Windows Support Forum

Malware removed with malwarebytes now programs won't open

Q: Malware removed with malwarebytes now programs won't open

Hi i initially started off with the usual - pop up appeared late last night with - your pc is not protected - PC Guardian your firewall is not active your virus protection is not active i did some searches and was told to run malwarebytes in safe mode Which I did - it removed infections and also will remove infections on reboot On rebooting the programs will not now not work - a window appears asking me what program do I want to use to open the file every time i try to open a program i e firefox etc All Malware removed malwarebytes programs with open won't now the details in my wireless router have disappeared system restore Malware removed with malwarebytes now programs won't open was turned off by group policy etc hijack this log below Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Safe modeRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS system svchost exeC WINDOWS Explorer EXEC WINDOWS system ctfmon exeC Program Files Malwarebytes Anti-Malware mbam exeC Program Files Trend Micro HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Start Page http www euro dell comR - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId O - Toolbar AVG Security Toolbar - CCC A -B CA- -B A - F DD - C Program Files AVG AVG Toolbar IEToolbar dllO - Toolbar Google Toolbar - C B - - d - B - A CD F - C Program Files Google Google Toolbar GoogleToolbar dllO - Toolbar Ask Toolbar - D C F- A- -A AD- D - C Program Files Ask com GenericAskToolbar dllO - HKLM Run Workflow D Workflow exeO - HKLM Run WinampAgent quot C Program Files Winamp winampa exe quot O - HKLM Run WavXMgr C Program Files Wave Systems Corp Services Manager Docmgr bin WavXDocMgr exeO - HKLM Run SigmatelSysTrayApp ProgramFiles SigmaTel C-Major Audio WDM stsystra exeO - HKLM Run SecureUpgrade C Program Files Wave Systems Corp SecureUpgrade exeO - HKLM Run RoxioDragToDisc quot C Program Files Roxio Drag-to-Disc DrgToDsc exe quot O - HKLM Run Persistence C WINDOWS system igfxpers exeO - HKLM Run PDVDDXSrv quot C Program Files CyberLink PowerDVD DX PDVDDXSrv exe quot O - HKLM Run KADxMain C WINDOWS system KADxMain exeO - HKLM Run ISUSScheduler quot C Program Files Common Files InstallShield UpdateService issch exe quot -startO - HKLM Run ISUSPM Startup C PROGRA COMMON INSTAL UPDATE ISUSPM exe -startupO - HKLM Run IntelZeroConfig quot C Program Files Intel Wireless bin ZCfgSvc exe quot O - HKLM Run IntelWireless quot C Program Files Intel Wireless Bin ifrmewrk exe quot tf Intel PROSet WirelessO - HKLM Run IgfxTray C WINDOWS system igfxtray exeO - HKLM Run HotKeysCmds C WINDOWS system hkcmd exeO - HKLM Run Dell QuickSet C Program Files Dell QuickSet quickset exeO - HKLM Run Apoint C Program Files DellTPad Apoint exeO - HKLM Run AVG TRAY C PROGRA AVG AVG avgtray exeO - HKLM Run AppleSyncNotifier C Program Files Common Files Apple Mobile Device Support bin AppleSyncNotifier exeO - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run QuickTime Task quot C Program Files QuickTime QTTask exe quot -atboottimeO - HKLM Run iTunesHelper quot C Program Files iTunes iTunesHelper exe quot O - HKLM Run Adobe Reader Speed Launcher quot C Program Files Adobe Reader Reader Reader sl exe quot O - HKLM Run Adobe ARM quot C Program Files Common Files Adobe ARM AdobeARM exe quot O - HKLM Run Jrukapiqiyonox rundll exe quot C WINDOWS ejofeyuz dll quot StartupO - HKLM Run Malwarebytes Anti-Malware reboot quot C Program Files Malwarebytes Anti-Malware mbam exe quot runcleanupscriptO - HKLM Run TrojanScanner C Program Files Trojan Remover Trjscan exe bootO - HKCU Run Remote System Protection rundll exe C WINDOWS system wr fqh dll HUI procO - HKCU Run ctfmon exe C WINDOWS system ctfmon exeO - HKUS S- - - Run CTFMON EXE C WINDOWS system CTFMON EXE User SYSTEM O - HKUS DEFAULT Run CTFMON EXE C WINDOWS system CTFMON EXE User Default user O - Global Startup Digital Line Detect lnk C Program Files Digital Line Detect DLG exeO - Extra button Research - B - CC- C -B BE- C C A - C PROGRA MICROS Office REFIEBAR DLLO - Extra button no name - e e dd -d - - b -f ba - C WINDOWS Network Diagnostic xpnetdiag exeO - Extra Tools menuitem xpsp res dll - - e e dd -d - - b -f ba - C WINDOWS Network Diagnostic xpnetdiag exeO - Extra button Messenger - FB F -F - d -BB E- C F - C Program Files Messenger msmsgs exeO - Extra Tools menuitem Windows Messenger - FB F -F - d -BB E- C F - C Program Files Messenger msmsgs exeO - Protocol linkscanner - F C- F - D -A D -FBDDE F D - C Program Files AVG AVG avgpp dllO - Winlogon Notify avgrsstarter - C WINDOWS SYSTEM avgrsstx dllO - Winlogon Notify gemsafe - C Program Files Gemplus GemSafe Libraries BIN WLEventNotify dllO - Service Apple Mobile Device - Apple Inc - C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeO - Service Broadcom ASF IP and SMBIOS Mailbox Monitor ASFIPmon - Broadcom Corporation - C Program Files Broadcom ASFIPMon AsfIpMon exeO - Service AVG Free WatchDog avg wd - AVG Technologies CZ s r o - C PROGRA AVG AVG avgwdsvc exeO - Service Bonjour Service - Apple Inc - C Program Files Bonjour mDNSResponder exeO - Service Intel reg PROSet Wireless Event Log EvtEng - Intel Corporation - C Program Files Intel Wireless Bin EvtEng exeO - Service Google Update Service gupdate gupdate - Google Inc - C Program Files Google Update GoogleUpdate exeO - Service Google Software Updater gusvc - Google - C Program Files Google Common Google Updater GoogleUpdaterService exeO - Service iPod Service - Apple Inc - C Program Files iPod bin iPodService exeO - Service Java Quick Starter JavaQuickStarterService - Sun Microsystems Inc - C Program Files Java jre bin jqs exeO - Service NICCONFIGSVC - Dell Inc - C Program Files Dell QuickSet NICCONFIGSVC exeO - Service Intel reg PROSet Wireless Registry Service RegSrvc - Intel Corporation - C Program Files Intel Wireless Bin RegSrvc exeO - Service Intel reg PROSet Wireless Service S EventMonitor - Intel Corporation - C Program Files Intel Wireless Bin S EvMon exeO - Service SecureStorageService - Wave Systems Corp - C Program Files Wave Systems Corp Secure Storage Manager SecureStorageService exeO - Service SigmaTel Audio Service STacSV - SigmaTel Inc - C WINDOWS system StacSV exeO - Service stllssvr - MicroVision Development Inc - C Program Files Common Files SureThing Shared stllssvr exeO - Service NTRU TSS v TCS tcsd win exe - Unknown owner - C Program Files NTRU Cryptosystems NTRU TCG Software Stack bin tcsd win exeO - Service TdmService - Wave Systems Corp - C Program Files Wave Systems Corp Trusted Drive Manager TdmService exeO - Service WaveEnrollmentService - Wave Systems Corp - C Program Files Wave Systems Corp Authentication Manager WaveEnrollmentService exeO - Service Intel reg PROSet Wireless SSO Service WLANKEEPER - Intel reg Corporation - C Program Files Intel Wireless Bin WLKeeper exe--End of file - bytesplease can anyone help

Relevancy 100%
Preferred Solution: Malware removed with malwarebytes now programs won't open

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/directdownload.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Malware removed with malwarebytes now programs won't open

Hello and welcome to Bleeping Computer! We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HEREWe also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:Why we request you disable CD Emulation when receiving Malware Removal AdviceThen create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:How to create a GMER logElle

http://www.bleepingcomputer.com/forums/t/295705/malware-removed-with-malwarebytes-now-programs-wont-open/
Relevancy 110.94%

Last night I had exactly the same attack and did the same fix as "Bomb". Got the same results... programs won't open. Asked what program I want to open with. Did you come up with a fix for him? Original forum was locked.

http://www.bleepingcomputer.com/forums/t/303797/malware-removed-using-malwarebytes-now-programs-wont-open/
Relevancy 84.71%

Ok so I recently had a virus malware Removed open programs. now can't any Help! on my laptop disguised Removed malware now can't open any programs. Help! as quot Vista Smart Security quot Using advice I d seen from this website I used malwarebytes to get rid of it This was successful but second time round when the virus attacked again I couldn t use run malwarebytes or rkill neither would open So I downloaded Super Antispyware At the time I thought it was odd that the scan found infected files but nevertheless I sent them to quarantine After the reboot however I m left with an even bigger problem I can t open any programs at all Every time I try to open explorer a message comes up saying quot Choose the program you want to use to open this file quot And I try to select the right program and the same message keeps popping up I m posting this from my PC Thank god not all access to the net and help is lost I hope there is someone out there that can help EDIT Moved from Vista forum to Am I Infected more appropriate forum Hamluis

A:Removed malware now can't open any programs. Help!

to Bleeping Computer. See here for how to regain your file associations: http://www.dougknox.com/xp/file_assoc.htmIf I were you, I would create a new Am I infected? topic to be sure all the malware is gone. 929 infections is a lot.

http://www.bleepingcomputer.com/forums/t/312258/removed-malware-now-cant-open-any-programs-help/
Relevancy 73.1%

I ran malware bytes today and removed about 60 items which included my websearch and some other questionable items like the one below:HKEY_CLASSES_ROOT\msvps.msvpsapp (Trojan.FakeAlert) -> Quarantined and deleted successfully.If needed I can post the entire Malware bytes log - After rebooting the pc to remove all of the items that were found I re-ran the scan and more my web search items appeared.How do I get rid of my web search and the item listed above to make sure that all of the infections are gone?Thanks

A:Removed Malware using Malwarebytes

Hello Use ATF Cleaner:http://www.atribune.org/index.php?option=c...5&Itemid=25 Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button.If you use Firefox browser Click Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser Click Opera at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt.Notes for Windows Vista users:On Windows Vista that "Windows Temp" is disabled, to empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator"-----------------------------------------------------------------------------------------------Run RKill:http://www.technibble.com/rkill-repair-tool-of-the-week/Rkill is a small, freeware and portable tool designed to terminate active malware processes allowing you to use other removal tools. Rkill is made by a Microsoft MVP ?Lawrence Abrams? and is available in 4 different extensions. An .EXE, .COM, .SCR and a .PIF file.The reason why Rkill comes in 4 different versions is because some malware will block .EXE files in an attempt to prevent you from running other malware removal tools, so this gets around that problem.-----------------------------------------------------------------------------------------------How to use Malwarebytes' Anti-Malware to scan and remove malware from your computerPosted by Grinler on February 16, 2010 http://www.bleepingcomputer.com/virus-remo...alware-tutorial-----------------------------------------------------------------------------------------------Please include the results of your Malwarebytes' scan (copy/paste the ENTIRE CONTENTS of the log)in your next reply.

http://www.bleepingcomputer.com/forums/t/298315/removed-malware-using-malwarebytes/
Relevancy 72.24%

Hi I ve trying to clean up my thesis Malwarebytes some removed not and malware avg updating. I've already director s pc but I m not sure I ve succeeded AVG and Malwarebytes stopped updating about two months ago AVG stops at because it can t connect to the server recently he stopped being able to log in yahoo mail so he suspected the computer was infected also I don t know if it s related but on startup it s been showing quot floppy disk fail quot even though as far as I know there s no floppy disk so he ran Kaspersky Security Scan and it detected worm vbs dinihou and Net-Worm Win Kido I followed this instructions for removal of kido and downloaded and ran Kaspersky Pure which I think detected and removed worm vbs dinihou I don t have the logs I later reinstalled and manually updated AVG for which I had to uninstall Kaspersky which detected the following malware after Malwarebytes and avg not updating. I've already removed some malware this I ran Malwarebytes after updating through mbam-rules exe and Kaspersky security scan again and neither found anything I m still unable to update AVG and Malwarebytes so I m afraid the scans are missing something This was three days ago I just scanned the pc with Malwarebytes and DDS these are the logs Malwarebytes Anti-Malware www malwarebytes org Scan Date Scan Time Logfile malwarebytes scan txt Administrator Yes Version Malware Database v Rootkit Database v License Free Malware Protection Disabled Malicious Website Protection Disabled Self-protection Disabled OS Windows XP Service Pack CPU x File System NTFS User XP Scan Type Threat Scan Result Completed Objects Scanned Time Elapsed min sec Memory Enabled Startup Enabled Filesystem Enabled Archives Enabled Rootkits Disabled Heuristics Enabled PUP Warn PUM Enabled Processes No malicious items detected Modules No malicious items detected Registry Keys No malicious items detected Registry Values PUM LowRiskFileTypes HKU S- - - - ED FC -E E- C D-BF - C B CE - SOFTWARE MICROSOFT WINDOWS CURRENTVERSION POLICIES ASSOCIATIONS LowRiskFileTypes zip rar nfo txt exe bat com cmd reg msi htm html gif bmp jpg avi mpg mpeg mov mp m u wav Quarantined cd acd f da f d f a PUM LowRiskFileTypes HKU S- - - - ED FC -E E- C D-BF - C B CE - SOFTWARE MICROSOFT WINDOWS CURRENTVERSION POLICIES ASSOCIATIONS LowRiskFileTypes zip rar nfo txt exe bat com cmd reg msi htm html gif bmp jpg avi mpg mpeg mov mp m u wav Quarantined b e eba cfc bcb b PUM LowRiskFileTypes HKU S- - - - ED FC -E E- C D-BF - C B CE - SOFTWARE MICROSOFT WINDOWS CURRENTVERSION POLICIES ASSOCIATIONS LowRiskFileTypes zip rar nfo txt exe bat com cmd reg msi htm html gif bmp jpg avi mpg mpeg mov mp m u wav Quarantined dba dc acd f efb dd a c PUM LowRiskFileTypes HKU S- - - - - - - - ED FC -E E- C D-BF - C B CE - SOFTWARE MICROSOFT WINDOWS CURRENTVERSION POLICIES ASSOCIATIONS LowRiskFileTypes zip rar nfo txt exe bat com cmd reg msi htm html gif bmp jpg avi mpg mpeg mov mp m u wav Quarantined e f a a f a a c Registry Data No malicious items detected Folders No malicious items detected Files No malicious items detected Physical Sectors No malicious items detected end UNLESS SPECIFICALLY INSTRUCTED DO NOT POST THIS LOG IF REQUESTED ZIP IT UP amp ATTACH IT DDS Ver - - Microsoft Windows XP Professional Boot Device Device HarddiskVolume Install Date System Uptime hours ago Motherboard BIOSTAR Group N PC-M S Processor AMD Athlon tm X Dual Core Processor Socket AM mhz Disk Partitions A is Removable C is FIXED NTFS - GiB total GiB free D is CDROM CDFS Disabled Device Manager Items System Restore Points No restore point in system Installed Programs Actualizaci n de NVIDIA Adobe Flash Player Plugin Adobe Flash Player ActiveX Adobe Reader - Espa ol Adobe Shockwave Player AVG CCleaner Common Desktop Agent Compresor WinRAR DAMN NFO Viewer Setup Google Chrome Google Earth Google Update Helper Java Update Java Auto Updater Java TM Update K-Lite Codec Pack Standard Kaspersky Security Scan Malwarebytes Anti-Malware versi n... Read more

A:Malwarebytes and avg not updating. I've already removed some malware

Welcome aboard
Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

====================================

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
Close all the running programs
Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
Otherwise just double-click on RogueKiller.exe
Pre-scan will start. Let it finish.
Click on SCAN button.
Wait until the Status box shows Scan Finished
Click on Delete.
Wait until the Status box shows Deleting Finished.
Click on Report and copy/paste the content of the Notepad into your next reply.
RKreport.txt could also be found on your desktop.
If more than one log is produced post all logs.
If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Download Malwarebytes Anti-Rootkit to your desktop.

Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
Double click on downloaded file. OK self extracting prompt.
MBAR will start. Click "Next" to continue.
Click in the following screen "Update" to obtain the latest malware definitions.
Once the update is complete select "Next" and click "Scan".
When the scan is finished and no malware has been found select "Exit".
If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
"mbar-log-{date} (xx-xx-xx).txt"
"system-log.txt"
 

http://www.techspot.com/community/topics/malwarebytes-and-avg-not-updating-ive-already-removed-some-malware.206728/
Relevancy 71.38%

Had a bad case of malware and removed it with malwarebytes A couple of days later it must have reinstalled itself overnight I removed it a second time now something must still be here because my internet searches get redirected First time removed Malwarebytes, with stil problems Malware using Hijack This Heres the logLogfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows XP Malware removed with Malwarebytes, stil problems SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes D WINDOWS Malware removed with Malwarebytes, stil problems System smss exeD WINDOWS system winlogon exeD WINDOWS system services exeD WINDOWS system lsass exeD WINDOWS system svchost exeD WINDOWS System svchost exeD WINDOWS system spoolsv exeD PROGRA AVG AVG avgwdsvc exeD Program Files Common Files Portrait Displays Shared DTSRVC exeD PROGRA AVG AVG avgrsx exeD PROGRA AVG AVG avgnsx exeD Program Files LogMeIn x RaMaint exeD Program Files LogMeIn x LogMeIn exeD Program Files LogMeIn x LMIGuardian exeD Program Files Common Files Microsoft Shared VS DEBUG mdm exeD WINDOWS system nvsvc exeD WINDOWS system oodag exed Program Files Common Files Protexis License Service PsiService exeD WINDOWS system SAiDownloader exeD Program Files Common Files SafeNet Sentinel Sentinel Keys Server sntlkeyssrvr exeD Program Files Common Files SafeNet Sentinel Sentinel Protection Server WinNT spnsrvnt exeD WINDOWS system svchost exeD Program Files Viewpoint Common ViewpointService exeD WINDOWS Explorer EXED Program Files Microsoft Office Office GrooveMonitor exeD WINDOWS RTHDCPL EXED Program Files Portrait Displays Pivot Software wpctrl exeD Program Files LogMeIn x LogMeInSystray exeD Program Files LogMeIn x LMIGuardian exeD WINDOWS system RUNDLL EXED WINDOWS system ICO EXED Program Files Portrait Displays Pivot Software floater exeD Program Files Microsoft IntelliPoint ipoint exeD Program Files Google Google Desktop Search GoogleDesktop exeD PROGRA AVG AVG avgtray exeD WINDOWS system ctfmon exeD Program Files Common Files InstallShield UpdateService isuspm exeD Program Files Google Google Desktop Search GoogleDesktop exeD Program Files Dropbox Dropbox exeD Program Files Mozilla Firefox firefox exeD Program Files Corel CorelDRAW Graphics Suite X Programs CorelDRW exeD Program Files FlexiPRINT DX Mutoh Edition v Program App exeD Program Files Digsby lib digsby-app exeD Program Files Malwarebytes' Anti-Malware mbam exeD Program Files FlexiPRINT DX Mutoh Edition v Program App exeD Program Files Digsby lib aspell bin aspell exeD WINDOWS system rundll exeD Program Files Trend Micro HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride localO - BHO WormRadar com IESiteBlocker NavFilter - CA F - F E- B -A E- E E C C - D Program Files AVG AVG avgssie dllO - BHO no name - - F - D - - D F - D Program Files Spybot - Search amp Destroy SDHelper dllO - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - D Program Files Java jre bin ssv dllO - BHO no name - A C C A- F - DF- -F D ABEAC B - D WINDOWS system nnnmmnKD dll file missing O - HKLM Run NvCplDaemon RUNDLL EXE D WINDOWS system NvCpl dll NvStartupO - HKLM Run nwiz nwiz exe installO - HKLM Run GrooveMonitor quot D Program Files M... Read more

A:Malware removed with Malwarebytes, stil problems

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

http://www.bleepingcomputer.com/forums/t/243833/malware-removed-with-malwarebytes-stil-problems/
Relevancy 71.38%

nbsp Attach zip nbsp nbsp KB nbsp nbsp downloads nbsp mbam log zip nbsp nbsp bytes nbsp nbsp downloadsDDS txtDDS Ver - - - NTFSx Run by Dani at on Internet Explorer Microsoft Windows XP Home Edition GMT - AV Avira AntiVir PersonalEdition On-access scanning enabled Updated AV Shaw Secure On-access scanning enabled Updated FW Shaw Secure enabled Running Processes C WINDOWS system svchost -k DcomLaunchsvchost Anti-Malware by not Trojan.BHO Malwarebytes' removed exeC WINDOWS System svchost exe -k netsvcssvchost exesvchost exeC WINDOWS Trojan.BHO not removed by Malwarebytes' Anti-Malware system spoolsv exeC Program Files Avira AntiVir PersonalEdition Classic sched exeC Program Files Avira AntiVir PersonalEdition Classic avguard exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC WINDOWS Explorer EXEC Program Files Bonjour mDNSResponder exeC Program Files Shaw Secure Anti-Virus fsgk st exeC Program Files Shaw Secure Common FSMA EXEC Program Files Shaw Secure Anti-Virus FSGK EXEC Program Files Common Files InterVideo RegMgr iviRegMgr exeC Program Files Shaw Secure Common FSMB EXEC Program Files Java jre bin jqs exeC Program Files Shaw Secure Common FCH EXEC WINDOWS system LxrJD s exeC Program Files McAfee SiteAdvisor McSACore exeC WINDOWS system svchost exe -k imgsvcC Program Files Shaw Secure Common FAMEH EXEC Program Files Shaw Secure Anti-Virus fsqh exeC Program Files Common Files Pure Networks Shared Platform nmsrvc exeC WINDOWS system igfxtray exeC Acer Empowering Technology eRecovery eRAgent exeC WINDOWS system igfxpers exeC WINDOWS RTHDCPL EXEC WINDOWS system igfxsrvc exeC Program Files Shaw Secure FSAUA program fsaua exeC Program Files Synaptics SynTP SynTPEnh exeC Program Files Shaw Secure FWES Program fsdfwd exeC Program Files Shaw Secure Anti-Virus fssm exeC PROGRA LAUNCH QtZgAcer EXEC Program Files Shaw Secure Common FSM EXEC Program Files Common Files Pure Networks Shared Platform nmctxth exeC Program Files Pure Networks Network Magic nmapp exeC Program Files Java jre bin jusched exeC WINDOWS System svchost exe -k HTTPFilterC Program Files Shaw Secure FSGUI fsguidll exeC DOCUME Dani LOCALS Temp RtkBtMnt exeC Program Files Shaw Secure FSAUA program fsus exeC WINDOWS system igfxext exeC Program Files Avira AntiVir PersonalEdition Classic avgnt exeC Program Files iTunes iTunesHelper exeC WINDOWS system ctfmon exeC Program Files Messenger msmsgs exeC Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exeC Program Files InterVideo Common Bin WinCinemaMgr exeC Program Files iPod bin iPodService exeC Program Files Shaw Secure Anti-Virus fsav exeC Program Files Internet Explorer iexplore exeC Documents and Settings Dani Desktop dds scr Pseudo HJT Report uStart Page hxxp www google ca ig hl en amp source iglkuSearch Bar hxxp www google com ieuSearchMigratedDefaultURL hxxp www google com search q searchTerms amp sourceid ie amp rls com microsoft en-US amp ie utf amp oe utf uInternet Settings ProxyOverride localuSearchURL Default hxxp www google com search q sBHO D -C F - efb- B - ECA - No FileBHO NoExplorer - No FileBHO Adobe PDF Reader Link Helper e f-c d - d -b d- b d be b - c program files common files adobe acrobat activex AcroIEHelper dllBHO Java Plug-In SSV Helper bb-d f - c-b eb-d daf d d - c program files java jre bin ssv dllBHO Google Toolbar Helper aa ed - dd- d - -cf f - c program files google google toolbar GoogleToolbar dllBHO Google Toolbar Notifier BHO af de - d - -b fa-ce b ad d - c program files google googletoolbarnotifier swg dllBHO McAfee SiteAdvisor BHO b e -a b - a -b - cd e a ff - c progra mcafee sitead mcieplg dllBHO Java Plug-In SSV Helper dbc -a - b-bc - c c c a - c program files java jre bin jp ssv dllBHO JQSIEStartDetectorImpl Class e e f - ce- c -bc -eabfe f c - c program files java jre lib deploy jqs ie jqs plugin dllTB amp Google Toolbar c b - - d - b - a cd f - c program files google google toolbar GoogleToolbar dllTB McAfee SiteAdvisor... Read more

A:Trojan.BHO not removed by Malwarebytes' Anti-Malware

Hello dthans,Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.Please do this:1. Download HijackThis? here:http://www.trendsecure.com/portal/en-US/th.../hijackthis.php2. Click 'Do a System Scan and Save log'.The HJT log will open in notepad.Thanks,tea

http://www.bleepingcomputer.com/forums/t/204833/trojanbho-not-removed-by-malwarebytes-anti-malware/
Relevancy 70.95%

I already did some work to clear an infection on my desktop, linked here: http://www.bleepingcomputer.com/forums/topic409833.html. DDS attached, can't run GMER due to 64 bit Windows 7.

Current situation is that google searches are redirected to random search sites. Entering the address directly works fine. I also had a problem where all my files were 'hidden' by the malware, which I manually undid and also removed malware (detail logs in the link above) from the computer. Some other internet functions seem to be buggy as well, for example trying to connect to Team Fortress 2 games the server details comes up as 'cannot connect' even though the game connections work just fine. Unsure what to do next to try to finish cleaning off any issues created on the computer. Much thanks for any help.

A:Removed some malware with MalwareBytes still getting Google search redirects

Well, its been about a week, so just drawing some attention on this one...===========Hello While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our MRT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with your issue and attempt to fix it.We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the MRT Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.Please be patient. It may take a few more days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.Thank you for understanding.Orange Blossom ~ forum moderator

http://www.bleepingcomputer.com/forums/t/411611/removed-some-malware-with-malwarebytes-still-getting-google-search-redirects/
Relevancy 70.95%

I started noticing a lot of malware on my computer so I downloaded and ran Malwarebytes to remove the infection. After that, I lost the ability to connect online all of my programs. Microsoft edge works every once in a while. I'd really appreciate someone's help. Thank you.
 

https://malwaretips.com/threads/cannot-connect-to-internet-after-malwarebytes-scanned-and-removed-malware.54188/
Relevancy 69.23%

A few days ago my laptop was severely infected with a type of malware that identified itself as Malware Doctor. Upon booting up, my laptop would instantly BSOD after a few minutes. I had to boot into safe mode in order to remove Malware Doctor. It seemed to me that I had gotten rid of it completely but now my laptop always has random alerts of viruses within the System32 folder of Windows. They only show up from AVG's resident shield and are not detected when I actually run a scan of the System32 folder. Also, whenever I run Malwarebytes' Anti-Malware, it comes up with a malware named AGProtect that gets removed but then reappears on reboot only when my internet connection is enabled. It seems that although I've gotten rid of Malware Doctor, it left a ton of other problems... Any help on this issue of reappearing malware is appreciated.

A:Laptop infected with Malware Doctor, Removed with Malwarebytes but getting random alerts from AVG

Turn off System Restore,

Open the Control panel
Double click the System icon
Click on the System Restore tab
Turn off System restore

Restart in Safe Mode.
Do a malware scan & remove all it finds.
If you get a message that says you need to restart for somethings to be remomed do so & let it fully restart on it's own.

When that is done do a full scan with AVG & have it set to automatically fix & remove viruses,

>When that is done restart the unit & try it.

If it seems top be OK turn System Restore back on.

http://www.bleepingcomputer.com/forums/t/232720/laptop-infected-with-malware-doctor-removed-with-malwarebytes-but-getting-random-alerts-from-avg/
Relevancy 67.08%

05-02-11

After running Rkill and scanning with Malwarbytes (found and removed 5 issues), MS Office programs will not open from desktop icons. Kaspersky also will not open but, when clicked, a box appears asking with which program it should opened. On some other machines I have been able to System Restore, but this machine will not restore. Have also used http://www.dougknox..../file_assoc.htm to get programs to work but it did not work here. Dell Latitude D531 is the computer in question.

