system32\vtUopqNF.dll2008-05-31 16:18:15 0 dr------- C:\Documents and Settings\LocalService\Suosikit2008-05-31 16:12:07 0 d-------- C:\Documents and Settings\Default User\Application Data\Apple Computer2008-05-31 16:02:39 0 d--h----- C:\WINDOWS\PIF2008-05-31 16:01:20 86512 -r-hs---- C:\WINDOWS\service.exe2008-05-09 17:09:32 0 d-------- C:\Documents and Settings\Jaybird\Application Data\InfraRecorder-- Find3M Report ---------------------------------------------------------------2008-06-07 12:02:31 40 --a------ C:\WINDOWS\system32\profile.dat2008-06-06 12:17:13 0 d-------- C:\Program Files\Common Files\Symantec Shared2008-05-21 23:38:52 0 d-------- C:\Documents and Settings\Jaybird\Application Data\uTorrent2008-03-30 11:28:08 354486 --a------ C:\WINDOWS\system32\perfh00B.dat2008-03-30 11:28:08 64812 --a------ C:\WINDOWS\system32\perfc00B.dat-- Registry Dump ---------------------------------------------------------------*Note* empty entries & legit default entries are not shown[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{487C9905-26A8-42C8-8033-C58AD3D2AEC3}]01.06.2008 16:50 57344 --a------ C:\WINDOWS\system32\vtUopqNF.dll[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5ea9a988-2571-49de-aab6-7d58fe552182}]07.06.2008 11:53 108544 --a------ C:\WINDOWS\system32\iqrfqgoi.dll[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BAFCE6EE-3803-4AB9-9ECA-203ED2E28193}]01.06.2008 16:55 373248 --a------ C:\WINDOWS\system32\ddcdbXqP.dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [24.03.2006 17:14]"vptray"="C:\PROGRA~2\SYMANT~1\SYMANT~2\VPTray.exe" [15.06.2006 01:40]"C-Media Mixer"="Mixer.exe" [15.10.2002 18:00 C:\WINDOWS\mixer.exe]"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [15.09.2004 02:12][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [15.09.2004 02:12][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]"{487C9905-26A8-42C8-8033-C58AD3D2AEC3}"= C:\WINDOWS\system32\vtUopqNF.dll [01.06.2008 16:50 57344][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtUopqNF] vtUopqNF.dll 01.06.2008 16:50 57344 C:\WINDOWS\system32\vtUopqNF.dll[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ddcdbXqP[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]@="Service"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]@="Volume shadow copy"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^K?ynnist?-valikko^Ohjelmat^K?ynnistys^Adobe Reader Speed Launch.lnk]path=C:\Documents and Settings\All Users\K?ynnist?-valikko\Ohjelmat\K?ynnistys\Adobe Reader Speed Launch.lnkbackup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^K?ynnist?-valikko^Ohjelmat^K?ynnistys^Microsoft Office.lnk]path=C:\Documents and Settings\All Users\K?ynnist?-valikko\Ohjelmat\K?ynnistys\Microsoft Office.lnkbackup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMc7896ca3]Rundll32.exe "C:\WINDOWS\system32\ydumujnj.dll",s[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c4ba5f3f]rundll32.exe "C:\WINDOWS\system32\slkkbvnb.dll",b[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]RunDll32 cmicnfg.cpl,CMICtrlWnd[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]C:\WINDOWS\System32\CTFMON.EXE[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]"C:\ProgramFiles\DAEMON Tools\daemon.exe" -lang 1033[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]"C:\ProgramFiles\iTunes\iTunesHelper.exe"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]C:\ProgramFiles\Logitech\Video\ISStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]C:\ProgramFiles\Logitech\Video\LogiTray.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]C:\WINDOWS\system32\LVCOMSX.EXE[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]"C:\Program Files\MSN Messenger\msnmsgr.exe" /background[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]C:\WINDOWS\system32\NeroCheck.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]"C:\Program Files\QuickTime\qttask.exe" -atboottime[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]"C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]C:\Program Files\Windows Media Player\WMPNSCFG.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]C:\ProgramFiles\Logitech\iTouch\iTouch.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]"WMPNetworkSvc"=2 (0x2)"usnjsvc"=3 (0x3)"ISSVC"=2 (0x2)"iPod Service"=3 (0x3)[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-81CX1C635612}]C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe-- End of Deckard's System Scanner: finished at 2008-06-07 14:22:42 ------------extra.txt (not from the same scan)Deckard's System Scanner v20071014.68Extra logfile - please post this as an attachment with your post.---------------------------------------------------------------------------------- System Information ----------------------------------------------------------Microsoft Windows XP Home Edition (build 2600) SP 2.0Architecture: X86; Language: Other (040B) - see http://preview.tinyurl.com/mhhp6CPU 0: Intel? Pentium? 4 CPU 2.40GHzPercentage of Memory in Use: 64%Physical Memory (total/avail): 511.53 MiB / 179.63 MiBPagefile Memory (total/avail): 1249.73 MiB / 775.13 MiBVirtual Memory (total/avail): 2047.88 MiB / 1934.67 MiBA: is Removable (No Media)C: is Fixed (NTFS) - 19.59 GiB total, 4.09 GiB free. D: is CDROM (No Media)E: is CDROM (No Media)F: is Fixed (NTFS) - 37.68 GiB total, 5.53 GiB free. G: is CDROM (No Media)H: is CDROM (No Media)\\.\PHYSICALDRIVE0 - Maxtor 6Y060L0 - 57.27 GiB - 2 partitions \PARTITION0 (bootable) - Asennettava tiedostoj?rjestelm? - 19.59 GiB - C: \PARTITION1 - Asennettava tiedostoj?rjestelm? - 37.68 GiB - F:-- Security Center -------------------------------------------------------------AUOptions is set to notify before install.Windows Internal Firewall is disabled.FirewallDisableNotify is set.FW: Symantec Client Firewall v8.7.4.79 (Symantec Corporation)AV: Symantec AntiVirus Corporate Edition v10.1.4.4000 (Symantec Corporation)[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019""%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000""C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1""C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019""C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger""C:\\Documents and Settings\\Jaybird\\Ty?p?yt?\\utorrent.exe"="C:\\Documents and Settings\\Jaybird\\Ty?p?yt?\\utorrent.exe:*:Enabled:?Torrent""%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000""C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1""C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)""C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype""C:\\ProgramFiles\\iTunes\\iTunes.exe"="C:\\ProgramFiles\\iTunes\\iTunes.exe:*:Enabled:iTunes"-- Environment Variables -------------------------------------------------------ALLUSERSPROFILE=C:\Documents and Settings\All UsersAPPDATA=C:\Documents and Settings\Jaybird\Application DataCLIENTNAME=ConsoleCommonProgramFiles=C:\Program Files\Common FilesCOMPUTERNAME=JUHOComSpec=C:\WINDOWS\system32\cmd.exeFP_NO_HOST_CHECK=NOHOMEDRIVE=C:HOMEPATH=\Documents and Settings\JaybirdLOGONSERVER=\\JUHONUMBER_OF_PROCESSORS=1OS=Windows_NTPath=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\ProgramFiles\SSH Communications Security\SSH Secure ShellPATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSHPROCESSOR_ARCHITECTURE=x86PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 4, GenuineIntelPROCESSOR_LEVEL=15PROCESSOR_REVISION=0204ProgramFiles=C:\Program FilesPROMPT=$P$GSESSIONNAME=ConsoleSystemDrive=C:SystemRoot=C:\WINDOWSTEMP=C:\DOCUME~1\Jaybird\LOCALS~1\TempTMP=C:\DOCUME~1\Jaybird\LOCALS~1\TempUSERDOMAIN=JUHOUSERNAME=JaybirdUSERPROFILE=C:\Documents and Settings\Jaybirdwindir=C:\WINDOWS-- User Profiles ---------------------------------------------------------------Jaybird (admin)J?rjestelm?nvalvoja (admin)-- Add/Remove Programs --------------------------------------------------------- --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.infAdobe Flash Player 9 --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exeAdobe Reader 7.0.8 - Suomi --> MsiExec.exe /I{AC76BA86-7AD7-1035-7B44-A70800000002}Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.logAhead Nero Burning ROM --> C:\ProgramFiles\Nero\nero\uninstall\UNNERO.exe /UNINSTALLApple Software Update --> MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5}ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,[email protected] -force_restart -flags:0x2010001 -inf_class:DISPLAY -cleanC-Media WDM Audio Driver --> C:\WINDOWS\system32\cmirmdrv.exeCanon i560 --> C:\WINDOWS\system32\CNMCP58.exe "-PRINTERNAMECanon i560" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon i560 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon i560 Installer\Inst2\cnmi040b.dll"CompuApps SwissKnife V3 --> C:\WINDOWS\ISUNINST.EXE -fc:\programfiles\SKUninst.ISU -cc:\programfiles\SKUNINST.DLLDC++ 0.691 --> "C:\ProgramFiles\DC++\uninstall.exe"DFX for Winamp --> "C:\ProgramFiles\Winamp\uninstall_dfx.exe"FreeUndelete --> C:\ProgramFiles\FreeUndelete\GLF58.exe /handle:fruHijackThis 2.0.2 --> "C:\Documents and Settings\Jaybird\Ty?p?yt?\HijackThis.exe" /uninstallHotfix-p?ivitys Windows XP:lle (KB914440) --> "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"Ifi Tilausohjelma 3.5 --> C:\ProgramFiles\Ifi\OrderClient35\Uninstall.exeInFlac 1.1.1 --> "C:\ProgramFiles\Winamp\InFlac-Uninstall.exe"iTunes --> MsiExec.exe /I{3592F5CB-B524-43AA-92F2-2377268199CC}J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}K-Lite Codec Pack 2.77 Full --> "C:\ProgramFiles\K-Lite Codec Pack\unins000.exe"Labtec WebCam Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BF45F502-D3F2-4E7C-91D8-9AA5A8141D08}\setup.exe" -l0x9 Labtec? Camera -ohjain --> "C:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPTLaCie Backup Software v1.5.2378 --> MsiExec.exe /I{5967A03E-3B74-4DF1-B591-2D89CA26BDC9}LiveUpdate 3.0 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /ULogitech iTouch Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{036AA4D4-6D32-11D4-9875-00105ACE7734}\Setup.exe" -l0x9 UNINSTALLMedal of Honor Allied Assault --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DEA94ED-915A-4834-A87E-388D012C8E02}\Setup.exe" -l0x9 Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"Microsoft Office XP Standard opiskelijoille ja opettajille --> MsiExec.exe /I{913D040B-6000-11D3-8CFE-0050048383C9}Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA8}Mozilla Firefox (1.5) --> C:\ProgramFiles\uninstall\uninstall.exe /ua "1.5 (fi)"Mozilla Firefox (2.0.0.14) --> C:\ProgramFiles\Mozilla Firefox\uninstall\helper.exeMozilla Thunderbird (1.5) --> C:\ProgramFiles\Mozilla Thunderbird\uninstall\uninstall.exe /ua "1.5 (fi)"OpenOffice.org 2.0 --> MsiExec.exe /I{686BB230-DE5B-44F4-8DB0-4F9BEE7310F7}Opera 9.01 --> MsiExec.exe /X{0049F6AE-4FE2-4C43-A039-60FCE98A1986}PCI Audio Driver --> cmuninst.exePeerGuardian 2.0 --> "C:\ProgramFiles\PeerGuardian2\unins000.exe"PixDiscount --> "C:\ProgramFiles\PixDiscount\uninstall.exe"P?ivitys Windows XP:lle (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"P?ivitys Windows XP:lle (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"P?ivitys Windows XP:lle (KB904942) --> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"P?ivitys Windows XP:lle (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"P?ivitys Windows XP:lle (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"P?ivitys Windows XP:lle (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"P?ivitys Windows XP:lle (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"P?ivitys Windows XP:lle (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"P?ivitys Windows XP:lle (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"P?ivitys Windows XP:lle (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"P?ivitys Windows XP:lle (KB929338) --> "C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"P?ivitys Windows XP:lle (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"P?ivitys Windows XP:lle (KB931836) --> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"P?ivitys Windows XP:lle (KB932823-v3) --> "C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"P?ivitys Windows XP:lle (KB933360) --> "C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"P?ivitys Windows XP:lle (KB936357) --> "C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"P?ivitys Windows XP:lle (KB938828) --> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"P?ivitys Windows XP:lle (KB942763) --> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"QuickTime --> MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328}Recognise --> C:\Program Files\Noigroup\Recognise\1.0\uninstaller.exeSkype 2.5 --> "C:\Program Files\Skype\Phone\unins000.exe"SSH Secure Shell --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}\Setup.exe" Suojausp?ivitys ohjelmistolle Windows XP (KB923689) --> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"Suojausp?ivitys ohjelmistolle Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"Suojausp?ivitys Windows XP:lle (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"Suojausp?ivitys Windows XP:lle (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"Suojausp?ivitys Windows XP:lle (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"Suojausp?ivitys Windows XP:lle (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"Suojausp?ivitys Windows XP:lle (KB896424) --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"Suojausp?ivitys Windows XP:lle (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"Suojausp?ivitys Windows XP:lle (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"Suojausp?ivitys Windows XP:lle (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"Suojausp?ivitys Windows XP:lle (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"Suojausp?ivitys Windows XP:lle (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"Suojausp?ivitys Windows XP:lle (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"Suojausp?ivitys Windows XP:lle (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"Suojausp?ivitys Windows XP:lle (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"Suojausp?ivitys Windows XP:lle (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"Suojausp?ivitys Windows XP:lle (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"Suojausp?ivitys Windows XP:lle (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"Suojausp?ivitys Windows XP:lle (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"Suojausp?ivitys Windows XP:lle (KB911567) --> "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"Suojausp?ivitys