A:Programs will not open after Malwarebytes Scan

Hello,Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Orange Blossom

http://www.bleepingcomputer.com/forums/t/395044/programs-will-not-open-after-malwarebytes-scan/
Relevancy 67.08%

Noticed this was the quot more quot correct forum I m at a real loss here I m typing form my roommates laptop but I ll give you a rundown of what it going on Any help will be greatly appreciated I have a page paper due on Monday ha Okay i Can't etc) open (IE, Malwarebytes, programs any Adaware, was streaming youtube and the laptop was running just fine then all the applications closed and the computer restarted It booted back up after a significantly longer time and immediately tried to open malwarebytes However now no applications of any kind will open Not even IE So I have no idea what to do I booted into safe mode and am having the same problem I ve been watching the task manager but only processes are running All of which seem normal except for maybe CTFmon exe don t know why that would be running of all things I m in desperate need of help so thank you for any advice you may have Max EDIT Guess I should also describe what is going on When you try to open an application it appears in the task manager and the spinning circle appears next to my pointer but nothing happens and the exe disappears from task manager

http://www.bleepingcomputer.com/forums/t/358792/cant-open-any-programs-ie-malwarebytes-adaware-etc/
Relevancy 67.08%

So I can't open malwarebytes and it won't let me open some programs. I tried renaming mbam.exe, also tried opening it in safe mode, both not working. Also in IE and Firefox (not in Opera) google links will get redirected. It's really irritating me so help me please!!

A:Malwarebytes keeps closing on me. Can't open some programs help!

Hello let's try Fatdcuk's fix.Please navigate to the MBAM folder located in the Program Files directory.Locate MBAM.exe and rename it to winlogon.exeOnce renamed double click on the file to open MBAM and select Quick ScanAt the end of the scan click Remove Selected and then reboot.Post the scan log. The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.We Need to check for Rootkits with RootRepealDownload RootRepeal from the following location and save it to your desktop.Direct Download (Recommended)Primary MirrorSecondary MirrorSecondary MirrorSecondary MirrorZip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)
Primary MirrorSecondary MirrorSecondary MirrorRar Mirrors - Only if you know what a RAR is and can extract it.
Primary MirrorSecondary MirrorSecondary MirrorExtract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).Open on your desktop.Click the tab.Click the button.Check ONLY the Files box: Push OkCheck the box for your main system drive (Usually C:), and press Ok.Allow RootRepeal to run a scan of your system. This may take some time.Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

http://www.bleepingcomputer.com/forums/t/255836/malwarebytes-keeps-closing-on-me-cant-open-some-programs-help/
Relevancy 66.22%

just was infected with a anti vrius viair or somthing . finaally got rid of with adware only program that i could get open now i cant even get on line im getting message choose the program you want to open this file . i now get same message for every program any suggestions to get back to working computer system restore will also get the message
 

Relevancy 66.22%

Hello I've of Microsoft or 8.1] [Windows open can't even programs, I most Malwarebytes my been Internet surfing for a few hours today until I was alerted by my computer about my [Windows 8.1] I can't open most of my Microsoft programs, or even Malwarebytes disk space getting low I decided to go clean up some space in the Control Panel until I'm given this The instruction at x FFFA C referenced memory at x ABDCD The required data was not placed into memory because of an I O error status of xc f Click on OK to terminate the program I get the same errors from Search bar in the Start Menu This PC From what I had tested so far I crash on PC settings with zero error messages about it It's still on my task bar but opening it leads to the gear before it crashes to desktop Similar to Skyrim for an example but the program itself is still on I found out that I can sneak into the This PC area through other folders but the C drive says it's bytes out of GB I ended up cleaning it out so I have GB open but I'm still unable to get into anything -- So a hero should be Malwarebytes no The moment I open it it claims that I have never done a scan on it before when I had about two months ago The moment I click SCAN NOW an error pops up saying Malwarebytes Anti-Malware has stopped working A program caused the program to stop working correctly Windows will close the program and notify you if there is a solution available I tried running it in Safe Mode to no avail and Chameleon ended up wasting my time when all of the options never worked both in the current mode and Safe Mode -- I should probably point out this is the second time this thing had happened to me and after a lot of time and hair-pulling I managed to fix it I forgot how I did it before I know I had to redownload Malwarebytes in spite not being able to uninstall it but this time I keep getting errors about the disk being full memory getting full Not only can't I download anything but the whole error thing has affected Skype too Let's say my computer could use some disk space with all the file hoarding I've been doing The first time did not have any disk space problems where it lead to bytes out of GB whatsoever i know I've been recommended to try a system restore or even clean out my computer entirely Except I can't open the programs to do it now That's the only difference in the second try I can't use the search tool or open up the PC settings app I can't even open photos due to a disk memory error according to Windows Photo Viewer Restarting the computer doesn't help With the whole mess I notice that my Internet computer is slower than usual I hope this helps but I can provide more information if needed

A:[Windows 8.1] I can't open most of my Microsoft programs, or even Malwarebytes

Can you go rightlick on the harddrive in my computer->properties->tools->disk check? (not sure if its the exact name, I dont run english windows, the procedure is called CHKDSK scan)
This can check if its a hardware issue instead of a software one caused by viruses.
 
Try downloading RKill from bleeping computers page and running it. If it kills something, try going with normal antiviruses.

http://www.bleepingcomputer.com/forums/t/576602/windows-81-i-cant-open-most-of-my-microsoft-programs-or-even-malwarebytes/
Relevancy 65.36%

Hello I ve been working on cleaning up the computer of a friend s daughter She clicked on one of those ads saying something was absolutely free and ended up installing bearshare and a bunch of other unwanted applications I ve been going through and removing the programs she didn t intentionally install Malwarebytes and Microsoft Security Essentials are now coming back clean but I wanted to double check and programs other Removed BearShare malware and make sure that I haven t missed anything The OS is Windows Starter PC Removed BearShare and other malware programs is a Netbook Thanks in advance for your time DDS DDS Ver - - - NTFS x Internet Explorer Run by samantha at on - - Microsoft Windows Starter GMT - Removed BearShare and other malware programs AV Microsoft Security Essentials Disabled Updated DAC -C - B -BB - DA SP Microsoft Security Essentials Disabled Updated ABEC DA -E C- F - B -AA E D BDD SP Windows Defender Disabled Outdated D DDC A- F- fae- E -DA C ACF Running Processes C Windows system wininit exe C Windows system lsm exe c Program Files Microsoft Security Client Antimalware MsMpEng exe C Windows System spoolsv exe C Program Files Common Files Apple Mobile Device Support AppleMobileDeviceService exe C Program Files Bonjour mDNSResponder exe C Program Files Launch Manager dsiwmis exe C Program Files Acer Acer ePower Management ePowerSvc exe C Program Files Launch Manager LMutilps exe C Program Files Acer Registration GREGsvc exe C Program Files Realtek Realtek PCIE Card Reader RIconMan exe C Program Files Acer Acer Updater UpdaterService exe C Program Files Symantec Norton Online Backup NOBuAgent exe C Program Files Acer Acer VCM Removed BearShare and other malware programs RS Service exe C Program Files Microsoft BingBar SeaPort EXE C Program Files Common Files Microsoft Shared Windows Live WLIDSVC EXE C Program Files Yahoo SoftwareUpdate YahooAUService exe C Program Files Common Files Microsoft Shared Windows Live WLIDSvcM exe C Windows system taskhost exe C Windows system Dwm exe C Windows Explorer EXE C Program Files Intel Intel reg Rapid Storage Technology IAStorIcon exe C Program Files Realtek Audio HDA RtHDVCpl exe C Program Files EgisTec MyWinLockerSuite x SuiteTray exe C Program Files EgisTec IPS PmmUpdate exe C Windows System igfxtray exe C Windows System hkcmd exe C Windows System igfxpers exe C Windows system igfxsrvc exe C Program Files Launch Manager LManager exe C Program Files Synaptics SynTP SynTPEnh exe C Program Files Acer Acer ePower Management ePowerTray exe C Program Files Driver-Soft DriverGenius StarterW i exe C Program Files Driver-Soft DriverGenius TaskTray exe C Program Files Microsoft Security Client msseces exe C Program Files Acer Acer VCM AcerVCM exe C Program Files Synaptics SynTP SynTPHelper exe C Windows system igfxext exe C Program Files Launch Manager LMworker exe C Windows system wbem unsecapp exe C Windows system wbem wmiprvse exe C Program Files Acer Acer ePower Management ePowerEvent exe C Program Files EgisTec IPS EgisUpdate exe C Windows system SearchIndexer exe C Program Files Intel Intel reg Rapid Storage Technology IAStorDataMgrSvc exe C Windows system conhost exe C Windows system wbem wmiprvse exe C Windows system svchost exe -k DcomLaunch C Windows system svchost exe -k RPCSS C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k netsvcs C Windows system svchost exe -k LocalService C Windows system svchost exe -k NetworkService C Windows system svchost exe -k LocalServiceNoNetwork C Windows system svchost exe -k imgsvc C Windows system svchost exe -k NetworkServiceNetworkRestricted C Windows system svchost exe -k LocalServiceAndNoImpersonation Pseudo HJT Report uStart Page hxxp www yahoo com uDefault Page URL hxxp acer msn com mStart Page hxxp acer msn com mDefault Page URL hxxp acer msn com uURLSearchHooks d-c d - d -bd -b b a - lt orphaned gt BHO amp Yahoo Toolbar Hel... Read more

A:Removed BearShare and other malware programs

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:

msconfig
safebootminimal
activex
drivers32
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
wininit.exe
hlp.dat
/md5stopPush the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt<--Will be minimizedIn the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.regards myrti

http://www.bleepingcomputer.com/forums/t/410446/removed-bearshare-and-other-malware-programs/
Relevancy 64.93%

I was notified by my antivirus that I had acquired a malware of some sort, and it gave the option to quarantine the file, which I did. I was then told to restart, which I also did.
Since restarting, nothing on my desktop opens, it just asks which program I want to open it in, but then doesn't work. I managed to open my antivirus by right-clicking and selecting 'start', and then removed the malware, but nothing opens. Some programs, like Internet explorer, open when I right-click and select 'start' but most do not.

What can I do to get my computer running normally again?

Apologies if this is in the wrong category, but I thhought it was appropriate as I don't know if the malware has actually been removed.
 

Relevancy 64.93%

I had the Anti-Malware Doctor virus and could not download Anti-Malware open now and can't IE? Malwarebytes Ran and anti virus programs because it was blocking them from being downloaded I tried changing the name and downloading it from another computer using a thumb drive but each time it tried to install Ran Malwarebytes Anti-Malware and now can't open IE? it was denied access by the virus I finally installed Avast and it somehow was able to download and Run I did a scan and removed over threats After this I was finally able to get the Malwarebytes Anti-Malware program loaded Before running this however I ran the rkill scan plus a TDSSKiller scan After all of this I finally ran a complete Malwarebytes Anti-Malware scan in safe Mode Then I ran it again in regular mode This seemed to remove the virus but now I cannot use Internet Explorer Its tells me that quot IE cannot display the webpage quot I think it must have removed one of the vital registry keys in IE or something Please Advise

A:Ran Malwarebytes Anti-Malware and now can't open IE?

Some forms of malware will enable a proxy server, and here are Microsoft's instructions for editing the settings in Internet Explorer. You want to make sure the Use a proxy server for your LAN box is unchecked.

http://www.bleepingcomputer.com/forums/t/408924/ran-malwarebytes-anti-malware-and-now-cant-open-ie/
Relevancy 64.93%

I removed The guard online virus from my machine but whatever process that it installed to block my security programs still remains. I am running XP sp3 32 bit and have tried to install or run avast, windows defender, Microsoft security essentials and malwarebytes. I can get malware bytes to run in safe mode but I can't run install, remove or anything else with the other programs.

Any ideas.

JT
Ps this is a great website and I can't wait to use what I've learned here on my other machines.

A:Ransom ware removed but can't open any security programs.

OK,
I solved the problem myself, or at least with the help of a lot of other posts and some common sense.

I rebooted in safe mode and ran rkill and combofix again. After that I was able to uninstall Avast completely via the control panel. Then I downloaded Avast and brought the computer back up in regular mode, when it let me reinstall Avast I knew that I was finally free of Guard Online.

This latest version of guard online is particularly nasty and it took a lot of work, probably eight hours worth to get it off the machine. In the end I had to manually disable it by pulling a few things out of the registry. Then run rkill,rkproxy, FixNCR, and malwarebytes to get my machine cleaned off.

JT

http://www.bleepingcomputer.com/forums/t/422644/ransom-ware-removed-but-cant-open-any-security-programs/
Relevancy 64.93%

Thanks for looking at this csrss related Malwarebytes possibly other won't open, programs install, to won't Running XP on a computer that is used as a checkout in my shop It seemed slower than it should Malwarebytes won't open, other programs won't install, possibly related to csrss the other day and with my limited knowledge Malwarebytes won't open, other programs won't install, possibly related to csrss I found a csrss exe file actually of them in Application Malwarebytes won't open, other programs won't install, possibly related to csrss Data folder of All Users in Documents and Settings One of the files was bytes the other I cannot remember I deleted both after a little research and went to run Malwarebytes which won't open I've uninstalled it and tried again I only receive the following message mbam exe - Application Error The application failed to initialize properly xc d Click on OK to terminate the application And it won't run I then downloaded SUPERAntiSpyware Free Edition But double clicking the installer does nothing I see nothing load or attempt to load No error message I have managed to get Spybot S amp D to run But it doesn't seem to find anything worth cleaning As per your guide I have run FRST and I'll attach the logs Any help would be appreciated Many thanks Scan result of Farbar Recovery Scan Tool FRST x Version - - Ran by POS administrator on POS - - Running from C Documents and Settings POS Desktop Loaded Profiles POS Available Profiles POS amp Administrator Platform Microsoft Windows XP Professional Service Pack X Language English United States Internet Explorer Version Default browser IE Boot Mode Normal Tutorial for Farbar Recovery Scan Tool http www geekstogo com forum topic -frst-tutorial-how-to-use-farbar-recovery-scan-tool Processes Whitelisted If an entry is included in the fixlist the process will be closed The file will not be moved C Program Files Unlocker UnlockerAssistant exe S Graphics Inc C WINDOWS system S hotkey exe S Graphics Inc C WINDOWS system VTTimer exe Symantec Corporation C Program Files Symantec Norton Ghost GhostStartTrayApp exe Fujitsu Component Ltd C FIDTSERV Fidtserv exe Safer-Networking Ltd C Program Files Spybot - Search amp Destroy SDTray exe Fujitsu Component Ltd C FIDTSERV RButton exe National POS System C Program Files NatPOS OnlineManagerAgent NatPOS Term OnlineManagerClient exe Symantec Corporation C Program Files Symantec pcAnywhere awhost exe PC-EFTPOS Pty Ltd C PC EFT EftClnt exe PC-EFTPOS C PC EFT emsclt exe Firebird Project C Program Files Firebird Firebird bin fbguard exe Symantec Corporation C Program Files Symantec Norton Ghost GhostStartService exe PC-EFTPOS Pty Ltd C PC EFT Eftsrv exe Safer-Networking Ltd C Program Files Spybot - Search amp Destroy SDFSSvc exe Safer-Networking Ltd C Program Files Spybot - Search amp Destroy SDUpdSvc exe RealVNC Ltd C Program Files RealVNC VNC vncserver exe Firebird Project C Program Files Firebird Firebird bin fbserver exe Microsoft Corporation C WINDOWS system wscntfy exe RealVNC Ltd C Program Files RealVNC VNC vncagent exe RealVNC Ltd C Program Files RealVNC VNC vncserverui exe Registry Whitelisted If an entry is included in the fixlist the registry item will be restored to default or removed The file will not be moved HKLM Run UnlockerAssistant gt C Program Files Unlocker UnlockerAssistant exe - - HKLM Run S hotkey gt C WINDOWS system S hotkey exe - - S Graphics Inc HKLM Run VTTimer gt C WINDOWS system VTTimer exe - - S Graphics Inc HKLM Run GhostStartTrayApp gt C Program Files Symantec Norton Ghost GhostStartTrayApp exe - - Symantec Corporation HKLM Run Fidtserv gt C FIDTSERV Fidtserv exe - - Fujitsu Component Ltd HKLM Run SDTray gt C Program Files Spybot - Search amp Destroy SDTray exe - - Safer-Networking Ltd Winlogon Notify PCANotify C WINDOWS system PCANotify dll - - Symantec Corporation Winlogon Notify SDWinLogon SDWinLogon dll X HKU S- - - - - - - Run SpybotPostWindows UpgradeReInstall... Read more

A:Malwarebytes won't open, other programs won't install, possibly related to csrss

Hello Causley and Welcome to the BleepingComputer.   
 My name is Yılmaz and I'll help you with the cleanup of malware from your computer.
Before we move on, please read the following points carefully.
Please complete all steps in the specified order.
Even if tools don't find malware, I want you to post the logfiles anyway.
Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
Don't install or uninstall software during the cleanup unless you are told to do so.
Ensure your external and/or USB drives are inserted during always the scan.
If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
Please reply to this thread. Do not start a new topic
As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
Please open as administrator  the computer. How is open as administrator  the computer?
Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here
Thanks
   
I am currently reviewing your log.I will be back with a fix for your problem as soon as possible.Please be patient with me during this time.
 
Sincerely

http://www.bleepingcomputer.com/forums/t/603423/malwarebytes-wont-open-other-programs-wont-install-possibly-related-to-csrss/
Relevancy 64.5%

new computer, just installed the usual programs but somehow all my browsers are hijacked. No software has removed it yet. Thanks
 

A:terraclicks, biz-tech malware that is not removed by several programs.

Hello,
You're missing FRST.txt report?

Is this company/business computer?
 

https://malwaretips.com/threads/terraclicks-biz-tech-malware-that-is-not-removed-by-several-programs.63684/
Relevancy 64.07%

Hi Guys I have serious problem and windows Removed and Malware can't open need help desperatley I m working Removed Malware and can't open windows on a computer running Windows Home It was infected with a ton of spyware trojans viruses you name it I was able to remove all of it It would always boot up sucessfully It had no passwords installed on the admistrator account or the one user account I was just finishing installing Norton anti virus and Pest Patrol when I logged off the administrator account and switched to the user acct I shut down after that and rebooted to do a final virus scan but a very strange thing happened Windows loaded as usuall and the windows is starting up screen came up as always Next the Welcome screen appeared normally went blank for a few seconds then came back Removed Malware and can't open windows Now the user name screen with the default chess logo appeared Still without a password as it should I clicked the logo and it Removed Malware and can't open windows said quot loading your personal settings quot and after a few seconds that changed to quot logging off quot Then it went looped back to the user name screen and the default chess logo No matter how many times I clicked the user logo it always loops back I tried booting to safe mode and it gets to the user account page and now there is two accounts administrator and user both of which do the same looping back to the login screen Does anyone have any ideas I m sure it has to do with some kind of virus It will run as a slave drive on another machine and all the files are accesssible but not the registry I was so close to having it finished I hate to give up TOMCAT nbsp

A:Removed Malware and can't open windows

Is the system you are using to slave this drive XP as well?

It sounds as if there may be a problem with an entry in:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
If the registry is compatible with the other system, then you can use a method called load hive and look at any other registry hive and actually repair it while loaded.

I can help you to do that if you post back the details of the current host Operating system.
 

https://forums.techguy.org/threads/removed-malware-and-cant-open-windows.685256/
Relevancy 64.07%

I was infected with the conduit virus on August 19th, after removing it I thought I was fine. I came home from work today to do my weekly scans and Rkill picked up "packagedaware" and I promptly scanned with MalwareBytes, HitmanPro, and ADWcleaner. Logs now show I have programs missing. Any idea on how to restore the lost items? Thanks!
 
Edit: I cannot post the DDS as I have Windows 8.1. 

A:Infected with malware, Rkill log shows programs removed?

Hi there,my name is Marius and I will assist you with your malware related problems.Before we move on, please read the following points carefully. First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding. Perform everything in the correct order. Sometimes one step requires the previous one. If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem. Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me. Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts. If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed. Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean. My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.    System File CheckFor Windows XP: Press the Windows- and the R-key simultanously. Within the text box that jus opened, write cmd and hit Enter.For Windows Vista/7: Press the Windows key to open the start menu. Don´t highlight anything, just write cmd. The start menu will offer you an entry named cmd. Right click it and select "run as administrator"Within the opening window, write the following:sfc /scannow(See the blank within). Hit enter. Your system will be checked for damaged system files. Tell me the result of that scan in here (as the tool produces no log).

http://www.bleepingcomputer.com/forums/t/511607/infected-with-malware-rkill-log-shows-programs-removed/
Relevancy 63.64%

I am having trouble opening thunderbird and firefox I recently removed some malware form removed Help! recently Malware firefox. Can't open my computer using Malwarebytes I am attatching the log from the day that I deleted it The thunderbird process and firefox process run in the task manager but no window opens no matter how long you wait or how many times you click the icon Malwarebytes Anti-Malware www malwarebytes org Database version Windows Service Pack Internet Explorer PM mbam-log- - - - - txt Scan type Full scan C D E G H I J L Objects scanned Time elapsed hour s minute s second s Memory Processes Infected Memory Modules Infected Registry Keys Infected Registry Values Help! Can't open firefox. Malware recently removed Infected Registry Data Items Infected Folders Infected Files Infected Memory Processes Infected No malicious items detected Memory Modules Infected No malicious items detected Registry Keys Infected HKEY CURRENT USER SOFTWARE wnxmal Rogue SecuritySuite - gt Quarantined and deleted successfully Registry Values Infected HKEY CURRENT USER Software Microsoft Windows CurrentVersion Internet Settings ProxyServer PUM Bad Proxy - gt Value ProxyServer - gt Quarantined and deleted successfully HKEY LOCAL MACHINE SOFTWARE Microsoft Windows CurrentVersion Explorer Associations bak Application Hijacker Application - gt Value bak Application - gt Quarantined and deleted successfully Registry Data Items Help! Can't open firefox. Malware recently removed Infected HKEY LOCAL MACHINE SOFTWARE Microsoft Windows CurrentVersion Explorer Associations Application Hijacker Application Help! Can't open firefox. Malware recently removed - gt Bad hxxp www helpmeopen com n app amp ext s Good hxxp shell windows com fileassoc x xml redir asp Ext s - gt Quarantined and deleted successfully Folders Infected No malicious items detected Files Infected No malicious items detected DDS Ver - - - NTFSx Internet Explorer BrowserJavaVersion Run by jvfurr at on - - Microsoft Windows Vista Ultimate GMT - AV McAfee Anti-Virus and Anti-Spyware Enabled Updated - - EA -ABB - B EB SP Windows Defender Disabled Updated D DDC A- F- fae- E -DA C ACF SP McAfee Anti-Virus and Anti-Spyware Enabled Updated D B - E- - - C A FW McAfee Firewall Enabled BE ED - A B- FFF- EC-B C Running Processes C Windows system wininit exe C Windows system lsm exe C Windows system svchost exe -k DcomLaunch C Windows system nvvsvc exe C Windows system svchost exe -k rpcss C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k netsvcs C Windows system svchost exe -k GPSvcGroup C Windows system SLsvc exe C Windows system svchost exe -k LocalService C Windows system svchost exe -k NetworkService C Windows system nvvsvc exe C Windows system WLANExt exe C Windows System spoolsv exe C Windows system svchost exe -k LocalServiceNoNetwork C Windows system aestsrv exe C Program Files Common Files Apple Mobile Device Support AppleMobileDeviceService exe C Program Files Bonjour mDNSResponder exe C Windows system svchost exe -k bthsvcs C Program Files Carbonite Carbonite Backup carboniteservice exe C Program Files Common Files Creative Labs Shared Service CreativeLicensing exe C Windows system CTsvcCDA exe C Windows system dlcxcoms exe C Program Files Intel Wireless Bin EvtEng exe C Program Files Seagate SeagateManager Sync FreeAgentService exe C Windows system svchost exe -k hpdevmgmt C Program Files Common Files Mcafee McSvcHost McSvHost exe C Program Files Common Files Microsoft Shared VS DEBUG mdm exe C Program Files Common Files Livescribe PenComm PenCommService exe C Windows system svchost exe -k NetworkServiceNetworkRestricted C Program Files Intel Wireless Bin RegSrvc exe C Program Files Microsoft Search Enhancement Pack SeaPort SeaPort exe C Windows system STacSV exe C Windows system rundll exe C Windows system svchost exe -k imgsvc C Program Files ... Read more

A:Help! Can't open firefox. Malware recently removed

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/418756 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
Please do this even if you have previously posted logs for us.If you were unable to produce the logs originally please try once more.If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system. If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available. Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.Thank you for your patience, and again sorry for the delay.*************************************************** We need to see some information about what is happening in your machine. Please perform the following scan again: Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.DDS.scr DDS.pifDouble click on the DDS icon, allow it to run. A small box will open, with an explanation about the tool. No input is needed, the scan is running. Notepad will open with the results. Follow the instructions that pop up for posting the results. Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE We also need a new log from the GMER anti-rootkit Scanner. Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step. Please first disable any CD emulation programs using the steps found in this topic: Why we request you disable CD Emulation when receiving Malware Removal Advice Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here: How to create a GME... Read more

http://www.bleepingcomputer.com/forums/t/418756/help-cant-open-firefox-malware-recently-removed/
Relevancy 63.64%

I need some help fixing this problem. I am unable to open Hijackthis and Malwarebytes to help solve the problem. It says I do not have sufficient privileges to access the program. What should I do?!
 

A:Hijackthis and Malwarebytes wont open suspected malware

Ok I finally got HIjack this and Malwarebytes to work and hopefully cleaned the problem up. I can not get COMBOFIX to run it comes up with many errors and my comodo antivirus says there are many files infected when I try to run it. I am going to post the Hijackthis log and I would appreciate it very much if someone would take a look and let me know if everything is working as it should. Thank you.
 

https://forums.techguy.org/threads/hijackthis-and-malwarebytes-wont-open-suspected-malware.864934/
Relevancy 63.64%

I got the Security Tool virus, and following the steps on this link:http://www.bleepingcomputer.com/virus-remo...e-security-toolI'm on step twelve, and when I click on the Malwarebytes' Anti Malware program I just installed, nothing happens. (I'm in Safe Mode right now, so there is no Security Tool).Why won't it open? The pointer just turns into an hourglass for a split second, then nothing happens...If I run the computer in normal mode, Security Tool won't let me open Rkill, which won't let me get passed step 5.???I have no clue what to do? I'm double clicking on the red "M" icon that read "mbam", but nothing happens :/

A:Getting rid of Security Tool, how to open Malwarebytes' Anti Malware?

Hello, Savica.My name is aommaster and I will be helping you with your log.I apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.If you have since resolved the original problem you were having, I would appreciate you letting us know. If not please perform the following below so I can have a look at the current condition of your machine.ThanksShould you still require assistance, please take note of the points below:Please track this topic by either adding it to your favourites or clicking the Options button at the top of this thread and then Track this topic.Please disable word-wrap before posting logs. This can be done by clicking Format and un-ticking the word-wrap feature in notepad. The logs that you post should be copied and pasted directly into the reply. Only attach them if requested or if they do not fit into the post.If you do not reply within 5 days, I will have to close your topic. Should you not be able to meet this, please notify me so that I will leave the topic open.Please do not install, update, or run any programs for the duration of the fix.If you do not understand the instructions I provide, please don't hesitate to ask. That's what I'm here for Please continue to reply to this topic until I give you the all clean. Just because there are no symptoms of infection doesn't mean that the computer is clean.If you are running Vista, please run all the fixes as an administrator. This is done by right-clicking the program and clicking "Run as Administrator".Please do the following so I can take a look at the current state of your system.We need to run DefoggerPlease download DeFogger to your desktop.Double click DeFogger to run the tool. The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appear Click OK DeFogger will now ask to reboot the machine - click OKNote: If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.Do not re-enable these drivers until the end of the fix.We need to run RSITDownload random's system information tool (RSIT) by random/random and save it to your desktop.Double click on RSIT.exe.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)NEXT:We need to run an Anti-Rootkit (ARK) scanDownload GMER and save to your desktop. Note that the file will be randomly named to prevent active malware from stopping the download.Close all other open programs as there is a slight chance your computer will crash.Double click the GMER program. Your security programs may detect GMER's driver trying to load. Allow it.You may see a warning saying "GMER has detected rootkit activity". If so, select NO.Make sure all options are checked except:IAT/EATDrives/Partition other than Systemdrive, which is typically C:\Show All (This is important, so do not miss it.)Note: If GMER crashes or hangs, please retry running a scan. Only this time, in addition to the options mentioned above, uncheck Devices as well.When the scan is complete, click Save and save the log onto your desktop.If GMER crashes, hangs or blue-screens, do the followingPlease Download Rootkit Unhooker Save it to your desktop.Now double-click on RKUnhookerLE.exe to run it.Click the Report tab, then click Scan.Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.Wait till the scanner has finished and then click File, Save Report.Save the report somewhere where you can find it. Click Close.Copy the entire contents of the report and paste it in a reply here.Note:You may get this warning. If so, please ignore it."Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?"In your next reply, ... Read more

http://www.bleepingcomputer.com/forums/t/336235/getting-rid-of-security-tool-how-to-open-malwarebytes-anti-malware/
Relevancy 62.78%

Hi All.
I have an XP Home SP3 machine that was infected with one of the Bogus AV products.
It hid all my icons on the desktop, all docs etc.
I've given it a thorough clean as per the posts here, and have everything back to normal APART from one thing.

When opening any folders that where in Start/ All Programs before the infection, they simply say they are empty.

Any folders created since the clean up appear as normal.

I have googled the problem, and no fixes I have found, have worked.

Thanks in advance

A:Folders inside "Start/ All Programs" mark as empty, after malware is removed??

Hello.Thanks to Broni for the below.To manually recreate "All Programs" entries, follow these steps...Download App PathsDouble click on AppPaths.exe to run the program.Keep the program open.In this example I'll recreate an entry for Avast antivirus program.Go Start>All Programs.Right click on Avast entry, click "Properties".NOTE. Make sure, you right click on Avast program, NOT on Avast folder.You'll see this window:Due to the damage caused by the infection, you'll find "Target" box empty.Go back to AppPaths window and find Avast entry.Right click on Avast line, click "Edit".A pop-up window will open:Highlight everything in "Path" box, right click on it, click "Copy"Go back to Avast "Properties" window, right click inside "Target" box, click "Paste".IMPORTANT! Add quotation marks at the beginning of the path and at the endClick OK and you're done.In case, program's link shows as (empty):Open Windows Explorer, navigate to Avast folder in Program FilesRight click on Avast ".exe" file, click "Create shortcut":Copy that shortcut, go back to Start menu.Right click on avast!Free Antivirus, click "Paste".You'll see Avast shortcut recreated replacing (empty) entry.Alternatively.......you paste that shortcut in:(XP) - C:\Documents and Settings\All Users\Start Menu\Programs\Avast(Vista/7) - C:\Program Data\Start Menu\Programs\Avast~Blade

http://www.bleepingcomputer.com/forums/t/401445/folders-inside-start-all-programs-mark-as-empty-after-malware-is-removed/
Relevancy 62.78%

I m always getting redirected from websites, some programs were deleted without any trace like malware bytes, and the format of widows 7 is changed whenever I dont start the computer in safe mode. If I try to run malware bytes when I'm not in safe mode the computer shuts off. Please help me!
 GMER log.log   4.1KB
  1 downloads
 DDS.txt   22.4KB
  4 downloads

A:Google redirect, Programs like malware bytes removed and unable to run any antivirus

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appear Click OKDeFogger may ask you to reboot the machine, if it does - click OKDo not re-enable these drivers until otherwise instructed.Download DDS:Please download DDS by sUBs from one of the links below and save it to your desktop:
Download DDS and save it to your desktop

Link1
Link2
Link3

Please disable any anti-malware program that will block scripts from running before running DDS.

Double-Click on dds.scr and a command window will appear. This is normal.Shortly after two logs will appear:
DDS.txt Attach.txtA window will open instructing you save & post the logsSave the logs to a convenient place such as your desktopCopy the contents of both logs & post in your next replyinformation and logs:In your next post I need the following

.logs from DDSlet me know of any problems you may have hadGringo

http://www.bleepingcomputer.com/forums/t/429953/google-redirect-programs-like-malware-bytes-removed-and-unable-to-run-any-antivirus/
Relevancy 62.35%

I removed Security 2010 virus but now I can't open Internet Explorer. AVG will update and other sites can access the internet but Internet Explorer won't connect. When I run a diagnostic, it says to check firewalls for ports 80 and 443? Where can I go to see what may be wrong? Anyone else experience the same thing? Any ideas as to what to check?

A:Removed Malware Security 2010 and now Internet Explorer won't open

Check your connection properties and make sure the checkbox by proxy settings is unchecked

http://www.bleepingcomputer.com/forums/t/280662/removed-malware-security-2010-and-now-internet-explorer-wont-open/
Relevancy 61.92%

This doesn t happen all the time only occasionally but when it does it takes many tries double clicks to get the program to start up I have seen this problem on other websites but I feel it would be most helpful to post my own HijackThis log So here it is Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows and quickly, Malware sometimes open programs at open or never close causes to all. XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system Ati evxx exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS System WLTRYSVC Malware causes programs to open and close quickly, or sometimes never open at all. EXE C WINDOWS System bcmwltry exe C WINDOWS system Ati evxx exe C WINDOWS system spoolsv exe C Program Files comcasttb ComcastSpywareScan ComcastAntiSpyService exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files PCSecurityShield The Shield Deluxe avp exe C Program Files Bonjour Malware causes programs to open and close quickly, or sometimes never open at all. mDNSResponder exe C WINDOWS system dldtcoms exe C Program Files CA PPRT bin ITMRTSVC exe C Program Files Java jre bin jqs exe C WINDOWS system libusbd-nt exe C Program Files Microsoft LifeCam MSCamS exe C Program Files Dell Support Center bin sprtsvc exe C WINDOWS system svchost exe C WINDOWS system Pen Tablet exe C Program Files TomTom HOME TomTomHOMEService exe C WINDOWS system WTablet Pen TabletUser exe C WINDOWS system Pen Tablet exe C WINDOWS system wuauclt exe C WINDOWS explorer exe C WINDOWS System svchost exe C Program Files PCSecurityShield The Shield Deluxe avp exe C Program Files Skype Phone Skype exe C Program Files Skype Plugin Manager skypePM exe C Program Files Mozilla Firefox firefox exe C Program Files iPod bin iPodService exe C Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Default Page URL www google com ig Malware causes programs to open and close quickly, or sometimes never open at all. dell hl en amp client dell-usuk amp channel us amp ibd R - HKCU Software Microsoft Internet Explorer Main Start Page about blank R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search Default Page URL www google com ig dell hl en amp client dell-usuk amp channel us amp ibd F - REG system ini UserInit c windows system userinit exe C Documents and Settings Thomas Desktop MPK MPK exe O - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - c Program Files Common Files Adobe Acrobat ActiveX AcroIEHelperShim dll O - BHO RealPlayer Download and Record Plugin for Internet Explorer - C E -B - BC - - C CA - C Program Files Real RealPlayer rpbrowserrecordplugin dll O - BHO Groove GFS Browser Helper - - C - D -B F - BBC D A E - C Program Files Microsoft Office Office GrooveShellExtensions dll O - BHO - CEEA E-C - - E B- B A F B - C Program Files comcasttb comcastdx dll O - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - C Program Files Google Google Toolbar GoogleToolbar dll O - BHO Google Toolbar Notifier BHO - AF DE - D - -B FA-CE B AD D - C Program Files Google GoogleToolbarNotifier swg dll O - BHO Google Dictionary Compression sdch - C D FE-E D- -BB - C E E C E - C Program Files Google Google Toolbar Component fastsearch A FB BD dll O - BHO Browser Address Error Redirector - CA C - B - E-A -A C DB F - C Program Files Dell BAE BAE dll O - BHO Java tm Plug-In SSV Helper - DBC -A - b-BC - C... Read more

https://forums.techguy.org/threads/malware-causes-programs-to-open-and-close-quickly-or-sometimes-never-open-at-all.851837/
Relevancy 58.05%

I got a very nasty PC infection which is the worst I have seen yet I am not sure re-install malware and Cannot programs or open spy what kind of infection I have and using Windows XP SP I cannot open my Malwarebytes Anti-Malware or Super Antispyware program When I try to install Malwarebytes by renaming it Cannot open spy and malware programs or re-install does install However it cannot find the MBAM EXE file in the computer when I try to click on the icon You look under program directory to find it is missing I was able to provide what programs that work Root Repeal will not work since the computer flooded memory being used up I have porn website icons on my desktop which I feel means I am under multiple attacks by viruses too Not sure what to do next since Cannot open spy and malware programs or re-install it feels like my computer is disabled Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS System wltrysvc exeC WINDOWS System bcmwltry exeC WINDOWS Explorer EXEC WINDOWS system spoolsv exeC Program Files Apoint Apoint exeC WINDOWS system hkcmd exeC Program Files CyberLink PowerDVD DVDLauncher exeC WINDOWS system dla tfswctrl exeC Program Files Common Files AOL ee AOLSoftware exeC Program Files Common Files Real Update OB realsched exeC PROGRA Yahoo YOP yop exeC WINDOWS V Mon exeC PROGRA PURENE PORTMA PortAOL exeC Program Files Creative Creative Live Cam VideoFX StartFX exeC WINDOWS emmon exeC Program Files QuickTime QTTask exeC Program Files McAfee com Agent mcagent exeC WINDOWS system rundll exeC Program Files Messenger msmsgs exeC Program Files Creative Creative Live Cam Live Cam Manager CTLCMgr exeC Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exeC WINDOWS system ctfmon exeC WINDOWS system rundll exeC Program Files Adobe Acrobat Distillr acrotray exeC Program Files Digital Line Detect DLG exeC Program Files InterVideo Common Bin WinCinemaMgr exeC Program Files Common Files AOL Loader aolload exeC Program Files Apoint Apntex exeC Program Files Common Files AOL ACS AOLacsd exeC Program Files Internet Explorer iexplore exeC Program Files Common Files AOL TopSpeed aoltsmon exeC WINDOWS system basfipm exeC Program Files Java jre bin jqs exeC Program Files LeapFrog LeapFrog Connect CommandService exeC Program Files McAfee SiteAdvisor McSACore exeC Program Files Common Files Microsoft Shared VS DEBUG MDM EXEC Program Files Dell NICCONFIGSVC NICCONFIGSVC exeC WINDOWS system svchost exeC PROGRA Yahoo browser ycommon exec program files common files aol ee services antiSpywareApp ver AOLSP Scheduler exeC Program Files Common Files AOL EE aolsoftware exeC Program Files Enigma Software Group SpyHunter SpyHunter exeC Program Files Hijack This HiJackThis exeO - Hosts localhostO - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat Acrobat ActiveX AcroIEHelper dllO - BHO WormRadar com IESiteBlocker NavFilter - CA F - F E- B -A E- E E C C - C Program Files AVG AVG avgssie dll file missing O - BHO scriptproxy - DB D A - - E -B D- F C - C Program Files McAfee VirusScan scriptsn dllO - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - C Program Files Google Google Toolbar GoogleToolbar dllO - BHO AcroIEToolbarHelper Class - AE CD -E - f- - EE - C Program Files Adobe Acrobat Acrobat AcroIEFavClient dllO - BHO Google Toolbar Notifier BHO - AF DE - D - -B FA-CE B AD D - C Program Files Google GoogleToolbarNotifier swg dllO - BHO McAfee SiteAdvisor BHO - B E -A B - A -B - CD E A FF - c PROGRA mcafee SITEAD mcieplg dllO - BHO JQSIEStartDetectorImpl - E E F - CE- C -BC -EABFE F C - C Program Files Java jre lib deploy jqs ie jqs plugin dllO - Toolbar Adobe PDF - -D C - - FA - E EAAC - C Program Files Adobe Acrobat Acrobat AcroI... Read more

A:Cannot open spy and malware programs or re-install

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

http://www.bleepingcomputer.com/forums/t/275800/cannot-open-spy-and-malware-programs-or-re-install/
Relevancy 58.05%

Here s my system Win XP Media Center SP Ok recently about week ago I got open mess Can't up? malware programs something Did infected pretty good with some malware Vundo Virtumonde and Zbot Yeth so since I have Malwarebytes SuperAntiSpyware AdAware SpywareDoctor Spybot and Did malware mess something up? Can't open programs Symantec Endpoint Protection I ran these to make sure that I don t have any lingering files or whatnot They all are updated to within about a week except AdAware and they all came up clean and congratulating me on having a clean system But on startup I have a few seconds where I can use my PC normally with no negative effects but after that my PC suddenly turns against me by not allowing me to open IE Firefox all of my security programs except Symantec OpenOffice Task Manager Quicktime and other programs But I can open FreeCell Real Player Notepad regedit some other programs and I can browse through my folders normally I downloaded some other security programs onto a jump drive which I have been able to use on my PC like Autoruns which I didn t find anything out of the ordinary to my knowledge These programs on my jump drive seems to have worked fine except for HijackThis I have a DDS log if it s helpful to post it I have ran the antimalware programs that are on my hard drive in safe mode and none pick up anything I was getting a popup from Spybot Teatimer with something about a UserInit change after ridding the trojans at the top don t know if that has something to do with my current situation Some programs like SBC Self Support Tool which loads on startup won t finish loading and I have to manually close and go thru the quot End Now quot message I don t know if removing some malware messed something up or what Ideas Help

A:Did malware mess something up? Can't open programs

And my screensaver is also being affected. I have it set to show images from one of my folders. There are no transition effects even though that option is checked. And it seems to be taking a bit longer to change images.

http://www.bleepingcomputer.com/forums/t/223813/did-malware-mess-something-up-cant-open-programs/
Relevancy 58.05%

This morning my laptop had ave malware on it it was fine last night I tried running AVG rescue off a CD - it gets partway through and just goes to a blank screen When I try and reboot in safe mode pressing the F key gets me an obnoxious smoke detector AVE Malware Can't programs/files open like sound that continues until I take my finger off the F key but the laptop won't boot in safe mode I tried opening notepad to follow AVE Malware Can't open programs/files some of the ave fixes but the notepad blinks in and then disappears Any program I try and open comes up with quot this program is infected quot and it doesn't open Any files I AVE Malware Can't open programs/files open immediately get infected with the worm file goes from folders at MB to folders at GB - but I can only see the original ones I'm using the other computer to post this I'm not very tech savvy and I'm trying to avoid having to reinstall Windows Help please

A:AVE Malware Can't open programs/files

Hi,


Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.When done, DDS will open two (2) logs: DDS.txt
Attach.txt

Save both reports to your desktop. Post them back to your topic.

--

Download GMER here by clicking download exe -button and then saving it your desktop:Double-click .exe that you downloaded
Click rootkit-tab, uncheck files option and then click scan.
Don't check
Show All
box while scanning in progress!
When scanning is ready, click Copy.
This copies log to clipboard
Post log (if the log is long, archive it into a zip file and attach instead of posting) in your reply.

http://www.techsupportforum.com/forums/f284/ave-malware-cant-open-programs-files-479115.html
Relevancy 58.05%

I tried opening Ad-Aware on my friend s laptop and it won t open just the loading box neither will Avast open just the loading box and then disappear No errors appear I tried opening them in safe mode won open Anti-malware won't programs t open On the advice of another web site I opened services msc I clicked on start for the Lavasoft service but that didn t resolve the problem Also there is another problem perhaps unrelated on startup this error appears quot pywin stopped working and closed quot Windows Live messenger wasn t opening either and the error quot stopped working and closed quot appeared but I fixed that earlier today by removing kiwee bar Not sure if that is related either Edit Anti-malware programs won't open I posted another Hijackthis log in the bottom post below it is more complete Please disregard the one in this post Logfile of Trend Micro HijackThis v BETA Scan saved at PM on Platform Windows Vista SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C Windows system Dwm exe C Windows Explorer EXE C Windows system taskeng exe C Program Files Windows Defender MSASCui exe C Program Files Synaptics SynTP SynTPEnh exe C Program Files Common Files Symantec Shared ccApp exe C Program Files Hewlett-Packard HP Quick Launch Buttons QLBCTRL exe C WINDOWS System rundll exe C Program Files Alwil Software Avast ashDisp exe C Program Files Hp HP Software Update hpwuschd exe C WINDOWS vsnp uvc exe C Program Files Hewlett-Packard HP Wireless Assistant HPWAMain exe C Program Files Hp QuickPlay QPService exe C Program Files Java jre bin jusched exe C Program Files Unlocker UnlockerAssistant exe C Program Files Windows Live Messenger msnmsgr exe C WINDOWS ehome ehtray exe C Program Files McAfee Security Scan SSScheduler exe C Program Files CBSI PrayAlert PE PrayAlert exe C Windows ehome ehmsas exe C Program Files Hewlett-Packard HP wireless Assistant WiFiMsg EXE C Program Files Hewlett-Packard Shared HpqToaster exe C Program Files Windows Live Contacts wlcomm exe C Program Files Lavasoft Ad-Aware Ad-Aware exe C Program Files TrendMicro HiJackThis HiJackThis exe C Program Files Internet Explorer iexplore exe C Program Files Internet Explorer iexplore exe C Windows system Macromed Flash FlashUtil d exe C Windows system SearchProtocolHost exe R - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page http search myheritage com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http ie redirect hp com svs rdr TYPE amp tp iehome amp locale EN US amp c amp bd Pavilion amp pf laptop R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http search myheritage com R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName R - URLSearchHook AGSearchHook Class - BC E FA- EF- - C- A C A - C Program Files AGI common agcutils dll O - Hosts localhost O - BHO Yahoo Toolbar Helper - D -C F - EFB- B - ECA - C Program Files Yahoo Companion Installs cpn yt dll O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO MHTBPos - C B -FD - a- E -D EE E F - C Program Files Celebrity Toolbar tbcore dll O - BHO no name - E A - - D F-BEAE-D A C - c Program Files Common Files Symantec Shared coShared Browser NppBho dll O - BHO AskBar BHO - f d - - d - c -aa e ed - C Program Files AskBarDis bar bin askBar dll O - BHO no name - C C A-E - b - D - CECB - no file O - BHO Kiwee Toolbar - A DE- - - A E-AE E B B F - C Program Files Kiwee Toolbar KiweeIEToolbar dll file missing O - BHO Sear... Read more

A:Anti-malware programs won't open

i did the eset online scanner, it didn't find anything other than Unlocker which i downloaded yesterday to remove the Kiwee toolbar. that is not a virus.
 

https://forums.techguy.org/threads/anti-malware-programs-wont-open.901990/
Relevancy 58.05%

Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C Program Files x Common Files LightScribe LightScribeControlPanel exe C Program Files x CyberLink YouCam YCMMirage exe C Program won't -Malware/Virus open Programs Files x Google GoogleToolbarNotifier GoogleToolbarNotifier exe C Program Files x PictureMover Bin PictureMover exe C Program Files x Hewlett-Packard HP Quick Launch HPMSGSVC exe C Program Files x Adobe Reader Reader reader sl exe C Program Files Programs won't open -Malware/Virus x Common Files Java Java Update jusched exe C Program Files x Hewlett-Packard HP On Screen Display HPOSD exe C Program Files Motorola Bluetooth btplayerctrl exe C Program Files x Internet Explorer iexplore exe C Program Files x Internet Explorer iexplore exe C Program Files x Microsoft Search Enhancement Pack SCServer SCServer exe C Windows SysWOW Macromed Flash FlashUtil l ActiveX exe C Users Rowena Desktop HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Default Page URL http g msn com HPCON R - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page http search conduit com SearchSource amp ctid CT R - HKLM Software Microsoft Internet Explorer Main Default Page URL http g msn com HPCON R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http g msn com HPCON R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKLM Software Microsoft Internet Explorer Main Local Page C Windows SysWOW blank htm R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName R - URLSearchHook no name - c f aa-f f- c- f e-b d a - no file R - URLSearchHook ZoneAlarm Security Toolbar - da e a- - f c-b e- de ab - C Program Files x ZoneAlarm Security prxtbZone dll F - REG system ini UserInit userinit exe O - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - C Program Files x Common Files Adobe Acrobat ActiveX AcroIEHelperShim dll O - BHO Conduit Engine - F B -B - - B- FBA BD D - C Program Files x ConduitEngine prxConduitEngin dll O - BHO Symantec NCO BHO - ADB E- AFF- - AA - DAC DFA - C Program Files x Norton Internet Security Engine coIEPlg dll O - BHO Symantec Intrusion Prevention - D EC - AAE- -AEEE-F F C - C Program Files x Norton Internet Security Engine IPS IPSBHO DLL O - BHO Search Helper - EBF - F- bff-A F-B E AAC B - C Program Files x Microsoft Search Enhancement Pack Search Helper SEPsearchhelperie dll O - BHO Windows Live ID Sign-in Helper - D - C - ABF- ECC- C - C Program Files x Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO ZoneAlarm Security - da e a- - f c-b e- de ab - C Program Files x ZoneAlarm Security prxtbZone dll O - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - C Program Files x Google Google Toolbar GoogleToolbar dll O - BHO SkypeIEPluginBHO - AE - E C- ED - F B-F F A - C Program Files x Skype Toolbars Internet Explorer skypeieplugin dll O - BHO Google Toolbar Notifier BHO - AF DE - D - -B FA-CE B AD D - C Program Files x Google GoogleToolbarNotifier swg dll O - BHO Bing Bar BHO - d ce e -f a- - e- dc f c f - C Program Files x MSN Toolbar Platform npwinext dll O - BHO Java tm Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files x Java jre bin jp ssv dll O - BHO Yontoo Layers - FD E- FDE- D-A A- BAB CAD - C Program Files x Yontoo Layers YontooIEClient dll O - Toolbar Norton Toolbar - FEBEFE - B - - D -FFB D B CA - C Program Files x Norton Internet Security Engine coIEPlg dll O - Toolbar C Program Files x MSN Toolbar Platform npwinext dll - - dcb -df - - - fa b f - C Program Files x MSN Tool... Read more

https://forums.techguy.org/threads/programs-wont-open-malware-virus.1013288/
Relevancy 58.05%

Looks like I got a virus on my home pc not sure when or where all I know is yesterday I got a few popups while online just on regular sites So I tried to open the Malware Bytes Anti-Malware software Malware or Can't run Virus? programs! open I downloaded last year which is fantastic at getting rid of trojans and etc But get this the program wouldn t open Even right clicking and clicking open didn t work nor did right clicking and Malware Virus? Can't open or run programs! clicking open as And what s worse none of the programs on the desktop will open ie Spybot Spyware Removal Ad Aware etc Even going into the C drive and finding the actual folder and clicking from there it still won t open I found this online scan place Trend Micro Housecall It scanned my PC for hours I let it run overnight I woke up and checked it it had found instances with a few trojans some of which appeared to be Ad Aware features I clicked remove all and it ran for another hour or so I was asleep but my wife saw it when it finished she said the result said some malware could not be removed Anyway she browsed online after that and didn t get any popups or anything But programs apparently ONLY spy malware virus-detecting programs will still not open Another clue that I m infected if I do a Google search the results display in a super large font which happened the last time I was infected I found this list of online scanning software http www malwarebytes org forums index php showtopic Does anyone think any of these will work My goal is to bypass whatever s preventing me from opening these programs to find and detect it via an online service Or does anyone have any other ideas or suggestions Thanks

A:Malware Virus? Can't open or run programs!

Hello, My name is Jake,I am not a BC Advisor, I am just here to help and relive the pressure of the advisorsYour infection removal starts here, we may find you need an advisor, if so i will let you knowLets start by running MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes. Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab: Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen: Click on the Show Results button to see a list of any malware that was found.Make sure that everything is checked, and click Remove Selected.When removal is completed, a log report will open in Notepad.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.Exit MBAM when done.Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.Note: If you cannot get mbam-setup.exe running, please rename it to install.exe and then try, If still not sucessfull wait for a BC Advisor!Try Renaming the MBAM file to GetRid

http://www.bleepingcomputer.com/forums/t/231593/malware-virus-cant-open-or-run-programs/
Relevancy 58.05%

I have a Win XP Media Center SP A couple days after removing Vundo and Virtumonde Spybot detected Zbot Yeth and appartently removed it But since then I've been having some problems On malware Cannot open removing after programs startup everything runs perfectly fine but after a few seconds to allow all of the processes to start and run things mess up I have AT amp T as an ISP and I have a Self Support Tool that runs automatically on startup as like a DOS prompt and closes on its own But now it freezes up and I have click quot End Now quot to close it I cannot open up Task Manager IE Firefox Cannot open programs after removing malware OpenOfffice some games like SimCity and Empire at War and all of my antimalware programs AdAware Spybot SuperAntiSpyware Malwarebytes except Symantec Endpoint Protection I can actually open these within that small window of opportunity on startup when the processes are loading and they will run fine as long Cannot open programs after removing malware as I don't try to reopen the program I ran these antimalware programs and they came up clean in both normal mode and safe mode I tried to defrag my drive but it wouldn't allow Cannot open programs after removing malware me I tried to do a system restore but the application takes to long to load and I can't get it to complete the restoration I have been able to run some programs off of my jump drive and get a dds and gmer log if it could be useful I'll post them I did get a spybot teatimer popup saying something about a change to UserInit and I have been getting a popup saying quot unable to start driver for hpoipm exe quot which I have a HP printer but it started when all this other stuff started It has also affected my screensaver which cycles thru images in one of my folders but its been a bit slow to cycle and no transistion effects even tho that option is selected I don't know where to begin looking to fix this so any help is appriciated

A:Cannot open programs after removing malware

Here are the dds and gmer logs


DDS (Ver_09-03-16.01) - NTFSx86
Run by HP_Administrator at 19:19:02.43 on Thu 04/30/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.fark.com/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uSearch Bar = hxxp://www.google.com/ie
uWindow Title = Internet Explorer
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [P2kAutostart]
uRun: [Yahoo! Pager] 1
uRun: [SpybotSD TeaTimer] j:\program setups\spybot - search & destroy\TeaTimer.exe
uRun: [PMCRemote] c:\program files\common files\pinnacle\shared files\programs\remote\Remoterm.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [DMAScheduler] "c:\program files\hp digitalmedia archive\DMAScheduler.exe"
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [PCDrProfiler]
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [Reminder] "c:\windows\creator\Remind_XP.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [BJCFD] c:\program files\broadjump\client foundation\CFD.exe
mRun: [Motive SmartBridge] c:\progra~1\sbcsel~1\smartb~1\MotiveSB.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
uPolicies-explorer: DisallowRun = 0 (0x0)
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - h... Read more

http://www.techsupportforum.com/forums/f50/cannot-open-programs-after-removing-malware-373444.html
Relevancy 58.05%

I suspect programs, open any Cannot malware recently had a virus on my laptop disguised as quot Vista Smart Security quot Using advice I d seen from this website I used malwarebytes to get rid of it This Cannot open any programs, suspect malware was successful but second time round when the virus attacked again I couldn t use run malwarebytes or rkill neither would open So I downloaded Super Antispyware At the time I thought it was odd that the scan found infected files but nevertheless I sent them to quarantine I should probably say that I stopped the scan after hours which I regret now After the reboot however I m left with an even bigger problem I can t open any programs at all Every time I try to open explorer a message comes up saying quot Choose the program you want to use to open this file quot And I try to select the right program and the same message keeps popping up I first posted this http www bleepingcomputer com forums ind p entry and was advised to to regain your file associations Cannot open any programs, suspect malware from http www dougknox com xp file assoc htm But this won t work because I can t even open the website I m posting from my desktop And any command prompts I try to do are denied So am I still infected and what should I do next Please help

A:Cannot open any programs, suspect malware

Let's try this first and take it from there:Please download exeHelper to your desktop.If your AV program throws up a warning about the program, ignore the warning. Some AV's flag this program because of how it works... that's all. Double-click on exeHelper.com to run the fix.A black window should pop up, press any key to close once the fix is completed.Post the contents of exehelperlog.txt ( Will be created in the directory where you ran exeHelper.com and should open at the end of the scan)Note : If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together ( they will both be in the one file ).

http://www.bleepingcomputer.com/forums/t/312675/cannot-open-any-programs-suspect-malware/
Relevancy 58.05%

An AVG window popped up on my screen yesterday telling me it had found a problem listed programs can't :( - open Virus/Malware all these filepaths with the virus then a nd window popped up and told me i should quarantine a problem file i don t recall the exact words but it had Malware in the title I did as it said im no IT expert and trusted AVG and quarantined the Malware file It shut all my open windows down namely IE and I then couldn t open anything I restarted my laptop but still nothing works It won t let me run AVG Defender open Adobe I can t even create a Virus/Malware - can't open programs :( restore point I am on a dongle so the safe mode w networking doesnt work Will backing up my photos amp then resetting my Virus/Malware - can't open programs :( entire laptop back to factory default setting solve the issue The only thing that does work amp is surprisingly quicker than normal is internet explorer Somebody please help me nbsp

https://forums.techguy.org/threads/virus-malware-cant-open-programs.1003149/
Relevancy 57.19%