Windows XP:lle (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"Suojausp?ivitys Windows XP:lle (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"Suojausp?ivitys Windows XP:lle (KB913433) --> C:\WINDOWS\System32\MacroMed\Flash\genuinst.exe C:\WINDOWS\System32\MacroMed\Flash\KB913433.infSuojausp?ivitys Windows XP:lle (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"Suojausp?ivitys Windows XP:lle (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"Suojausp?ivitys Windows XP:lle (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"Suojausp?ivitys Windows XP:lle (KB917159) --> "C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"Suojausp?ivitys Windows XP:lle (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"Suojausp?ivitys Windows XP:lle (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"Suojausp?ivitys Windows XP:lle (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"Suojausp?ivitys Windows XP:lle (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"Suojausp?ivitys Windows XP:lle (KB918899) --> "C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"Suojausp?ivitys Windows XP:lle (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"Suojausp?ivitys Windows XP:lle (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"Suojausp?ivitys Windows XP:lle (KB920214) --> "C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"Suojausp?ivitys Windows XP:lle (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"Suojausp?ivitys Windows XP:lle (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"Suojausp?ivitys Windows XP:lle (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"Suojausp?ivitys Windows XP:lle (KB921398) --> "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"Suojausp?ivitys Windows XP:lle (KB921503) --> "C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"Suojausp?ivitys Windows XP:lle (KB921883) --> "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"Suojausp?ivitys Windows XP:lle (KB922616) --> "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"Suojausp?ivitys Windows XP:lle (KB922760) --> "C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"Suojausp?ivitys Windows XP:lle (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"Suojausp?ivitys Windows XP:lle (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"Suojausp?ivitys Windows XP:lle (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"Suojausp?ivitys Windows XP:lle (KB923694) --> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"Suojausp?ivitys Windows XP:lle (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"Suojausp?ivitys Windows XP:lle (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"Suojausp?ivitys Windows XP:lle (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"Suojausp?ivitys Windows XP:lle (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"Suojausp?ivitys Windows XP:lle (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"Suojausp?ivitys Windows XP:lle (KB925486) --> "C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"Suojausp?ivitys Windows XP:lle (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"Suojausp?ivitys Windows XP:lle (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"Suojausp?ivitys Windows XP:lle (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"Suojausp?ivitys Windows XP:lle (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"Suojausp?ivitys Windows XP:lle (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"Suojausp?ivitys Windows XP:lle (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"Suojausp?ivitys Windows XP:lle (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"Suojausp?ivitys Windows XP:lle (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"Suojausp?ivitys Windows XP:lle (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"Suojausp?ivitys Windows XP:lle (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"Suojausp?ivitys Windows XP:lle (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"Suojausp?ivitys Windows XP:lle (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"Suojausp?ivitys Windows XP:lle (KB933729) --> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"Suojausp?ivitys Windows XP:lle (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"Suojausp?ivitys Windows XP:lle (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"Suojausp?ivitys Windows XP:lle (KB936021) --> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"Suojausp?ivitys Windows XP:lle (KB938829) --> "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"Suojausp?ivitys Windows XP:lle (KB941202) --> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"Suojausp?ivitys Windows XP:lle (KB941568) --> "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"Suojausp?ivitys Windows XP:lle (KB941644) --> "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"Suojausp?ivitys Windows XP:lle (KB941693) --> "C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"Suojausp?ivitys Windows XP:lle (KB943055) --> "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"Suojausp?ivitys Windows XP:lle (KB943460) --> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"Suojausp?ivitys Windows XP:lle (KB943485) --> "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"Suojausp?ivitys Windows XP:lle (KB944653) --> "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"Suojausp?ivitys Windows XP:lle (KB945553) --> "C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"Suojausp?ivitys Windows XP:lle (KB946026) --> "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"Suojausp?ivitys Windows XP:lle (KB948590) --> "C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"Suojausp?ivitys Windows XP:lle (KB948881) --> "C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"Suojausp?ivitys Windows XP:lle (KB950749) --> "C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"Symantec Client Security --> MsiExec.exe /I{C20729A4-C8C2-4DE3-94BE-5E3A2E9EFB63}Top Gear Screen Saver --> C:\WINDOWS\system32\Top Gear.scr /uUnreal Tournament 2004 Demo --> C:\ProgramFiles\UT2004Demo\System\Setup.exe uninstall "UT2004-Demo"Winamp (remove only) --> "C:\ProgramFiles\Winamp\UninstWA.exe"Windows Live Messenger --> MsiExec.exe /I{DF6FEB75-A0D1-44E5-A754-0072D4967734}Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"WinRAR-pakkausohjelma --> C:\ProgramFiles\WinRAR\uninstall.exeYahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe-- Application Event Log -------------------------------------------------------Event Record #/Type14092 / ErrorEvent Submitted/Written: 06/06/2008 00:22:20 PMEvent ID/Source: 1000 / Application ErrorEvent Description:Virhesovellus hijackthis.exe, versio 2.0.0.2, moduuli ddcdbxqp.dll, versio 0.0.0.0, osoite 0x00062ee3.K?sitell?n mediakohtaista tapahtumaa: [hijackthis.exe!ws!]Event Record #/Type14091 / ErrorEvent Submitted/Written: 06/06/2008 00:22:10 PMEvent ID/Source: 1000 / Application ErrorEvent Description:Virhesovellus hijackthis.exe, versio 2.0.0.2, moduuli ddcdbxqp.dll, versio 0.0.0.0, osoite 0x00062ee3.K?sitell?n mediakohtaista tapahtumaa: [hijackthis.exe!ws!]Event Record #/Type14090 / ErrorEvent Submitted/Written: 06/06/2008 00:21:36 PMEvent ID/Source: 1000 / Application ErrorEvent Description:Virhesovellus hijackthis.exe, versio 2.0.0.2, moduuli ddcdbxqp.dll, versio 0.0.0.0, osoite 0x00062ee3.K?sitell?n mediakohtaista tapahtumaa: [hijackthis.exe!ws!]Event Record #/Type14085 / WarningEvent Submitted/Written: 06/06/2008 11:13:06 AMEvent ID/Source: 42 / Symantec AntiVirusEvent Description:Auto-Protect Error: Auto-Protect is unable to block security risks.Event Record #/Type14084 / WarningEvent Submitted/Written: 06/06/2008 11:13:06 AMEvent ID/Source: 42 / Symantec AntiVirusEvent Description:Auto-Protect Error: Auto-Protect is unable to block security risks.-- Security Event Log ----------------------------------------------------------No Errors/Warnings found.-- System Event Log ------------------------------------------------------------Event Record #/Type21087 / ErrorEvent Submitted/Written: 06/06/2008 11:17:07 AMEvent ID/Source: 7023 / Service Control ManagerEvent Description:Palvelu Tietokoneiden selaus lopetettiin virheen takia. Virhe: %%1460Event Record #/Type21066 / ErrorEvent Submitted/Written: 06/05/2008 11:17:00 PMEvent ID/Source: 10005 / DCOMEvent Description:DCOM vastaanotti virheen "%%1084" yritt?ess?n k?ynnist? palvelun EventSystem argumenteilla ""suorittaakseen palvelinosan: {1BE1F766-5536-11D1-B726-00C04FB926AF}Event Record #/Type21065 / ErrorEvent Submitted/Written: 06/05/2008 06:14:04 PMEvent ID/Source: 7026 / Service Control ManagerEvent Description:Seuraava k?ynnistys- tai j?rjestelm?k?ynnistysohjain ei latautunut: AFDeeCtrlFipsintelppmIPSecMRxSmbNetBIOSNetBTRasAcdRdbssSAVRTSAVRTPELSPBBCDrvSYMTDITcpipEvent Record #/Type21064 / ErrorEvent Submitted/Written: 06/05/2008 06:14:04 PMEvent ID/Source: 7001 / Service Control ManagerEvent Description:Palvelu IPSEC-palvelut on riippuvainen palvelusta IPSEC-ohjain, jonka k?ynnistyminen ep?onnistui virheen vuoksi: %%31Event Record #/Type21063 / ErrorEvent Submitted/Written: 06/05/2008 06:14:04 PMEvent ID/Source: 7001 / Service Control ManagerEvent Description:Palvelu TCP/IP NetBIOS Helper on riippuvainen palvelusta AFD Networking Support -ymp?rist?, jonka k?ynnistyminen ep?onnistui virheen vuoksi: %%31-- End of Deckard's System Scanner: finished at 2008-06-06 12:42:15 ------------Kaspersky's online scan report:KASPERSKY ONLINE SCANNER REPORT Saturday, June 07, 2008 2:15:58 PMOperating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)Kaspersky Online Scanner version: 5.0.98.0Kaspersky Anti-Virus database last update: 7/06/2008Kaspersky Anti-Virus database records: 836606Scan SettingsScan using the following antivirus database extendedScan Archives trueScan Mail Bases trueScan Target My ComputerA:\C:\D:\E:\F:\G:\H:\ Scan StatisticsTotal number of scanned objects 52269Number of viruses found 4Number of infected objects 9Number of suspicious objects 0Duration of the scan process 01:03:24Infected Object Name Virus Name Last ActionC:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Confid.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Content.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Privacy.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Restrict.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\WebHist.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DBC0001\4DFFFF19.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.yba skipped C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Client Firewall\System.log Object is locked skipped C:\Documents and Settings\Jaybird\Application Data\Mozilla\Firefox\Profiles\xiqyrgvs.default\cert8.db Object is locked skipped C:\Documents and Settings\Jaybird\Application Data\Mozilla\Firefox\Profiles\xiqyrgvs.default\history.dat Object is locked skipped C:\Documents and Settings\Jaybird\Application Data\Mozilla\Firefox\Profiles\xiqyrgvs.default\key3.db Object is locked skipped C:\Documents and Settings\Jaybird\Application Data\Mozilla\Firefox\Profiles\xiqyrgvs.default\parent.lock Object is locked skipped C:\Documents and Settings\Jaybird\Application Data\Mozilla\Firefox\Profiles\xiqyrgvs.default\search.sqlite Object is locked skipped C:\Documents and Settings\Jaybird\Application Data\Mozilla\Firefox\Profiles\xiqyrgvs.default\urlclassifier2.sqlite Object is locked skipped C:\Documents and Settings\Jaybird\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Jaybird\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped C:\Documents and Settings\Jaybird\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Jaybird\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Jaybird\Local Settings\Application Data\Mozilla\Firefox\Profiles\xiqyrgvs.default\Cache\_CACHE_001_ Object is locked skipped C:\Documents and Settings\Jaybird\Local Settings\Application Data\Mozilla\Firefox\Profiles\xiqyrgvs.default\Cache\_CACHE_002_ Object is locked skipped C:\Documents and Settings\Jaybird\Local Settings\Application Data\Mozilla\Firefox\Profiles\xiqyrgvs.default\Cache\_CACHE_003_ Object is locked skipped C:\Documents and Settings\Jaybird\Local Settings\Application Data\Mozilla\Firefox\Profiles\xiqyrgvs.default\Cache\_CACHE_MAP_ Object is locked skipped C:\Documents and Settings\Jaybird\Local Settings\Sivuhistoria\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Jaybird\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped C:\Documents and Settings\Jaybird\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Jaybird\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Jaybird\NTUSER.DAT.LOG Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Sivuhistoria\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Program Files\Common Files\Symantec Shared\eengine\EPERSIST.DAT Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg2.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMNot.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMReg.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMRSt.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped C:\ProgramFiles\Symantec Client Security\Symantec AntiVirus\SAVRT\0144NAV~.TMP Object is locked skipped C:\ProgramFiles\Symantec Client Security\Symantec AntiVirus\SAVRT\0656NAV~.TMP Object is locked skipped C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe Infected: Backdoor.Win32.IRCBot.dhh skipped C:\RECYCLER\S-1-5-21-602162358-746137067-725345543-1004\Dc2.dll Infected: Trojan.Win32.Monder.gen skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{C79E0631-5FF4-4584-AC0D-D683E59C67A1}\RP1\A0000023.exe Infected: Backdoor.Win32.IRCBot.dhh skipped C:\System Volume Information\_restore{C79E0631-5FF4-4584-AC0D-D683E59C67A1}\RP1\A0000024.com Infected: Backdoor.Win32.IRCBot.dhh skipped C:\System Volume Information\_restore{C79E0631-5FF4-4584-AC0D-D683E59C67A1}\RP1\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\service.exe Infected: Backdoor.Win32.IRCBot.dhh skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edbtmp.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\ddcdbXqP.dll Infected: Trojan.Win32.Monder.gen skipped C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\iiffFxWP.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.wwr skipped C:\WINDOWS\system32\profile.dat Object is locked skipped C:\WINDOWS\system32\vtUopqNF.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.wwr skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped Scan process completed.