Recently I have noticed I cannot open any antispyware malware programs and my google searches will often redirect to random stuff that is not even close to what I googled Here is my dds ANY open removal programs! cannot spyware/malware I logs If I did I cannot open ANY spyware/malware removal programs! anything wrong please let me know DDS Ver - - - NTFSx Run by Gablen at on Sat Internet Explorer BrowserJavaVersion Microsoft Windows XP Professional GMT - Running Processes C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs svchost exe svchost exe C WINDOWS Explorer EXE C WINDOWS system spoolsv exe C WINDOWS system igfxpers exe C WINDOWS System WLTRAY exe C Program Files Java jre bin jusched exe C Program Files Common Files Real Update OB realsched exe C Program Files Messenger msmsgs exe C WINDOWS system ctfmon exe svchost exe svchost exe C Program Files Java jre bin jqs exe C I cannot open ANY spyware/malware removal programs! Program Files McAfee MPF MPFSrv exe C WINDOWS System svchost exe -k imgsvc C WINDOWS System WLTRYSVC EXE C WINDOWS system svchost exe -k netsvcs C WINDOWS System bcmwltry exe C WINDOWS system wscntfy exe C WINDOWS system wuauclt exe C Program Files Mozilla Firefox firefox exe C Documents and Settings Gablen Desktop dds scr Pseudo HJT Report uURLSearchHooks Yahoo Toolbar ef bd -c fb- d - f- d f - c progra yahoo companion installs cpn yt dll BHO amp Yahoo Toolbar Helper d -c f - efb- b - eca - c progra yahoo companion installs cpn yt dll BHO Adobe PDF Link Helper df c-e ad- -a -fa c ebdc - c program files common files adobe acrobat activex AcroIEHelperShim dll BHO Java Plug-In SSV Helper dbc -a - b-bc - c c c a - c program files java jre bin jp ssv dll BHO JQSIEStartDetectorImpl Class e e f - ce- c -bc -eabfe f c - c program files java jre lib deploy jqs ie jqs plugin dll BHO SingleInstance Class fdad da - a - fd - c - f ac - c progra yahoo companion installs cpn YTSingleInstance dll TB Yahoo Toolbar ef bd -c fb- d - f- d f - c progra yahoo companion installs cpn yt dll EB - a - b-a - c a a - No File uRun MSMSGS quot c program files messenger msmsgs exe quot background uRun ctfmon exe c windows system ctfmon exe uRun Yahoo Pager quot c program files yahoo messenger YahooMessenger exe quot -quiet mRun igfxtray c windows system igfxtray exe mRun igfxpers c windows system igfxpers exe mRun Broadcom Wireless Manager UI c windows system WLTRAY exe mRun QuickTime Task quot c program files quicktime QTTask exe quot -atboottime mRun SunJavaUpdateSched quot c program files java jre bin jusched exe quot mRun TkBellExe quot c program files common files real update ob realsched exe quot -osboot IE e e dd -d - - b -f ba - windir Network Diagnostic xpnetdiag exe IE FB F -F - d -BB E- C F - c program files messenger msmsgs exe DPF Microsoft XML Parser for Java - file c windows java classes xmldso cab DPF B-B - D-A D -FCFDF E C - hxxp update microsoft com windowsupdate v V Controls en x client wuweb site cab DPF DABFBF-D AB- FA- C -CC F - hxxp go divx com plugin DivXBrowserPlugin cab DPF AD C - E- D -B E - F D - hxxp java sun com update jinstall- -windows-i cab DPF CAFEEFAC- - - -ABCDEFFEDCBA - hxxp java sun com update jinstall- -windows-i cab DPF CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA - hxxp java sun com update jinstall- -windows-i cab DPF D CDB E-AE D- CF- B - - hxxp download macromedia com pub shockwave cabs flash swflash cab TCP NameServer TCP C A -FA - BD -BFD -A CEAF TCP DA B -B - DE - BB - CB B TCP E C D -ABD - E D-B C- B E B CC Notify igfxcui - igfxdev dll SSODL WPDShServiceObj - AAA BA- A C- B - D - D DB - c windows system WPDShServiceObj dll FIREFOX FF - ProfilePath - c docume gablen applic mozilla firefox profiles gd vdw default FF - prefs js browser startup homepage - hxxp en-US start mozilla com firefox client firefox-a amp rls org mozilla en-US official FF - HiddenExtension Java Console No Registry Reference - c program files mozilla firefox extensions CAFEEF... Read more

A:I cannot open ANY spyware/malware removal programs!

Go HERE and download SysProt AntiRootkit. Unzip it to your DesktopRun SysProt >> Click on the Log tab Tick ALL the boxes at the "Write to log" section (Do NOT tick the "Hidden Objects Only" options)Hit the Create Log buttonWhen it asked for scanning option, choose Scanning all drives >> Hit Start button (Do NOT hit "Ok" button)Let it scan until finishFind the log.txt inside the SysProt folder and attach the log here.

http://www.bleepingcomputer.com/forums/t/244255/i-cannot-open-any-spywaremalware-removal-programs/
Relevancy 57.19%

Not sure what's wrong with my computer. SUPERAntiSpyware isn't detecting any threats. Yet Google has been redirecting my pages for a few months now. In the past week, it's become worse, with many programs not opening or running, including DDS, cmd.exe, Uniblue SpeedUpMyPC, and Uniblue RegistryBooster. Also, my clock has somehow changed to 24-hour time without me changing it.

I have already gone through the system-tweaking steps as outlined here: [topic="Slow Computer/browser? Check Here First; It May Not Be Malware"]http://www.bleepingcomputer.com/forums/t/87058/slow-computerbrowser-check-here-first;-it-may-not-be-malware/[/topic]
I have attached my HijackThis log. Any help would be appreciated! Thank you!

A:Malware? Google redirects and some programs won't run/open

Hi 1amagico,Welcome to BC HijackThis forum. I am farbar. I am going to assist you with your problem.Please refrain from making any changes to your system (updating Windows, installing applications, removing files, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult.The link you have provided is not going to anywhere.Here at BC we do not recommend using registry cleaners as it might irreversibly damage your computer.Before anything I would like to check something. Go Start => run => type regedit in the dun box and click OK. Let me know what you see.

http://www.bleepingcomputer.com/forums/t/222206/malware-google-redirects-and-some-programs-wont-runopen/
Relevancy 57.19%

Have antispyspider and something else and in my idiocy i try to delete it off the registry and got rid of the popups but screen backround is still there as well as homepage change and now i can't open add/remove, games, media player, desktop properties and others. What do I do to fix this? I need this computer for class and this is totally killin me that it won't work right. jjEdit: Moved topic from AFPPPM to the more appropriate forum. ~ Animal

A:Help! Malware Messed Up My Ability To Open Programs

http://www.bleepingcomputer.com/malware-re...l/antispyspideryou might read this

http://www.bleepingcomputer.com/forums/t/147128/help-malware-messed-up-my-ability-to-open-programs/
Relevancy 57.19%

My parents have gotten some sort of malware that has hijacked their computer From what they ve told me over the phone they clicked on something on a webpage they should not have clicked on and now they can t open any programs at any by of open some programs malware hijacked sort cannot - all They only get some message about being unable to open hijacked by some sort of malware - cannot open any programs the application because it is infected and please hijacked by some sort of malware - cannot open any programs pay some amount of money to fix it I ve gotten them to boot into safe mode in order to run hijackthis etc I ve been using teamviewer software to run the diagnostics remotely as they live miles from me Any help would greatly be appreciated Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Safe mode with network support Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS Explorer EXE C hijacked by some sort of malware - cannot open any programs Program Files TeamViewer Version TeamViewer exe C Documents and Settings Klodzen Family Local Settings Application Data Google Chrome Application chrome exe C Documents and Settings Klodzen Family Local Settings Application Data Google Chrome Application chrome exe C Documents and Settings Klodzen Family Local Settings Application Data Google Chrome Application chrome exe C Documents and Settings Klodzen Family My Documents Downloads HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page http www centurylink net R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId O - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelperShim dll O - BHO Java tm Plug-In SSV Helper - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO Java tm Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files Java jre bin jp ssv dll O - BHO JQSIEStartDetectorImpl - E E F - CE- C -BC -EABFE F C - C Program Files Java jre lib deploy jqs ie jqs plugin dll O - HKLM Run c pd C WINDOWS SYSTEM cmlink exe RunServices Device cpipe- c pd O - HKLM Run WorksFUD C Program Files Microsoft Works wkfud exe O - HKLM Run Microsoft Works Portfolio C Program Files Microsoft Works WksSb exe AllUsers O - HKLM Run Microsoft Works Update Detection C Program Files Common Files Microsoft Shared Works Shared WkUFind exe O - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottime O - HKLM Run BrStsWnd C Program Files Brownie BrstsWnd exe Autorun O - HKLM Run avgnt quot C Program Files Avira AntiVir Desktop avgnt exe quot min O - HKLM Run Adobe Reader Speed Launcher quot C Program Files Adobe Reader Reader Reader sl exe quot O - HKLM Run Adobe ARM quot C Program Files Common Files Adobe ARM AdobeARM exe quot O - HKLM Run KernelFaultCheck systemroot system dumprep -k O - HKCU Run ctfmon exe C WINDOWS system ctfmon exe O - HKCU Run Google Update quot C Documents and Settings Klodzen Family Local Settings Application Data Google Update GoogleUpdate exe quot c O - HKCU Run MSMSGS quot C Program Files Messenger msmsgs exe quot background O - HKCU Run Yyabeyutezezu rundll exe quot C WINDOWS vcsasl dll quot Startup O - HKCU RunOnce cKfFhDe C Documents and Settings All Users Application Data cKfFhDe cKfFhDe exe O - Global Startup Microsoft Office lnk C Program Files Microsoft Office Office OSA EXE O - Extra context menu item Add to Google Photos Screensa... Read more

Relevancy 57.19%

Hi everybody I picked will no RKill Action that open open, not browser and Explorer open, Internel center MalwareBytes only won't will up some nasty malware AVG was updating and suddenly everything just fell apart I can t run any installation programs regardless of the extension or name I ve tried to install Rkill and MalwareBytes with absolutely no luck It defaults to needing to be unblocked in the properties and no matter what compatibility mode I use it will not run I get Action center won't open, Internel Explorer only browser that will open, no MalwareBytes and RKill will not open a error when I try to open the security center In the taskbar I have an Action Center alert that says Important Message and Total Messages The Action Center will not open at all I do not have access to a USB key as I am not home but I will be Tuesday evening Any help would be infinitely appreciated Other notes I forgot I m on Windows Ultimate -bit and I am constantly getting errors that Windows can t load and needs to be repaired It runs and restarts sometimes being repaired and other times not Thanks a lot Jared

A:Action center won't open, Internel Explorer only browser that will open, no MalwareBytes and RKill will not open

An update.

I've tried running MalwareBytes and RKill from a flash drive which is also not working. Windows also ends up unable to load, the startup repair runs and things work fine. Not long after Windows tries to update and then it becomes unable to load again and the startup repair runs again.

I tried running a registry fix for the .exe problem and I get an error stating that the registry is being used even when no programs are running and I am in safe mode.

Hope this information helps
thanks
Jared

http://www.bleepingcomputer.com/forums/t/398874/action-center-wont-open-internel-explorer-only-browser-that-will-open-no-malwarebytes-and-rkill-will-not-open/
Relevancy 56.76%

Specs Dell Vostro running Windows XP Problems A few days ago my computer started going haywire In the past I have run Malwarebytes and it did the job but I can not even open it now or many other programs including many other spyware programs and others such as Adobe Acrobat I tried a system restore and once i set the date to return to it will not execute any action when programs redirecting to open and not allowing Malware webpages I click the Malware not allowing programs to open and redirecting webpages Next button Also when I click on goggle searches it redirects to a random page This is incredibly frustrating and would really appreciate some help Thanks I ran ComboFix and this is the output log ComboFix - - - Matt - NTFSx Microsoft Windows XP Professional GMT - Running from c documents and settings Matt Desktop tool exe AV Symantec AntiVirus Corporate Edition On-access scanning enabled Updated FB E- B - A- F -E D C WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED Other Deletions c docume Matt LOCALS Temp exe c documents and settings Matt Application Data Google T-Scan c documents and settings Matt Application Data Google T-Scan n gif c documents and settings Matt Application Data Google T-Scan t gif c documents and settings Matt Application Data Google T-Scan y gif c documents and settings Matt Favorites Download programs url c documents and settings Matt Favorites Games url c documents and settings Matt Favorites Translator url c documents and settings Matt Favorites Videos url c documents and settings Matt Start Menu Programs Translator url c windows Installer bf f msi c windows system tmp dll c windows system tmp dll c windows system tmp dll c windows system tmp dll c windows system tmp dll c windows system tmp dll c windows system tmp dll c windows system tmp dll c windows system tmp dll c windows system tmp dll c windows system tmp dll c windows system tmp dll c windows system tmp dll c windows system tmp dll c windows system tmp dll c windows system tmp dll c windows system tmp dll c windows system tmp dll c windows system tmp dll c windows system tmp dll c windows system tmp dll c windows system tmp dll c windows system tmp dll c windows system tmp dll c windows system tmp dll c windows system tmp dll c windows system tmp dll c windows system tmp dll c windows system tmp dll c windows system tmp dll c windows system tmp dll c windows system tmp dll c windows system tmp dll c windows system bvaufgec ini c windows system ctbmbtmr ini c windows system drivers UACwtapisxggrwqkmqet sys c windows system fgipprel ini c windows system fncfyasb ini c windows system gxgvawac ini c windows system hxvkfbhd ini c windows system kshqeftn ini c windows system lsprst dll c windows system mmmhbilc ini c windows system msjhww exe c windows system mslfuju exe c windows system mssui exe c windows system msvvg exe c windows system net net c windows system pcmstub sys c windows system pkhrmqsj ini c windows system schbiuyb ini c windows system tpsaxyd exe c windows system UACbewdwecgnnkdaugfl dll c windows system UACbsiwqwmqbfwbxtowy dll c windows system UACewipjxumltprrvsqe dll c windows system uacinit dll c windows system UACrbehxlyaudqbithla dat c windows system uactmp db c windows system UACtrkfikatsvwlnarjq dll c windows system UACxmkkyiudpukqrsvdk dll c windows system UACxtivrsvxrpabwwxig dll c windows system UACylklldkmpmyrjklte db c windows system wiawow sys c windows system xujgessx ini c windows system yeyfqafg ini c windows Tasks AF -B - d - E- E BF A C job Drivers Services ------- Service UACd sys ------- Legacy TO ------- Legacy PCMSTUB ------- Service to ------- Service pcmstub Files Created from - - to - - - - - - -------- d-----w- c program files RegCure - - - - -------- d-----w- c documents and settings All Users Application Data RegCure - - - - -------- d-----w- c program files Trend Micro - - - - -------- d-----w- c program files Malwarebytes Anti-Malware - - - - -------- d-----w- c program files Spyw... Read more

A:Malware not allowing programs to open and redirecting webpages

Well I went the easy way and renamed my Malwarebytes mbam.exe (file to run program) which didnt work to tool.exe. Once this was done it opened, ran a scar, found the trojans and deleted them.
Great new trick for me, thanks to all.
 

https://forums.techguy.org/threads/malware-not-allowing-programs-to-open-and-redirecting-webpages.842743/
Relevancy 56.76%

Hello,

I believe that I have some bugs in my computer that I need to get rid of. Google links are getting redirected, I can't open anti-spyware programs and I can't print any documents via the network. Please help.

When I run the DDS, it returns a single text file (~500kb) of garbled information.

GMER freezes up everytime before I can make the neccesary changes to the scan.

I've tried erasing, redownloading and re-running both programs twice with no luck.

Any help would be greatly appreciated.

http://www.bleepingcomputer.com/forums/t/354635/google-redirect-cant-open-malware-programs-cant-print-need-help/
Relevancy 56.33%

I had a virus that gave the appearance that I was being attached. It looked pretty convincing. I searched the site and downloaded Spyware Dr. I completed the scan and found something to be removed. I removed the infections, however, now I am unable to get into any programs. When I open anything I get an error that indicates that the file can't be open because it needs to know what program to use. No matter what I select it does not allow the program to open. The only way that I got into the internet is because I used use the web service to find the correct program.

I am unable to open any of the commands and can't even run combofix. I see that the downloaded file is on my PC, however, I get the same error as above when I click on ComboFix.exe.

Does anyone have any suggestions.

A:Removed Spyware using Spyware DR now I can't open any programs

Hi Brad Please see the Blue text above this forum and do not run ComboFix on your own.Do this for the file issue.Go here to Doug KNox's Windows? XP File Association FixesRun 9th down on left... EXE File Association Fix ... the EXE not EML one.Now let's see if we are clean.Please download TFC by Old Timer and save it to your desktop. alternate download linkSave any unsaved work. TFC will close ALL open programs including your browser! Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator. Click the Start button to begin the cleaning process and let it run uninterrupted to completion. Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.Next run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware (v1.44) and save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.
For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen:Click on the Show Results button to see a list of any malware that was found.Make sure that everything is checked, and click Remove Selected.When removal is completed, a log report will open in Notepad.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.Exit MBAM when done.Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

http://www.bleepingcomputer.com/forums/t/299287/removed-spyware-using-spyware-dr-now-i-cant-open-any-programs/
Relevancy 55.9%

I tried to run Malwarebytes anti-malware program after going through the forum The program is unable to open Similar is the case with microsoft security essentials it closes every time I start the scan Apart from this my laptop is very slow and too many computer removal open, very is programs unable slow for to Malware pop-ups and redirection takes place on my chrome Scan result of Farbar Recovery Scan Tool FRST x Version - - Ran by Oishi programs for Malware removal unable to open, computer is very slow administrator on OISHI-PC - - Running from C Users Oishi Downloads Loaded Profiles Oishi Available Profiles Oishi Platform Windows Ultimate Service Pack X Language English United States Internet Explorer Version Default browser Chrome Boot Mode Normal Tutorial for Farbar Recovery Scan Tool http www geekstogo com forum topic -frst-tutorial-how-to-use-farbar-recovery-scan-tool Processes Whitelisted If an entry is included in the fixlist the process will be closed The file will not be moved Failed to access process - gt csrss exe Failed to access process - gt csrss exe IDT Inc C Program Files IDT WDM stacsv exe Microsoft Corporation C Windows System wlanext exe Microsoft Corporation C Windows System rundll exe Microsoft Corporation C Windows SysWOW rundll exe Intel Corporation C Windows System hkcmd exe Intel Corporation C Windows System igfxpers exe Atheros Commnucations C Program Files x Dell Wireless Bluetooth Suite BtvStack exe Atheros Commnucations C Program Files x Dell Wireless Bluetooth Suite AthBtTray exe Alps Electric Co Ltd C Program Files DellTPad Apoint exe IDT Inc C Program Files IDT WDM sttray exe BitTorrent Inc C Users Oishi AppData Roaming BitTorrent BitTorrent exe Google Inc C Program Files x Google Chrome Application chrome exe Microsoft Corporation C Windows SysWOW msiexec exe Microsoft Corporation C Windows System StikyNot exe AutoIt Team C GoogleChrome GoogleChrome exe Microsoft Corporation C Windows System WindowsPowerShell v powershell exe Jetico Inc C Users Oishi AppData Local B FD F- -F FF-E B - AC C EA ED syshost exe C Users Oishi AppData Roaming DllServer exe Oracle Corporation C Program Files x Common Files Java Java Update jusched exe Sky Org C Program Files x Tencent win exe VMware Inc D VMware vmware-tray exe BitTorrent Inc C Users Oishi AppData Roaming BitTorrent updates utorrentie exe BitTorrent Inc C Users Oishi AppData Roaming BitTorrent updates utorrentie exe Andrea Electronics Corporation C Program Files IDT WDM AESTSr exe Atheros Commnucations C Program Files x Dell Wireless Bluetooth Suite AdminService exe Microsoft Corporation C Program Files x Skype Toolbars AutoUpdate SkypeC CAutoUpdateSvc exe Microsoft Corporation C Program Files x Skype Toolbars PNRSvc SkypeC CPNRSvc exe Nitro PDF Software C Program Files Common Files Nitro Pro NitroPDFDriverService x exe Nalpeiron Ltd C Windows SysWOW NLSSRV EXE The Privoxy team - www privoxy org C Program Files x Softcomp Software privoxy exe C Users Oishi AppData Roaming C C - - - -C C F hnsqAF tmp VMware Inc C Windows SysWOW vmnat exe Microsoft Corporation C Users Oishi AppData Roaming Microsoft SystemCertificates VSSVC exe Atheros C Program Files x Dell Wireless Bluetooth Suite Ath CoexAgent exe Atheros C Program Files x Dell Wireless Ath WlanAgent exe C Users Oishi AppData Roaming C C - - - -C C F jnsw BF tmp VMware Inc D VMware vmware-authd exe VMware Inc C Windows SysWOW vmnetdhcp exe VideoLAN C Program Files x VideoLAN VLC vlc exe VideoLAN C Program Files x VideoLAN VLC vlc exe D VMware vmware-hostd exe Failed to access process - gt WUDFHost exe Alps Electric Co Ltd C Program Files DellTPad ApMsgFwd exe Alps Electric Co Ltd C Program Files DellTPad hidfind exe Alps Electric Co Ltd C Program Files DellTPad ApntEx exe Google Inc C Program Files x Google Chrome Application chrome exe Google Inc C Program Files x Google Chrome Application chrome exe Google Inc C Program Files x Google Chrome Application chrome exe Intel Corporation C Program Files... Read more

A:programs for Malware removal unable to open, computer is very slow

to BleepingComputer.Hi there,my name is Jo and I will help you with your computer problems.Please follow these guidelines:Read and follow the instructions in the sequence they are posted.print or copy & save instructions.back up all your private data / music / important files on another (external) drive before using our tools.Do not install / uninstall any applications, unless otherwise instructed.Use only that tools you have been instructed to use.Copy and Paste the log files inside your post, unless otherwise instructed.Ask for clarification, if you have any questions. Stay with this topic til you get the all clean post.My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.*** Download Security Check by screen317 from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.Vista / Windows 7/8 users right-click and select Run As Administrator.A Notepad document should open automatically called checkup.txt; please post the contents of that document.*** Please download Malwarebytes Anti-Rootkit and save it to your desktop.Be sure to print out and follow the instructions provided on that same page.Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.Double click on downloaded file. OK self extracting prompt.MBAR will start. Click in the introduction screen "next" to continue.Click in the following screen "Update" to obtain the latest malware definitions.Once the update is complete select "Next" and click "Scan".With some infections, you may see two messages boxes.'Could not load protection driver'. Click 'OK'.'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.If there is no malware found, please let me know as well.*** Please download AdwCleaner by Xplode and save to your Desktop.Double-click AdwCleaner.exeVista / Windows 7/8 users right-click and select Run As Administrator.Click on the Scan button.AdwCleaner will begin...be patient as the scan may take some time to complete.The actual line should say "Pending. Please uncheck elements you do not want to remove" => scan is complete.After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.If you see an entry you want to keep, let me know about it.Copy and paste the contents of that logfile in your next reply.A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.*** MiniToolbox by FarbarDisable your antivirus if it does not allow you to download the tool!Please download MiniToolBox, save it to your desktop and run it.Place a checkmark in Select all, then click Go and post the result (MTB.txt). A copy of Result.txt will be saved in the same directory the tool is run.Copy and paste the contents of that logfile in your next reply.

http://www.bleepingcomputer.com/forums/t/601856/programs-for-malware-removal-unable-to-open-computer-is-very-slow/
Relevancy 55.9%

Malwarebytes anti-malware program doesn't run Microsoft security essentials shuts down when i try to scan Computer is very slow Scan result of Farbar Recovery Scan Tool FRST x Version - - Ran by Oishi administrator on OISHI-PC - - Running from removal programs is unable Malware open, slow very computer for to C Users Oishi Downloads Loaded Profiles Oishi Available Profiles Oishi Platform Windows Ultimate programs for Malware removal unable to open, computer is very slow Service programs for Malware removal unable to open, computer is very slow Pack X Language English United States Internet Explorer Version Default browser Chrome Boot Mode Normal Tutorial for Farbar Recovery Scan Tool http www geekstogo com forum topic -frst-tutorial-how-to-use-farbar-recovery-scan-tool Processes Whitelisted If an entry is included in the fixlist the process will be closed The file will not be moved Failed to access process - gt csrss exe Failed to access process - gt csrss exe IDT Inc C programs for Malware removal unable to open, computer is very slow Program Files IDT WDM stacsv exe Microsoft Corporation C Windows System wlanext exe Microsoft Corporation C Windows System rundll exe Microsoft Corporation C Windows SysWOW rundll exe Intel Corporation C Windows System hkcmd exe Intel Corporation C Windows System igfxpers exe Atheros Commnucations C Program Files x Dell Wireless Bluetooth Suite BtvStack exe Atheros Commnucations C Program Files x Dell Wireless Bluetooth Suite AthBtTray exe Alps Electric Co Ltd C Program Files DellTPad Apoint exe IDT Inc C Program Files IDT WDM sttray exe BitTorrent Inc C Users Oishi AppData Roaming BitTorrent BitTorrent exe Google Inc C Program Files x Google Chrome Application chrome exe Microsoft Corporation C Windows SysWOW msiexec exe Microsoft Corporation C Windows System StikyNot exe AutoIt Team C GoogleChrome GoogleChrome exe Microsoft Corporation C Windows System WindowsPowerShell v powershell exe Jetico Inc C Users Oishi AppData Local B FD F- -F FF-E B - AC C EA ED syshost exe C Users Oishi AppData Roaming DllServer exe Oracle Corporation C Program Files x Common Files Java Java Update jusched exe Sky Org C Program Files x Tencent win exe VMware Inc D VMware vmware-tray exe BitTorrent Inc C Users Oishi AppData Roaming BitTorrent updates utorrentie exe BitTorrent Inc C Users Oishi AppData Roaming BitTorrent updates utorrentie exe Andrea Electronics Corporation C Program Files IDT WDM AESTSr exe Atheros Commnucations C Program Files x Dell Wireless Bluetooth Suite AdminService exe Microsoft Corporation C Program Files x Skype Toolbars AutoUpdate SkypeC CAutoUpdateSvc exe Microsoft Corporation C Program Files x Skype Toolbars PNRSvc SkypeC CPNRSvc exe Nitro PDF Software C Program Files Common Files Nitro Pro NitroPDFDriverService x exe Nalpeiron Ltd C Windows SysWOW NLSSRV EXE The Privoxy team - www privoxy org C Program Files x Softcomp Software privoxy exe C Users Oishi AppData Roaming C C - - - -C C F hnsqAF tmp VMware Inc C Windows SysWOW vmnat exe Microsoft Corporation C Users Oishi AppData Roaming Microsoft SystemCertificates VSSVC exe Atheros C Program Files x Dell Wireless Bluetooth Suite Ath CoexAgent exe Atheros C Program Files x Dell Wireless Ath WlanAgent exe C Users Oishi AppData Roaming C C - - - -C C F jnsw BF tmp VMware Inc D VMware vmware-authd exe VMware Inc C Windows SysWOW vmnetdhcp exe VideoLAN C Program Files x VideoLAN VLC vlc exe VideoLAN C Program Files x VideoLAN VLC vlc exe D VMware vmware-hostd exe Failed to access process - gt WUDFHost exe Alps Electric Co Ltd C Program Files DellTPad ApMsgFwd exe Alps Electric Co Ltd C Program Files DellTPad hidfind exe Alps Electric Co Ltd C Program Files DellTPad ApntEx exe Google Inc C Program Files x Google Chrome Application chrome exe Google Inc C Program Files x Google Chrome Application chrome exe Google Inc C Program Files x Google Chrome Application chrome exe Intel Corporation C Program Files x Intel Intel reg Management Engine Comp... Read more

A:programs for Malware removal unable to open, computer is very slow

double post - closedgo on with your other Topichttp://www.bleepingcomputer.com/forums/t/601856/programs-for-malware-removal-unable-to-open-computer-is-very-slow/

http://www.bleepingcomputer.com/forums/t/601858/programs-for-malware-removal-unable-to-open-computer-is-very-slow/
Relevancy 55.9%

I began experiencing problems with my computer yesterday. It's a custom build from 2011 that has run flawlessly until yesterday. It suddenly became extremely laggy, some programs won't open, some won't close, Windows error messages I've seen before, circular spinning loading icon when trying to do just about anything, etc.