RELEVANCY SCORE 200
Preferred Solution: Infected With Win32.virtumonde/win32.monde/win32.ircbot

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Infected With Win32.virtumonde/win32.monde/win32.ircbot

Hello Jay-EM and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download Malwarebytes' Anti-Malware from Here or HereDoubleclick mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply along with a fresh HijackThis log.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.3. Please visit this webpage for instructions for downloading and running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease ensure you read this guide carefully and install the Recovery Console first.The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you .In the event you already have Combofix, delete your current version and download the latest version as described in the tutorial.It must be saved directly to your desktop.Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. If you have any questions along the way, STOP and ask them before proceeding !!Greetings,Thunder

Read other 2 answers
RELEVANCY SCORE 141.6

My Avast antivirus recently started detecting a whole host of viruses. I ran a thorough scan of all files and deleted every infected file until the scanner turned up a hit in the operating memory. It then suggested I run a boot sector scan - I did so. Upon rebooting Avast started detecting more viruses. This time I rebooted into Safe Mode and ran the scanner there, deleting everything I found. Apparently one of the files I deleted was important, because after that my computer Blue-Screened during boot-up and I had to do a system restore to a save point from a few days ago (before the virus was contracted). Since then the virus has continued to crop up, and I haven't the foggiest notion of how to get rid of it.

The title is a list of the virus descriptions that my Avast scanner gave me. I ran all the programs the walkthrough on this site instructed me to, but the RootRepeal program crashed and generated an error message and crash report, both attached (error message in .png image format - I took a screenshot of it).

Thanks for your help!

__________________________________________________________________________________
DDS (Ver_09-12-01.01) - NTFSx86
Run by Bryan at 18:56:06.09 on Wed 12/02/2009
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3070.1546 [GMT -5:00]
============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32&... Read more

A:Infected with js: downloader-FT Win32:Banload-GLR Win32:Malware-gen Win32:Refpron-AW Win32:Rootkit-gen Win32:VB-NWC

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 3 answers
RELEVANCY SCORE 136.8

Hi,Please help me in getting rid of the pop ups which keep coming up.trojan downloader win32 agent bqtrojan clicker win32 tiny htrojan spy win32 key logger.aatrojan spy win32 green screentrojan spy html bankfraud.dqHijakThis log file.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 15:00:40, on 9/8/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Hewlett-Pac... Read more

A:Infected With Trojan Clicker Win32 Tiny.h / Downloader Win32 Agent Bq / Spy Win32 Key Logger.aa/spy Win32 Green Screen / Html B...

Sorry for the delay. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:Preparation Guide For Use Before Posting A Hijackthis LogPlease also post the problems you are having.

Read other 1 answers
RELEVANCY SCORE 136.4

Hello,My computer became infected last night, and It's pretty bad. I became infected with Infected: Trojan:Win32/Alureon.BT, Win32:Jifas-CY, and the others listed (maybe more). Long story short, I'd just watched Harry Potter on dvd, and logged onto the computer to see who he married in the end. I ended up at a Harry Potter encyclipdiea website, and looked it up. Avast went nuts after a few minutes, and showed 4 different virus alerts, and Windows Defender showed 1 as well after I shut down.The virus listed by Defender was Trojan:Win32/Alureon.BT. Avast listed Win32:Jifas-CY, I didn't get the others in time.The last 2 I listed in the title, a "security center alert" claimed it detected these programs trying to acess the internet. It listed one more, but I didn't get it's name in time.I know Alureon is a downloader and backdoor for other viruses, and it basically shuts down security systems, which it's trying to do since windows now thinks I have no anti-virus installed.All of these trojans are listed as "server" and "high risk." I'm not sure a root kit didn't try to make it's way in too.EDIT: I wanted to add a few things in. First, I have XP SP3 set up with multiple accouts, one admin "owner" account and then 1 limited access "user" account. The Viruses came in while the user account was logged on (I am not dumb enough to connect to the internet with an admin account). It seems the Viruses we... Read more

A:Infected: Trojan:Win32/Alureon.BT, Win32:Jifas-CY, Backdoor.Win32.Kbot.al, Net-Worm.Win32.Mytob.t

Hello again.I booted into Safe Mode and ran an Avast scan (which took forever) and it was a waste of time. The stupid thing found nothing wrong, and said the system was clean (which is the opposite it says when you log into the limited user account). The computer (and specially that account at least) is definitely infected. Could the viruses be hiding themselves when in safe mode?Should I scan from a Pre-install environment like BartPE? Or from the Regular "Owner" Admin account? I waited 2 days for the stupid program to scan 700gb (painfully slow for a qaud core, though to be excepted in safe mode), and it was useless.Other than running windows defender (which I'm doing now), and maybe trying MBAM, I'm not sure what to do. I'm not expect enough to dive into programs like OTViewIT and Combofix, so I'll need help here. Please, ANY HELP is appreciated. I would rather NOT wipe the drive and reinstall the whole system, but I need to get this figured out.Does no one have any ideas???