I've completed this process, and didn't find anything. Bitdefender found a few temp files that I deleted, but as far as I can tell from googling were false positives. I tried an Avira scan but after running for 9 hours overnight it was stuck at less than 2% and wasn't moving.

I don't even know where to begin. Any ideas?

A:Extreme lagging, unable to open programs, malware issue?

Hello and welcome:

There are many causes for a "slow" computer -- hardware, software, malware, etc.

You might want to try some of the suggestions here (it is an older tutorial, but most of the suggestions are still valid) or here.

>>I would be very wary of any sort of 3rd-party registry "optimizer" or "tweaker" or "cleaner", especially without providing a bit more data about your system. Such programs often cause more harm than good.

Perhaps if you could please download, run and post both logs (FRST.txt and Addition.txt) from FRST, we could know a bit more in order to better assist you. If you are on 64-bit Win7, you will need the 64-bit version of FRST. You may need to temporarily pause your real-time AV in order for it to run. Be sure to re-enable your AV after running the tool.

Thanks,
MM

http://www.sevenforums.com/system-security/398865-extreme-lagging-unable-open-programs-malware-issue.html
Relevancy 55.9%

Got the Anti-virus soft virus more then a couple of weeks ago and was pretty sure I got it all One of the things it did was attack my Hotmail account and send emails out to everyone in my contact Soft. the Thought removed malware had Originally various in and Anti-virus it. had I Trojans last Have week. removed list and my girlfriend Originally had Anti-virus Soft. Thought I had removed it. Have removed various Trojans and malware in the last week. got the something essentials I will post about that later on if I have problems I was going to use the Hirens boot disk Originally had Anti-virus Soft. Thought I had removed it. Have removed various Trojans and malware in the last week. and see if I could finish it off I received an email from her with a couple of pictures of the kids I opened one but not the other The problem is she didn t send me the email Anyway I have used various spy-ware and malware removal tools as suggested from this very helpful forum and have the logs if you want to see them So I am hoping you can take a look at my logs and see if you see any discrepancies Thinking I need to reinstall Avast but not sure I have used the basics and quarantined quit a bit of trojans and others I have used Malwarebytes Which I used first and didn t completely remove Anti-virus Soft SuperAntiSpyware HyjackThis Spybot RootKitBuster I wasn t sure how interpret the log and what to do SpyWareBuster Combofix a-squared Free Wish I could delete a squared exe from my start-up list Dr Web I had a warning on Combofix about a possible Varuit but it didn t find one Norman Malware Cleaner CCleaner ATF Cleaner Ran scans with Trend Micro Housecall and Avast I think that s it I have the logs if you wish to see them -------------------------------------------DDS Ver - - - NTFSx Run by Owner at on Mon Internet Explorer BrowserJavaVersion Microsoft Windows XP Home Edition GMT - AV AntiVir Desktop On-access scanning enabled Outdated AD - F - A-A -FDD C AV avast antivirus VPS - On-access scanning enabled Updated DB - F - A -B - A FD D Running Processes C WINDOWS system nvsvc exeC WINDOWS system svchost -k DcomLaunchsvchost exeC WINDOWS System svchost exe -k netsvcsC Program Files Alwil Software Avast aswUpdSv exeC Program Files Alwil Software Avast ashServ exeC WINDOWS system spoolsv exeC WINDOWS System svchost exe -k HTTPFilterC WINDOWS system lxdxcoms exeC WINDOWS System svchost exe -k imgsvcC Program Files Alwil Software Avast ashMaiSv exeC Program Files Alwil Software Avast ashWebSv exeC WINDOWS Explorer EXEC PROGRA ALWILS Avast ashDisp exeC Program Files Lexmark - Series lxdxmon exeC WINDOWS system RUNDLL EXEC Program Files Lexmark - Series lxdxMsdMon exeC Program Files Mozilla Firefox firefox exeC Program Files a-squared Free a service exeC Documents and Settings Owner Desktop gmer exeC Documents and Settings Owner My Documents My Downloads dds scr Pseudo HJT Report uStart Page hxxp www google com uSearchMigratedDefaultURL hxxp www google com search q searchTerms amp sourceid ie amp rls com microsoft en-US amp ie utf amp oe utf mLocal Page hxxp news google commStart Page hxxp news google comuSearchAssistant hxxp www google com ieuSearchURL Default hxxp www google com search q sBHO Control Popups in Internet Explorer f b- ce- a -be - ed d - c progra popupp PopLib dllTB E BD F- B D- E-CCB -B EEDBE C - No FileEB - a - b-a - c a a - No FilemRun avast c progra alwils avast ashDisp exemRun lxdxmon exe quot c program files lexmark - series lxdxmon exe quot mRun lxdxamon quot c program files lexmark - series lxdxamon exe quot mRun NvMediaCenter RUNDLL EXE c windows system NvMcTray dll NvTaskbarInitmRun NvCplDaemon RUNDLL EXE c windows system NvCpl dll NvStartupmRun MSConfig c windows pchealth helpctr binaries MSCONFIG EXE autoDPF BF D - C - B -BC -D ABDDC B - hxxp www apple com qtactivex qtplugin cabDPF CA FB - E E- B -BF - E A CAA CD - hxxp download microsoft com download e e c -dd - c b-a - f a OGAControl cabDPF B BCA- F C- CF- - - hxxp download ma... Read more

A:Originally had Anti-virus Soft. Thought I had removed it. Have removed various Trojans and malware in the last week.

Here is an updated file. Had to uninstall all antivirus and delete all entries including registry. Had many entries from past antivirus software. I then did a clean install of Avira. Sorry if that caused any problems.DDS (Ver_09-12-01.01) - NTFSx86 Run by Owner at 2:23:36.06 on Wed 03/03/2010Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_18Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1791.1005 [GMT -8:00]AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}============== Running Processes ===============C:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\svchost.exe -k HTTPFilterC:\WINDOWS\system32\lxdxcoms.exeC:\WINDOWS\System32\svchost.exe -k imgsvcC:\WINDOWS\Explorer.EXEC:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exeC:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Avira\AntiVir Desktop\sched.exeC:\Program Files\Avira\AntiVir Desktop\avgnt.exeC:\Program Files\Avira\AntiVir Desktop\avguard.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Avira\AntiVir Desktop\avscan.exeC:\Documents and Settings\Owner\My Documents\My Downloads\dds(2).scr============== Pseudo HJT Report ===============uStart Page = hxxp://www.google.com/uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8mLocal Page = hxxp://news.google.commStart Page = hxxp://news.google.comuSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%sBHO: Control Popups in Internet Explorer: {41353f8b-78ce-48a5-be44-153ed293d192} - c:\progra~1\popupp~1\PopLib.dllTB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No FileEB: {32683183-48a0-441b-a342-7c2a440a9478} - No FilemRun: [lxdxmon.exe] "c:\program files\lexmark 3600-4600 series\lxdxmon.exe"mRun: [lxdxamon] "c:\program files\lexmark 3600-4600 series\lxdxamon.exe"mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInitmRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartupmRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /minmRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cabDPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cabDPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cabDPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cabDPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cabDPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cabDPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cabDPF: {... Read more

http://www.bleepingcomputer.com/forums/t/299514/originally-had-anti-virus-soft-thought-i-had-removed-it-have-removed-various-trojans-and-malware-in-the-last-week/
Relevancy 55.47%

trying to download a movie i got a virus yesterday and ever since then my comp has been crashing terribly today i started recieving virus alerts asking me to download this antivirus program and everytime i closed it it would come back up like seconds later also my google such virus mode up Serious problems. in programs normal open as cant or malware start is redirecting me to different sites i ran my mcaffee virus scan and it says its a rootkit drootkit virus or something i ran a hijack log and this is what it is any help would be greatly apreciated Logfile of Trend Serious virus problems. cant start up in normal mode or open programs such as malware Micro HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode Safe mode with network support Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS Explorer EXE C Program Files Mozilla Firefox firefox exe C Program Files Internet Explorer Iexplore exe C Program Files Trend Micro HijackThis HijackThis exe O - BHO VMware Class Serious virus problems. cant start up in normal mode or open programs such as malware - c d -d bf- - fe- df ac d - C WINDOWS system gdi lib dll O - BHO Java tm Plug-In SSV Helper - DBC Serious virus problems. cant start up in normal mode or open programs such as malware -A - b-BC - C C C A - C Program Files Java jre bin jp ssv dll file missing O - HKLM Run SigmatelSysTrayApp stsystra exe O - HKLM Run ShStatEXE quot C Program Files McAfee VirusScan Enterprise SHSTAT EXE quot STANDALONE O - HKLM Run ShowLOMControl O - HKLM Run McAfeeUpdaterUI quot C Program Files McAfee Common Framework UdaterUI exe quot StartedFromRunKey O - HKLM Run ISUSScheduler quot C Program Files Common Files InstallShield UpdateService issch exe quot -start O - HKLM Run ISUSPM Startup C PROGRA COMMON INSTAL UPDATE ISUSPM exe -startup O - HKLM Run IntelZeroConfig quot C Program Files Intel Wireless bin ZCfgSvc exe quot O - HKLM Run IntelWireless quot C Program Files Intel Wireless Bin ifrmewrk exe quot tf Intel PROSet Wireless O - HKLM Run igfxtray C WINDOWS system igfxtray exe O - HKLM Run igfxpers C WINDOWS system igfxpers exe O - HKLM Run igfxhkcmd C WINDOWS system hkcmd exe O - HKLM Run DVDLauncher quot C Program Files CyberLink PowerDVD DVDLauncher exe quot O - HKLM Run Document Manager C Program Files Wave Systems Corp Services Manager DocMgr bin docmgr exe O - HKLM Run Apoint C Program Files Apoint Apoint exe O - HKLM Run AEXAgentEXE C Program Files Altiris eXpress Client Recovery Agent AeXAgent exe -Logon O - HKLM Run Adobe Reader Speed Launcher quot C Program Files Adobe Reader Reader Reader sl exe quot O - HKLM Run QuickTime Task quot C Program Files QuickTime QTTask exe quot -atboottime O - HKLM Run iTunesHelper quot C Program Files iTunes iTunesHelper exe quot O - HKLM Run net quot C WINDOWS system net net quot O - HKLM Run sysldtray c windows ld exe O - HKLM Run pp C windows pp exe O - HKCU Run AdobeUpdater quot C Program Files Common Files Adobe Updater AdobeUpdater exe quot O - HKCU Run Aim quot C Program Files AIM aim exe quot d locale en-US ee aol imApp O - HKCU Run xpprotect C Documents and Settings Waski XP Deluxe Protector xpdeluxe exe O - Global Startup Digital Line Detect lnk O - Global Startup EMBASSY Trust Suite Secure Update lnk C Program Files Wave Systems Corp Services Manager Secure Update AutoUpdate exe O - Extra context menu item E amp xport to Microsoft Excel - res C PROGRA MICROS OFFICE EXCEL EXE O - Extra button PokerStars - AD F C-ED - e -B D - B F A EF - C Program Files PokerStars PokerStarsUpdate exe O - Extra button Research - B - CC- C -B BE- C C A - C PROGRA MICROS OFFICE REFIEBAR DLL O - Extra button Messenger - FB F -F - d -BB E- C F - C Program Files Messenger msmsgs exe file missing O - Extra Tools menuitem Windows Messenger - FB F -F - d -BB E- C F - C Program File... Read more

A:Serious virus problems. cant start up in normal mode or open programs such as malware

https://forums.techguy.org/threads/serious-virus-problems-cant-start-up-in-normal-mode-or-open-programs-such-as-malware.842654/
Relevancy 55.47%

Hi i ve recently been experiencing some issues with internet connectivity and a few other random problems that have been occurring with my computer that i believe are being caused by spyware or some sort of virus My system specs are - i am running windows XP professional Service pack ghz quadcore pentium processor with gigs of ram I am on a wireless internet open. virus wont slow, programs malware anti some internet connection provided by comcast Both internet slow, some malware anti virus programs wont open. the other computers a powerbook and a desktop running on vista don t have any problems However my internet connection although connected is really really slow takes about minutes for any site to load up In addition to that i couldnt get malwarebytes anti malware to start up so i deleted it and tried to reinstall but i cant even run the install file Spybot S amp D wont start either I can access everything but the actual main window I uninstalled and reinstalled this successfully but there were no changes Also every time i start up my computer i get a registry change message from spybot saying there is an added value to a macromedia folder in my local settings folder i ve been denying this change every time Alright so i wrote a fricking novel but hopefully someone can provide me some answers It would be MUCH appreciated I have a few projects on hold at the moment that need to be finished by the end of the week Here is my hijack this log Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system csrss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS system svchost exe C Program Files Lavasoft Ad-Aware aawservice exe C WINDOWS Explorer EXE C Program Files NVIDIA Corporation NetworkAccessManager bin nTrayFw exe C Program Files Java jre bin jusched exe C PROGRA AVG AVG avgtray exe C WINDOWS system RUNDLL EXE C Program Files Spyware Doctor pctsTray exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C Program Files Windows Media Player WMPNSCFG exe C WINDOWS system rundll exe C Program Files Spybot - Search amp Destroy TeaTimer exe C Program Files HP Digital Imaging bin hpqtra exe C WINDOWS system WTablet TabUserW exe C WINDOWS system spoolsv exe C Program Files HP Digital Imaging bin hpqSTE exe C Program Files Common Files Autodesk Shared Service AdskScSrv exe C PROGRA AVG AVG avgwdsvc exe C Program Files Bonjour mDNSResponder exe C Program Files NVIDIA Corporation NetworkAccessManager Apache Group Apache bin apache exe C PROGRA AVG AVG avgrsx exe C WINDOWS System svchost exe D Program Files Autodesk ds Max mentalray satellite raysat dsMax server exe C Program Files NVIDIA Corporation NetworkAccessManager Apache Group Apache bin apache exe C Program Files NVIDIA Corporation NetworkAccessManager bin nSvcIp exe C Program Files NVIDIA Corporation NetworkAccessManager bin nSvcLog exe C WINDOWS system nvsvc exe C WINDOWS system HPZipm exe C WINDOWS system PnkBstrA exe C WINDOWS system PnkBstrB exe C WINDOWS system rundll exe C Program Files Spyware Doctor pctsAuxs exe C Program Files Spyware Doctor pctsSvc exe C WINDOWS system svchost exe C WINDOWS system Tablet exe C Program Files Linksys Wireless-G PCI Wireless Network Monitor WLService exe C Program Files Linksys Wireless-G PCI Wireless Network Monitor WMP Gv exe C Program Files Windows Media Player WMPNetwk exe C Program Files NVIDIA Corporation NetworkAccessManager bin nSvcAppFlt exe C WINDOWS System alg exe C Program Files Java jre bin jucheck exe C Program Files Trend Micro HijackThis HijackThis exe C WINDOWS system wbem wmiprvse exe O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files A... Read more

https://forums.techguy.org/threads/internet-slow-some-malware-anti-virus-programs-wont-open.805393/
Relevancy 55.47%

I think I have a rootkit installed, because at first the usual SE2010 or security malware was popping up, but after I tried MBAM I got rid of that; doesn't seem to be reappearing. However, now my system is acting strange, some programs won't open and the start bar at the bottom of the screen has been reverting to the classic look without me changing it. I am running XP Media Center Edition, and have done the prequisite guide. I am also relatively new to this, so I probably won't know any of the more technical terms or anything like that. Any help would be appreciated, as I've tried everything I know and it does not seem to be working. Thanks in advance!

http://www.bleepingcomputer.com/forums/t/365792/malware-or-rootkit-i-think-was-a-redirect-but-now-system-wont-open-some-programs-and-is-acting-funny/
Relevancy 55.47%

Hi I'm having issues and a friend direced me here I'd like to post the description now and I'll run the diagnostic this evenign if that is OK My infected pC is not able to go to the internet so I have to download to a flash drive and then install to infected PC I've been hit by a number of viruses on my home PC over the last week Don't worry I'm typing and sending this from another location I've made progress but the battle is not over I had a bunch of pop ups show up last Tuesday which said my pc was infected I've run- Spybot Search and Destroy - this found a bunch of stuff and deleted vaulted it - AVG- MacAfee provided by COX cable not by removed AVR MalwareBytes I can no longer get to the internet Which means I cannot update any of the above tools I cannot RUN - Taskmgr exe It is grayed out from the rightclick menu AVR not removed by MalwareBytes of the taskbar as well I cannot RUN - cmdI cannot RUN - regeditI am unable to run System Restore There was a red shield with a white AVR not removed by MalwareBytes X saying my firewall is not running - might be disabled - I was AVR not removed by MalwareBytes able to turn on something which seems to have made this go away I can RUN - msconfig from which I turned off Tool Security and then I deleted its bat file its exe its desktop shortcut and the folder it was in it was under owner application some random number This appears to be no longer running I also had multiple copies of AVR - Advanced Virus Removal - running on my pc The recommended treatment for this seemed to be MalwareBytes I downloaded MalwareBytes on another PC and transferred it via flash drive to this PC It ran found at least of these and a ton of other stuff which it deleted vaulted There are additional user accounts on this pc I ran Malware Bytes on all of them Each time it found multiple issues and quarenteened them Except I still have a red circle with a white X which keeps popping up messages which when you click on them try to take you to the internet and go to a site with a name similar to advanced-virusremoval so apparently MalwareBytes has been unable to remove all the instances of AVR This pc is also the center of my home network of pcs I've disconnected it from the other pc so I have internet to the other pc but no connection to this pc I'm going to review how I've got the network set up tonight This pc has all my pictures on it so I'd rather not lose it I plan on running the diagnostic suggested here this evening I'm not sure why but I was poking around the pc and I think the DSS did run because I found what look like logs Here they are DDS DDS Ver - - - NTFSx Run by at on Sun Internet Explorer Microsoft Windows XP Home Edition GMT - AV AVG Anti-Virus Free On-access scanning enabled Outdated DDD - FF- F- E B- D D BF AV McAfee VirusScan On-access scanning enabled Updated B EE - - CDE-A A-DD BA FAD FW McAfee Personal Firewall enabled B - C F- -BDA - CA DA E Running Processes C WINDOWS system svchost -k DcomLaunchsvchost exeC WINDOWS System svchost exe -k netsvcssvchost exesvchost exeC Program Files AVG AVG avgchsvx exeC Program Files AVG AVG avgrsx exeC Program Files AVG AVG avgcsrvx exeC Program Files Lavasoft Ad-Aware aawservice exeC WINDOWS system LEXBCES EXEC WINDOWS system spoolsv exesvchost exeC Program Files AVG AVG avgwdsvc exeC Program Files Common Files Intuit Update Service IntuitUpdateService exeC Program Files McAfee SiteAdvisor McSACore exeC PROGRA McAfee MSC mcmscsvc exec PROGRA COMMON mcafee mna mcnasvc exec PROGRA COMMON mcafee mcproxy mcproxy exeC PROGRA McAfee VIRUSS mcshield exeC Program Files McAfee MPF MPFSrv exeC Program Files AVG AVG avgnsx exeC Program Files Microsoft SQL Server MSSQL MSSQL Binn sqlservr exeC WINDOWS system nvsvc exeC Program Files Common Files New Boundary PrismXL PRISMXL SYSC Program Files Microsoft SQL Server Shared sqlwriter exeC WINDOWS system svchost exe -k imgsvcC Program Files Common Files Pure Networks Shared Platform nmsrvc exeC PROGRA McAfee VIRUSS mcsy... Read more

A:AVR not removed by MalwareBytes

We decided to re base line the pc.
Restoring from the original boot disc that came with the pc.

http://www.bleepingcomputer.com/forums/t/275478/avr-not-removed-by-malwarebytes/
Relevancy 54.61%

Hi Everyone I used this forum several years ago and based on that knowledge viruses... Malwarebytes 300 Removed over I am cleaning a machine for my niece I ran Malwarebytes anti-malware and it cleaned a ton of problems I ran ccleaner too Everything looked good but then I committed a big no-no realized it after I read some posts here I ran combofix because I remembered it solved Malwarebytes Removed over 300 viruses... my problem last time It wouldn t run just crashed to a blue screen of death The computer re-boots okay and everything seems fine but I want to make sure I do everything I can to reassure myself the system is good before I return it to her My question is can anyone make some suggestions or look at a log file to help confirm this machine is clean or help me take a few more steps to complete the job Sorry I acted before coming here but I guess I felt like I could handle it Thanks for any help

A:Malwarebytes Removed over 300 viruses...

BTW, the computer is a Dell Inspirion with Windows Vista.

The main problem when she called me was that it was asking for a username and password, but she never set it, nor did her 17 year old daughter. I was trying to crack the password with no success until I realized that it wasn't the Windows login... just a close imitation of it. Once I realized that, I did a system restore to a previous good point.

It was at that point that I ran Malwarebytes Anti-Malware.

HTH.

http://www.bleepingcomputer.com/forums/t/380644/malwarebytes-removed-over-300-viruses/
Relevancy 54.61%

Hello, I was having issues with my IE browser. Something was attempting to redirect it to many different sites. I ran a Malwarebytes scan and it found a couple rootkit.0access viruses attached to i8042prt and something in the registery. I had the program quarantine and remove the viruses. Rebooted the computer and now my mouse and keyboard will not function. I read that the i8042prt was the driver for the mouse and keyboard. I didnt know that it was going to delete the files. What can I do to start repairing this?
Thanks

A:i8042prt removed by Malwarebytes

Hello and to the BC forums.

Please sit tight and be patient.

I have requested that an experienced helper who specialises in malware-related un-bootable computers respond to your topic.

Thank you.

http://www.bleepingcomputer.com/forums/t/430036/i8042prt-removed-by-malwarebytes/
Relevancy 54.61%

I just removed WinDefrag with Malwarebytes and I ran it 3 times. the first time it said that it could not clean all 93 so I ran it again and it found 12 problems and cleaned 11. I ran it the third time and it found 1 problem. When it finished I had it clean the final file. But when I restarted a boot file was missing. when I ran the repair progranm from the cd it booted and now won't login to my user account. Any Suggestions?

http://www.bleepingcomputer.com/forums/t/364335/removed-windefrag-with-malwarebytes/
Relevancy 54.61%

Hello !

I just did a quick scan on my PC with Malwarebytes. Everything turned out clean except for a registry data ( refer to attachment )

Should it be removed or ignored? I see regedit.exe in the mix and i got confused on what to do.
Cheers for your time.

A:Malwarebytes' Scan - Should This Be Removed?

No, you should change the value in the Registry to the "Good" value, i.e. remove the first " " - see Registry Editing.

Ed

http://www.vistax64.com/general-discussion/278417-malwarebytes-scan-should-removed.html
Relevancy 54.61%

I have been using Malwarebytes and it has been effective in removing any malware, but this time, it doesn't seem to take.

When I run the program, always updated before I run, I get the following infection showing up.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> Quarantined and deleted successfully.

The removal log show it was deleted successfully, but when I run the tool again, it is back.

Any help would be appreciated. I have attached the DDS and Rootrepeal logs.

A:Trojan not removed by Malwarebytes

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

http://www.bleepingcomputer.com/forums/t/277152/trojan-not-removed-by-malwarebytes/
Relevancy 54.18%

Hello I'm new to this board I was wondering if anyone could help me out with this situation I'm in I have a computer that I ran a Malwarbytes scan and it picked up infections I kept scanning the computer with Malwarebytes and the same thing was happening of course in a smaller quantity Not sure what type Have of removed with a Malwarebytes some infections, couple of infection I have but I do have a HJT Log and a DDS Log DDS LOG DDS Ver - - - NTFSx Run by Goldo at on Thu Internet Explorer Microsoft Windows XP Home Edition GMT - Running Processes C WINDOWS system svchost -k Have a couple of infections, removed some with Malwarebytes DcomLaunchsvchost exeC WINDOWS System svchost exe -k netsvcssvchost exesvchost exeC WINDOWS system spoolsv exeC WINDOWS Explorer EXEC Program Files Java jre bin jusched exeC Program Files Creative Sound Blaster Live -bit Surround Mixer CTSysVol exeC WINDOWS system Rundll exeC Program Files CyberLink PowerDVD DVDLauncher exeC Have a couple of infections, removed some with Malwarebytes Program Files Real RealPlayer RealPlay exeC WINDOWS system dla tfswctrl exeC Program Files Dell Media Experience DMXLauncher exeC WINDOWS system igfxpers exeC WINDOWS system ctfmon exeC Program Files DellSupport DSAgnt exeC Program Files Common Files InstallShield UpdateService ISUSPM exeC Program Files Windows Live Messenger msnmsgr exeC Program Files Digital Line Detect DLG exeC WINDOWS system cisvc exeC WINDOWS system CTsvcCDA EXEC Program Files Common Files Microsoft Shared VS DEBUG MDM EXEC Program Files Kodak Kodak EasyShare software bin EasyShare exeC Program Files Kodak KODAK Software Updater Program Kodak Software Updater exeC WINDOWS system svchost exe -k imgsvcC WINDOWS system MsPMSPSv exesvchost exeC WINDOWS system wuauclt exeC WINDOWS system igfxsrvc exeC WINDOWS system wuauclt exeC Documents and Settings Goldo Desktop dds scr Pseudo HJT Report uStart Page hxxp www myspace com uSearch Page hxxp www google comuWindow Title Windows Internet Explorer provided by MySpaceuDefault Page URL hxxp www myspace com uSearchMigratedDefaultUrl hxxp www mywebsearch com jsp cfg redir jsp id ZKxdm YYUS amp fl amp ptb RZh uJhLfndU e SssHhA amp url http edits mywebsearch com toolbaredits barsearch jhtml amp st sb amp searchfor searchTerms mDefault Search URL hxxp www google com iemStart Page hxxp www dell me com mywayuSearchAssistant hxxp www google com ieuSearchURL Default hxxp www google com search q smSearchAssistant hxxp www google com ieuURLSearchHooks H - No FileBHO D -C F - efb- B - ECA - No FileBHO NoExplorer - No FileBHO f c - - - d -e c eb a - c windows system qfwiwux dllTB BA B -B - c -B - F F - No FileTB My Freeze com Toolbar d bb - e - dd- ab - b d - c program files my freeze com toolbar freeze us dllTB CC F -EB - A -B - A E DB - No FileTB B B -DF B- AC-BBE -BCC A B B - No FileEB Real com fe fa -d c- d - fa- c f afe - c windows system Shdocvw dllEB Web Assistant b adb- be - ae- - a f ca - c program files hbtools bin HbtHostIE dlluRun ctfmon exe c windows system ctfmon exeuRun DellSupport quot c program files dellsupport DSAgnt exe quot startupuRun ISUSPM quot c program files common files installshield updateservice ISUSPM exe quot -scheduleruRun DellTransferAgent quot c documents and settings all users application data dell transferagent TransferAgent exe quot uRun Microsoft Windows logon process c documents and settings goldo application data microsoft windows winlogon exeuRun prunnet quot c windows system prunnet exe quot uRun msnmsgr quot c program files windows live messenger msnmsgr exe quot backgrounduRun QuickInstallPack quot c documents and settings goldo local settings application data qip QuickInstallPack exe quot autorunuRun jsf uiw jnjgffght c docume goldo locals temp winlognn exeuRun tezrtsjhfr iusjfo f c docume goldo locals temp csrssc exemRun SunJavaUpdateSched c program files java jre bin jusched exemRun CTSysVol c program files creative sound blaster live -bit surround mixer CTSysVol exe rmRun P H... Read more

A:Have a couple of infections, removed some with Malwarebytes

Hello SETech and welcome to Bleeping Computer,1. Please download GooredFix and save it to your Desktop.Select "2. Fix Goored" by typing 2 and pressing Enter. Make sure all instances of Firefox are closed at this point. Type y at the prompt and press Enter again. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).Note: If you receive a message saying that GooredFix needs your system to be restarted, please close all applications and reboot your system. Please also allow any registry changes that may be prompted by any of your security programs.2. Please read this tutorial carefully to download ComboFix from one of the locations specified, and save it to your Desktop.Double click the ComboFix icon to run it.If ComboFix askes you to install the Recovery Console, please do so..The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you.Once the Recovery Console is installed, continue with the malware scan.Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. If you have any questions along the way, STOP and ask them before proceeding !!Greetings,Thunder

http://www.bleepingcomputer.com/forums/t/208700/have-a-couple-of-infections-removed-some-with-malwarebytes/
Relevancy 54.18%

McAfee reported it blocked a virus so I ran malwareBytes it reported some problems and says that it fixed them but remain after restarting HIJACKTHis Log Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS removed but not detected, being Virus malwarebytes by system services exeC WINDOWS system lsass exeC WINDOWS system Ati evxx exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system Virus detected, but not being removed by malwarebytes spoolsv exeC WINDOWS arservice exeC Program Files Cisco Systems VPN Client cvpnd exeC WINDOWS system Ati evxx exeC WINDOWS Explorer EXEC WINDOWS eHome ehRecvr exeC WINDOWS eHome ehSched exeC Program Files Common Files LightScribe LSSrvc exeC Program Files Maxtor Sync SyncServices exeC Program Files McAfee SiteAdvisor McSACore exeC PROGRA McAfee MSC mcmscsvc exec PROGRA COMMON mcafee mna mcnasvc exeC WINDOWS ehome ehtray exeC WINDOWS ARPWRMSG EXEC WINDOWS RTHDCPL EXEC Program Files ATI Technologies ATI ACE cli exeC Program Files Maxtor OneTouch Status maxmenumgr exeC Program Files Verizon McciTrayApp exeC Program Files McAfee com Agent mcagent exeC Program Files Common Files Real Update OB realsched exeC WINDOWS system ctfmon exec PROGRA COMMON mcafee mcproxy mcproxy exeC Program Files NETGEAR WPN wpn exeC PROGRA McAfee VIRUSS mcshield exeC Program Files Common Files Microsoft Shared VS DEBUG MDM EXEC WINDOWS system svchost exeC WINDOWS system dllhost exeC WINDOWS eHome ehmsas exeC Documents and Settings HP Administrator My Documents onsite tools hijack this HP Administrator exeR - HKCU Software Microsoft Internet Explorer Main Start Page http wapp verizon net bookmarks bmredir p bm ho centralR - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Bar http ie redirect hp com svs rdr TYPE a arm seconduserR - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer SearchURL Default http search yahoo com search fr mcafee amp p sR - HKCU Software Microsoft Internet Connection Wizard ShellNext https activatemydsl verizon net SmartAcce D amp lang enO - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO RealPlayer Download and Record Plugin for Internet Explorer - C E -B - BC - - C CA - C Program Files Real RealPlayer rpbrowserrecordplugin dllO - BHO scriptproxy - DB D A - - E -B D- F C - C Program Files McAfee VirusScan scriptsn dllO - BHO Verizon Broadband Toolbar - A A -BACC- D - - FADCF - C PROGRA VERIZO VERIZO DLLO - BHO McAfee SiteAdvisor BHO - B E -A B - A -B - CD E A FF - c PROGRA mcafee SITEAD mcieplg dllO - Toolbar Verizon Broadband Toolbar - A A -BACC- D - - FADCF - C PROGRA VERIZO VERIZO DLLO - Toolbar McAfee SiteAdvisor Toolbar - EBBBE -BAD - B C- E A- ABECAE - c PROGRA mcafee SITEAD mcieplg dllO - HKLM Run ehTray C WINDOWS ehome ehtray exeO - HKLM Run AlwaysReady Power Message APP ARPWRMSG EXEO - HKLM Run RTHDCPL RTHDCPL EXEO - HKLM Run ATICCC quot C Program Files ATI Technologies ATI ACE cli exe quot runtimeO - HKLM Run LSBWatcher c hp drivers hplsbwatcher lsburnwatcher exeO - HKLM Run mxomssmenu quot C Program Files Maxtor OneTouch Status maxmenumgr exe quot O - HKLM Run Verizon McciTrayApp C Program Files Verizon McciTrayApp exeO - HKLM Run mcagent exe quot C Program Files McAfee com Agent mcagent exe quot runkeyO - HKLM Run McENUI C PROGRA McAfee MHN McENUI exe hideO - HKLM Run TkBellExe quot C Program Files Common Files Real Update OB realsched exe quot -osbo... Read more

A:Virus detected, but not being removed by malwarebytes

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERER,K

http://www.bleepingcomputer.com/forums/t/208735/virus-detected-but-not-being-removed-by-malwarebytes/
Relevancy 54.18%

Hi there I ve had the XP nothing removed Security, Malwarebytes now XP but works Security Center Malware thing on this computer since last week I tried the usual solutions eventually using Malwarebytes After it finished a full scan and I clicked remove all etc it came up with an error just before reboot saying that quot certain items could not be removed a log file has been saved quot It then came up with a Runtime Malwarebytes removed XP Security, but now nothing works Error for mbam exe in Program Malwarebytes removed XP Security, but now nothing works Files saying the appliction has requested Runtime to terminate in an unusual way Contact support etc Since rebooting XP Security Center appears to have gone for the moment but everything else is pretty much screwed I can t access any secure sites in Internet Explorer and can t access anything in Google Chrome I can t access Windows Firewall Settings to check on this The only thing I installed recently was skype but this now keeps opening window after window of the same help page it has the feeling of XP Security Center to it for no reason Trying to even access Add Remove Programs - comes up with C WINDOWS system rundll exe - Application Not Found - despite the fact that rundll exe does exist in that folder I can t actually open any program at all without the open with box coming up To run normally I have to select Run As then as Administrator then it will run So as I said everything seems screwed I wasn t sure whether Malwarebytes deleted the wrong thing in the Registry Any ideas and help would be really appreciated Thanks very much in advance David --------------Malwarebytes Anti-Malware www malwarebytes orgDatabase version Windows Service Pack Internet Explorer PMmbam-log- - - - - txtScan type Full scan C Objects scanned Time elapsed hour s minute s second s Memory Processes Infected Memory Modules Infected Registry Keys Infected Registry Values Infected Registry Data Items Infected Folders Infected Files Infected Memory Processes Infected No malicious items detected Memory Modules Infected No malicious items detected Registry Keys Infected HKEY CLASSES ROOT CLSID MADOWN Worm Magania - gt Delete on reboot HKEY CLASSES ROOT funwebproducts datacontrol Adware MyWebSearch - gt Delete on reboot HKEY CLASSES ROOT funwebproducts historykillerscheduler Adware MyWebSearch - gt Delete on reboot HKEY CLASSES ROOT funwebproducts historykillerscheduler Adware MyWebSearch - gt Delete on reboot HKEY CLASSES ROOT funwebproducts historyswattercontrolbar Adware MyWebSearch - gt Delete on reboot HKEY CLASSES ROOT funwebproducts historyswattercontrolbar Adware MyWebSearch - gt Delete on reboot HKEY CLASSES ROOT funwebproducts htmlmenu Adware MyWebSearch - gt Delete on reboot HKEY CLASSES ROOT funwebproducts htmlmenu Adware MyWebSearch - gt Delete on reboot HKEY CLASSES ROOT funwebproducts htmlmenu Adware MyWebSearch - gt Delete on reboot HKEY CLASSES ROOT funwebproducts iecookiesmanager Adware MyWebSearch - gt Delete on reboot HKEY CLASSES ROOT funwebproducts iecookiesmanager Adware MyWebSearch - gt Delete on reboot HKEY CLASSES ROOT funwebproducts killerobjmanager Adware MyWebSearch - gt Delete on reboot HKEY CLASSES ROOT funwebproducts killerobjmanager Adware MyWebSearch - gt Delete on reboot HKEY CLASSES ROOT funwebproducts popswatterbarbutton Adware MyWebSearch - gt Delete on reboot HKEY CLASSES ROOT funwebproducts popswatterbarbutton Adware MyWebSearch - gt Delete on reboot HKEY CLASSES ROOT funwebproducts popswattersettingscontrol Adware MyWebSearch - gt Delete on reboot HKEY CLASSES ROOT funwebproducts popswattersettingscontrol Adware MyWebSearch - gt Delete on reboot HKEY CLASSES ROOT mywebsearch chatsessionplugin Adware MyWebSearch - gt Delete on reboot HKEY CLASSES ROOT mywebsearch chatsessionplugin Adware MyWebSearch - gt Delete on reboot HKEY CLASSES ROOT mywebsearch htmlpanel Adware MyWebSearch - gt Delete on reboot HKEY CLASSES ROOT mywebsearch htmlpanel Adware MyWebSearch - gt De... Read more

A:Malwarebytes removed XP Security, but now nothing works

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HEREPlease download GMER from one of the following locations and save it to your desktop:Main MirrorThis version will download a randomly named file (Recommended)Zipped MirrorThis version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.Now click the Scan button. If you see a rootkit warning window, click OK.When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.Click the Copy button and paste the results into your next reply.Exit GMER and re-enable all active protection when done.-- If you encounter any problems, try running GMER in Safe Mode.

http://www.bleepingcomputer.com/forums/t/314610/malwarebytes-removed-xp-security-but-now-nothing-works/
Relevancy 54.18%

Removed a few trojan and other malware programs through malwarebytes I am still concerend because of very slow machine that will hang for several seconds to several minutes and then appears to go rapidly through the commands that I have tried Would like some advice on seeing if all virus and malware has been removed or am I compromised another way that am not aware Thanks in advance for any help DDS log follows DDS Ver - - - NTFSx Run by Owner at on Sat Internet Explorer Microsoft Windows XP Home Edition GMT - AV AVG Anti-Virus Free On-access scanning enabled Outdated DDD - FF- F- E B- D D BF Running Processes C WINDOWS system svchost -k DcomLaunchsvchost exeC WINDOWS System svchost exe -k netsvcsC WINDOWS system svchost exe -k WudfServiceGroupsvchost exesvchost exeC WINDOWS system LEXBCES EXEC WINDOWS infected Was vundo malwarebytes and using removed with system spoolsv exeC WINDOWS system LEXPPS EXEsvchost exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC PROGRA AVG AVG avgwdsvc exeC Program Files Bonjour mDNSResponder exeC WINDOWS System DRIVERS CDANTSRV EXEC Program Files Carbonite Carbonite Backup carboniteservice exeC Program Files TOSHIBA ConfigFree CFSvcs exeC WINDOWS System DVDRAMSV exeC Program Files Common Files Command Software dvpapi exeC PROGRA AVG AVG avgrsx exeC PROGRA AVG AVG avgnsx exeC WINDOWS Explorer EXEC Program Files Java jre bin jqs exeC Program Files Analog Devices SoundMAX SMAgent exeC WINDOWS System svchost exe -k imgsvcC PROGRA AVG AVG avgemc exeC Program Files Carbonite Carbonite Backup CarboniteUI exeC Program Files AVG AVG avgcsrvx exeC Program Files WinUtilities WO exeC WINDOWS System vssvc exeC WINDOWS System dllhost exeC WINDOWS system ctfmon exeC WINDOWS System dllhost exeC PROGRA Yahoo MESSEN ymsgr tray exeC Documents Was infected with vundo and removed using malwarebytes and Settings Owner Desktop dds scr Pseudo HJT Report uStart Page hxxp m www yahoo com uWindow Title Windows Internet Explorer provided by Yahoo uSearch Bar hxxp www yahoo com search ie htmluInternet Settings ProxyOverride localuURLSearchHooks AVG Security Toolbar BHO a bc Was infected with vundo and removed using malwarebytes a - f - -aa - d c - c program files avg avg toolbar IEToolbar dlluURLSearchHooks H - No FileuURLSearchHooks H - No FileuURLSearchHooks Yahoo Toolbar ef bd -c fb- d - f- d f - c program files yahoo companion installs cpn yt dllmURLSearchHooks AVG Security Toolbar BHO a bc a - f - -aa - d c - c program files avg avg toolbar IEToolbar dllBHO Disabled D -C F - EFB- B - ECA - No FileBHO Disabled CA F - F E- B -A E- E E C C - No FileBHO Spybot-S amp D IE Protection - f - d - - d f - c progra spybot SDHelper dllBHO Java Plug-In SSV Helper dbc -a - b-bc - c c c a - c program files java jre bin jp ssv dllTB Yahoo Toolbar ef bd -c fb- d - f- d f - c program files yahoo companion installs cpn yt dllTB BF - F - - - FE E AA - No FileTB AVG Security Toolbar ccc a -b ca- -b a - f dd - c program files avg avg toolbar IEToolbar dllTB D F B - - AF- -B FA D E - No FileTB C - F - -B A - EE - No FileTB A A -BACC- D - - A E E - No FileEB BBE - E - D -AD - D AD - No FileEB - a - b-a - c a a - No FileuRun Yahoo Pager quot c progra yahoo messen YAHOOM EXE quot -quietuRun ctfmon exe c windows system ctfmon exemRun Carbonite Backup c program files carbonite carbonite backup CarboniteUI exemRun WinUtilities Quick Launcher c program files winutilities WO exe autorundRun Picasa Media Detector c program files picasa PicasaMediaDetector exeIE Add to Google Photos Screensa amp ver - c windows system GPhotos scr IE Refresh Pa amp ge with Full QualityIE Refresh Pi amp cture with Full QualityIE F B -F - adf- A-EC E DBCE - c documents and settings owner start menu programs ultimatebet UltimateBet lnkIE CD F -D E - d - FE- C F AFE IE e e dd -d - - b -f ba - windir Network Diagnostic xpnetdiag exeIE FB F -F - d -BB E- C F - c program files messenger msmsgs exeIE B FE D - AA - F - C B- A F E - B FE... Read more

A:Was infected with vundo and removed using malwarebytes

Hi ffitch847,Welcome to Virus/Trojan/Spyware/Malware Removal (VTSMR) forum. I am going to assist you with your problem.Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. Please let me know in your next reply if you agree with this.Optional:Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:http://www.clickz.com/news/article.php/3561546I suggest you uninstall the following program via Add or Remove Programs if your are using it:Viewpoint Manager, Viewpoint Media Player.If you uninstalled it also remove the folder in bold: C:\Program Files\ViewpointDisable AVG Resident Shield:Double click AVG system tray icon to open AVG.In Overview section double click Resident Shield.Uncheck Resident Shield Active.Press Save Changes.Note: It is important to activate the resident shield immediately after ComboFix produced its log.Download ComboFix from one of these locations:Link 1Link 2Link 3* IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools. (Information on A/V control HERE)Double click on ComboFix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.When finished, it shall produce a log for you. Please copy and paste the C:\ComboFix.txt in your next reply.

http://www.bleepingcomputer.com/forums/t/297357/was-infected-with-vundo-and-removed-using-malwarebytes/
Relevancy 54.18%

Ever since I used Malwarebytes to remove the Windows Police Pro malware, everytime I try and open any program, I get the following error in a Windows pop up box:

The application or DLL globalroot\systemroot\system32\gasfkyccofnjsu.dll is not a valid Windows image. Please check this against your installation diskette.

After I click OK on the window, the program opens up perfectly fine.

Please help!

A:Removed Windows Police Pro with Malwarebytes

You're still infected. The newer variant of the rootkit can hide pretty goodTry these 2 scans to produce some logsPlease download Win32kDiag.exe by AD and save it to your desktop.alternate download 1alternate download 2This tool will create a diagnostic report for me to review.Double-click on Win32kDiag.exe to run and let it finish. When it states Finished! Press any key to exit..., press any key on your keyboard to close the program. A file called Win32kDiag.txt should be created on your Desktop.Open that file in Notepad and copy/paste the entire contents (from Starting up... to Finished! Press any key to exit...) in your next reply.

--------------------------------------Go to > Run..., then copy and paste this command into the open box: cmdClick OK.At the command prompt C:\>, copy and paste the following command and press Enter:DIR /a/s %windir%\scecli.dll %windir%\netlogon.dll %windir%\eventlog.dll >Log.txt & START notepad Log.txtA file called log.txt should be created on your Desktop.Open that file and copy/paste the contents in your next reply.

http://www.bleepingcomputer.com/forums/t/260357/removed-windows-police-pro-with-malwarebytes/
Relevancy 54.18%

Hello Thanks in advance for the help I had some problems with the a exe b exe c exe malware over the past couple of weeks I run Avira free Ad-Aware and windows firewall but these seemed to slip past them more than once I thought I was dealing with them by hunting the files down and deleting manually Silly me What really got me worried was when my browsers started removed MalwareBytes by Hijack.Windowsupdate not redirecting me from search page results So I downloaded MalwareBytes ran it and it found or somesuch entries of concern I let it do its thing rebooted and found that the browser was still redirecting Ran MB again and it found these two entries HKEY LOCAL MACHINE System CurrentControlSet Services wuauserv ImagePath Hijack.Windowsupdate not removed by MalwareBytes Hijack WindowsUpdates - gt Bad fystemroot system svchost exe -k netsvcs Good SystemRoot System svchost exe -k netsvcs - gt No action taken HKEY LOCAL MACHINE System CurrentControlSet Services BITS ImagePath Hijack WindowsUpdates - gt Hijack.Windowsupdate not removed by MalwareBytes Bad fystemRoot system svchost exe -k netsvcs Good SystemRoot System svchost exe -k netsvcs - gt No action taken I've deleted them several times with no luck And the browser is still redirecting Opera IE and Safari So hoping you can help here are the requested log files Thanks again Begin DDS txt DDS Ver - - - FAT x Run by smart at on Mon Internet Explorer BrowserJavaVersion Microsoft Windows XP Home Edition GMT - AV Avira AntiVir PersonalEdition Classic On-access scanning Hijack.Windowsupdate not removed by MalwareBytes enabled Updated FD B -FFA - EB- D - CA A C AV Avira AntiVir PersonalEdition Classic On-access scanning enabled Updated FD EC-FFA - EB- D - CA A C AV Avira AntiVir PersonalEdition Classic On-access scanning enabled Updated - - - - AV Avira AntiVir PersonalEdition Classic On-access scanning enabled Updated FD B -FFA - FC- D - CA A C Running Processes C WINDOWS system svchost -k DcomLaunch SVCHOST EXE C WINDOWS System svchost exe -k netsvcs SVCHOST EXE SVCHOST EXE C WINDOWS Explorer EXE C Program Files Lavasoft Ad-Aware AAWService exe C WINDOWS system spoolsv exe C Program Files Avira AntiVir Desktop sched exe SVCHOST EXE C Acer eManager anbmServ exe C Program Files Java jre bin jqs exe C WINDOWS system svchost exe -k imgsvc C WINDOWS system Wacom Tablet exe C WINDOWS system WTablet Wacom TabletUser exe C WINDOWS system Wacom Tablet exe C WINDOWS system Rundll exe C WINDOWS system keyhook exe C Program Files Avira AntiVir Desktop avgnt exe C Program Files Common Files Real Update OB realsched exe C Program Files Java jre bin jusched exe C WINDOWS system ctfmon exe C Program Files MagicDisc MagicDisc exe C Program Files Lavasoft Ad-Aware AAWTray exe C Program Files uTorrent uTorrent exe C Program Files iPod bin iPodService exe C Program Files Opera opera exe C Program Files Microsoft Office Office WINWORD EXE D Adobe Acrobat Acrobat Acrobat exe C Program Files Common Files Macrovision Shared FLEXnet Publisher FNPLicensingService exe C Documents and Settings smart Desktop dds scr Pseudo HJT Report uStart Page hxxp s travian us uSearch Page hxxp www google com uSearch Bar hxxp www google com ie uSearchMigratedDefaultURL hxxp www google com search q searchTerms amp sourceid ie amp rls com microsoft en-US amp ie utf amp oe utf uInternet Connection Wizard ShellNext hxxp global acer com uInternet Settings ProxyOverride local uSearchURL Default hxxp www google com keyword s mSearchAssistant hxxp www google com ie BHO Adobe PDF Reader Link Helper e f-c d - d -b d- b d be b - c program files common files adobe acrobat activex AcroIEHelper dll BHO RealPlayer Download and Record Plugin for Internet Explorer c e -b - bc - - c ca - c program files real realplayer rpbrowserrecordplugin dll BHO - f - d - - d f - c program files spybot - search amp destroy SDHelper dll BHO e -f - c -a e - c d c b b - c progra web AFE dll BHO Adobe PDF Conversion Toolbar Helper ae cd -e - f- - ee - d adobe... Read more

A:Hijack.Windowsupdate not removed by MalwareBytes

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

http://www.bleepingcomputer.com/forums/t/254105/hijackwindowsupdate-not-removed-by-malwarebytes/
Relevancy 54.18%

Antivirus is disabled firewall is disabled can't update thru windows update Restore function is not working Ran Spybot it removed quite a bit Then ran mbam It also removed many things but has left registry files that can't be deleted quot Hijack windowsUpdates quot Registry Data Items Infected HKEY LOCAL MACHINE System CurrentControlSet Services wuauserv ImagePath Hijack WindowsUpdates removed Hijack.Windowsupdate MalwareBytes by not - gt Bad fystemroot system svchost exe -k netsvcs Good SystemRoot System svchost exe -k netsvcs - gt Quarantined and deleted successfully HKEY LOCAL MACHINE System CurrentControlSet Hijack.Windowsupdate not removed by MalwareBytes Services BITS ImagePath Hijack WindowsUpdates - gt Bad fystemRoot system svchost exe -k netsvcs Good SystemRoot System svchost exe -k netsvcs - gt Quarantined and deleted successfully But they are still there on a second third amp fourth scan Ran Sophos Anti-rootkit crashed in both normal and safe mode Housecall ran in normal mode but found nothing Crashed in Safe mode Would really like some help on this Would hate to have to Format reinstall Added the RooRepeal file Thanks again

A:Hijack.Windowsupdate not removed by MalwareBytes

I'll still waiting for help! Can someone please help? ===========Hello While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with your issue and attempt to fix it.We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the HJT Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.Please be patient. It may take a while to get a response but your log will be reviewed and answered as soon as possible.Thank you for understanding.Orange Blossom ~ forum moderator

http://www.bleepingcomputer.com/forums/t/254140/hijackwindowsupdate-not-removed-by-malwarebytes/
Relevancy 54.18%

I got a virus a couple weeks ago I ran Malwarebytes Malwarebytes, Removed having with viruses problems still and it found several infections and quarantined Removed viruses with Malwarebytes, still having problems them all I will post the log from that scan at the end Since then I have been freezing up several times a day and have to manually shut down Malwarebytes comes back clean now when I scan but something is definitely still Removed viruses with Malwarebytes, still having problems wrong I also ran SuperAntiSpyware and removed a few things there too I keep getting a little window that pops up from SuperAntiSpyware saying an update is available and when I click to update now I get a message saying I have to be logged on as administrator and I am Also if I try to connect my camera or SD card to get pictures off of it it won t open The little icon that says something like safely remove hardwar comes up on the taskbar It use to pop up and ask what I wanted to do when I connected the camera or SD card This problem has been just since the virus When I connect the camera or SD card to another computer it opens normally Heres the Malwarebytes log Thanks for your help Malwarebytes Anti-Malware www malwarebytes org Database version Windows Safe Mode Internet Explorer PM mbam-log- - - - - txt Scan type Full scan C Objects scanned Time elapsed minute s second s Memory Processes Infected Memory Modules Infected Registry Keys Infected Registry Values Infected Registry Data Items Infected Folders Infected Files Infected Memory Processes Infected No malicious items detected Memory Modules Infected No malicious items detected Registry Keys Infected HKEY CLASSES ROOT CLSID D EC CA- B - -B F -C A ED A AE Adware Hotbar - gt Quarantined and deleted successfully HKEY CLASSES ROOT TypeLib F -CDB - f-A E -DDC B FEDF Adware Hotbar - gt Quarantined and deleted successfully HKEY CLASSES ROOT Interface B -E - - C - ACE A D Adware Hotbar - gt Quarantined and deleted successfully HKEY CLASSES ROOT HBLiteAX Info Adware Hotbar - gt Quarantined and deleted successfully HKEY CLASSES ROOT HBLiteAX Info Adware Hotbar - gt Quarantined and deleted successfully HKEY LOCAL MACHINE SOFTWARE Microsoft Windows CurrentVersion Ext PreApproved D EC CA- B - -B F -C A ED A AE Adware Hotbar - gt Quarantined and deleted successfully HKEY CLASSES ROOT CLSID E - F B- d- AE -F B A FD Adware Hotbar - gt Quarantined and deleted successfully HKEY CLASSES ROOT HBLiteAX UserProfiles Adware Hotbar - gt Quarantined and deleted successfully HKEY CLASSES ROOT HBLiteAX UserProfiles Adware Hotbar - gt Quarantined and deleted successfully HKEY LOCAL MACHINE SOFTWARE Microsoft Windows CurrentVersion Ext PreApproved E - F B- D- AE -F B A FD Adware Hotbar - gt Quarantined and deleted successfully HKEY CURRENT USER SOFTWARE Microsoft Windows CurrentVersion Ext Settings BDEA CF-F E - E -BD D-B F A E Adware ShoppingReport - gt Quarantined and deleted successfully HKEY CURRENT USER SOFTWARE Microsoft Windows CurrentVersion Ext Stats BDEA CF-F E - E -BD D-B F A E Adware ShoppingReport - gt Quarantined and deleted successfully HKEY LOCAL MACHINE SOFTWARE Microsoft Internet Explorer Low Rights ElevationPolicy A F - C - AF -BF - E EECF B Adware Softomate - gt Quarantined and deleted successfully HKEY CURRENT USER Software hblitesa Adware HotBar - gt Quarantined and deleted successfully HKEY LOCAL MACHINE SOFTWARE HBLite Adware HotBar - gt Quarantined and deleted successfully HKEY LOCAL MACHINE SOFTWARE Microsoft Windows CurrentVersion Uninstall HBLiteSA Adware HotBar - gt Quarantined and deleted successfully Registry Values Infected HKEY LOCAL MACHINE SOFTWARE Microsoft Windows CurrentVersion Run HBLiteSA Adware HotBar - gt Value HBLiteSA - gt Quarantined and deleted successfully HKEY LOCAL MACHINE SOFTWARE Mozilla Firefox extensions HBLite HBLite com Adware HotBar - gt Value HBLite HBLite com - gt Quarantined and deleted successfully Registry Data Items Infected No malicious items detected Folde... Read more

http://www.bleepingcomputer.com/forums/t/368040/removed-viruses-with-malwarebytes-still-having-problems/
Relevancy 54.18%

Hello On Jan I downloaded a free QR Code Scanner for Desktops from a reputable website Scanned it with Norton Internet Security and Malwarebytes and both said it was a clean file Had problems during the installation process and cancelled the installation but started having immediate problems with my Firefox browser Ran a full scan with NIS and nothing was detected Ran a full scan PC but infected & 35 still be MalwareBytes removed detected PUP's may with Malwarebytes and PUP related files were detected and quarantined However Firefox browser was still not working normally Determined from Malwarebytes log that outobox was still in my system Found a Youtube video that helped me remove this I also deleted the quarantined files MalwareBytes detected & removed 35 PUP's but PC may still be infected Shortly after this the Ease of Access Centre was activated on the login screen of my Windows desktop Just recently Yahoo informed me that one of my e-mail accounts was accessed from another country I'm not sure if all this is happening because I still have malware on my system Would greatly appreciate help in this regard Thank you Posting log of DDS txt here and attaching the zipped attach txt DDS Ver - - - NTFS AMD Internet Explorer BrowserJavaVersion Run by Stephanie at on - - Microsoft Windows Home Premium GMT - AV Norton Internet Security Enabled Updated DF - - D- - DC EFD BF SP Windows Defender Disabled Outdated D DDC A- F- fae- E -DA C ACF SP Norton Internet Security Enabled Updated D BEB -B A- E - B -B B FW Norton Internet Security Enabled BE D -DB F- - AD - F E C FC Running Processes C Windows system lsm exe C Windows system svchost exe -k DcomLaunch C Windows system svchost exe -k RPCSS C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k LocalService C Windows system svchost exe -k netsvcs C Windows system svchost exe -k GPSvcGroup C Windows system svchost exe -k NetworkService C Windows System spoolsv exe C Windows system svchost exe -k LocalServiceNoNetwork C Program Files x Common Files Adobe ARM armsvc exe C Program Files x Norton Internet Security Engine NIS exe C Program Files x Dell DataSafe Local Backup sftservice EXE C Windows system svchost exe -k imgsvc C Program Files Common Files Microsoft Shared Windows Live WLIDSVC EXE C Program Files x Yahoo SoftwareUpdate YahooAUService exe C Program Files Common Files Microsoft Shared Windows Live WLIDSvcM exe C Windows system svchost exe -k NetworkServiceNetworkRestricted C Windows System WUDFHost exe C Windows system taskhost exe C Program Files x Norton Internet Security Engine NIS exe C Windows system Dwm exe C Windows Explorer EXE C Program Files x Google Update GoogleCrashHandler exe C Program Files x Google Update GoogleCrashHandler exe C Program Files x Dell DataSafe Local Backup TOASTER EXE C Program Files x Dell DataSafe Local Backup Components DSUpdate DSUpd exe C Program Files x Dell DataSafe Local Backup COMPONENTS SCHEDULER STSERVICE EXE C WINDOWS System hkcmd exe C WINDOWS System igfxpers exe C Program Files Rainlendar Rainlendar exe C Program Files x Roxio OEM Roxio Burn RoxioBurnLauncher exe C Program Files McAfee Security Scan SSScheduler exe C Windows system SearchIndexer exe C Users Stephanie AppData Local Apps RHYQH YH ZHDKV Z T dell tion f f c a af ddfe d c DellSystemDetect exe C Program Files x Yahoo Messenger ymsgr tray exe C Program Files x Nero Update NASvc exe C Windows system svchost exe -k LocalServiceAndNoImpersonation C Program Files x Microsoft BingBar SeaPort exe C Program Files x Nero SyncUP SyncUP exe C Windows Microsoft Net Framework v WPF PresentationFontCache exe C Windows system wbem wmiprvse exe C Program Files x Nero SyncUP Nero AndroidServer exe C Windows splwow exe C Windows system taskeng exe C Program Files My Dell uaclauncher exe C Windows System cscript exe Pseudo HJT Report mWinlogon Userinit userinit exe BHO D -C F... Read more

A:MalwareBytes detected & removed 35 PUP's but PC may still be infected

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/521721 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.Please do this even if you have previously posted logs for us.If you were unable to produce the logs originally please try once more.If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available. Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.
Thank you for your patience, and again sorry for the delay.
***************************************************
We need to see some information about what is happening in your machine. Please perform the following scan again: Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.DDS.com Download LinkDouble click on the DDS icon, allow it to run. A small box will open, with an explanation about the tool. No input is needed, the scan is running. Notepad will open with the results. Follow the instructions that pop up for posting the results. Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control can be found HERE.As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

http://www.bleepingcomputer.com/forums/t/521721/malwarebytes-detected-removed-35-pups-but-pc-may-still-be-infected/
Relevancy 54.18%

Hi, first time poster, long time reader. Hope I've followed the rules so far. Thanks for all the good stuff you do. I have a friend's laptop and thought I had removed antivirus pro from it. He now has the paid version of AVG 9. I gave it back to him and the virus returned within 30 minutes. Can you please check through the attached logs and let me know if it is in fact gone and whether you would like to see any other logs ? Thanks heaps.