Read other 5 answers
RELEVANCY SCORE 134

Hello,Please help if you can .I ran free Avast! version 5.0.677 on my Windows XP desktop computer (Pentium 4, 1.5 Ghz CPU, 1 gb ram), and came up with the following virus warnings. Unfortunately the Avast! software internal tools to remove it are grayed out and not functioning. I tried a couple of things to remove viruses from help online and then realized I was in way over my head. I found this forum and am now requesting help.Avast! says I am affected with:JS:Downloader-AT, Win32:Nimda, Win32:Small-GWM, Win32:VB-EIJ, Win32:WinSpy-CK, JS:ScriptSH-inf, and Win32:VirutAttached a screen shot of Avast! with viruses and partial path to them. Computer's Symptoms (not sure if these are all due to old slow processor or malware):Computer is freezing often;When it is in sleep mode it is turning itself on;Seems to be downloading stuff often and slowing down;Monitor is going black forcing reboots often;Couple weeks back I began getting floating ads that pop up when browsing online;I get an error message daily that says AdAware has shut down unexpectedly, do I want to send a report? I have been ignoring this, not knowing if it was important, been several weeks.Ok, I think that is all I can think of to share. Please help if you can. I appreciate it.Thanks,Dancer~~~~~~~~~~DDS (Ver_10-03-17.01) - NTFSx86 Run by ljk at 15:52:28.93 on Mon 09/20/2010Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_18Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.102... Read more

A:Please Help ~ Infected with JS:Downloader-AT, Win32:Nimda, Win32:Small-GWM, Win32:VB-EIJ, Win32:WinSpy-CK, JS:ScriptSH-inf, and...

Hello, and to the Malware Removal forum! My online alias is Blade Zephon, or Blade for short, and I will be assisting you with your malware issues!In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.Before we begin cleaning your machine, I'd like to lay out some guidelines for us to follow while we are working together.I will be assisting you with your malware issues. This may or may not resolve other problems you are having with your computer. If you are still having problems after your machine has been determined clean, I will be glad to direct you to the proper forum for assistance.Even if things appear better, that does not mean we are finished. Please continue to follow my instructions until I give you the all clean. Absence of symptoms does not mean that all the malware has been removed. If a piece of the infection is left, it can regenerate and reinfect your machine. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.I ask that you please refrain from running tools other than those I su... Read more

Read other 42 answers
RELEVANCY SCORE 127.6

I have tryed to scan computer with Spybot S&D, Ad-Aware, and AVG 8.0 but nothing changes. Pleas can anybody help me?
DDS (Ver_09-07-30.01) - NTFSx86
Run by Issi ja Inno at 19:28:12,59 on L 08.08.2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.2.1257.372.1033.18.511.290 [GMT 3:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Windows Live\Mess... Read more

A:Infected with Win32.Delf.uc , Virtumonde.sdn, Win32.Viru.bg

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 127.6

Hey, Recently my computer has been infected with a virus. The desktop background on my computer changed by itself to a white screen that warns me that I have been infected with Win 32 Adware Virtumonde and Win 32 Privacy Remover. N 64 and that I should download spyware removers to get rid of it. I have no idea how I got this virus. Now, my computer won't load certain web sites, my email won't send anything out, and other various problems occur. I have tried running virus scans and using ad aware but I still can't find the problem. I do not know much about these things so any and all help would be greatly appreciated. Thanks. I will post my Hijack This log below.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:33:18, on 9/8/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: Normal Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec AntiVirus\De... Read more

A:Infected With Win32/adware.virtumonde + Win32/privacyremover.n64

Hello and welcome to BC,Please download SDFix by Andy Manchesta and save it to your desktop.Double click SDFix.exe and it will extract the files to %systemdrive%(Drive that contains the Windows Directory, typically C:\SDFix)Please then reboot your computer in Safe Mode by doing the following :Restart your computerAfter hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;Instead of Windows loading as normal, a menu with options should appear;Select the first option, to run Windows in Safe Mode, then press Enter.Choose your usual account. In Safe Mode, right click the SDFix.zip folder and choose Extract All, A new folder will be extracted to your %systemdrive%, typically C:\SDFix Open the extracted folder and double click RunThis.bat to start the script. Type Y to begin the script. It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot. Press any Key and it will restart the PC. Your system will take longer that normal to restart as the fixtool will be running and removing files. When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons. Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt along with any other requested logs at the end of these instructions.NEXTPlease visit below webpage for instructions for download... Read more

Read other 4 answers
RELEVANCY SCORE 127.2

My son has managed to get his laptop infected with multiple trojans and malware i have discovered. Although he has not been complaining of any specific issues with it to be honest.Any help you could give me to remove all of these completely would be much appreciated.DDS LogDDS (Ver_09-02-01.01) - NTFSx86 Run by Jonah at 12:02:30.93 on 19/02/2009Internet Explorer: 7.0.6001.18000Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.44.1033.18.2038.1006 [GMT 0:00]============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exeC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\SLsvc.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k Lo... Read more

A:Multiple infections including Trojan.Win32.Agent.azob and Backdoor.Win32.IRCBot.efv

Hi My name is Extremeboy (or EB for short), and I will be helping you with your log.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.If you do not make a reply in 5 days, we will need to close your topic.You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.Please take note of some guidelines for this fix:Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Even if things appear to be better, it might not mean we... Read more

Read other 23 answers
RELEVANCY SCORE 126.8

Hi all.I installed COMODO Firewall a few days ago and have been noticing strange programs trying to access the Internet: apcupsl.exe, acledits.exe, and ansii.exeAll three were picked up by the Kaspersky Online Scanner as viruses. (See
 kaspersky.html   23.45KB
  40 downloads)Many thanks in advance for any suggestions/advice!******************************************** Here's the main DSS/HJT log ********************************************Deckard's System Scanner v20071014.68Run by Owner on 2008-06-02 18:12:28Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --8: 2008-06-02 22:12:35 UTC - RP8 - Deckard's System Scanner Restore Point7: 2008-06-02 21:09:47 UTC - RP7 - ComboFix created restore point6: 2008-05-28 16:28:26 UTC - RP6 - Installed Windows XP KB947864.5: 2008-05-28 16:28:02 UTC - RP5 - Installed Windows XP KB942763.4: 2008-05-28 16:27:23 UTC - RP4 - Installed Windows XP KB941569.-- First Restore Point -- 1: 2008-05-28 14:22:18 UTC - RP1 - System CheckpointBacked up registry hives.Performed disk cleanup.-- HijackThis (run as Owner.exe) -----------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:12:56 PM, on 02/06/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet E... Read more

A:Backdoor.win32.ircbot.dhk/dfk And Trojan-ddos.win32.agent.ca

Hi,Any idea how you got this infection? It was installed a couple of minutes later than software from ACD Systems. Did you use a crack there or something?Anyway... * Please visit this webpage for instructions for downloading and running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofixThis includes installing the Windows XP Recovery Console in case you have not installed it yet.Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

Read other 10 answers
RELEVANCY SCORE 122.8

hello. sorry about this mess. im afraid i dont really know what im doing. my nephew asked me to help get rid of a red circle with a white cross telling him he had spyware but its turned into something much worse. he only used windows firewall and nothing else saying he only uses world of warcraft and msn and music and doesnt surf the web!! i tried to scan with avg but it was aborted and the windows firewall was continually turned off no matter how many times i put it on. tried other antivirus progs but all were turned off. eventually i managed to do online scan on microsoft safety centre and deleted quite a few v high threat trojans but many unable to clean. i also ran sophos rootkit and nearly gave myself a heart attack - 938 hidden things that recommend not to clean. i resorted to you now. i followed the tutorial for posting hijack this and here are the resultskaspersky report for critical areas--------------------------------------------------------------------------------KASPERSKY ONLINE SCANNER 7 REPORT Saturday, November 29, 2008 Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Saturday, November 29, 2008 12:40:36 Records in database: 1426420--------------------------------------------------------------------------------Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yesScan area - Critical Areas: C:\Do... Read more

A:win32/alureon.gen, win32/Eldycow.en!A, win32/Small, win32/Olmafik, winNT/Xantvi.gen!A, Trojan-Game Thief and more

i think i have sorted this. i ran SDFix which cleaned up enough for me to install antivirus. avast caught lots of trojans and i have now been able to onlinescan and spybot s/d etc. all logs now coming back clean so can u delete this post please

Read other 3 answers
RELEVANCY SCORE 120

Firefox and Mostly IE is experiencing redirects when I search through any search engine. Avast is continuously stopping malware in the Windows\Temp folder.

DDS (Ver_09-12-01.01) - NTFSx86
Run by Ricardo at 15:09:36.31 on Sun 12/27/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3071.2184 [GMT -8:00]

AV: avast! antivirus 4.8.1368 [VPS 091227-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\... Read more

A:Infected with Win32:Malware-gen, Win32:Rootkit-gen, and Win32:Spyware-gen

Please close this post. I'm reformatting and reinstalling an Acronis Image prior to the infection. Thanks anyway.

Read other 2 answers
RELEVANCY SCORE 119.2

Hey guys,

Recently i started receiving a message after my computer boots that says "You may be a victim of software counterfeiting. This copy of windows did not pass windows validation"

I did a scan with spybot and found that im infected with Win32.IRCBot.kow and i have no idea if this is what is causing this message to appear at the lower right hand corner of my screen.

I will attach the DDS logs here

Thank you.
DDS (Ver_09-06-26.01) - NTFSx86
Run by User at 12:50:52.56 on Mon 07/27/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1983.1317 [GMT -7:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.e... Read more

A:Infected with Win32.IRCBot.kow

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 118.4

Avast continually blocks the following threats: - Win32:Malware-gen - WIn32:Downloader-PKU [Trj] - Win32:DNSChanger-VJ [Trj]Avast scans and detects Win32:Sirefef-PL [Rtk], cannot remove it though.Malwarebytes scan detects BCminer, quarantines it, though never seems to get rid of BCminer. Other issues of possible note: - Windows Firewall not running 0x80070424 - Backup & Restore - last backup did not complete successfully - server execution failed - 0x80080005Ran both DDS and GMER (GMER did not have all the options available as per the preparation guide, and did not log anything when the scan was complete). .DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421Run by Family-pc at 12:37:05 on 2012-08-05Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.16383.13888 [GMT -4:00].SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\sy... Read more

A:Win32:Sirefef-PL, Win32:Malware-gen, WIn32:Downloader-PKU [Trj], Win32:DNSChanger-VJ [Trj], BCMiner need help

Hello Njals, Welcome to Bleeping Computer.
My name is fireman4it and I will be helping you with your Malware problem.

Please take note of some guidelines for this fix:
Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
I will be analyzing your log. I will get back to you with instructions.Do you have a USB Flash Drive you can use?

Read other 21 answers
RELEVANCY SCORE 118

Apparently I am infected with Backdoor.Win32/IRCbot.DL. None of my virus scanners can find it and windows defender says it exists but it cannot remove the virus. It redirects me from websites onto random sites unrelated to the one I attempt to navigate to. I was hoping someone could help me remove it because I am concerned for the welfare of my computer.Sincerely,Klassy Edit: Attached wrong attach.txtDDS (Ver_09-12-01.01) - NTFSx86 Run by Nick at 21:19:02.02 on Sat 03/13/2010Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_18Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1535.654 [GMT -5:00]============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Program Files\Avira\AntiVir Desktop\sched.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\taskhost.exeC:\Program Files\Avira\AntiVir Desktop&... Read more

A:Infected with Backdoor.Win32/IRCbot.DL

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.----------------------------------------------Please run Gmer, a rootkit scanner.Please download GMER from one of the following locations and save it to your desktop:Main MirrorThis version will download a randomly named file (Recommended)Zipped MirrorThis version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.GMER will open to... Read more

Read other 2 answers
RELEVANCY SCORE 118

I cant get this virus off my computer:'(Logfile of random's system information tool 1.06 (written by random/random)Run by Robert at 2010-05-04 20:01:02Microsoft? Windows Vista? Home Premium Service Pack 1System drive C: has 67 GB (44%) free of 153 GBTotal RAM: 1982 MB (59% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:01:18 PM, on 5/4/2010Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v8.00 (8.00.6001.18904)Boot mode: NormalRunning processes:C:Windowssystem32Dwm.exeC:WindowsExplorer.EXEC:Windowssystem32taskeng.exeC:Program FilesPrevxprevx.exeC:Program FilesWindows DefenderMSASCui.exeC:Program FilesCOMODOSafeSurfcssurf.exeC:Program FilesCOMODOCOMODO Internet Securitycfp.exeC:Program FilesRealtekAudioHDARtHDVCpl.exeC:Program FilesJavajre6binjusched.exeC:Program FilesiTunesiTunesHelper.exeC:Program FilesWindows Sidebarsidebar.exeC:Program FilesWindows LiveMessengermsnmsgr.exeC:Program FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exeC:Windowsehomeehtray.exeC:Program FilesWindows Media Playerwmpnscfg.exeC:Program FilesuTorrentuTorrent.exeC:Windowsehomeehmsas.exeC:Program FilesD-LinkD-Link RangeBooster N DWA-542wirelesscm.exeC:Program FilesSonySony Picture UtilityPMBCoreSPUVolumeWatcher.exeC:UsersRobertAppDataRoamingMicrosoftWindows Manager.exeC:Program FilesWindows LiveContactswlcomm.exeC:Program FilesGoogleChromeApplicationchrome.exeC:Program FilesGoogleChromeApplicationchrome.exeC:Windowssystem32wuauclt.exeC:Win... Read more

A:Infected with Backdoor:win32/IRCbot.DL

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 117.6

Hi, here is my problem. Everytime I download some movies or other things by opening my computer overnight, it must pop out a error window said:-C:\Documents and setting\KkianN\Desktop is not accessible.Not enough quota is available to process this command.The icons only left on my screen were My computer,my network places and Internet explorer. When I refresh my computer, it came out the same message again.(this problem was occured when I opened my computer overnight by using Thunder5 this software to download things)When I tried to shut down, a message said You do not have permission to shut down this computer.When I tried to use windows task manager to shut down,once i click Ctrl+Alt+Del, an application error message came out said:-This application failed to initialize properly(0xc000012d). Click on OK to terminate the application.Then I just can reset my computer.Actually I have posted in BleepingComputer.com > Security > Am I infected? What do I do? there.Then I followed the instruction in "Preparation Guide For Use Before Posting A Hijackthis Log". Unfortunately,i can't finish all the steps there. For step 4, I can't remove win32.generic.pws,win32.trojan.psw.delf and Win32.trojan.pws.onlinegames by using Ad-aware 2007. While scanning by using spybot,it stuck while scanning.After that suddenly pop out a window said:-Spybot-Search and destroy has detected an important registry entry that has been changed. Category: System Startup global entr... Read more

A:Infected With Dropper.agent,logger.pcap.a,win32.generic.pws,win32.trojan.psw.delf And Win32.trojan.pws.onlinegames

Hello, I had reformatted my computer since it could not open and stuck in the welcome window few days ago. So, now my computer is alright..thanks for viewing and trying to help me to fix the problem.

Read other 1 answers
RELEVANCY SCORE 117.2

I have done all the requirments you have asked for scanning and removing viruses and spyway before writing this topic. Unfortunatley without success.They are the following: BrowserModifier:Win32/Fotomoto, Trojan:Win32/Virtumonde.O and Trojan:Win/Conhook.DI have used the following to try and fix the problems, but yet again without succes: System Mechanic 7, Windows defender, ad-aware se personal, Symantec, Spybot, Windows Live OneCare, Spyware Doctor, Stinger, and AVG.In the end i still have the same problem. Windows Defender and Windows Live OneCare repetedly detect and remove these infections and it comfirms removal. Yet they keep on appearing. In System Mechanic there is i file i found that is running but it says it is dangerous for my system and it forms part of virtumonde, it is the following: geeba.dll but i cannot remove or delete it.Here is the log that i just ran with Trend Micro HijackThis- v2.0.2Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:07:01 PM, on 9/9/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS�... Read more

A:Trojan:win32/virtumonde.o, Browsermodifier:win32/fotomoto, Trojan:win32/conhook.d

Download the latest version of ComboFix from Here to your Desktop.Double click combofix.exe and follow the prompts.When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next replyNote: Do not mouseclick combofix's window while its running. That may cause it to stall

Read other 4 answers
RELEVANCY SCORE 116.8

Originally Virus Heat installed itself onto my computer then we added CA Security anti virus and anti spyware protection. This cleaned up some of the problem but I had to download spybot search and destroy to find more spyware. There was a lot of Z lob spyware on the computer. I have spent countless hours on the phone with tech support with Time Warner who is my internet provider who suggested the CA Security that isn't picking up on everything. Now when I run a full scan with CA on my computer it says there are no infections but I keep getting a pop up from CA saying there are 33 infected items. The pop up is random- it isn't in connection with the anti-virus scan. They aren't deleted or quarentened, the pop up just states the file name, infection name, type which is "file" and status which is infected. There are 10 win32/vmalum.ccpy, 19 win32/crushpy!generic, 1 win32/vmalum.ccqd, 2 win32/bewschy.d and 1 vmalum.ccqa. The files aren't quarentened so I can't go in and delete them and when I run the scan to clean them up it isn't picking up on them. So CA anti virus scan isn't picking up on these infected files but then again it is because the pop up knows they are there? Does this make sense? Almost like it knows they are there but it can't do anything with them? Time Warner suggested I get a trojan hunter, is this appropriate? Are you familiar with these infection types? I have googled the names but nothing comes u... Read more

A:Win32/bewschy.d, Win32/vmalum.ccpy, Win32/vmalum.ccqa,win32/crushpy!generic, Win32/vmalum.ccqd

What OS (Win 2K, XPsp1, XPsp2, Vista) are you using? Have you tried doing your scans in "Safe Mode"? Are you doing scans while logged into the "Administrator Account" or an "account with administrator privileges"? You need to start there first. If rescanning in Safe Mode does not help, then do this:Please perform an online scan with Kaspersky WebScannerClick on You will be promted to install an ActiveX component from Kaspersky, Click The program will launch and then begin downloading the latest definition files:Once the files have been downloaded click on Now click on In the scan settings make that the following are selected:Scan using the following Anti-Virus database:Extended (if available otherwise Standard)
Scan Options:Scan Archives
Scan Mail BasesClick Now under select a target to scan:Select My ComputerThis will program will start and scan your system.The scan will take a while so be patient and let it run.Once the scan is complete it will display if your system has been infected.Now click on the Save as Text button:Save the file to your desktop.Copy and paste the scan results in your next reply.

Read other 11 answers
RELEVANCY SCORE 116.8

I got this thing from the msn messenger,recieved ziped folder with some pic from my friend,when I downloaded,kasperskyj showed that this is a Trojan.I deleted,but I think he is still in my computer.Any help would be gratefullLogfile of Trend Micro HijackThis v2.0.2Scan saved at 19:15:41, on 2008.04.10Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Ahead\InCD\InCDsrv.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:&#... Read more

A:Infected With Trojan Backdoor.win32.ircbot.ckr

Hi Ghost_Recon,I'm sorry we couldn't help you sooner but as you can see the forums are extremely busy and our volunteer helpers are at full capacity. I'm subscribed to this topic now and will help you with any malware issues you may have.Since it has been a while since you posted last and changes may have been made to your system please run HijackThis and post a new log in your next reply.

Read other 5 answers
RELEVANCY SCORE 116.8

Hello everyone...this is my first post here...so I hope I'm putting this in the right place! About 4 days ago, Spyware Doctor caught this worm on a startup scan and removed it. It said it needed to reboot to remove all files(8 total). My computer then appeared clean...but then it came back..every startup...and Spyware Doctor removes it again.Evidently, one of my IM buddies sent this to me unknowingly after his computer got infected. I don't know how this could be the case, since I'm running Microsoft OneCare and Spyware doctor all the time behind a hardware firewall. I pride myself on a keeping a very clean computer....but this is the first time I can remember that something surprised me and I was unable to remove it permanently. This is also the first time I've ever had to ask for help with dealing with spyware related issues on my computer. I will never touch AIM again after this.I have been in contact with Spyware Doctor tech support...and they were helpful to a point. After it was apparent that my problem would not be an easy fix...I've yet to hear back from them.I suspect that the registry has been modified somehow on startup to load this thing. Running Spyware Doctor, Webroot Spysweeper, and Windows OneCare Virus scans pick up nothing after the initial removal. Immediately upon startup...Spyware Doctor scan kicks in and picks up the same 8 worm files. Running the scans in safe mode don't appear to make any difference.I'm posting a hijack this log and ... Read more

A:Infected By Backdoor.win32.ircbot.st (kaspersky)

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you.