A:antivirus pro removed by malwarebytes and has returned

Hi, welcome to the BC Forums. My username is Raktor, and I would be glad to help you with your malware issues. I'd be grateful if you would note the following:Absence of symptoms does not always mean the computer is cleanPlease do not run any scans or fixes without my direction.Finally, stay with this topic until I give you the final 'All clear' post.Download Combofix from any of the links below. Link 1Link 2==================================Disable all antivirus and antispyware applications, then double click on ComboFix.exe & follow the prompts. When finished, it will produce a report for you. Please post the C:\ComboFix.txt so we can continue cleaning the system.

http://www.bleepingcomputer.com/forums/t/277738/antivirus-pro-removed-by-malwarebytes-and-has-returned/
Relevancy 53.32%

DDS Ver - - - NTFSAMD Internet Explorer Run by Doug Optiplex at on - Win 7 Anti-Virus MalwareBytes with 2012 Removed - - Microsoft Windows Ultimate GMT - AV AVG Anti-Virus Enabled Updated A B -DEE -F A-FBCD-ADB C F SP AVG Anti-Virus Enabled Updated E A -F D -F D -C D- C DBE F D SP Windows Defender Disabled Updated D DDC A- F- fae- E -DA C ACF Running Processes C PROGRA AVG AVG avgrsa exe C Windows system wininit exe C Windows system lsm exe C Windows system svchost exe -k DcomLaunch C Windows system svchost exe -k RPCSS C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k netsvcs C Windows system svchost exe -k LocalService C Windows system svchost exe -k NetworkService C Windows System spoolsv exe C Windows system taskeng exe C Windows system rundll exe C Program Files x AVG AVG avgfws exe C Program Files x AVG AVG avgwdsvc exe C Win 7 Anti-Virus 2012 - Removed with MalwareBytes Windows System svchost exe -k LocalServiceNoNetwork C Windows system svchost exe -k LocalServiceAndNoImpersonation C Windows system svchost exe -k HsfXAudioService C Program Files x AVG AVG avgnsa exe C Program Files x Microsoft Search Enhancement Pack SeaPort SeaPort exe C Windows system svchost exe -k imgsvc C Program Files UltraVNC WinVNC Win 7 Anti-Virus 2012 - Removed with MalwareBytes exe C Program Files x Common Files AVG Secure Search vToolbarUpdater ToolbarUpdater exe C Program Files x AVG AVG AVGIDSAgent exe C Windows system taskhost exe C Program Files UltraVNC WinVNC exe C Windows Explorer EXE C Windows system taskeng Win 7 Anti-Virus 2012 - Removed with MalwareBytes exe C Windows system Dwm exe C Program Files x AVG AVG PC Tuneup BoostSpeed exe C Program Files Dell Dell ControlPoint Security Manager BcmDeviceAndTaskStatusService exe C Program Files Realtek Audio HDA RtDCpl exe C Program Files x Google Chrome Application chrome exe C Program Files x Digital Line Detect DLG exe C Windows twain fjscan ERG FTErGuid exe C Program Files Wave Systems Corp Trusted Drive Manager TdmNotify exe C Program Files x Microsoft Office Office ONENOTEM EXE C Windows system SearchIndexer exe C Program Files x AVG AVG avgtray exe C Program Files x AVG Secure Search vprot exe C Program Files x SweetIM Messenger SweetIM exe C Windows PIXTRAN Fujitsu FiWiaChecker exe C Program Files HTC ModeSelection VMMModeSelection exe C Program Files x Common Files Java Java Update jusched exe C Program Files x Google Chrome Application chrome exe C Program Files x Google Chrome Application chrome exe C Program Files x CyberLink PowerDVD DX PDVDDXSrv exe C Program Files Windows Media Player wmpnetwk exe C Program Files x Intel Intel Rapid Storage Technology IAStorIcon exe C Program Files x HTC HTC Sync htcUPCTLoader exe C Windows twain fjscan FTPWREVT FTPWREVT exe C Windows twain fjscan SOP FtLnSOP exe C Program Files x Freecorder FLVSrvc exe C Windows twain fjscan FjtwMkup exe C Program Files x Adobe Acrobat Acrobat acrotray exe C Program Files x Malwarebytes Anti-Malware mbamgui exe C Program Files x iTunes iTunesHelper exe C Program Files iPod bin iPodService exe C Program Files x Google Chrome Application chrome exe c Program Files x ATI Technologies ATI ACE Core-Static MOM exe C Program Files x ATI Technologies ATI ACE Core-Static CCC exe C Program Files x Malwarebytes Anti-Malware mbamservice exe C Program Files x Common Files Macrovision Shared FLEXnet Publisher FNPLicensingService exe C Program Files Common Files Microsoft Shared OfficeSoftwareProtectionPlatform OSPPSVC EXE C Program Files x AVG AVG avgcsrva exe C Program Files x AVG AVG avgcsrva exe C Program Files Internet Explorer iexplore exe C Program Files Internet Explorer iexplore exe C Windows system SearchProtocolHost exe C Windows system SearchFilterHost exe C Windows SysWOW cmd exe C Windows system conhost exe C Windows SysWOW cscript exe C Windows system wbem wmiprvse exe Pseudo HJT Report uStart Page hxx... Read more

A:Win 7 Anti-Virus 2012 - Removed with MalwareBytes

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/433738 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
Please do this even if you have previously posted logs for us.If you were unable to produce the logs originally please try once more.If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system. If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available. Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.Thank you for your patience, and again sorry for the delay.*************************************************** We need to see some information about what is happening in your machine. Please perform the following scan again: Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.DDS.scr DDS.pifDouble click on the DDS icon, allow it to run. A small box will open, with an explanation about the tool. No input is needed, the scan is running. Notepad will open with the results. Follow the instructions that pop up for posting the results. Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE We also need a new log from the GMER anti-rootkit Scanner. Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step. Please first disable any CD emulation programs using the steps found in this topic: Why we request you disable CD Emulation when receiving Malware Removal Advice Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here: How to create a GME... Read more

http://www.bleepingcomputer.com/forums/t/433738/win-7-anti-virus-2012-removed-with-malwarebytes/
Relevancy 53.32%

Antivirus is disabled firewall is disabled can t not Hijack.Windowsupdate [Moved] MalwareBytes by removed update thru windows update Restore function is not working Ran Spybot it removed quite a bit Then ran mbam It also removed many things but has left registry files that can t be deleted Hijack.Windowsupdate not removed by MalwareBytes [Moved] quot Hijack windowsUpdates quot Registry Data Items Infected HKEY LOCAL MACHINE System CurrentControlSet Services wuauserv ImagePath Hijack WindowsUpdates - gt Bad fystemroot system svchost exe -k netsvcs Good SystemRoot System svchost exe -k netsvcs - gt Quarantined and deleted successfully HKEY LOCAL MACHINE System CurrentControlSet Services BITS ImagePath Hijack WindowsUpdates - Hijack.Windowsupdate not removed by MalwareBytes [Moved] gt Bad fystemRoot system svchost exe -k netsvcs Good SystemRoot System svchost exe -k netsvcs - gt Quarantined and deleted successfully But they are still there on a second third amp fourth scan Ran Sophos Anti-rootkit crashed in both normal and safe mode Housecall ran in normal mode but found nothing Crashed in Safe mode Would really like some help on this Would hate to have to Format reinstall

A:Hijack.Windowsupdate not removed by MalwareBytes [Moved]

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

http://www.bleepingcomputer.com/forums/t/254121/hijackwindowsupdate-not-removed-by-malwarebytes-moved/
Relevancy 53.32%

Okay so here's the deal I went out of town for awhile and let my roommates use my computer When I got back there was a bunch of Malware on my computer After doing a little searching I found MalwareBytes So after I downloaded and ran it it detected and removed a large amount of files So after restarting I noticed that half my desktop programs were missing their icons When I got on the internet to try and resolve the problem my browser by restoring files MalwareBytes Having trouble removed was running really slow So I reinstalled Chrome it was at this point that my browsing history was removed so I don't have a way of figuring out where I downloaded MalwareBytes from and it was still running really slow After that Having trouble restoring files removed by MalwareBytes I really didn't do much to try and resolve the problem That was over a month ago and now I just recently realized that there are a Having trouble restoring files removed by MalwareBytes few more serious problems that were caused by that When I tried to open one of the programs that were missing icons nothing happened That is when I realized that the files that MWB thought were threats were in fact a seriously large amount of my system files and program files I am missing a GB game Skype Wise Registry Cleaner Tux Guitar Daemon Tools Lite AVG even MalwareBytes itself Who knows what else I am missing that I don't know of yet The thing is my hard drive does not indicate that I have freed up any space since then So are the files still somewhere on my computer If they are then they are hidden pretty well Because I have checked Compatibility Files and almost every folder on the disk I even set my computer to show hidden files and folders Still to no avail All my system restore points have also been removed by MWB And since it has been more than a month since this has all happened I don't know if I can use a restore program to get the files back Am I totally screwed I can't find anything on the net that can help me Edit Turns out the shortcuts were just edited to point directly to the desktop instead of their target files I was looking in the wrong folder for the game The game is called Star Wars the Old Republic and I was looking in the nearly empty folder of Star Wars KNIGHTS of the Old Republic So for now as annoying as it may be it seems the only thing wrong is my shortcuts and the fact that I now have no system restore points

A:Having trouble restoring files removed by MalwareBytes

Hello and welcome progfrog mate for starters I would not have any rubbish ware like AVG Wise registry cleaner Daemon tools on any of my machines but it is your choice of course.

Now if you run this it might get back a fair bit of what you have lost - or not but certainly worth a try
https://www.piriform.com/recuva/download see what you can get back.

Now I would also make yourself the admin account owner to stop your roommates from making any major program or machines changes too.

http://www.sevenforums.com/backup-restore/389713-having-trouble-restoring-files-removed-malwarebytes.html
Relevancy 53.32%

I ran Malwarebytes it removed a bunch of malware and viruses I'm still getting a prompt saying I have more malware but I can't get it to replicate itself right about now I can't get Onecare to detect still 12 about issues, traces virus. Malwarebytes removed a of getting it along with Malwarebytes I just wanted to make sure i dont have a downloader still attached Thanks Guys Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows Vista SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes F Windows system taskeng exeF Windows system Dwm exeF Windows Explorer EXEF Windows System rundll exeF Program Files Microsoft Office Office GrooveMonitor exeF Program Files Java jre bin jusched exeF Program Files Microsoft Windows OneCare Live winssnotify exeF Program Malwarebytes removed about 12 issues, still getting traces of a virus. Files Common Files Nero Lib NMBgMonitor exeF Program Files Common Files Nero Lib NMIndexStoreSvr exeF Program Files Windows Media Player wmpnscfg exeF Program Files Mozilla Firefox firefox exeF Windows helppane exeF Program Malwarebytes removed about 12 issues, still getting traces of a virus. Files PC Wizard PC Wizard exeF Program Files uTorrent uTorrent exeF Windows system SearchFilterHost exeF Program Files Trend Micro HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Search Bar http us rd yahoo com customize ie defaul rch search htmlR - HKCU Software Microsoft Internet Explorer Main Search Page http us rd yahoo com customize ie defaul www yahoo comR - HKCU Software Microsoft Internet Explorer Main Start Page http www yahoo comR - HKLM Software Microsoft Internet Explorer Main Default Page URL http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Default Search URL http us rd yahoo com customize ie defaul www yahoo comR - HKLM Software Microsoft Internet Explorer Main Search Bar http us rd yahoo com customize ie defaul rch search htmlR - HKLM Software Microsoft Internet Explorer Main Search Page http us rd yahoo com customize ie defaul www yahoo comR - HKLM Software Microsoft Internet Explorer Main Start Page http www yahoo com R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKCU Software Microsoft Internet Explorer SearchURL Default http us rd yahoo com customize ie defaul www yahoo comR - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName R - URLSearchHook Yahoo Toolbar - EF BD -C FB- D - F- D F - F PROGRA Yahoo Companion Installs cpn yt dllO - Hosts localhostO - BHO amp Yahoo Toolbar Helper - D -C F - efb- B - ECA - F PROGRA Yahoo Companion Installs cpn yt dllO - Toolbar Yahoo Toolbar - EF BD -C FB- D - F- D F - F PROGRA Yahoo Companion Installs cpn yt dllO - HKLM Run Windows Defender ProgramFiles Windows Defender MSASCui exe -hideO - HKLM Run NvCplDaemon RUNDLL EXE F Windows system NvCpl dll NvStartupO - HKLM Run NvMediaCenter RUNDLL EXE F Windows system NvMcTray dll NvTaskbarInitO - HKLM Run GrooveMonitor quot F Program Files Microsoft Office Office GrooveMonitor exe quot O - HKLM Run SunJavaUpdateSched quot F Program Files Java jre bin jusched exe quot O - HKLM Run Adobe Reader Speed Launcher quot F Program Files Adobe Reader Reader Reader sl exe quot O - HKLM Run OneCareUI quot F Program Files Microsoft Windows OneCare Live winssnotify exe quot O - HKLM Run NeroFilterCheck F Program Files Common Files Nero Lib NeroCheck exeO - HKLM Run NBKeyScan quot F Program Files Nero Nero Nero BackItUp NBKeyScan exe quot O - HKCU Run Sidebar F Program Files Windows Sidebar sidebar exe autoRunO - HKCU Run WindowsWelcomeCenter rundll exe oobefldr dll ShowWelcomeCenterO - HKCU Run BgMonitor E - C C- d f- C - D A B AA quot F Program Files Common Files Nero Lib NMBgMonitor exe quot O - HKCU Run DAEMON Tools Lite quot F Program Files DAEMON Tools Lite daemon exe quot -autorunO - HKUS S- - - Run Sidebar ProgramFiles Windows Sidebar Sidebar ... Read more

A:Malwarebytes removed about 12 issues, still getting traces of a virus.

Hello ,Welcome to Bleeping Computer.My name mas_pogi and I will be helping you with your Malware problem.As I am still in training I will be helping you under supervision of our expert teachers, so there may be a delay between posts.Attention!Please do not run any other tool untill instructed to do so.Please tell me about any problems that have occurred during the fix.Please tell me of any other symptoms you may be having as these can help also.Please try as much as possible not to run anything while executing a fix.Please reply to this thread, do not start another.If you still need help, please follow the instruction below;Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).Click Continue at the disclaimer screen.Once it has finished, two logs will open. *Note* These two logs can be found at C:\RSITlog.txt (maximized)info.txt (minimized)Please post the contents of both logs in your next reply.Question:Did you changed anything since previous post? How is the current condition of your computer?
Is this only computer you have or theirs another computer we can eventually use.
Do you have a Windows installation CD? Not that we need it now, just in case.You might want to save this page on your bookmarks, so you can find it again when you return.Firefox: Then click on Done.IExplorer: Then click on Add.Stay calm and everything will be just alright.With Regards,mas_pogi

http://www.bleepingcomputer.com/forums/t/181015/malwarebytes-removed-about-12-issues-still-getting-traces-of-a-virus/
Relevancy 53.32%

About a week ago my PC became infected w/ the antispyware soft virus. I was able to download Malwarebytes and scan it with that while in safe mode. It found a bunch of stuff and removed it. Further scans in regular mode with AVG and Malwarebytes have found nothing else.

Since then my PC appears to be working normally - except Internet Explorer is no longer working. Also, my Windows Live Mail program is no longer working. The internet connection seems to be fine. I can connect to the internet via Firefox. Today I tried downloading Google Chrome, and it also doesn't work.

Are there steps that I can take to get Internet Explorer and Windows Live Mail to function properly again? Those are my goals. I have an HP computer w/ Windows xp. Thank you.
 

Relevancy 53.32%

Had System progressive protection malware
ran Rkill, malwarebytes, and PSIS. Now I am getting a message that says

The Recycle Bin on C:\ is corrupted. Do you want to empty the Recycle Bin for this drive?

I said yes at first and when it said there were over 700 files I stopped it. Rebooted and got it again, this time I said no and tried to open the Recycle bin to view the files and it wouldnt let me.

Any suggestions????

Thanks,

A:malwarebytes removed system progressive protection

Hello,I will be helping you with your problems. Please be patient while I assist you.Some points for you to keep in mind while I am helping you to make things go easier and faster for both of us Please do NOT run, install or uninstall any programs, unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability. Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post. Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process. Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.----------------------------------------------Please do the following:Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!Double-click on TDSSKiller.exe on your desktop to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.Click on change parametersUnder Objects to scan, check the box next to Loaded modulesIf you are asked to reboot, then click Yes.NextCheck the boxes next to Loaded modules, Verify file digital signatures, Detect TDLFS file system, then click OK.Click the Start Scan button.Do not use the computer during the scanIf the scan completes with nothing found, click Close to exit.If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
Note: If Cure is not an option, Skip instead, do NOT choose Delete or Quarantine unless instructed.A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).Copy and paste the full contents of that file in your next reply. - If the log is too long, then split it into multiple posts.Download Security Check by screen317 from here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions in... Read more

http://www.bleepingcomputer.com/forums/t/477365/malwarebytes-removed-system-progressive-protection/
Relevancy 53.32%

Hello All

Have just purchased and installed Norton Internet Security 2013, during the installation process NIS displayed a window saying the following programs must be removed before installation can continue. There was just one program listed: MalwareBytes (mbam something) NIS even had a button to click to remove the program. I would like to know Why?. I have always believed MalwareBytes to be a good piece of software.
 

Relevancy 53.32%

I had just removed a bunch of trojans using malwarebytes and avg antivirus I didnt have a desktop and toolbar or a while but found the registry that I had to fix Reran malwarebytes in safemode and didnt find anything Also ran avg in safemode with autofix on I am just checking to see if I missed anything I most likely still have some malware on the comp or at least I feel like its not all gone But to keep me sane and my paranoia on the bay I'm hoping you guys can help me out Thanks a lot in advance Here inside. removed malwarebytes HiJackthis Just and log Trojan, are my logs Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system Ati evxx exe C WINDOWS system svchost exe C WINDOWS System Just removed Trojan, HiJackthis and malwarebytes log inside. svchost exe C WINDOWS system Ati evxx exe C WINDOWS system spoolsv exe C WINDOWS Explorer EXE C WINDOWS stsystra exe C Program Files Synaptics SynTP SynTPEnh exe C Just removed Trojan, HiJackthis and malwarebytes log inside. PROGRA AVG AVG avgtray exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C PROGRA AVG AVG avgwdsvc exe C WINDOWS system ctfmon exe C Program Files Bonjour Just removed Trojan, HiJackthis and malwarebytes log inside. mDNSResponder exe C Program Files Common Files Microsoft Shared VS DEBUG MDM EXE C Program Files Dell QuickSet NICCONFIGSVC exe C PROGRA AVG AVG avgrsx exe C WINDOWS system svchost exe C PROGRA AVG AVG avgnsx exe C Program Files Common Files Symantec Shared CCPD-LC symlcsvc exe C WINDOWS system UTSCSI EXE C Program Files Viewpoint Common ViewpointService exe C PROGRA AVG AVG avgemc exe C Program Files AVG AVG avgcsrvx exe C WINDOWS System svchost exe C Documents and Settings David Vo Local Settings Application Data Google Chrome Application chrome exe C Documents and Settings David Vo Local Settings Application Data Google Chrome Application chrome exe C Program Files Viewpoint Viewpoint Manager ViewMgr exe C Documents and Settings David Vo Local Settings Application Data Google Chrome Application chrome exe C Documents and Settings David Vo Local Settings Application Data Google Chrome Application chrome exe C Program Files Trend Micro HijackThis HijackThis exe R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search Default Page URL http www google com ig dell hl en amp us amp ibd R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyServer http localhost R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local lt local gt O - BHO no name - A F- BA- D - D -F f - no file O - BHO no name - D -C F - efb- B - ECA - no file O - BHO no name - C B A- - A C-BCC - D C A BBF - no file O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - HKLM Run SigmatelSysTrayApp stsystra exe O - HKLM Run SynTPEnh C Program Files Synaptics SynTP SynTPEnh exe O - HKLM Run AVG TRAY C PROGRA AVG AVG avgtray exe O - HKLM Run amd dc opt C Program Files AMD Dual-Core Optimizer amd dc opt exe O - HKLM Run QuickTime Task quot C Program Files QuickTime QTTask exe quot -atboottime O - HKCU Run ctfmon exe C WINDOWS system ctfmon exe O - HKUS S- - - RunOnce WUAppSetup C Program Files Common Files logishrd WUApp exe -v x d -p x dd -f video -m logitech -d User 'SYSTEM' O - HKUS DEFAULT RunOnce WUAppSetup C Program Files Common Files logishrd WU... Read more

A:Just removed Trojan, HiJackthis and malwarebytes log inside.

Hello and Welcome to TSF.

We no longer use HijackThis as our initial analysis tool.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

http://www.techsupportforum.com/forums/f50/just-removed-trojan-hijackthis-and-malwarebytes-log-inside-387676.html
Relevancy 53.32%

I m using a Dell laptop running Windows XP Professional Both or Malwarebytes-Access Denied removed cannot by AVG be Trojan AVG ver anti-virus free and Malwarebytes found a Trojan cannot be removed by AVG or Malwarebytes-Access Denied quot Trojan horse Downloader Zlob r CR quot called quot a exe quot in the following directory C Documents and Settings quot username quot Local Settings Temp a exe Only AVG found a quot Trojan horse Generic ACDJ quot at C Downloads Deep Freeze Unfreezer Win k XP DeepUnfreezer exe AVG could not quot heal quot the files and said quot access denied quot Malwarebytes also couldn t remove it When I went tried to open the quot username quot folder in Windows Explorer it will not open and says quot Access denied quot The same happens when I try to open the quot Trojan cannot be removed by AVG or Malwarebytes-Access Denied Deep Freeze Unfreezer quot folder I have tried opening these folders in Safe Mode with command prompt and I get an quot Access is denied quot message again Also neither AVG Trojan cannot be removed by AVG or Malwarebytes-Access Denied version now nor Malwarebytes find any virus Here is the HighJackThis log Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C Program Files Intel Wireless Bin EvtEng exe C Program Files AVG AVG avgchsvx exe C Program Files AVG AVG avgrsx exe C Program Files Intel Wireless Bin S EvMon exe C Program Files Intel Wireless Bin WLKeeper exe C Program Files AVG AVG avgcsrvx exe C WINDOWS system spoolsv exe C Program Files AVG AVG Identity Protection Agent Bin AVGIDSAgent exe C Program Files Intel Wireless Bin ZcfgSvc exe C WINDOWS Explorer EXE C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files Symantec LiveUpdate AluSchedulerSvc exe C Program Files AVG AVG avgwdsvc exe C Program Files AVG AVG avgfws exe C Program Files Bonjour mDNSResponder exe C Program Files Common Files Symantec Shared PIF B E DD - - c -B F- F FCA A PifSvc exe C PROGRA Intel Wireless Bin XConfig exe C Program Files Malwarebytes Anti-Malware mbamservice exe C Program Files Common Files Microsoft Shared VS DEBUG MDM EXE C Program Files Dell NICCONFIGSVC NICCONFIGSVC exe C Program Files Common Files Protexis License Service PSIService exe C Program Files Intel Wireless Bin RegSrvc exe C Program Files Photodex ProShowGold ScsiAccess exe C WINDOWS system svchost exe C Program Files AVG AVG avgam exe C Program Files AVG AVG avgnsx exe C Program Files Intel Wireless Bin ifrmewrk exe C WINDOWS stsystra exe C Program Files Common Files InstallShield UpdateService issch exe C WINDOWS system dla tfswctrl exe C WINDOWS system hkcmd exe C WINDOWS system igfxpers exe C Program Files Synaptics SynTP SynTPEnh exe C WINDOWS system igfxsrvc exe C WINDOWS system V Mon exe C Program Files Common Files Symantec Shared PIF B E DD - - c -B F- F FCA A PifSvc exe C Program Files iTunes iTunesHelper exe C Program Files Malwarebytes Anti-Malware mbamgui exe C PROGRA AVG AVG avgtray exe C Program Files DellSupport DSAgnt exe C WINDOWS system ctfmon exe C Program Files PeerGuardian pg exe C Program Files AVG AVG Identity Protection agent bin avgidsmonitor exe C Program Files iPod bin iPodService exe C Program Files AVG AVG avgcsrvx exe C Program Files AVG AVG avgui exe C Program Files AVG AVG avgscanx exe C Program Files AVG AVG avgcsrvx exe C Program Files Malwarebytes Anti-Malware mbam exe C Program Files Internet Explorer iexplore exe C Program Files Internet Explorer iexplore exe C Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page http www google ca R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwl... Read more

https://forums.techguy.org/threads/trojan-cannot-be-removed-by-avg-or-malwarebytes-access-denied.889079/
Relevancy 53.32%

Hello I've had this problem for a couple of weeks at least but I'm just now getting around to asking for some help with it Malware Bytes scan completes and shows results Two items both registry entries - see attached screenshot will not remove Any other items that show up in Can't Found Registry Be MalWareBytes Removed By Values the scan remove properly but these two reappear in the results even if the search is repeated immediately after the restart I've seen other odd behavior Registry Values Found By MalWareBytes Can't Be Removed that makes me believe my computer may be infected with something I'm not seeing including Computer sometimes wakes up from sleep mode on its own Computer occasionally seems to try to go into sleep mode while I'm using it screen blacks out have to move the mouse again to make it come back Odd Internet Explorer behavior things taking Registry Values Found By MalWareBytes Can't Be Removed over the back button new tab is gray instead of white etc Random slowness Just generally odd behavior that makes me suspicious Please help me get this thing cleaned up and back to normal DDS Log is below Thanks DDS Ver - - - NTFS AMD Internet Explorer BrowserJavaVersion Run by John at on - - Microsoft Windows Home Premium GMT - AV McAfee Anti-Virus and Anti-Spyware Enabled Updated SP McAfee Anti-Virus and Anti-Spyware Enabled Updated SP Windows Defender Registry Values Found By MalWareBytes Can't Be Removed Disabled Updated FW McAfee Firewall Enabled CDATA Event observe window 'load' function e prettyPrint Running Processes C Windows system lsm exe C Windows system svchost exe -k DcomLaunch C Windows system nvvsvc exe C Program Files x NVIDIA Corporation D Vision nvSCPAPISvr exe C Windows system svchost exe -k RPCSS C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k LocalService C Windows system svchost exe -k netsvcs C Program Files Dell DellDock DockLogin exe C Windows system svchost exe -k NetworkService C Program Files NVIDIA Corporation Display nvxdsync exe C Windows system nvvsvc exe C Windows System spoolsv exe C Windows system svchost exe -k LocalServiceNoNetwork C Program Files x Common Files Adobe ARM armsvc exe C Program Files x Common Files Apple Mobile Device Support AppleMobileDeviceService exe C Program Files Bonjour mDNSResponder exe C Windows system svchost exe -k LocalServiceAndNoImpersonation C Program Files Common Files Logishrd LVMVFM LVPrcSrv exe C Program Files Common Files McAfee SystemCore mfevtps exe C Program Files Autodesk Inventor Moldflow bin mitsijm exe C Program Files x Common Files Logishrd LVMVFM LVPrS H exe C Windows system svchost exe -k NetworkServiceNetworkRestricted C Program Files x Microsoft Search Enhancement Pack SeaPort SeaPort exe C Program Files x Dell DataSafe Local Backup sftservice EXE C ProgramData Skype Toolbars Skype C C Service c c service exe C Windows system svchost exe -k imgsvc C Program Files x TomTom HOME TomTomHOMEService exe C Program Files Common Files Microsoft Shared Windows Live WLIDSVC EXE C Program Files x Yahoo SoftwareUpdate YahooAUService exe C Program Files x Intel Intel reg Rapid Storage Technology IAStorDataMgrSvc exe C Program Files Common Files Microsoft Shared Windows Live WLIDSvcM exe C Windows system wbem wmiprvse exe C Program Files Common Files McAfee SystemCore mcshield exe C Program Files Common Files McAfee SystemCore mfefire exe C Program Files Common Files McAfee McSvcHost McSvHost exe C Windows System WUDFHost exe C Windows system taskhost exe C Windows system Dwm exe C Windows Explorer EXE C Program Files x Dell DataSafe Local Backup Components Scheduler STService exe C Program Files Realtek Audio HDA RAVCpl exe C Windows System rundll exe C Windows System rundll exe C Program Files Microsoft IntelliPoint ipoint exe C Program Files Microsoft IntelliType Pro itype exe C Program Files Dconnexion DxWare DxWinCore DxS... Read more

A:Registry Values Found By MalWareBytes Can't Be Removed

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===--RogueKiller--Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit Quit all programs that you may have started.Please disconnect any USB or external drives from the computer before you run this scan!For Vista or Windows 7, right-click and select "Run as Administrator to start"For Windows XP, double-click to start.Wait until Prescan has finished ...Then Click on "Scan" buttonWait until the Status box shows "Scan Finished"click on "delete"Wait until the Status box shows "Deleting Finished"Click on "Report" and copy/paste the content of the Notepad into your next reply.The log should be found in RKreport[1].txt on your DesktopExit/Close RogueKiller+===Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Click the Report button and the report will open in Notepad.IMPORTANTIf you click the Clean button all items listed in the report will be removed.If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Check off the element(s) you wish to keep.Click on the Clean button follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleaner[Sn].txt (n is a number). Please downloadJunkware Removal Tool to your Desktop.Please close your security software to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.The tool will open and start scanning your system.Please be patient as this can take a while to complete, depending on your system's specifications.On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.Please post the contents of JRT.txt into your reply.===Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: TurorialLink 1Link 2IMPORTANT !!! Save ComboFix.exe to your Desktop1. Close any open browsers.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.3. Do not install any other programs until this if fixed.How to : Disable Anti-virus and Firewall...http://www.bleepingcomputer.com/forums/topic114351.htmlDouble click on ComboFix.exe and follow the prompts.When finished, it will produce a report for you.Please post the C:\ComboFix.txt Note: Do not mouse click ComboFix's window while it's running. That may cause it to stallNote: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.htmlNote: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.===Please paste the logs in your next reply DO NOT ATTACH THEM.Let me know what problem persists.

http://www.bleepingcomputer.com/forums/t/505606/registry-values-found-by-malwarebytes-cant-be-removed/
Relevancy 53.32%

Hi I have windows vista sp bit os I ran a full found removed trojan.fakealert and Malwarebytes scan with Malwarebytes and it found trojan fakealert and I had malwarebytes remove it and then was I was prompted to restart which I did Then I ran superantispyware full Malwarebytes found and removed trojan.fakealert scan which was clean I went to virus total and chose one file in the folder where the Malwarebytes found and removed trojan.fakealert trojan was found to run thru the virus total and one result came back as having a problem I popped that in google and didn t understand it much So I just uninstalled that whole program file There were many files that came up during uninstall prompting to ask if I wanted to remove files that may be a shared file and I said no to all so only what wasn t possibly shared got removed I ve not used that program in nearly a year it s a recorder to record streaming audio so I don t understand why that would get a trojan Then I ran malwarebytes full scan and at some time during that scan I got a bsod x page fault in non paged area It said mbswissarmy on the blue screen or whatever that title is that is malwarebytes I shut off the pc and started back up into safe mode and ran malwarebytes full scan and it was clean I have the windows dump and do not know how to read it or if is useful Since I got the bsod I am wondering if there is more I need to do I ve had malwarebytes a long time It is current and up to date So I am just wondering if anyone knows why malwarebytes would cause a bsod if it means I may still have some part of a trojan in my system and also if the window dumps are useful and if so how to read them Thank you so much for reading this and for any help as well

http://www.bleepingcomputer.com/forums/t/278953/malwarebytes-found-and-removed-trojanfakealert/
Relevancy 53.32%

I removed the malware with MalwareBytes. I have lost my Windows Defender and Firewall.

I get the following message: Specified service does not exist as an installed service. error 0x80070424

Did I remove the problem entirely and how can I repair my Window 7.

Thank you

A:Win 7 Anti-Virus 2012 - Removed with MalwareBytes

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.Orange Blossom

http://www.bleepingcomputer.com/forums/t/430915/win-7-anti-virus-2012-removed-with-malwarebytes/
Relevancy 52.89%

Hi everyone So i've had installed windows a few days ago Everything was running smoothly Until today Something kinda weird happened PC was turned off no one use it but me When i turned it on Opened browser Firefox found got uBlock stopped automatically Origin Malwarebytes and removed that i'm getting some ads I had installed uBlock Origin since day one So i went to check the addons and found out that it was uninstalled I also had malwarebytes installed and uBlock Origin got removed automatically and Malwarebytes stopped checked it to be launched on windows startup Found that it didn't start I did a system scan using Avira Pro and got no infections What should i do now What could that be Would really uBlock Origin got removed automatically and Malwarebytes stopped appreciate your help guys cheers Info you might need OS ver Windows Enterprise x Windows Defender Disabled Windows Firewall Enabled O amp O ShutUp set it to maximum only allowing uBlock Origin got removed automatically and Malwarebytes stopped windows updates Antivirus Avira Pro Malware Malwarebytes Anti-Malware v Build Premium Browser Firefox Symptoms uBlock Origin was removed automatically from browser and Malwarebytes was stopped from running on windows startup

A:uBlock Origin got removed automatically and Malwarebytes stopped

Hi
 

OS ver: Windows 10 Enterprise x64

Is this a company computer?

http://www.bleepingcomputer.com/forums/t/602134/ublock-origin-got-removed-automatically-and-malwarebytes-stopped/
Relevancy 52.89%

So I recently fell victim to what a Google search told me is the action further FBI needed? Removed virus Malwarebytes Moneypak with - quot FBI Moneypack quot quot ransom quot virus that s been going around It wasn t this exact screenshot for me but it looked something like it http www fbi gov news stories august new-internet-scam I booted my computer in safe mode read some literature downloaded the free version of Malwarebytes and ran a scan which found some files it deleted I rebooted normally and thank god everything s fine now the screen s gone and I m typing this from Removed FBI Moneypak virus with Malwarebytes - further action needed? said malware d computer My question is do you advise anything I do anything else I just ran another malwarebytes scan which turned up negative and I m currently running another standard MS Security Essentials system scan In the event that everything seems fine and ends up back to normal should I still take any other actions or consult a real-life tech help pro Thanks a lot

A:Removed FBI Moneypak virus with Malwarebytes - further action needed?

Sorry, I realized that I should've posted this over in the security section, here:
http://www.bleepingcomputer.com/forums/topic466198.html
So someone can delete this thread, thanks.

http://www.bleepingcomputer.com/forums/t/466196/removed-fbi-moneypak-virus-with-malwarebytes-further-action-needed/
Relevancy 52.89%

Months ago I was infected with a virus that prevented AVG and MBAM from running. A friend ran MBAM from a flash drive(I think), which got AVG and MBAM back working on the PC.
Some time later, I noticed Windows Update no longer worked and Google searches were occasionally being redirected. Clicking a second time on the search item always worked. I didn't realise until recently that these may also be symptoms of the virus.
Then Malwarebytes AntiRootkit got Windows Update going again. I also ran some of the other tools mentioned here but I still get Google redirects.
I'd appreciate advice on what to do next.
I use Windows 7 Home Premium and Firefox.

A:Zeroaccess trojan removed by Malwarebytes but still have Google redirects

ZeroAccess rootkit requires elevated help. Please follow the instructions in THIS GUIDE starting at Step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it HERE. Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

http://www.bleepingcomputer.com/forums/t/522224/zeroaccess-trojan-removed-by-malwarebytes-but-still-have-google-redirects/
Relevancy 52.89%

Malbarebytes identified several PUPs and a Trojan and removed them but now I am having issues with explorer.exe not responding and having to be restarted, a popup window from Catalyst Control want my driver updated but have checked it and it is updated. Also had uninstalled Java, had 2 updates on computer, but it kept one in the programs list and I was getting update popups so manually deleted the folder (yes I know that I shouldn't have done it that way but thought it was just leftover file). Now when I restart, that popup says it can't find a reminder files which is a *.dll, so I just click off that box too but this is getting ridulous so I need your expertise to look over the computer and see what is going on.
 
This is a Windows Vista computer, Service pack 2, 64 bit.
 
Please let me know what other information you need.
 
Thank You.
Patti

A:Removed Trojan and several PUPs found by Malwarebytes but having odd problems

Hi Patti My name is Aura and I'll be assisting you with your issue. Follow the instructions below please.MiniToolBoxDownload MiniToolBox and move the file to your Desktop;Right-click on MiniToolBox.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);Check the following options:Flush DNS;Report IE Proxy Settings;Reset IE Proxy Settings;Report FF Proxy Settings;Reset FF Proxy Settings;List content of Hosts;List IP Configuration;List Winsock Entries;List Last 10 Event Viewer Errors;List Installed Programs;List Devices - Only Problems;List Users, Partitions and Memory size;Once this is done, click on Go and wait for the scan to complete;Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;

http://www.bleepingcomputer.com/forums/t/607425/removed-trojan-and-several-pups-found-by-malwarebytes-but-having-odd-problems/
Relevancy 52.89%

Malwarebytes found Rootkit.fileless.mtgen today and quarantined it.  I tried to run Microsoft Safety Scanner to and Windows Defender full scan and neither would run.  After searching around I also found and ran Kapersky TDSS killer and it did not find anything.
 
How do I know this malware has been removed from my PC?
 
  

A:Malwarebytes found Rootkit.fileless.mtgen - Is it removed?

Welcome aboard   Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeList Restore PointsClick Go and post the result. Please download Malwarebytes Anti-Malware (MBAM) to your desktop.NOTE. If you already have MBAM 2.0 installed scroll down.Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:

Launch Malwarebytes Anti-MalwareA 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
Click Finish.On the Dashboard, click the 'Update Now >>' linkAfter the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.If an update is available, click the Update Now button.
A Threat Scan will begin.When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.In most cases, a restart will be required.Wait for the prompt to restart the computer to appear, then click on Yes.If you already have MBAM 2.0 installed:On the Dashboard, click the 'Update Now >>' linkAfter the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.If an update is available, click the Update Now button.
A Threat Scan will begin.When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.In most cases, a restart will be required.Wait for the prompt to restart the computer to appear, then click on Yes.How to get logs:(Export log to save as txt)After the restart once you are back at your desktop, open MBAM once more.Click on the History tab > Application Logs.Double click on the Scan Log which shows the Date and time of the scan just performed.Click 'Export'.Click 'Text file (*.txt)'In the Save File dialog box which appears, click on Desktop.In the File name: box type a name for your scan log.A message box named 'File Saved' should appear stating "Your file has been successfully exported".Click OkAttach that saved log to your next reply.(Copy to clipboard for pasting into forum replies or tickets)After the restart once you are back at your desktop, open MBAM once more.Click on the History tab > Application Logs.Double click on the Scan Log which shows the Date and time of the scan just performed.Click 'Copy to Clipboard'Paste the contents of the clipboard into your reply.Download Malwarebytes Anti-Rootkit (MBAR) to your desktop.Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.Double click on downloaded file. OK self extracting promp... Read more

http://www.bleepingcomputer.com/forums/t/615887/malwarebytes-found-rootkitfilelessmtgen-is-it-removed/
Relevancy 52.89%

Hello My computer has been suffering from a general slowdown I takes over a minute to load a webpage multiple minutes to load some programs and my desktop image will not appear Any help would be greatly appreciated -RotzyDDS Ver - - - NTFSx Run by Linda M VanRotz at on Fri Internet Explorer Microsoft Windows XP Professional GMT - AV McAfee VirusScan On-access scanning enabled Updated B EE - - CDE-A A-DD BA FAD FW McAfee Personal Firewall enabled B - C F- -BDA - CA DA E Running Processes C WINDOWS system svchost -k DcomLaunchsvchost exeC WINDOWS System svchost exe -k netsvcssvchost exesvchost exeC WINDOWS Explorer EXEE Program Files Lavasoft Ad-Aware aawservice exeC WINDOWS system spoolsv exesvchost exeC WINDOWS system spool drivers w x hpztsb exeC Program Files HP hpcoretech hpcmpmgr Computer multiple even problems with after removed slowdowl Malwarebytes exeC Program Files Common Files AOL ee AOLSoftware exeC Program Files Java jre bin jusched exeC Program Files McAfee com Agent mcagent exeC Program Files Java jre bin jqs exeC PROGRA McAfee MSC mcmscsvc exeE PROGRA PANICW POP-UP PSFree exec PROGRA COMMON mcafee mna mcnasvc exeC PROGRA AOL waol exeC Program Files Common Files Intuit QuickBooks QBUpdate qbupdate exec PROGRA COMMON mcafee mcproxy mcproxy exeC PROGRA McAfee VIRUSS mcshield exeC Program Files Common Files Microsoft Shared VS Debug mdm exeC Program Files McAfee MPF MPFSrv exeC Program Files Common Files Intuit QuickBooks QBCFMonitorService exeC WINDOWS wanmpsvc exeC WINDOWS system wuauclt exeC Program Files Common Files AOL ACS AOLacsd exeC WINDOWS system wuauclt Computer slowdowl even after multiple problems removed with Malwarebytes exeC PROGRA AOL shellmon exeC Program Files Internet Explorer iexplore exeC Documents and Settings Linda M VanRotz Desktop dds scr Pseudo HJT Report uStart Page hxxp www google com mSearchAssistant hxxp resultsmaster com SmartOffers Services resultsmaster ResultsMasterHomeLeftPane htmBHO Adobe PDF Reader Link Helper e f-c d - d -b d- b d be b - c program files adobe acrobat activex AcroIEHelper dllBHO scriptproxy db d a - - e -b d- f c - c program files mcafee virusscan scriptsn dllBHO Java Plug-In SSV Helper dbc -a - b-bc - c c c a - c program files java jre bin jp ssv dllBHO JQSIEStartDetectorImpl Class e e f - ce- c -bc -eabfe f c - c program files java jre lib deploy jqs ie jqs plugin dllTB ACB E - - C -A - B A A CB - No FileEB C -B BC- AE-A FB-EB A F EB - No FileEB - a - b-a - c a a - No FileEB A E B -B A - B - C - EC A B A - No FileuRun PopUpStopperFreeEdition quot e progra panicw pop-up PSFree exe quot uRun AOL Fast Start quot c progra aol AOL EXE quot -bmRun QuickTime Task quot c program files quicktime qttask exe quot -atboottimemRun HPDJ Taskbar Utility c windows system spool drivers w x hpztsb exemRun HP Component Manager quot c program files hp hpcoretech hpcmpmgr exe quot mRun HostManager c program files common files aol ee AOLSoftware exemRun SunJavaUpdateSched quot c program files java jre bin jusched exe quot mRun mcagent exe quot c program files mcafee com agent mcagent exe quot runkeyStartupFolder c docume alluse startm programs startup adober lnk - c program files adobe acrobat reader reader sl exeStartupFolder c docume alluse startm programs startup micros lnk - e program files microsoft office office OSA EXEStartupFolder c docume alluse startm programs startup quickb lnk - c program files common files intuit quickbooks qbupdate qbupdate exeStartupFolder c docume alluse startm programs startup zoneal lnk - e program files zone labs zonealarm zonealarm exeIE amp SearchIE E amp xport to Microsoft Excel - e progra micros office EXCEL EXE IE AC E - - d -BC D- B D A DE - e program files aim aim exeIE CD F -D E - d - FE- C F AFE IE FB F -F - d -BB E- C F - c program files messenger msmsgs exeDPF ED DDF - - BBE- - A EDB D A - hxxp bin mcafee com molbin shared mcinsctl en-us mcinsctl cabDPF AD C - E- D -B E - F D - hxxp java sun com update jinstall- -windows-i cabDPF F C A... Read more

A:Computer slowdowl even after multiple problems removed with Malwarebytes

Hello,My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if youwould let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up.Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)Please download GMER from one of the following locations, and save it to your desktop:Main MirrorThis version will download a randomly named file (Recommended)Zip MirrorThis version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs, as this process may crash your computer.Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.Double click on Gmer to run it.Allow the gmer.sys driver to load if asked.You may see a rootkit warning window, If you do, click No.Untick the following boxes on the right side of the Gmer screen.SectionsIAT/EATFilesShow AllClick on and wait for the scan to finish.If you see a rootkit warning window, click OK.Push and save the logfile to your desktop.Copy and Paste the contents of that file in your next post.Then please post back here with the following: log.txt info.txt Gmer logThanks

http://www.bleepingcomputer.com/forums/t/293556/computer-slowdowl-even-after-multiple-problems-removed-with-malwarebytes/
Relevancy 52.89%

A few weeks ago CA Security Suite detected a Kollah Trojan on my Windows Vista laptop - it would scan find four Kollah Trojan items and quarantine one of those which I would delete but the next time it scanned it would do the same thing find four quarantine one I would delete that one Last Sunday I decided to get to the bottom of this and get rid of the Trojan so I started asking people what to do and based on some recommendations tried SpyWare Doctor Trend Housecall AVG Free Malwarebytes and SpyBot Search amp Destroy all to no avail until I disabled and Trojan removed? - Kollah reformatted something Malwarebytes maybe detects CA and then malwarebytes found the Trojan and removed it Even so I was told the best bet would be a system Kollah Trojan - reformatted and maybe removed? Malwarebytes detects something reformat so I backed up all my data and reinstalled Vista which was Kollah Trojan - reformatted and maybe removed? Malwarebytes detects something how ehow told me to reformat for this OS then reinstalled AVG Free enabled my Windows stuff firewall and defender reinstalled my software and some of my data and did another malwarebytes scan just to be safe This time malwarebytes found something it didn t like called quot HKEY LOCAL MACHINE SOFTWARE Microsoft Windows CurrentVersion Policies Explorer NoActiveDesktopChanges Hijack DisplayProperties - gt Bad Good - gt Quarantined and deleted successfully quot So I decided my best bet would be to run HiJackThis and post here I just want to know if I m still infected and what to do if I am I ran the DDS below and am attaching Attach but the RootKit won t run I get the following error Error - RootRepeal does not support -bit OSs Below the DDS I Kollah Trojan - reformatted and maybe removed? Malwarebytes detects something am posting my HiJackthis log I don t know if they re different Thank you in advance for any help DDS Log DDS Ver - - - NTFSX Run by Erin at on Thu Internet Explorer Microsoft Windows Vista Home Premium GMT - SP Windows Defender enabled Updated D DDC A- F- FAE- E -DA C ACF Running Processes C Windows system wininit exeC Program Files x AVG AVG avgchsva exeC Windows system lsm exeC Windows system svchost exe -k DcomLaunchC Windows system svchost exe -k rpcssC Windows System svchost exe -k LocalServiceNetworkRestrictedC Windows System svchost exe -k LocalSystemNetworkRestrictedC Windows system svchost exe -k netsvcsC Windows system SLsvc exeC Windows system svchost exe -k LocalServiceC Windows system svchost exe -k NetworkServiceC Windows System spoolsv exeC Windows system svchost exe -k LocalServiceNoNetworkC Program Files x AVG AVG avgwdsvc exeC Windows system Dwm exeC Windows system svchost exe -k bthsvcsC Program Files GATEWAY Gateway Recovery Management Service ETService exeC Windows Explorer EXEC Windows system taskeng exeC Program Files x AVG AVG avgnsa exeC Windows system taskeng exeC Program Files x O Micro Flash Memory Card Driver o flash exeC Windows system svchost exe -k NetworkServiceNetworkRestrictedC Windows system svchost exe -k imgsvcC Windows System svchost exe -k WerSvcGroupC Windows system SearchIndexer exeC Program Files x AVG AVG avgrsa exeC Program Files x AVG AVG avgcsrva exeC Windows system DRIVERS xaudio exeC Program Files x AVG AVG avgemc exeC Program Files x Intel Intel Matrix Storage Manager IAANTMon exeC Program Files x AVG AVG avgcsrvx exeC Program Files Windows Defender MSASCui exeC Program Files x Intel Intel Matrix Storage Manager IAAnotif exeC Program Files Synaptics SynTP SynTPEnh exeC Windows System igfxtray exeC Windows System igfxpers exeC Windows system igfxsrvc exeC Program Files x Google GoogleToolbarNotifier GoogleToolbarNotifier exeC Program Files x Java jre bin jusched exeC Program Files Camera Assistant Software for Gateway traybar exeC Program Files x CyberLink PowerDVD PDVDServ exeC Program Files x iTunes iTunesHelper exeC Program Files x QuickTime qttask exeC Program Files x iPod bin iPodService exeC Program Files x Sc... Read more

A:Kollah Trojan - reformatted and maybe removed? Malwarebytes detects something

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.regards myrti

http://www.bleepingcomputer.com/forums/t/287091/kollah-trojan-reformatted-and-maybe-removed-malwarebytes-detects-something/
Relevancy 52.89%

Months ago I was infected with a virus that prevented AVG and MBAM from running A friend ran MBAM from a flash drive I think which got AVG and MBAM back working on the PC Some time later I noticed Windows Update no longer worked and Google searches were occasionally being redirected Clicking a second time on the search item always worked I didn't realise until recently that these may also be symptoms of the virus Then Malwarebytes AntiRootkit got Windows Update going again I also ran some of the other tools mentioned here but have trojan by still removed redirects Zeroaccess Google but Malwarebytes I still get Google redirects I'd appreciate advice on what to do next I use Windows Home Premium Zeroaccess trojan removed by Malwarebytes but still have Google redirects and Firefox - - - - - - - Link to topic in Am I Infected Zeroaccess trojan removed by Malwarebytes but still have Google redirects forum http www bleepingcomputer com forums t zeroaccess-trojan-removed-by-malwarebytes-but-still-have-google-redirects entry - - - - - I still have most of the logs from the previous Malwarebytes and other scans if they would be helpful in any way - - - - Here is the DDS DDS Ver - - - NTFS AMD Internet Explorer BrowserJavaVersion Run by Eithne at on - - Microsoft Windows Home Premium GMT AV AVG AntiVirus Free Edition Enabled Outdated E C - B - FA - AB - E CB ECD SP Windows Defender Disabled Updated D DDC A- F- fae- E -DA C ACF SP AVG AntiVirus Free Edition Enabled Outdated B F C - - E- - BB D A FW ZoneAlarm Free Firewall Firewall Enabled E B E-D B - F - E- B Running Processes C PROGRA AVG AVG avgrsa exe C Program Files x AVG AVG avgcsrva exe C Windows system lsm exe C Windows system svchost exe -k DcomLaunch C Windows system nvvsvc exe C Program Files x NVIDIA Corporation D Vision nvSCPAPISvr exe C Windows system svchost exe -k RPCSS C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k LocalService C Windows system svchost exe -k netsvcs C Windows system svchost exe -k GPSvcGroup C Windows system svchost exe -k NetworkService C Program Files x CheckPoint ZoneAlarm vsmon exe C Program Files NVIDIA Corporation Display nvxdsync exe C Windows system nvvsvc exe C Windows system Dwm exe C Windows Explorer EXE C Program Files CheckPoint ZAForceField IswSvc exe C Program Files CheckPoint ZAForceField ForceField exe C Program Files Realtek Audio HDA RAVCpl exe C Windows System spoolsv exe C Windows system taskhost exe C Windows system svchost exe -k LocalServiceNoNetwork C Program Files Genie Genie Backup Manager GBMAgent exe C Program Files SUPERAntiSpyware SUPERANTISPYWARE EXE C Program Files x CheckPoint ZoneAlarm zatray exe C Program Files SUPERAntiSpyware SASCORE EXE C Program Files x AVG AVG avgui exe C Program Files x AVG AVG avgidsagent exe C Windows system taskeng exe c Program Files Microsoft Mouse and Keyboard Center itype exe c Program Files Microsoft Mouse and Keyboard Center ipoint exe C Program Files x AVG AVG avgwdsvc exe C Windows system svchost exe -k LocalServiceAndNoImpersonation C Windows system svchost exe -k imgsvc C Program Files Common Files Microsoft Shared Windows Live WLIDSVC EXE C Program Files Common Files Microsoft Shared Windows Live WLIDSvcM exe C Program Files NVIDIA Corporation Display nvtray exe C Windows system SearchIndexer exe C Windows system svchost exe -k NetworkServiceNetworkRestricted C Program Files Windows Media Player wmpnetwk exe C Windows System svchost exe -k LocalServicePeerNet C Program Files x Mozilla Firefox firefox exe C Windows explorer exe C Program Files x Mozilla Firefox plugin-container exe C Program Files x Intel Intel reg Management Engine Components LMS LMS exe C Program Files x NVIDIA Corporation NVIDIA Update Core daemonu exe C Program Files x Intel Intel reg Management Engine Components UNS UNS exe C Program Files x Microsoft Office OFFICE EXCEL EXE C Windows system wbem wmiprvse ... Read more

A:Zeroaccess trojan removed by Malwarebytes but still have Google redirects

Hello dorothyh I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.-AdwCleaner-Please download AdwCleaner by Xplode onto your desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click on Scan.After the scan is complete click on "Clean"Confirm each time with Ok.Your computer will be rebooted automatically. A text file will open after the restart.Please post the content of that logfile with your next answer.You can find the logfile at C:\AdwCleaner[S1].txt as well.-Junkware-Removal-Tool-Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".The tool will open and start scanning your system.Please be patient as this can take a while to complete depending on your system's specifications.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next message.When they are complete let me have the two reports and let me know how things are running.Gringo

http://www.bleepingcomputer.com/forums/t/522278/zeroaccess-trojan-removed-by-malwarebytes-but-still-have-google-redirects/
Relevancy 52.89%

So I recently fell victim to what a Google search told me is the quot FBI Moneypack further FBI - with virus Malwarebytes needed? Moneypak Removed action quot quot ransom quot virus that s been going around It wasn t this exact screenshot for me but it looked something like it http www fbi gov news stories august new-internet-scam I booted my computer in safe mode read some literature downloaded the free version of Malwarebytes and ran Removed FBI Moneypak virus with Malwarebytes - further action needed? a scan which found some files it deleted I rebooted normally and thank god everything s fine now the screen s gone and I m typing this from said malware d computer My question is do you advise anything I do anything else I just ran another malwarebytes scan which turned up negative and I m currently running another standard MS Security Essentials system scan In the event that everything seems fine and ends up back to normal should I still take any other actions or consult a real-life tech help pro Thanks a lot

A:Removed FBI Moneypak virus with Malwarebytes - further action needed?

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results hereDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

http://www.bleepingcomputer.com/forums/t/466198/removed-fbi-moneypak-virus-with-malwarebytes-further-action-needed/