I apologize for the delay getting to your log, the helpers here are very busy.
If you still need help, please post a fresh Hijackthis log, in this thread, so I can help you with your Malware Problems.

If you have resolved this issue please let us know.

Read other 3 answers
RELEVANCY SCORE 116.4

KASPERSKY ONLINE SCANNER 7 REPORTSaturday, November 29, 2008Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)Kaspersky Online Scanner 7 version: 7.0.25.0Program database last update: Friday, November 28, 2008 18:35:48Records in database: 1424124Scan settingsScan using the following database extendedScan archives yesScan mail databases yesScan area My ComputerC:\D:\E:\F:\Scan statisticsFiles scanned 94300Threat name 4Infected objects 4Suspicious objects 0Duration of the scan 02:45:29File name Threat name Threats countC:\Documents and Settings\All Users\Application Data\FreeApp.exe Infected: Trojan.Win32.Agent.arng 1 C:\Qoobox\Quarantine\C\Program Files\tinyproxy\tinyproxy.exe.vir Infected: Trojan-Proxy.Win32.Agent.bcw 1 C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\winse32.exe Infected: IRC-Worm.Win32.Small.x 1 C:\WINDOWS\bolivar24.exe Infected: Backdoor.Win32.Agent.ubx 1 The selected area was scanned.----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Logfile of random's system information tool 1.04 (written by random/random... Read more

A:Infected: Trojan.Win32.Agent.arng, Trojan-Proxy.Win32.Agent.bcw, IRC-Worm.Win32.Small.x, Backdoor.Win32.Agent.ubx

Hello and to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any scr... Read more

Read other 4 answers
RELEVANCY SCORE 115.6

Hi!

Please help. Along with the above virus? names I have an icon down in the bottom right corner that flashes from a yellow X to a yellow ? with a message telling me I have a Critical System error and to go to that site and download software....

I have AVAST and ran a full scan and did come up with several files with virus/trojan names; these files went into the Virus Chest. I deleted the Temp ones but decided not to delete anything else until I know what is going on. I have since ran the Clean Up through Avast and rescanned twice. Did not show any new stuff although there were 6 files that it was not able to scan. It appears that my C drive has all the problems.

One other thing I did notice was that when I went into Device Manager there is the big yellow question mark next to something identified as optional device and below that another question mark as RAID something. Also, down below the volume game controller file? there are several things that have a big yellow exclamation marks......

Someone showed me last night the process to remove the Adware(??) and the icon and clean this up and but I was not at home so I just reviewed the info, decided that I should be able to do it and just wrote down this website address. So, now I have here but do not know where to get started.................

Thanks for you help!

A:Win32:zlob; Win32:ageng-a; Win32:adan-007; Win32:enumplus And On And On

Sorry you didn't get a reply sooner.Here's what to do.Follow the directions in this topic: http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/Then post a new topic with your HJT log here: http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/Provide a brief description of your problem, and provide a title similar to the one you have here.Please be patient, as the HJT team is very busy. Do not bump your log as the team may think that someone is already helping you. If you have not had a response in five days add a reply to this topic: http://www.bleepingcomputer.com/forums/topic14717.html and paste in the link to your HJT topic there.Orange Blossom

Read other 1 answers
RELEVANCY SCORE 114.8

I have adware or a virus on my computer that i cant seem to get off. Did a online free scan, ccleanup, and 2008 lavasoft adaware scans with no success. The virus/adware makes my desktop be a message warning spyware detected on computer, saying that it detected the viruses Win32/Adware.Virtumonde Win32/PrivacyRemover.M64 are on my computer and i have to buy some software to get it off. here is my hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:23:25 PM, on 9/5/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Progra... Read more

A:Wallpaper Takeover Win32/Adware.Virtumonde Win32/PrivacyRemover.M64 Removal help

Hi


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
Remember to re-enable them afterwards.

Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Read other 1 answers
RELEVANCY SCORE 114.8

I booted my computer up today, and saw my background wasn't available anymore. Then I see the message, "Warning! Spyware detected on your computer! Install an antivirus or spyware remover to clean your computer". It says that Win32/Adware.Virtumonde and Win32/PrivacyRemover.M64 are on my computer, but I've scanned it using my COMODO Firewall, AVG Anti-Virus, AND Spy-Bot SD and nothing shows up. I downloaded HJT and will upload it with this post. I'm going to college in two days-please help!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:06:07 PM, on 8/18/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\QUICKENW\QWDLLS.EXE
C:\Program Files (x86)\HP\QuickPlay\QPService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe
C:\AVG Anti-Virus\avgtray.exe
C:\Program Files (x86)\QUICKENW\qagent.exe
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
C:\Windows\SysWOW64\mrtMngr.EXE
C:\Windows\SysWOW64\lphccnrj0evrv.e... Read more

Read other answers
RELEVANCY SCORE 114.8

Windows Warning Message! Win32/Adware.Virtumonde + Win32/PrivacyRemover.M64. Help!
I booted my computer up today, and saw my background wasn't available anymore. Then I see the message, "Warning! Spyware detected on your computer! Install an antivirus or spyware remover to clean your computer". It says that Win32/Adware.Virtumonde and Win32/PrivacyRemover.M64 are on my computer,
i have already run superantispyware free software and already scan but this message still appeare
 

Read other answers
RELEVANCY SCORE 114.8

Hello, This Toshiba Satelite laptop running Windows XP Media Center was showing over 220 infection when I first started the cleaning process. The owner had let his antivirus support expire and has now learned an invaluable lesson. I have installed the following software for his security and safety:

Avast 4.0 Home
Spybot Search & Destroy
Ad-aware 2008
Spywareblaster
IE-Spyad
Trendmicro Hijack This

After running Panda ActiveScan and Avast I have been able to get the amount of infections down to around 3 or so, but now when the system is rebooted I receive the following warnings:

RUNNDLL
Error loading ...system32/xadgijac.DLL
Error loading ...system32/wqxwtdwy.DLL
The specified module could not be found

When I click "OK" to each of these warnings the Desktop continues to load and everything seems to function normally. Below is a list of some of the infections originally listed:

(This is not a complete list)
Win32:Vundo, Win32:Virtumonde, Trogan-gen, Win32:TratBHO, Win32:Tipa [cryp]

I have gone through the "5 steps" posted, and believe I am ready to post my logs.

Any help you can give me would be greatly appreciated
Thanks...

Logs follow:

Panda ActiveScan Logfile:

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-08-10 11:33:52
PROTECTIONS: 1
MALWARE: 2
SUSPECTS: 0
;**... Read more

A:Rundll errors, win32:vundo, win32:virtumonde Logfiles included

Hello to the Security Team at TSF. First I would like to express my appreciation for all that you volunteers do to help us clean up our acts. You folks have gone through several logs from computers I have worked on for my friends and I would just like to say thanks.

As for this post, I have taken a look at how backed up your guys were and decided that I would reformat the system instead of trying to clean it up and free you guys up on this one.

Please close this post out

and thanks again,

Read other 2 answers
RELEVANCY SCORE 114.8

Deckard's System Scanner v20071014.68
Run by Kaan on 2008-05-26 17:35:00
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
6: 2008-05-26 14:35:03 UTC - RP6 - Deckard's System Scanner Restore Point
5: 2008-05-26 09:53:10 UTC - RP5 - Installed Windows Internet Explorer 7.
4: 2008-05-26 09:52:52 UTC - RP4 - Installed Windows IDNMitigationAPIs.
3: 2008-05-26 09:52:28 UTC - RP3 - Installed Windows NLSDownlevelMapping.
2: 2008-05-26 09:51:57 UTC - RP2 - Installed Windows XP KB915865.


-- First Restore Point --
1: 2008-05-26 09:48:04 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-05-26 17:36:03
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Fil... Read more

A:Trojan.Win32.Monder.gen;exporer.exe buffer underrun error;adware.win32.Virtumonde.tsg

any help ?

Read other 4 answers
RELEVANCY SCORE 114.4

I noticed a little sluggishness on my lap top the other day. After I updated and ran Spybot, I appeared to be infected. I attached a screen shot of the results. The first couple of times I ran it, it wouldn't clear everything up, saying one of the items was currently being used in memory and could not be deleted. Now it's allowing me to delete the viruses found but they seem to be replicating after cleaning and rebooting.
Here's the DDS report and the "Attach.txt" and SpyBot screen shot are atttached.
DDS (Ver_09-03-16.01) - NTFSx86
Run by Alibaba at 21:26:15.79 on Sun 04/12/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1556 [GMT -4:00]
============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell�... Read more

A:Virtumonde.shn Win32.Agent.pz Win32.Zbot won't stay removed, Google searches also hijacked by searchlisted.com

Hi,Please back up your important data first while you can still access your Windows. Reason is because you are dealing with one of these Trojans/Bots that have the functionality to kill your OS.Read this article for more info: When a Bot master goes mad - Kill the OS Also, I understand that you need help in order to get rid of the malware that is present on your system - But you need to help us first..I notice that you never scanned with an Antivirus previously before starting this thread - because you don't even have an Antivirus installed!This is somewhat suicidal in today's digital world.That's why I want you to install one first!!* Please install Avira Antivirus: http://www.free-av.com/This is a free Antivirus.Perform a full scan with Avira and let it delete everything it is finding.Then reboot.After reboot, open your Avira and select "reports".There doubleclick the report from the Full scan you have done. Click the "Report File" button and copy and paste this report in your next reply together with a new HijackThislog.Then we'll start from there, because it really makes no sense otherwise that we clean this up manually if an Antivirusscan is not present which should be able to deal with most and prevent further reinfection.

Read other 16 answers
RELEVANCY SCORE 114.4

I am getting the following message in a box that is fixed in the center of my screen:

Warning! Spyware detected on your computer!

below that is another message in a blue box with the message:

Install an antivirus or spyware remover to clean your computer:

It also says that I have been infected with:
win32/privacyremover.m64 AND
win32/adware.virtumonde/

I have booted into safe mode and run Norton Antivirus which found nothing but also kept crashing the machine so that it re-booted. I then tried running Norton Antivirus in normal mode and had the same result. I then booted to safe mode and tried to use VundoFix. However, in safe mode the button to start the scan didn't show on my screen and I was not able to start it. I then re-booted into normal mode and tried to run it, but it found nothing and the machine just kept re-booting. I then re-booted into safe mode and tried running PC Spyware, you guessed it, it found nothing and kept rebooting. Bottom line, please help!!! My HJT log is set out below:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:58:41 AM, on 8/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Syste... Read more

Read other answers
RELEVANCY SCORE 113.2

PLEASE HELP ME! HJT Log posted. My computer is running EXTREMELY SLOW. My sister managed to get onto a website that buried viruses in my computer last week and I have tried everything I know to get them off and it isn't working. I run Windows Live OneCare for my virus and have the following viruses that it is continually detecting. Win32/Virtumonde.o - Win32/Small - and the Browser Modifier Win32/Fotomoto. Also, I am getting a Microsoft Visual C++ Error for the program C:\Windows\Explorer.exe that says that the buffer is overrun and it must shut down. I have read several posts where you guys are helping people overcome some of these same issues... Please help me as well. I will be at my computer ALL DAY trying to get it fixed. I use it for work and need to have it running efficiently! ALSO - I AM GETTING A LOT OF POP-UPS that are causing me great distress from the virtumonde.o I think.

Thank you.
 

A:PLEASE HELP! Virtumonde.O, Win32/Small, Win32/Fotomoto and C++ Error

Read other 16 answers
RELEVANCY SCORE 113.2

I think i have a virus... after surfing the web my desktop picture was changed to Warning! WIN32/Adware.Virtumonde and WIN32/PrivacyRemover.M64. Now everytime i turn on my computer within 10 seconds after i get inside windows my computer automatically restarts.
I went into safemode and installed malwarebytes anti-malware software and quarantined my computer. My computer still restarts automatically but the WIN32/Adware.Virtumonde and WIN32/PrivacyRemover.M64 on desktop pic is gone.
PLEASE HELP ME
 

Read other answers
RELEVANCY SCORE 113.2

please help! I have a image of an alert window that tells me that my computer has the win32 adware virtumonde virus. The image is the background of my desktop shortcuts. I'm getting an unusual amount of pop ups. I am also experiencing blue screens and a general slow down of my computer. I have read a post which described my exact problem and also comprehend the steps that it took to clear it on his computer. I am hoping someone can look at my hjt log and guide me through the removal process. I work until roughly 7 pm very day, but I am up in the mornings at an early time. I can check for responses during 6 am to about 8:30 am before I have to go to work. This is on my desktop computer at home that I purchased over 5 years ago and hope to resolve this as soon as possible, so that I can get back to surfing the web.

Thank you very much ahead of time for any assistance,
CaliforniaTim
hjt log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:35:27 PM, on 9/25/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Exp... Read more

Read other answers
RELEVANCY SCORE 113.2

Here is what hijackthis found. Spybot found the above listed trojans. I'm currently running Malwarebytes & it is up to 39 objects infected. I'm running Windows XP. Any help would be appreciated to remove these.

Thanks!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:26:48 PM, on 12/20/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\svchost.e... Read more

Read other answers
RELEVANCY SCORE 111.2

In the past few days I have found that my computer is infected. My desktop wallpaper would change and an ad appeared telling me my computer was infected with Win32/adware.virtumonde + Win32/privacyremover.n64. However, my computer was still usable. Then last night I was unable to open links from search engines. Instead, a new window would pop up and I would be taken to an irrelevant webpage. Anything from my favorites list still worked. Today I was unable to open the internet at all. When I double clicked the IE icon, I received the following message: Using a free version of the program SpyHunter, which I had downloaded while the internet was still accessible, I found where many of the files were located and manually deleted many of them. However SpyHunter also told me that registry values needed fixing, and I didn?t want to mess with those. I also use Avast, but it didn?t seem to be able to remove it. The computer is a little temperamental now. I am able to open one internet window, but it seems that I?m now getting the same error message when I attempt to open another. I?d appreciate any and all help. ETA - thought I might mention that I've already tried VundoFix.exe and it didn't detect anything on my computer. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:41:27 PM, on 19/09/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\... Read more

A:Win32/adware.virtumonde + Win32/privacyremover.n64

Hello Butterfly*, Are you running two antivirus programs on this computer (AVAST and Norton)? Please download Malwarebytes' Anti-Malware from Here or HereDouble Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish, so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy and Paste the entire Malwarebytes' Anti-Malware report in your next reply along with a fresh HijackThis log.Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediatly. If you encounter this message:"c:\program files\malwarebytes' Anti-Malware\mbamext.dll Unable to register the dll/ocx: RegSvr32 failed with exit code 0x5" Click on ignore mbamext.dll

Read other 21 answers
RELEVANCY SCORE 111.2

...and other viruses. I'm seemingly infected with several malware programs that I can not remove. I've tried the usual Ad-aware, spybot, Malwarebytes, etc.

some of the problems:
1) When windows starts I am automatically directed to one of my profiles; unable to select which one (I have 2 profiles)
2) Unable to login as admin in safe mode
3) When restarting or shutting down, I get the "blue screen of death"
4) I can not get task manager to start

Attached are Hijackthis and RootRepeal files.

Please help!
-C

A:Virtumonde.sdn, Win32.bancos.aam, Win32.joleee.k...

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand corner ... Read more

Read other 2 answers
RELEVANCY SCORE 111.2

my wallpaper on my desktop says:

Warning! Spyware detected on your computer!

below that is another message in a blue box with the message:

Install an antivirus or spyware remover to clean your computer:

It also says that i have been infected with win32/privacyremover.m64 AND win32/adware.virtumonde/

Have run spyware and AVG antivirus but no joy
I have added HJT log
Any help would be greatly appreciated
 

A:win32/privacyremover.m64 AND win32/adware.virtumonde/

heres the HJT log file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:04:52, on 19/08/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Kodak\printer\center\KodakSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\NoAdware5.0\NoAdware5.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer... Read more

Read other 3 answers
RELEVANCY SCORE 111.2

HiMy computer is also infected by this: win32/adware.virtumonde and win32.privacyremover.m64 On my screen it says in big letters that your computer is effected.I tried to do system restore to a previous point but the only point available now is the one whe re the virus was effected. I did it and nothing happened and the virus is still thereMy McAfee Antivirus has expired but even then I did a Scan in safe mode and it didnt find anything.I downloaded AVG Antivirus (free) from download.com and tried to insgtall it but it wont run the installation process.I am able to connect to internet with my effected computer. But it won't OPEN any anti-virus site. I am able to search on google but when I click on any link it goes to some adware website and doesn't go to the link I click on.Now my computer wont also connect on this site. And I cant download the ComboFix tool. I can only go to some sites like msn.com and google.comMy effected computer is besides me now. I am using my landlord's computer. My computer is my best friend. Please tell me how can i make it good. I will not have access to my landlord's computer till long.I can use Outlook on my computer and send mails through it. So if you want to know some details from my computer, i can copy them on outlook and send it by email to my landlord's computer and then post it here and u can read it.Please help me ASAP. Please SOS!Thanks and God bless!ok i have figured out that i can go to any site from the computer that is work... Read more

A:Win32/adware.virtumonde And Win32.privacyremover.m64

does anyone think they will have a solution anytime soon? it's nite over here
i tried to work with that combofix. i tried to install it on my machine...but it said, "combofix has detected the presence of rootkit activity and needs to reboot the machine".

now i am trying to reboot my machine but its hanging up all the time.

is there any solution????

Read other 2 answers
RELEVANCY SCORE 111.2

Please, I need help in getting back my desktop. I have a blue screen with a windows warning message that I have been infected with win32/adware:virtumonde and win32/PrivacyRemoverM64.
Will you help please.
I downloaded Norton antivius and hijackthis, but to no solution yet.
Thank you.
 

Read other answers
RELEVANCY SCORE 110.8

Hi, My laptop is running on Windows XP Home Edition Ver 2002 SP3. I also have CA Anti-virus software and Malwarebytes installed.

Recently, my laptop is infected by the malwares Win32/ZAcesss.AC, Win32/Karagany.ZAAE and Win32/Fosniw.ZABA. The CA Anti-virus software detected and quarantined them but it came back again after reboot. Also, Google search results are also redirected to the website xa.com.

I would be most grateful if you could help to solve this issue. The DDS log is pasted below. For your info, I received the following message when GMER completed scanning: WARNING!!! GMER has found system modification caused by ROOTKIT activity.
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.11
Run by CST at 4:20:34 on 2011-11-25
Microsoft Windows XP Home Edition 5.1.2600.3.936.86.1033.18.2047.1291 [GMT 8:00]
.
AV: CA Anti-Virus Plus *Enabled/Updated* {6B98D35F-BB76-41C0-876B-A50645ED099A}
AV: PC Cleaners *Disabled/Updated* {737A8864-C2D9-4337-B49A-B5E35815B9BB}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\Zcfg... Read more

A:Google redirect to xa.com and malware Win32/ZAcesss.AC, Win32/Karagany.ZAAE and Win32/Fosniw.ZABA

Hi,Please do the following:Download ComboFix from one of the following locations:Link 1 Link 2 VERY IMPORTANT !!! Save ComboFix.exe to your Desktop * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here Double click on ComboFix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.When finished, it shall produce a log for you. Please include the C:\C... Read more

Read other 16 answers
RELEVANCY SCORE 110.8

Hi,I'm running Windows XP - Internet Explorer v. 6.00, SP3. Yesterday Avast alerted me to a virus on my computer (I neglected to write down the exact message). At the time, only Gmail was open and an email was being written. I've had some issues with Avast occasionally reporting a false positive, and since nothing was being downloaded at that time, I took no action with Avast. Instead, I immediately did a Quick Scan with MalwareBytes to see if it would find anything. MalwareBytes found and deleted the following: C:\Documents and Settings\HP_Owner\application data\Sun\Java\deployment\cache\\6.0\44\61b86cac-3c0c0928Trojan.FakeAlert.VGenC:\Documents and Settings\HP_Owner\local settings\temp\0.506697477033.exeTrojan.FakeAlert.VGenA second MalwareBytes scan was clean.I looked "Trojan.FakeAlert.VGen" up on Google and then it clicked: for the past few days, Adobe Flash Player has been crashing an awful lot. When it crashes (on Youtube, for example), it tells me the program is out of date and needs to be updated. The weird thing was that sometimes it worked for a while before it crashed, but I dismissed that as being some strange computer quirk. I went to the Adobe web site and tried to install the newest version of Flash Player, but was unable to. I feel foolish, but it never even occurred to me that a virus could be to blame. It concerns me that (assuming the Adobe Flash Pla... Read more

A:Trojan.FakeAlert.VGen, SpyInstall_HPPre.exe, Win32: Mirc-z [PUP], Win32: Kill App-W [PUP] & Win32: Agent-AMXO (Trj)

Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList last 10 Event Viewer logList Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform quick scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When completed, a log will open in Notepad. * Post the log back here.Be sure to restart the computer.The log can also be found here:C:\Document... Read more

Read other 13 answers
RELEVANCY SCORE 109.6

So, this is a newer netbook, almost 8 months old, i dont know how i got these because i have had anti-virus runing from day one

Anyway it all started when i was on facebook it just went to a diffrent page and i never clicked on anything, then MS security center popped up saying everything was infected, and kept tellin me that i didnt have an antivirus program and i coudlnt do anthing thing but keep going to this ADD to buy one... Which was odd because Avast was running. I opend avast and did a quick check and found the first one Dracur_c, But when i tied to do the the action to mvoe to chest it was telling me that there was not enough room on disc... and my disc is NOT FULL ODD, so i deleted it and it worked i can not coppy and paste the results if i can i dont know how But i will tell you it was in: C:/system volume information/_restore{ number letters}.dll and .EXE and it was also in C:/windows/system32/fwcfg32.dll listed TWICE

I then restarted the computer in safemode and did a full scan and it then found it again in system volume information/restore{letter numbers}.DLL twice And then in Windows/system32/75.tmp..

this morning it was still acting wierd when i started EI redirecting me when i would use google and When i would send an error log to MS the page never loded and then i would get a poppup add So i ran another Avast scan and GOT the win32:trojan-gen,win32:alureon-hd, win32crypt-gwl that came up... This time it was found in my TEMP folder as an EXE and one in my ... Read more

A:avast found win32:dracur_c, win32:trojan-gen,win32:alureon-hd, win32crypt-gwl

Read other 14 answers
RELEVANCY SCORE 109.6

Mates,

I have spent the entire day trying to rid my system (Windows XP Home Version 2002 SP3) of this Win32.TrojanSpy, Win32.WormLovGate, & Win32.TrojanD\.\ader.NewMedia problem. I was alerted to these problems through scanning with AdAware Anniversary Edition after becoming so frustrated with my ridiculously slow internet connection (cable from Comcast). I can't seem to get rid of them and my cable internet speed is at about dial-up speed when testing it through CNET and Toast.net. Very frustrating, indeed. My attempts to remove the culprits have consisted of scanning by using:

(In order of scans):

AdAware Anniversary Edition (found the above mentioned culprits & claimed to have successfully removed them)
ATF Cleaner
Malwarebytes' Anti-Malware (found nothing)
SUPERAntiSpyware (found nothing)
SmitfraudFix (I used 'Search' in normal mode, then I used 'Clean' in safe mode - found nothing)
AdAware Anniversary Edition (scanned once again & in safe mode this time - it still found all of the above malware, trojans, etc., of which I selected it to remove)

Internet connection is still super slow.
It may be helpful to note that after performing these scans, I would select 'Turn Off' the computer (not 'Restart'), but the computer would simply reboot...I found that strange.

Any suggestions?

Thank you.

Daddy?!

A:Need help removing Win32.TrojanSpy, Win32.WormLovGate, & Win32.TrojanD\.\ader.NewMedia

Did AdAware provide a specific file name associated with this malware threat(s) and if so, where is it located (full file path) at on your system? Please post the results of your MBAM scan for review (even if nothing was found).To retrieve the MBAM scan log information, launch MBAB.Click the Logs Tab at the top.The log will be named by the date of scan in the following format: mbam-log-date(time).txt
-- If you have previously used MBAM, there may be several logs showing in the list.Click on the log name to highlight it.Go to the bottom and click on Open.The log should automatically open in notepad as a text file.Go to Edit and choose Select all.Go back to Edit and choose Copy or right-click on the highlighted text and choose copy from there.Come back to this thread, click Add Reply, then right-click and choose Paste.Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.Exit MBAM when done.

Read other 7 answers
RELEVANCY SCORE 109.6

I have followed the 5 step rule with no luck and have searched the threads i am acualy a hardware guy and not up on the maleware viri so maybe some pitty here here is my HJTL

Logfile of HijackThis v1.99.1
Scan saved at 10:55:46 AM, on 2/1/2007
Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\PeoplePC\ISP6230\Browser\Bartshel.exe
C:\Program Files\PeoplePC\ISP6230\Browser\Bartshel.exe
C:\PROGRA~1\PeoplePC\ISP6230\Browser\PPShared.exe
C:\Program Files\PeoplePC Accelerated\PeoplePC.exe
C:\Documents and Settings\stacy\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\... Read more

A:Help please 3 trojans present Win32.Qhost.f-Win32.Dialer.mw-Clicker.Win32.Agent.ac

Hi scubbadoo32,

Welcome to Tech Support Forum!

I apologize for the delay getting to your log. The helpers here are all volunteers and we have been very busy here lately. If you are still having malware problems, I will be glad to help.

OK, here?s what we do first.


Please run HijackThis and click "Scan". Place a check (tick) next to the following entries (if present):

O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O15 - Trusted Zone: http://secure.gestrip.com (HKLM)
O15 - Trusted Zone: http://update.randhi.com (HKLM)
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://w4s.work4sure.com/c/ge/w4sgeen9.exe
O16 - DPF: {33331111-1111-1111-1111-611111193423} -
O16 - DPF: {33331111-1111-1111-1111-611111193429} -
O16 - DPF: {33331111-1111-1111-1111-615111193427} -
O16 - DPF: {33331111-1131-1111-1111-611111193428} -
O16 - DPF: {43331111-1111-1111-1111-611111195622} -
O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab


Close ALL programs and browsers (including this one), leaving ONLY HijackThis open, then click "Fix checked".

Then please exit HijackThis.


NEXT:

Using Windows Explorer, please navigate to and delete the following FILES (if they exist):

c:\eied_s7.cab


Please let me know if you encountered any problems finding or deleting the file.


NEXT:

Please download CCleaner (freeware) and save it to your desktop:Run the CCleaner install... Read more

Read other 1 answers
RELEVANCY SCORE 109.2

Hi,
I have a 2008 Windows Server that has an infection.  This is my web server that I host websites on.  I have a system image and back up of all files.
All Windows security updates are installed. 
 
I had a file that installed at C:\911.exe I deleted it several times and then it started installing this file C:\Winacp.exe
 
I ran the file at ThreatReport.com
http://www.threatexpert.com/report.aspx?md5=02c8e8bf1cd56d95667ee870e4b14f1b
and
http://www.threatexpert.com/report.aspx?md5=6afb7109b50c86fe598c38e6ad73181e
 
 
Sophos online scanner detected this
 
 
2013-03-11 11:12:45 >>> Virus 'Mal/IRCBot-A' found in file C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\09EEJHDV\Winacp[1].exe
2013-03-11 11:14:27 >>> Virus 'Mal/IRCBot-A' found in file C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\09EEJHDV\Winacp[1].exe
2013-03-11 11:28:06 The following items will be cleaned up:
2013-03-11 11:28:06 Troj/Agent-AAPB
2013-03-11 11:28:06 Mal/IRCBot-A
 
I installed Winpatrol so that I could keep the file from re installing it self.
 
I have ran Malwarebytes root
 
Attached are the OTL log files
 
Here is the Hijackthis 
 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:33:19 AM, on 3/12/2013
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Ex... Read more

A:Mal/IRCBot-A or Win32/IRCBot.worm.Gen - Winacp.exe and 911.exe

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
***************************************************
=http://www.bleepstatic.com/images/site/icons/steps/step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/488311 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
*************************************************** If you still need help, I would like you to post a Reply to this ... Read more

Read other 2 answers
RELEVANCY SCORE 108.4

Hi,

My anti-virus is saying that i have got all the above viruses mentioned. It says everytime deleted

but each time i reboot, i am getting those problems

Also , i am having my IE opening http://83.30...... website in multiple tabs and windows everytime.

I am struck up with viruses thts 4 sure

Can anyone help me kindly
 

A:Problem with Win32.Monder, Win32.Virtumonder and Win32.obfuscated Viruses

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:29:18, on 02/07/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Sony\Network Utility\LANUtil.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\Apntex.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://... Read more

Read other 2 answers
RELEVANCY SCORE 108

I have an F-Secure internet security software suite on this computer, and it is up-to-date and functioning. I also have MalwareBytes (free) installed and have been running it regularly, and I use the ESET Online Scanner as well. The OS is Windows XP, and it is up-to-date.About three weeks ago I cleaned around three trojans from this computer using MBAM and the online scanner. A few days ago, Adware.Win32.WebHancer.x was found by F-Secure, and is currently quarantined. Today, several instances of the two Trojan-Spy programs were found and quarantined by F-Secure; they infect system files and system restore files. I already looked up information on cleaning the system restore files by stopping and restarting system restore (and scanning inbetween). I deleted the quarantined files.All of the Spy-Trojan's found are infecting in C:\hp\recovery\wizard\fscommand\. The file names are:AppRecoveryLink_ret.exeCDLogic_ret.exeCreatorLink_ret.exeRestoreLink_ret.exeRTCDLink_ret.exeRunLink_ret.exeSysRecoveryLink_ret.exeWizardLink_ret.exeThe Adware infected a .dll file, and I was advised not to delete it.CDLogic_ret.exe is Agent.bdzz; the rest are Agent.beafI have run my antivirus, MBAM, and the online scanner again and they picked up nothing. Also, the Adware and Trojan-Spy's were all found during MBAM scans, but F-Secure picked them up.I have attached a HiJackThis log and a DDS log; GMER froze my computer partway through the scan when I used it. I have ran a... Read more

A:Infected with Trojan-Spy.Win32.Agent.bdzz, Trojan-Spy.Win32.Agent.beaf, and Adware.Win32.WebHancer.x

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers