Tech Problem Aggregator

Have got Trojan horse Dropper.Generic_c.MMI in a system critical file, please help

Q: Have got Trojan horse Dropper.Generic_c.MMI in a system critical file, please help

Hi, Ive got a Trojan horse Dropper.Generic_c.MMI in a system critical/white listed file according to AVG, and it can't to anything about it. Can I please get some help in removing it

I was also wondering whether it was advisable to use a USB flash drive to back up any data and whether its advisable to use sites with logins?

I hae also attatched the file

Thanks very much
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:28:08, on 15/08/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmgr.exe
C:\Program Files (x86)\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Users\mohammed\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
C:\Users\mohammed\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\mohammed\Desktop\HijackThis(1).exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com/?fr=fp-yie9
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" class="invilink">http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" class="invilink">http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com" target="_blank" class="invilink">http://acer.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
R3 - URLSearchHook: (no name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120301124822.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
O4 - HKLM\..\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
O4 - HKLM\..\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
O4 - HKLM\..\Run: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
O4 - HKLM\..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
O4 - HKCU\..\Run: [Google Update] "C:\Users\mohammed\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Sony Ericsson PC Companion] "C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /Background
O4 - HKCU\..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
O4 - HKCU\..\Run: [Unified Remote v2] C:\Program Files (x86)\Unified Remote\RemoteServer.exe
O4 - HKCU\..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - HKCU\..\Run: [googletalk] C:\Users\mohammed\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [zzofdgddqeuiqhv] C:\ProgramData\zzofdgdd.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'Default user')
O4 - Startup: BBC iPlayer Desktop.lnk = C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
O4 - Startup: Dropbox.lnk = mohammed\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
O4 - Global Startup: NETGEAR WNA3100 Smart Wizard.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.0\ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: McAfee Application Installer Cleanup (0282881345034435) (0282881345034435mcinstcleanup) - McAfee, Inc. - C:\Windows\TEMP\028288~1.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EgisTec Ticket Service - Egis Technology Inc. - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: lxcz_device - - C:\Windows\system32\lxczcoms.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\mcafee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Predator ACE (PredatorACE) - Predator-Usb - C:\Program Files\Predator2\PredatorACE.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Sony Ericsson PCCompanion - Avanquest Software - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater12.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: WSWNA3100 - Unknown owner - C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe

--
End of file - 19694 bytes

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by mohammed at 16:28:15 on 2012-08-15
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3071.1537 [GMT 1:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Windows\system32\lxczcoms.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files\Predator2\PredatorACE.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmgr.exe
C:\Program Files (x86)\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Users\mohammed\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
C:\Program Files\mcafee.com\agent\mcagent.exe
C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
C:\Users\mohammed\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com
uDefault_Page_URL = hxxp://uk.yahoo.com/?fr=fp-yie9
uWindow Title = Windows Internet Explorer provided by Yahoo!
mDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://acer.msn.com
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120301124822.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll
uRun: [Google Update] "C:\Users\mohammed\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Sony Ericsson PC Companion] "C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /Background
uRun: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
uRun: [Unified Remote v2] C:\Program Files (x86)\Unified Remote\RemoteServer.exe
uRun: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
uRun: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
uRun: [googletalk] C:\Users\mohammed\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [zzofdgddqeuiqhv] C:\ProgramData\zzofdgdd.exe
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
mRun: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
StartupFolder: C:\Users\mohammed\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\BBCIPL~1.LNK - C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
StartupFolder: C:\Users\mohammed\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\mohammed\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\mohammed\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{1469BB29-45F3-489A-8280-2007187E1863} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{886BD1CD-8C40-450E-9F2F-8ACDB88577AB} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{886BD1CD-8C40-450E-9F2F-8ACDB88577AB}\4514C4B44514C4B4D2839323234344 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{886BD1CD-8C40-450E-9F2F-8ACDB88577AB}\A5978554C40313 : DhcpNameServer = 62.24.202.5 62.24.134.2
TCP: Interfaces\{AA571AD2-C325-4238-AE99-DE6A49FB8AD9} : DhcpNameServer = 192.168.42.129
TCP: Interfaces\{FE349218-9229-4D76-95AD-ACDE3C0BDE2D} : DhcpNameServer = 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\msc\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120301124822.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Yontoo Layers: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
BHO-X64: Yontoo Layers - No File
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun-x64: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun-x64: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun-x64: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun-x64: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
mRun-x64: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
mRun-x64: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\mohammed\AppData\Roaming\Mozilla\Firefox\Profiles\1vfgohf7.default\
FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid=%7B0534384c-fd4d-4d2e-90c4-26c5870e3213%7D&mid=f38b3241dae547d082d319d59acf6328-90519aac4618b3422b79d6d01a5aca6c861e33b5&ds=AVG&v=12.2.0.5&lang=en&pr=fr&d=2012-08-13%2002%3A38%3A40&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Sony\Media Go\npmediago.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\mohammed\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Users\mohammed\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\mohammed\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R0 SCMNdisP;General NDIS Protocol Driver;C:\Windows\system32\DRIVERS\scmndisp.sys --> C:\Windows\system32\DRIVERS\scmndisp.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 avgtp;avgtp;\??\C:\Windows\system32\drivers\avgtpx64.sys --> C:\Windows\system32\drivers\avgtpx64.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [?]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [?]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-7-4 5160568]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-9-28 172912]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]
R2 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2011-3-30 244624]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-14 655944]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-11-12 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-11-12 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-11-12 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2011-3-30 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2011-3-30 208536]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe [2011-3-30 161168]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 PredatorACE;Predator ACE;C:\Program Files\Predator2\PredatorACE.exe [2011-12-15 103424]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-1-27 378984]
R2 vToolbarUpdater12.2.0;vToolbarUpdater12.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe [2012-8-13 927840]
R2 WSWNA3100;WSWNA3100;C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [2011-11-23 285152]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwlhigh664.sys --> C:\Windows\system32\DRIVERS\bcmwlhigh664.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 0282881345034435mcinstcleanup;McAfee Application Installer Cleanup (0282881345034435);C:\Windows\TEMP\028288~1.EXE -cleanup -nolog --> C:\Windows\TEMP\028288~1.EXE -cleanup -nolog [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-10 136176]
S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-11-12 249936]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-3 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-30 250056]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\system32\Drivers\ssadadb.sys --> C:\Windows\system32\Drivers\ssadadb.sys [?]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-2 183560]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-10 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-6-17 237008]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-9 113120]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-12-28 155344]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\system32\DRIVERS\ssadserd.sys --> C:\Windows\system32\DRIVERS\ssadserd.sys [?]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys --> C:\Windows\system32\DRIVERS\ssudmdm.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-11-12 249936]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2012-08-13 01:53:13 -------- d-----w- C:\Users\mohammed\AppData\Roaming\Ad-Aware Antivirus
2012-08-13 01:39:23 -------- d-----w- C:\Users\mohammed\AppData\Roaming\AVG2012
2012-08-13 01:38:57 -------- d-----w- C:\Users\mohammed\AppData\Local\AVG Secure Search
2012-08-13 01:38:46 -------- d-----w- C:\ProgramData\AVG Secure Search
2012-08-13 01:38:38 31080 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2012-08-13 01:38:37 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
2012-08-13 01:38:37 -------- d-----w- C:\Program Files (x86)\AVG Secure Search
2012-08-13 01:38:09 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2012-08-13 01:37:56 -------- d--h--w- C:\$AVG
2012-08-13 01:37:56 -------- d-----w- C:\Windows\System32\drivers\AVG
2012-08-13 01:37:56 -------- d-----w- C:\ProgramData\AVG2012
2012-08-13 01:37:49 -------- d-----w- C:\Program Files (x86)\AVG
2012-08-13 00:34:30 -------- d--h--w- C:\ProgramData\Common Files
2012-08-13 00:34:30 -------- d-----w- C:\ProgramData\MFAData
2012-08-12 23:55:35 -------- d-----w- C:\ProgramData\iuqxlrvxqjdhflo
2012-08-09 17:39:10 -------- d-----w- C:\Users\mohammed\AppData\Local\{1B7D43CC-E249-11E1-8270-B8AC6F996F26}
2012-08-09 17:39:10 -------- d-----w- C:\Users\mohammed\AppData\Local\{1B7D1029-E249-11E1-8270-B8AC6F996F26}
2012-08-09 17:38:13 -------- d-----w- C:\Users\mohammed\AppData\Roaming\xsecva
2012-08-09 14:04:18 -------- d-----w- C:\Program Files (x86)\Unified Remote
2012-08-07 21:42:06 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-07-25 09:42:58 -------- d-----w- C:\ProgramData\Driving Test Success
2012-07-25 09:42:58 -------- d-----w- C:\Program Files (x86)\Driving Test Success - All Tests 2012 Edition
2012-07-17 00:40:39 -------- d-----w- C:\Users\mohammed\AppData\Local\fontconfig
2012-07-17 00:40:38 -------- d-----w- C:\Users\mohammed\AppData\Local\gegl-0.2
2012-07-17 00:40:38 -------- d-----w- C:\Users\mohammed\.gimp-2.8
2012-07-17 00:07:21 -------- d-----w- C:\Program Files\GIMP 2
.
==================== Find3M ====================
.
2012-08-14 22:06:17 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-14 22:06:17 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-03 12:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-12 03:08:36 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 14:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 14:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 16:30:33.49 ===============

A: Have got Trojan horse Dropper.Generic_c.MMI in a system critical file, please help

16 more replies
Answer Match 88.2%

AVG detected a threat Trojan horse Dropper.Generic_c.MMI

ran a full computer scan with avg and it said the object is white listed and can not be removed C:\Windows\System32\services.exe . Plus, Google chrome wont let me access https websites and https websites that it does let me go through, says it has a weak algorithm. All my internet browsers also keep redirecting me to random ad pages.
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_32
Run by Syed at 18:55:17 on 2012-09-06
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3032.1246 [GMT 1:00]
.
AV: AVG Internet Security 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\STacSV64.exe
C:\Win... Read more

A:Infected with "Trojan horse Dropper.Generic_c.MMI" on systems.exe file

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

20 more replies
Answer Match 81.9%

Please help, I'm running AVG 2012 Free Edition on Windows 7 and I have been infected with Trojan horse Dropper.Generic_c.MMI, which is in services.exe, I don't even know where to begin!

EDIT: I've resolved the Backdoor trojan, still need help with Dropper.Generic_c.MMI

A:Infected with Trojan horse Dropper.Generic_c.MMI and Trojan Horse Backdoor.Generic15.BHGZ

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.Orange Blossom

3 more replies
Answer Match 79.5%

Hello!

I am in desperate need to getting rid of some malware my computer has recently contracted :(

The current system I am using for my laptop is windows 7, it is x64 bit

Some questions and concerns I have about this virus (c.MMI) is that..will/can it still steal information or even hack "stuff" in my computer when it is asleep/hibernating/ or when shut off?

Also are all Trojan horse Dropper.Generic_c.MMI the same? As in..method of infecting/attacking the host computer?

Thanks!

I'd also like to note that I have posted my problem on a separate forum, and I thought I should just share you my hijackthis log for some more details if it helps at all, since I have no idea what any of it means.

Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:15:33 PM, on 8/7/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Program Files\Sony\VAIO Care\VCSpt.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86... Read more

A:Trojan horse Dropper.Generic_c.MMI

As we have no way of really knowing if your information has been compromised, As a precaution, please be sure to have used a known clean computer to change passwords to all sites. Do not access any sites with this computer until the infection has been cleared.


Quote:




I'd also like to note that I have posted my problem on a separate forum,




please close your thread there as it is inadvisable to follow two sets of directions and there are few volunteers with lots of people seeking help.


Please do the following:

download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Choose your language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Choose your language settings, and then click Next.
Select ... Read more

3 more replies
Answer Match 79.5%

I am new to the forum, but have seen where you have helped others withthis virus. It started this evening with AVG detecting Trojan horse Dropper.Generic_c.MMI in the file C:\windows\system32\service.exe, but AVG won't fix it. Trend Micro Housecall 64 bit did not detect and Malwarebytes did not detect.
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by John at 21:50:41 on 2012-08-03
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7934.6060 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C... Read more

A:Trojan horse Dropper.Generic_c.MMI

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

14 more replies
Answer Match 79.5%

Referred from here: http://www.bleepingcomputer.com/forums/topic461802.html ~ OBI was told I needed advanced tools to get rid of my virus problem and to get help here... Thank you "Hello everyone, I am having an issue with an apparent trojan horse virus detected by my antivirus program, AVG Anti-Virus Free 2012. The problem started earlier today, and seems to have occured after I installed a suddenly appearing update for Adobe Flash Player, which I ignorantly accepted. Since then, each time I start up my computer, the desktop icons are rearranged to the left as though the arrangement has been reset, and I have been getting the following warning from AVG Resident Shield frequently: File name: c:\Windows\System32\services.exe Threat name: Trojan horse Dropper.Generic_c.MMI It should be noted that the process name and -ID were different at first, but after searching Google for a while, I found a recommendation of installing AVG PC Tuneup, which would supposedly solve the issue with the desktop icons. However, after installing and using the program, the warning from AVG Reisdent Shield started appearing even more frequently and is reappearing at least three times per minute as I am writing this post, with the process name and -ID changed to the ones displayed above. I do not remember what the initial name and ID were, nor do I know where to find this. The frequent warning stirred me to search around the internet for possible solutions, concluding that many oth... Read more

A:Trojan Horse dropper.generic_c.mmi

"Thank you for your help!!!

TDSSkiller:

17:41:43.0775 9560 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
17:41:44.0064 9560 ============================================================
17:41:44.0064 9560 Current date / time: 2012/07/21 17:41:44.0064
17:41:44.0064 9560 SystemInfo:
17:41:44.0064 9560
17:41:44.0065 9560 OS Version: 6.1.7601 ServicePack: 1.0
17:41:44.0065 9560 Product type: Workstation
17:41:44.0065 9560 ComputerName: DIANE-HP
17:41:44.0065 9560 UserName: Diane
17:41:44.0065 9560 Windows directory: C:\Windows
17:41:44.0065 9560 System windows directory: C:\Windows
17:41:44.0065 9560 Running under WOW64
17:41:44.0065 9560 Processor architecture: Intel x64
17:41:44.0065 9560 Number of processors: 4
17:41:44.0066 9560 Page size: 0x1000
17:41:44.0066 9560 Boot type: Normal boot
17:41:44.0066 9560 ============================================================
17:41:45.0300 9560 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:41:45.0327 9560 ============================================================
17:41:45.0327 9560 \Device\Harddisk0\DR0:
17:41:45.0330 9560 MBR partitions:
17:41:45.0330 9560 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
17:41:45.0330 9560 \Device\Harddisk... Read more

27 more replies
Answer Match 79.5%

I ran a AVG scan this morning because I have been getting many popups. It seems i have a Trojan horse Dropper.Generic_c.MMI in C://Windows/System32/services.exe can anyone please help.

A:Trojan horse Dropper.Generic_c.MMI

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

13 more replies
Answer Match 79.5%

Good afternoon! I was hoping you could help me with a nasty virus I seem to have picked up somewhere.
The only effects that I've noticed are just redirecting my web browser.

Trojan horse Dropper.Generic_c.MMI
c:\Windows\System32\services.exe
- AVG could not fix - file white-listed

There was a second error, but I do believe AVG took care of it.

Thank you in advance!

HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:31:39 PM, on 7/9/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe
C:\Users\Wesley.Lobo\AppData\Local\Sevas-S\Updater\updater.exe
C:\Users\Wesley.Lobo\AppData\Local\Sevas-S\Defender\defender.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Users\Wesley.Lobo\AppData\Local\Sevas-S\YouTube To MP3 C... Read more

A:Trojan horse Dropper.Generic_c.MMI

16 more replies
Answer Match 79.5%

Recently I've been receiving a pop-up from AVG of a threat by the name of Trojan horse Dropper.Generic_c.MMI
File Name: c:\Windows\System32\services.exe

I've seen another thread on the forum here http://www.bleepingcomputer.com/forums/topic464107.html
Should I follow these instructions too and post the .logs from the DDS?

Thanks

A:Trojan Horse Dropper.Generic_c.MMI

what operating system do you have?If you are running Vista or Win 7 then follow the following instructions, if you are running XP then post DDS and aswMBRdownload Farbar Recovery Scan Tool and save it to a flash drive.Plug the flashdrive into the infected PC.Enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand Prompt[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your f... Read more

18 more replies
Answer Match 79.5%

Hi, I am completely useless with computers and have no idea how to remove this threat that AVG brought to my attention, I see people posting 'logs' but i dont even know where they get them from?
Please help,
Thank you
 

More replies
Answer Match 79.5%

Hi
Having turned on the pc this morning i am confronted with AVG trial message telling me that i have a virus and its vaulted and i am unable to get to it, everytime i try to go online the huge threat box comes up. I have re ran AVG 7 times now and the same happens having no knowledge of the inner workings of a pc's mind i am at my wits end, i have saved all i can to external hard drive and changed all my passwords from an uninfected pc to sites i use. the message reads c:\windows\system32\services.exe trojan horse dropper.generic_c.mmi This is all greek to me but i am assuming in the great scheme of things this isnt good. Could you please help me get rid of this and save my pc please, as a disabled user it is my only connection to the outside world. Thank you in advance steph x

A:trojan horse dropper. generic_c.mmi

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

3 more replies
Answer Match 79.5%

Another Trojan Horse Dropper, it was discovered by AVG and I may have let it enter by allowing an 'update' of Adobe Flash...It redirects me to different webpages when I do a search, and sometimes opens a new tab and page when I go to a new site...Looking forward to working with someone and getting this off of my computer! Thanks.

Here are my logs:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:35:29 PM, on 8/6/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\ContourStoryteller\ContourAutoplay.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\program files (x86)\internet explorer\iexplore.exe
C:\program files (x86)\internet explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_270_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Al\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/f... Read more

A:Trojan Horse Dropper.Generic_c.MMI

16 more replies
Answer Match 79.5%

Hi,

I recently lost and then reinstalled the free version of AVG. I also have Malwarebytes and yesterday when I ran a scan AVG detected 5 Trojan viruses (and Malwarebytes detected 2). The only one that could not be repaired was the Trojan Horse Dropper.generic_c.mmi. It is under File Name: c:\Windows\Systems32\services.exe I've noticed that others have written to you about this. Could I use the same removal directions that you gave to them for the virus? Or, do I need specific instructions?

Any help would be greatly appreciated!
Thanks,
Jen

Here is the log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:54:48 PM, on 7/23/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\admin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXS... Read more

More replies
Answer Match 79.5%

Hi, I just registered to this forum in hopes of manually getting rid of this virus my computer recently contracted.

I am dealing with a trojan horse dropper generic_c.MMl

Hijack log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:22:33 PM, on 8/4/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Program Files\Sony\VAIO Care\VCSpt.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Windows\SysWOW64\RunDll32.exe
Q:\140062.enu\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
C:\Program Files (x86)\M... Read more

A:Trojan horse Dropper.Generic_c.MMI

16 more replies
Answer Match 79.5%

For the past couple of weeks now my AVG has been informing me of a this nasty trojan that had lodged itself inside my system32 files. Doing some research on my own i found that it is whitelisted and can't be dealt with by my antivirus programs. I've been hearing ads in my audio that are listed as Name not available in my mixer, and so far i have just been muting them. i found this forum and saw how helpful you guys are.

Here are the logs that you requested:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:35:09 PM, on 7/24/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal

Running processes:
C:\Windows\SysWOW64\UMonit.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Windows\jmesoft\hotkey.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\Program Files (x86)\Steam\Steam.exe
C:... Read more

A:Trojan Horse Dropper.Generic_c.MMI

DDS file:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.3.0
Run by Zach at 13:37:02 on 2012-07-24
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5992.3713 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\System32\svchost.exe -k... Read more

2 more replies
Answer Match 79.5%

I appreciate the help, looks like you're getting a bunch of these. I'm getting a pop up AVG warning about every 5 min. for Trojan Horse Dropper.Generic_c.MMI, says it is white listed.
We got this machine for Christmas, FIL installed Microsoft Security Essentials on it. When our Trend Micro automatically renewed last month, I attempted to install it, but it kept having errors at around 80%. Ran housecall and removed a bunch of stuff, still not installing. Loaded AVG free which removed stuff and it's now giving us these pop-ups. I had my Paypal account hacked as well as my yahoo.
Thanks for your time!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:36:11 AM, on 8/2/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe
C:\Program Files (x86)\SMART Technologies\Education Software\SMARTClassroomCoord... Read more

A:Trojan Horse Dropper.Generic_c.MMI

16 more replies
Answer Match 79.5%

So, the hubby's laptop was overflowing with all kinds of malware, was slow, windows firewall is pretty much inoperable and redirects every search inquiry made. Spybot search and destroy, hijackthis (to my limited knowledge) and avg removed most of the problems, except the redirect. It now pops up about every 10 minutes or so with an alert about Trojan Horse Dropper.Generic_c.mmi. After looking it up, I realized I'm over my head! Any help would be wonderful. Here is my hijack this log and dds log.

Thanks!

DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Red at 22:36:30 on 2012-08-26
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3564.1762 [GMT -4:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\atieclxx.exe
C:\windows\System32\spoolsv.exe
C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.ex... Read more

A:Trojan horse Dropper.Generic_c.MMI

11 more replies
Answer Match 79.5%

Please note that if you are running a 64-bit version, please do not create a GMER log and instead skip to the next step.

This applies to me. But the requested attachments are attached.

The trojan is not allowing my system to do many things... downloads, open programs, web browsing etc

All appreciated...

A:Trojan Horse Dropper.Generic_C.MMI

TDDSKiller download detected no problems. Avg is unable to remove it, AVG has only detected it.

30 more replies
Answer Match 79.5%

Hello TSG,

I am having the same problems as member "Evaryn" with this very hard to remove trojan. I followed all the steps that "Conspire" used to help this member and was unsuccessful with the removal of this virus.

Any help would be greatly appreciated

Thank you
ian96543

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:31:46 PM, on 8/13/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
C:\Users\Ray J Roberts\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
C:\Users\Ray J Roberts\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h... Read more

A:Trojan Horse Dropper.Generic_c.MMI

10 more replies
Answer Match 79.5%

When I scan my PC using AVG, a trojan horse was detected. Although I try to heal it or remove to vault, but it will be there again next time I start my PC.
When I check the entire folder, I found that its blank. No files in the C:\Program Files\mIRC\IRC Bot
folder.
I try to delete this folder also failed.

The scan result is as following:

"C:\Program Files\mIRC\IRC Bot\svchost.exe";

"Trojan horse Dropper.Generic_c.AOZ";"Infected"

What is this virus doing in my pc?
How to remove it?
Please help.

TQ.

A:Trojan horse Dropper.Generic_c.AOZ

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

1 more replies
Answer Match 79.5%

Hi

I have this very annoying trojan on my pc since yesterday, have checked some of the posts on here but hoping for some help. I downloaded and ran SuperAntispyware and already had Malwarebytes on, have also ran that but still no luck!

Have attached HijackThis log - thanks in advance!
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:46:08, on 21/06/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program... Read more

A:trojan horse dropper.generic_c.mmi - please help :)

16 more replies
Answer Match 79.5%

HELP!!! i got this virus had it for about 2 days. running AVG.
iv seen other guides and non have really helped.
anyone have a step by step guide on how to remove this?
thanks
 

A:trojan horse dropper.generic_c.mmi

Hi and Welcome!!

Please download DDS from one of the following links and save it to your desktop.
DDS.scr
DDS.pif

Disable any script blocking protection (How to Disable your Security Programs)
Double click DDS icon to run the tool (may take up to 3 minutes to run)
When done, DDS.txt will open.
After a few moments, attach.txt will open in a second window.
Save both reports to your desktop.
---------------------------------------------------
Post the contents of the DDS.txt report in your next reply
Attach the Attach.txt report to your post by scroling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and then click UPLOAD.
----------

Please download aswMBR to your desktop.
Double click the aswMBR icon to run it.
Vista and Windows 7 users right click the icon and choose "Run as administrator".
Click the Scan button to start scan.
When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.
Click the image to enlarge it
----------

In your next reply please post both of the logs created by DDS and the log created by aswMBR.exe.
 

1 more replies
Answer Match 79.5%

I keep getting a Threat Detected alert but can't get rid of the threat. I run Windows 7, AVG 2012 free version and Malware bytes. This thing keeps opening, closing an redirecting web pages on its own. Please HELP!

A:Trojan horse Dropper.Generic_c.MMI

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results hereDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

5 more replies
Answer Match 79.5%

Hello everyone,

I am having an issue with an apparent trojan horse virus detected by my antivirus program, AVG Anti-Virus Free 2012. The problem started earlier today, and seems to have occured after I installed a suddenly appearing update for Adobe Flash Player, which I ignorantly accepted. Since then, each time I start up my computer, the desktop icons are rearranged to the left as though the arrangement has been reset, and I have been getting the following warning from AVG Resident Shield frequently:

File name: c:\Windows\System32\services.exe
Threat name: Trojan horse Dropper.Generic_c.MMI

It should be noted that the process name and -ID were different at first, but after searching Google for a while, I found a recommendation of installing AVG PC Tuneup, which would supposedly solve the issue with the desktop icons. However, after installing and using the program, the warning from AVG Reisdent Shield started appearing even more frequently and is reappearing at least three times per minute as I am writing this post, with the process name and -ID changed to the ones displayed above. I do not remember what the initial name and ID were, nor do I know where to find this.

The frequent warning stirred me to search around the internet for possible solutions, concluding that many others are experiencing this issue and that it is likely because of a virus installed by the (fake) Adobe Flash Player update. The issue does not seem easily resolvable and most pe... Read more

A:Trojan Horse dropper.generic_c.mmi

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results hereDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

4 more replies
Answer Match 79.5%

Hi,

Already a while ago I did a full computer scan with AVG Anti-Virus Free. The list of detections shows a Trojan horse: Dropper.Generic_c.MMI in location C:\Windows\System32\services.exe and AVG says it is unable to clear.

My first question: is the following very easy looking step a reliable solution?:

http://123seminarsonly.com/Blog/trojan-patchepsys-or-trojan-horse-dropper-generic_c-mmi-detecting-services-exe-as-infection

Second question: if not reliable, could you assist me? (I saw here that gringo_pr assisted some people with the same infection?).
Thanks!

A:Trojan horse: Dropper.Generic_c.MMI

Hello Rivaldo,I would say it is always better to have a fix done on your own machine . As each machine has some differences in software installed.. eg the operatng system...So I think we should get a deeper look. Please follow this Preparation Guide and post it in this topic.

27 more replies
Answer Match 79.5%

for the past few days AVG has popped up and told me that I've been shielded from this trojan, but it never goes away and is affecting google chrome. I have tried malwarebytes, spybot S&D and a few others but they even if they find and delete it, it returns. I saw someone else post about the same trojan so I have already done as instructed by whomever replied in that thread. I downloaded dds, security check and defogger. Here are the three notepads requested.

A:trojan horse dropper.generic_c.mmi

Greetings And Welcome To The Forums!!My name is Gringo and I'll be glad to help you with your malware problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

16 more replies
Answer Match 79.5%

Hi guys,

My computer is infested with this annoying virus I hope you can help!

I saw one of your threads which dealt with this virus. It looked as if you tailor your help to the spec of each computer user. I was just wondering if you could run me through getting rid of this virus.

Thanks very much, I appreciate your help!

Danny
 

A:Trojan Horse Dropper.Generic_c.MMI

16 more replies
Answer Match 79.5%

Here is my problem: "";"C:\Windows\System32\services.exe";"Trojan horse Dropper.Generic_c.MMI";"Object is white-listed (critical/system file that should not be removed)"
Specs:
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Pentium(R) Dual-Core CPU E5800 @ 3.20GHz, Intel64 Family 6 Model 23 Stepping 10
Processor Count: 2
RAM: 3037 Mb
Graphics Card: Intel(R) G41 Express Chipset, 1294 Mb
Hard Drives: C: Total - 935767 MB, Free - 791169 MB;
Motherboard: eMachines, EL1852G
Antivirus: Norton Internet Security, Disabled

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:40:01 AM, on 9/9/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Internet Explorer\I... Read more

A:Trojan horse Dropper.Generic_c.MMI

12 more replies
Answer Match 79.5%

Hello everyone,

I am having an issue with an apparent trojan horse virus detected by my antivirus program, AVG Anti-Virus Free 2012. The problem started earlier today, and seems to have occured after I installed a suddenly appearing update for Adobe Flash Player, which I ignorantly accepted. Since then, each time I start up my computer, the desktop icons are rearranged to the left as though the arrangement has been reset, and I have been getting the following warning from AVG Resident Shield frequently:

File name: c:\Windows\System32\services.exe
Threat name: Trojan horse Dropper.Generic_c.MMI
Process name: C:\Program Files (x86)\AVG\AVG PC Tuneup\BoostSpeed.exe (changed, see below)
Process-ID: 3068 (changed, see below)

It should be noted that the process name and -ID were different at first, but after searching Google for a while, I found a recommendation of installing AVG PC Tuneup, which would supposedly solve the issue with the desktop icons. However, after installing and using the program, the warning from AVG Reisdent Shield started appearing even more frequently and is reappearing at least three times per minute as I am writing this post, with the process name and -ID changed to the ones displayed above. I do not remember what the initial name and ID were, nor do I know where to find this.

The frequent warning stirred me to search around the internet for possible solutions, concluding that many others are experiencing this issue a... Read more

A:Trojan horse Dropper.Generic_c.MMI

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results hereDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

6 more replies
Answer Match 79.5%

Hello,

I have been searching for a fix for this since yesterday to no avail. I have run Malware-bytes, AVG scan, and SUPER Anti-Spyware as well. AVG is detecting it as well as multiple tracking cookies. Any help would be greatly appreciated.

I have a DDS log but didn't want to post until instructed.

Thanks.

A:Trojan horse Dropper.Generic_c.MMI

Hello, you may as well post it,it seems stubborn to remove.Create a new topic and post it in the new topic which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.Let me know if that went well.

3 more replies
Answer Match 79.5%

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/462954 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

A:Please help with trojan horse Dropper.generic_c.MMI

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the ... Read more

19 more replies
Answer Match 79.5%

AVG detected a threat Trojan horse Dropper.Generic_c.MMIran a full computer scan with avg and it said the object is white listed and can not be removed C:\Windows\System32\services.exeran malwarebytes and it said it found PUP.BundleInstaller.VG and Trojan.Dropper.CMiner and they were quarantined and deletedupon restart AVG is still reporting the problem.DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.3.1Run by Divabug at 16:27:16 on 2012-07-29Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.16366.11829 [GMT -7:00].AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\PROGRA~2\AVG\AVG2012\avgrsa.exeC:\Program Files (x86)\AVG\AVG2012\avgcsrva.exeC:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:�... Read more

A:Trojan horse Dropper.Generic_c.MMI

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

14 more replies
Answer Match 79.5%

I recently got a trojan horse dropper.generic_c.mmi virus and it started when a Adobe Flashplayer kept on trying to install no matter how many times i closed it, I then had pop ups from my AVG saying i had this virus. I ran a scan on both AVG and malwarebytes and they both popped up the virus, i tried removing it and restarted my computer to find out that it is still in my computer. Can anyone tell me how to remove this virus. From reading about this virus i saw it is very tricky to remove because it hides deep in the system. Anyone and all help would be appreciated.

A:I have a trojan horse dropper.generic_c.mmi

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the ... Read more

43 more replies
Answer Match 79.5%

This is from my post in the incorrect forum (SORRY):
The virus "Trojan horse Dropper.Generic_c.MMI" keeps popping up of my AVG freeware every minute or so.

Unfortunately AVG isn't asking me to send it to the Virus Vault. My only option is to "ignore the threat."

I have also run Malwarebytes. It too found this same threat. Malwarebytes told me to "restart my computer" after told it to delete the threat. However, AVG keeps sending up an alert.

Please help me.

Lynette

Since that post I have followed steps 6-9 (minus 8) from the Preparation Guide For Use...

Here is my DDS.txt:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Mommy at 12:45:44 on 2012-07-06
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2935.842 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\wi... Read more

A:Trojan horse Dropper.Generic_c.MMI

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the ... Read more

32 more replies
Answer Match 79.5%

For the past month I have been getting an AVG threat detection which lists the filename C:\windows\system32\services.exe It appears to have originated from the following:

"Infection";"Trojan horse Generic28.UDX";"C:\Windows\Installer\{f0deb59d-a792-f4b5-8fb3-39275049aabc}\n";"N/A";"6/25/2012, 1:33:46 PM"
"Infection";"Trojan horse Generic28.UDX";"C:\Users\User\AppData\Local\{f0deb59d-a792-f4b5-8fb3-39275049aabc}\n";"N/A";"6/25/2012, 1:31:45 PM"
"Infection";"Virus found Script/PDF.Exploit";"C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5PBABKI7\5[2].pdf";"N/A";"6/25/2012, 1:30:13 PM"

This infection doesn't seem to be problematic except for the constanly recurring AVG resident shield threat detection popup screen.

I have however had some large downloads when the computers are unattended which have caused download allowance violations. I am on hughesnet because there is nothing else available.

A:Trojan horse Dropper.Generic_c.MMI

Hello and welcome to Bleeping Computer! I am D-FRED-BROWN and I will be helping you. Please print or save this topic. It will make it easier for you to follow the instructions and complete all of the necessary steps.----------Step 1----------------I know you've already run TDSSKiller before, but please run it one more time so we have an up-to-date idea of what may be remaining on the computer. Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.Click the Start Scan button.Do not use the computer during the scanIf the scan completes with nothing found, click Close to exit.If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.Ensure Skip is selected, then click Continue > Reboot now to finish the cleaning process.
Note: Do not choose Cure or Delete unless instructed.A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually ... Read more

6 more replies
Answer Match 79.5%

Hi Tech Support Guy,

Ive got a Trojan horse Dropper.Generic_c.MMI and after searching for awhile on google and attempting to remove it with regedit. This bad boy keeps coming back for more and will not go away.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:22:23 PM, on 8/26/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16448)
Boot mode: Normal
Running processes:
C:\Users\DDW\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\DDW\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.danieldavidweddings.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink... Read more

A:Trojan horse Dropper.Generic_c.MMI

16 more replies
Answer Match 79.5%

I recently got a trojan horse dropper.generic_c.mmi virus and it started when a Adobe Flashplayer kept on trying to install no matter how many times i closed it, I then had pop ups from my AVG saying i had this virus. I ran a scan on both AVG and malwarebytes and they both popped up the virus, i tried removing it and restarted my computer to find out that it is still in my computer. Can anyone tell me how to remove this virus. From reading about this virus i saw it is very tricky to remove because it hides deep in the system. Anyone and all help would be appreciated.
 

More replies
Answer Match 79.5%

Hi! Newbie here.

I have read through the on-going thread between Evaryn and Conspire on this trojan. I am having the same issues on my computer with AVG constantly flagging it down.

Here is the HijackThis and DDS logs.

I have also performed the first steps recommended by Conspire to Evaryn using aswMBR and TDSSKiller. I will post the logs for those separately following this.

Thanks!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:52:14 PM, on 8/3/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Users\Daniel\AppData\Local\Akamai\netsession_win.exe
C:\Users\Daniel\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Expat Shield\bin\openvpntray.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\Windows\SysWOW... Read more

A:Trojan Horse Dropper.Generic_c.MMI

aswMBR log and TDSS Killer log:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-03 15:09:54
-----------------------------
15:09:54.840 OS Version: Windows x64 6.1.7601 Service Pack 1
15:09:54.840 Number of processors: 4 586 0x2505
15:09:54.842 ComputerName: SCD-01 UserName: Daniel
15:10:00.096 Initialize success
15:11:22.086 AVAST engine defs: 12080300
15:11:30.764 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
15:11:30.766 Disk 0 Vendor: ST95005620AS SD23 Size: 476940MB BusType: 11
15:11:30.771 Disk 0 MBR read successfully
15:11:30.774 Disk 0 MBR scan
15:11:30.779 Disk 0 Windows 7 default MBR code
15:11:30.787 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
15:11:30.793 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
15:11:30.837 Disk 0 scanning C:\Windows\system32\drivers
15:11:43.788 Service scanning
15:12:01.539 Modules scanning
15:12:01.553 Disk 0 trace - called modules:
15:12:01.565 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
15:12:01.575 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008395060]
15:12:01.580 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa80081dcb10]
15:12:01.586 5 hpdskflt.sys[fffff88001990189] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80080b6060]
15:12:03.758 AVAST engine scan C:\Windows
15:12:06.339 AVAST engine scan C:\Windows\system32
15:13:53.555 File: C:\Wi... Read more

1 more replies
Answer Match 79.5%

My husband has been infected with the TrojanHorseDropper.generic_c.mmi
Can anyone help me with this.

A:Trojan Horse Dropper.generic_c.MMI

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Please take note:If you have since resolved the original problem you were having, we would appreciate you letting us know. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available.If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply'... Read more

14 more replies
Answer Match 79.5%

Hi. My anti-virus has reported finding these Trojan horse dropper.29.ax and generic_c.vcz and other malicious software. My computer has become very slow and the task manager had been disabled but i managed to get it back. Im running on Windows Vista. thanks in advance for help.
Here is the Hijackthis Scan Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:43:33 PM, on 10/1/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\ProgramData\hmrojuts\lcrczqjm.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\sttray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\lphc5sdj0eab2.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\bkhajoji.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:... Read more

A:Trojan horse dropper.29.ax and generic_c.vcz

bump, please!

19 more replies
Answer Match 79.5%

Please help me.. Need this bug removed..
I tried running DDS.scr with no luck
I've run FRST64 from safe mode.. frst.txt and search.txt files attached.

Any help appreciated.

Braden

A:Trojan Horse Dropper Generic_C.MMI

Greetings And Welcome To The Forums!!My name is Gringo and I'll be glad to help you with your malware problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

19 more replies
Answer Match 79.5%

The virus "Trojan horse Dropper.Generic_c.MMI" keeps popping up of my AVG freeware every minute or so.

Unfortunately AVG isn't asking me to send it to the Virus Vault. My only option is to "ignore the threat."

I have also run Malwarebytes. It too found this same threat. Malwarebytes told me to "restart my computer" after told it to delete the threat. However, AVG keeps sending up an alert.

Please help me.

Lynette

A:Trojan horse Dropper.Generic_c.MMI

Hello. the problem is that it i attacking a Service hance the difficulty in removing it. We should get a deeper look at where it actually is and then physically get it out.Please go here....Preparation Guide ,do steps 6-9.Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.If GMER won't run (it may not on a 64 bit system) skip it and move on.Let me know if that went well.

3 more replies
Answer Match 79.5%

Hi there,

AVG is giving me an error that comes up every 10 minutes or so saying that "C:\Windows\System32\services.exe" is white listed with the Infection labled "Trojan horse Dropper.Generic_c.MMI"

Thanks in advance for any help.
HijackThis Log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:51:36 PM, on 4/08/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Offline Course Player\OlpSynch.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
C:\Program Files (x86)\Steam\GameOverlayUI.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
C:\Users\Flynn\Desktop\HijackThis.exe

R1 - ... Read more

A:Trojan horse Dropper.Generic_c.MMI

13 more replies
Answer Match 79.5%

I have seen other forums with the same issue I am currently having. Even thought about follow those instructions. However, since every resolution is specific to the user I deemed it neccesary to get my own resolution.

Specs are as folllows:

Laptop: Toshiba Satellite C655
Windows 7 Home Premium (Service Pack 1)
Processor: Intel Celeron CPU B800
System: 64 bit

Installed and Ran Norton Security Suite
Did clean up a few things but could not remove this Trojan horse dropper.generic_c.mmi

Uninstalled Norton

Installed MBAM

Results:

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.19.14

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Alicia :: ALICIA-LAPTOP [administrator]

Protection: Enabled

7/19/2012 5:41:51 PM
mbam-log-2012-07-19 (17-41-51).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 192503
Time elapsed: 4 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\Installer\{feb10708-6fe6-a64b-8480-d2495a840fff}&... Read more

A:Trojan Horse Dropper.Generic_c.mmi

Hello Victim, Welcome to Bleeping Computer.
My name is fireman4it and I will be helping you with your Malware problem.

Please take note of some guidelines for this fix:
Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.Do you have a USB Flash Drive you can use?

15 more replies
Answer Match 79.5%

I dont know much about computers, but I know enough to remove viruses before and this one is difficult and doing some damage. can you please help??!! the name from AVG is "Trojan horse Dropper.Generic_c.MMI"Edit: Moved topic from Introductions to the more appropriate forum. ~ Animal

A:Trojan horse Dropper.Generic_c.MMI

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) DownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results hereDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

6 more replies
Answer Match 78.6%

Hello everyone,I was directed here from the "Am I infected? What do I do?" forum, because my issue required advance tools to resolve. Topic referenced is here: http://www.bleepingcomputer.com/forums/topic461505.html ~ OB My issue involves a virus that infected my computer through a fake Adobe Flash Player update, which was detected by my anti-virus program, AVG Anti-Virus Free 2012. I posted the following description:Hello everyone,I am having an issue with an apparent trojan horse virus detected by my antivirus program, AVG Anti-Virus Free 2012. The problem started earlier today, and seems to have occured after I installed a suddenly appearing update for Adobe Flash Player, which I ignorantly accepted. Since then, each time I start up my computer, the desktop icons are rearranged to the left as though the arrangement has been reset, and I have been getting the following warning from AVG Resident Shield frequently:File name: c:\Windows\System32\services.exeThreat name: Trojan horse Dropper.Generic_c.MMIProcess name: C:\Program Files (x86)\AVG\AVG PC Tuneup\BoostSpeed.exe (changed, see below)Process-ID: 3068 (changed, see below)It should be noted that the process name and -ID were different at first, but after searching Google for a while, I found a recommendation of installing AVG PC Tuneup, which would supposedly solve the issue with the desktop icons. However, after installing and using the program, the warning from AVG Reisdent... Read more

A:Infected with Trojan horse Dropper.Generic_c.MMI

Greetings And Welcome To The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the ... Read more

19 more replies
Answer Match 78.6%

When I started my computer I received a message saying "The NTVDM CPU has encountered an illegal instruction. CS 0000 IP: e7e7 OP: 33 3c 37 75 32" Click cancel to terminate. I then looked this up and ran an avg scan which found the above file along with Trojan horse Small.AU, Trojan horse Agent_r.IE and Trojan horse SHeur2.SCQ. I deleted them then restarted my computer only to find the same thing happen and the same files on the virus scan. I ran HijackThis and then DSS as recommended by this site. Here is the DSS log:DDS (Ver_09-02-01.01) - NTFSx86 Run by Bulman at 19:45:16.96 on 25/02/2009Internet Explorer: 7.0.5730.11Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.91 [GMT 0:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Ahead\InCD\InCDsrv.exeC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exeC:\Program Files\Bonjour\mDNSResponder.exesvchost.exeC:&... Read more

A:Infected with Trojan Horse Dropper.Generic_c.APK

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until instruc... Read more

2 more replies
Answer Match 78.6%

I've tried using both AVG and Anti-Malware bytes to no success. It only allows me to ignore it.

A:Need Help removing Trojan Horse Dropper.Generic_c.MMI

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.Orange Blossom

3 more replies
Answer Match 78.6%

I keep getting a pop-up from AVG that there is a Trojan Horse Dropper.Generic c.MMI in C:\Windows\System32\services.exe. It says it cannot remove it, only white list it. Here are my logs. And thank you for the help.
DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514
Run by User at 19:51:40 on 2012-08-13
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3836.1693 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\SYSTEM32\WISPTIS.... Read more

A:AVG keeps finding Trojan horse Dropper.Generic_c.MMI

Hello and welcome. Please follow these guidelines while we work on your PC:Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I?ve given you the ?All clear.? Absence of symptoms does not mean your machine is clean! Please do not run any scans or install/uninstall any applications without being directed to do so.Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed. Download Combofix from either of the links below, and save it to your desktop. Link 1Link 2**Note: It is important that it is saved directly to your desktop**--------------------------------------------------------------------IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link--------------------------------------------------------------------Double click on ComboFix.exe & follow the prompts. If you have trouble, stop and post back. Do not try to repeatedly run comboFix!When finished, it will produce a report for you..Note: If after running ComboFix you receive a message stating, "Illegal Operation Attempted on a registry key that has been marked for deletion" rebooting your computer will resolve the problem.Please include the following in your next post:ComboFix log

2 more replies
Answer Match 78.6%

This is my first post to this website as I have a problem with a trojan virus that keeps popping up in AVG. It is as follows:
c:\Windows\System32\services.exe
Trojan horse Dropper.Generic_c.MMI

I first noticed this, just a day ago.

I was asked to post this stuff as well, in your guide.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:08:11 PM, on 7/21/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal

Running processes:
C:\Users\Family\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Users\Family\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files (x86)\Athan\Athan.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Family\AppData\Roaming\mjusbsp\magicJack.exe
C:\PROGRA~2\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
C:\Users\Family\Downloads\HijackThis.exe

O16 - DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} (MGLaunch_v1004 Class) - http://www.netgame.com/mplugin/mglaunch_USAv... Read more

A:Trojan horse Dropper.Generic_c.MMI Virus help

16 more replies
Answer Match 78.6%

Saw this on another thread but couldn't respond. I also have the same problem, AVG notified me and continues to do so. I've run Spybot, Malwarebytes which stops the popups for the most part, but I still have it. Here's a log...I have Windows 7.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by Larry at 19:32:11 on 2012-07-16
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8184.5954 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:... Read more

A:Trojan Horse Dropper.Generic_c.MM Virus

Also did a aswMBR scan...hope this helps, shows 2 infections.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-16 21:06:26
-----------------------------
21:06:26.625 OS Version: Windows x64 6.1.7601 Service Pack 1
21:06:26.640 Number of processors: 4 586 0x203
21:06:26.640 ComputerName: DT-PC UserName: Larry
21:07:01.611 Initialize success
21:07:13.732 AVAST engine defs: 12071601
21:07:15.667 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005e
21:07:15.667 Disk 0 Vendor: Hitachi_ GK8O Size: 715255MB BusType: 8
21:07:15.713 Disk 0 MBR read successfully
21:07:15.713 Disk 0 MBR scan
21:07:15.713 Disk 0 unknown MBR code
21:07:15.729 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 701235 MB offset 63
21:07:15.791 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 14017 MB offset 1436130675
21:07:15.854 Disk 0 scanning C:\Windows\system32\drivers
21:07:50.892 Service scanning
21:08:54.636 Modules scanning
21:08:54.646 Disk 0 trace - called modules:
21:08:54.697 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll ahcix64s.sys
21:08:54.703 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007dd8060]
21:08:55.039 3 CLASSPNP.SYS[fffff8800198843f] -> nt!IofCallDriver -> [0xfffffa80078f48d0]
21:08:55.046 5 ACPI.sys[fffff88000ed07a1] -> nt!IofCallDriver -> \Device\0000005e[... Read more

36 more replies
Answer Match 78.6%

My computer is infected with Trojan Horse Dropper.Generic_c.MMI and AVG pop-ups up every few minutes showing me this virus but does not clean it. The virus causes iexplorer.exe and svchost.exe to use maximum CPU memory. I'm using my resource manager to end process the svchost.exe to free up memory but within minutes it grows again and occasionally I exist the browser to reset memory.

Following is my computer configuration:
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, 64 bit
Processor: AMD Athlon(tm) Processor LE-1660, AMD64 Family 15 Model 127 Stepping 2
Processor Count: 1
RAM: 1790 Mb
Graphics Card: NVIDIA GeForce 6150SE nForce 430, 256 Mb
Hard Drives: C: Total - 464549 MB, Free - 342373 MB;
Motherboard: eMachines, WMCP61M
Antivirus: AVG

Hijackthis txt file:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:04:35 PM, on 8/9/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Mindjet\MindManager 10\MmReminderService.exe
C:\Program Files (x86)\Motor... Read more

A:Need help cleaning Trojan Horse Dropper.Generic_c.MMI

16 more replies
Answer Match 78.6%

Hi, boopme redirected me here after having me run the following scans: MiniToolBox, TDSSKiller, SUPERAntiSpyware Free, and ESET Online Scan. Boopme determined that the rootkit is protected. Below is my original post to the "Am I Infected?" forum. I am attaching the DDS text log. I did not run GMER since I am on a 64 bit system.

"I am running Windows 7 Home Premium SP1 on a Dell XPS L511Z. I keep getting pop-ups from AVG Resident Shield Alert that say
"Threat Detected!
File name: c:\Windows\System32\services.exe
Threat name: Trojan horse Dropper.Generic_c.MMI (More info)
Detected on open."
The only option given is "Ignore the threat," and then occasionally it will go to another screen that says "Multiple threat detection." It will then list multiple Trojan horse infections with the option "Remove all unhealed." However, clicking on this does not remove the problem at all. I have run AVG Free, SUPERAntiSpyware Free, Malwarebytes Anti-Malware, and ESET Online Scanner. Even though they have detected the Trojans (with the exception of SUPERAntiSpyware) and said that they removed them, the pop-ups from AVG still persist."
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Barbossa at 18:51:58 on 2012-08-05
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6038.3297 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-... Read more

A:Infected with Trojan horse Dropper.Generic_c.MMI

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the ... Read more

15 more replies
Answer Match 78.6%

Hello,

I have been infected with Trojan horse Dropper.Generic_c.MMI, file name: c:\Windows\System32\services.exe

My computer has SEVERELY slowed down. Could you please assist me.

I have downloaded MalWare Bytes but it seems it is unable to resolve the issue.

Thank you.

A:Infected with Trojan horse Dropper.Generic_c.MMI

Greetings And Welcome To The Forums!!My name is Gringo and I'll be glad to help you with your malware problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

23 more replies
Answer Match 78.6%

Hey there, so for the past two days I have been having an issue with this. AVG detects it every 30 minutes or so, or whenever I browse near it/ go anywhere near the file.

The file is service.exe in System32. It's been detected by AVG in explorer process, and Malwarebytes process.

Any help is appreciated. Thank you.

EDIT: SOLVED IT

1. Go to start, type "cmd", and start command in Administrator mode.
2. Type or copy & paste "sfc /scanfile=c:\windows\system32\services.exe" and press enter
3. Restart your computer.
 

More replies
Answer Match 78.6%

Hi, Thank you in advance for any assistance you can give me. I don't have much experience in fixing things like this and this seems to be a real doozeee. My computer has been given the UNWANTED gift of the Trojan Horse Dropper.generic_C.mmi virus which was detected by AVG 2012 Anti-Virus. I am running 64 bit Windows7 on a Lenovo Windows7 PC.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:31:37 AM, on 7/25/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal
Running processes:
C:\Windows\SysWOW64\UMonit.exe
C:\Program Files (x86)\Greetings Workshop\GWREMIND.EXE
C:\Program Files (x86)\jmesoft\hotkey.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\AOL\1315255337\ee\aolsoftware.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Users\Joel\Desktop\HijackThis.exe
C:\windows\SysWOW64\DllHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_U... Read more

A:Trojan Horse Dropper.generic_C.mmi removal

16 more replies
Answer Match 78.6%

AVG found Trojan horse Dropper.Generic_c.MMI system32/services.exe

I arrived at this forum after searching around on Google. Seems this trojan is quite popular and discussed alot on here. I've done so far -

- Ran sfc /scannow in command prompt
- Ran combofix and below is the log.

Please help remove and clean my PC.
ComboFix 12-08-13.01 - Tintin 14/08/2012 13:29:45.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4095.2368 [GMT 1:00]
Running from: c:\users\Tintin\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Tintin\AppData\Local\Temp\{CD83DBBA-47B9-4400-B0AC-1D8A06CDE236}\fpb.tmp
c:\users\Tintin\AppData\Roaming\vronki.dll
c:\windows\Installer\{3f3fbc7d-95d5-0b91-887b-e4823857ef8c}\@
c:\windows\Installer\{3f3fbc7d-95d5-0b91-887b-e4823857ef8c}\U\[email protected]
c:\windows\Installer\{3f3fbc7d-95d5-0b91-887b-e4823857ef8c}\U\[email protected]
c:\windows\Installer\{3f3fbc7d-95d5-0b91-887b-e4823857ef8c}\U\[email protected]
c:\windows\Installer\{3f3fbc7d-95d5-0b91-887b-e4823857ef8c}\U\trz1002.tmp
c:\windows\Installer\{3f3fbc7d-95d5-0b91-887b-e4823857ef8c}\U\trz100D.tmp
c:\windows\Installer\{3f3fbc... Read more

A:Trojan horse Dropper.Generic_c.MMI removal help

Ran a full system scan with AVG and nothing is found so it seems clean now.

Can anyone recommend any thing else to do to make sure it is clean?
 

3 more replies
Answer Match 78.6%

I was recommended to this site from a friend. I've been battling this virus for a few days. I would love to get rid of the virus. please help.
Also, i realize there are other people who have this same virus, but i noticed that certain operating systems you have to take different routes.

I'm on a windows 7 machine.

This virus is on my system32\services.exe wtf?
NOT to mention that its slowing my computer down HELLA.

A:Trojan Horse dropper.generic_c.MMI halp.

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

16 more replies
Answer Match 78.6%

I've ran both AVG and Anti-Malware byte to know avail. Oh, I'm running Windows 7 64-bit

Hijackthis.log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:50:55 PM, on 7/24/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Users\Paul\AppData\Local\Akamai\netsession_win.exe
C:\Users\Paul\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Xfire\Xfire.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe
C:\Program Files (x86)\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\real\realplayer\Update\realsched.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Xfire\Xfire.exe
C:... Read more

A:Need help removing Trojan Horse Dropper.Generic_C.MMI

New development, not sure if its related or not, I am now unable to use microsoft word which means I am in trouble as I need this for a class I'm taking this summer. Sorry if this doesnt help, but I figured I'd add the information.
 

3 more replies
Answer Match 78.6%

3 days ago AVG antivirus notified me that threats were detected by Trojan horse dropper.generic_c.MMI. All files were moved to vault and deleted however alerts continue to pop up. I downloaded MBAM which also found threats and removed them but they just reappear after reboot. Now MBAM only finds Trojan horse dropper BCMiner, however AVG continually alerts about c.MMI. Computer is significantly slower with all processes and I am often redirected now w frequent pop ups when using Firefox.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Home at 21:09:56 on 2012-07-10
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.2435 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k ... Read more

A:Infected with Trojan horse dropper.generic_c.MMI

Greetings And Welcome To The Forums!!My name is Gringo and I'll be glad to help you with your malware problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

22 more replies
Answer Match 78.6%

I am running Windows 7 Home Premium SP1 on a Dell XPS L511Z. I keep getting pop-ups from AVG Resident Shield Alert that say
"Threat Detected!
File name: c:\Windows\System32\services.exe
Threat name: Trojan horse Dropper.Generic_c.MMI (More info)
Detected on open."
The only option given is "Ignore the threat," and then occasionally it will go to another screen that says "Multiple threat detection." It will then list multiple Trojan horse infections with the option "Remove all unhealed." However, clicking on this does not remove the problem at all. I have run AVG Free, SUPERAntiSpyware Free, Malwarebytes Anti-Malware, and ESET Online Scanner. Even though they have detected the Trojans (with the exception of SUPERAntiSpyware) and said that they removed them, the pop-ups from AVG still persist. I don't know what other steps to take. Thanks.

A:Infected with Trojan horse Dropper.Generic_c.MMI ?

Welcome GastlyKazooDropper.Generic_c.MMI has the ability to download many other malwares, backdoor Trojans or worms so you should change all passwords when done.Lets run a few tools and look at the logs please.Please download MiniToolBox, save it to your desktop and run it. Checkmark the following checkboxes: Flush DNS Report IE Proxy Settings Reset IE Proxy Settings Report FF Proxy Settings Reset FF Proxy Settings List content of Hosts List IP configuration List Winsock Entries List last 10 Event Viewer log List Installed Programs List Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.>>>>Please download TDSSKiller.zip and and extract it.Run TDSSKiller.exe. Click on Change Parameters Put a check in the box of Detect TDLFS file system Click Start scan.When it is finished the utility outputs a list of detected objects with description.
The utility automatically selects an action (Cure or Delete) for malicious objects.
The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click ContinueLet reboot if needed and tell me if the tool needed a reboot.Click on Report and post the contents of the text file that will open.

Note: By default, the utility outputs the log into system disk (it is usually the disk wit... Read more

6 more replies
Answer Match 78.6%

Hello,

Earlier this morning, my free trial version of AVG Security Essentials 2012 alerted me of its discovery of Trojan Horse Dropper.Generic_c.MMI. AVG did not present to me the option to eliminate the file, merely to ignore it. Immediately afterwards, I discovered that my Microsoft Security Essentials firewall was off and error coded me each time I tried to turn it back on. Additionally, my AVG informed me that I am now no longer protected, and informed me that one of its components was broken and that it could not repair itself each time I attempted to fix it through its main menu.

I immediately went to the bleepingcomputer forums and read up on how to post a request for malware elimination help. I've already run DeFogger, but I noticed that the download link for DDS given in your forums is not functional.

I read up on another post in the forum that OTL could be used occasionally in place of DDS. I am going to attach the results of my OTL scan to this post, as well as my MalwareBytes scan log when that is finished. I would attempt to search for a DDS link on my own, but I am fearful of what searching for said program without any functional firewalls would do to my computer.

Please and thank you for anyone generous to help!

A:Trojan Horse Dropper.Generic_c.MMI removal help

Greetings And Welcome To The Forums!!My name is Gringo and I'll be glad to help you with your malware problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

20 more replies
Answer Match 78.6%

Hi, I'm running Windows 7 64bit.
AVG picks up services.exe as a trojan located in c\windows\system32 and it is whitelisted so it cannot vault it or anything.
Please help! No sure what more information to give.

A:trojan horse dropper. generic_c.mmi - SERVICES.exe

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the ... Read more

3 more replies
Answer Match 108.78%

Hi wonder if someone could help me, recently got infected with nasty malware bundle and I have removed most of it using the likes of Spybot, Malware byte etc. But I have an infected services.exe file that I cannot seem to get cleaned up. Hijack this log file listed below. AVG is reporting the infection is caused by
"";"C:\Windows\System32\services.exe";"Trojan horse Dropper.Generic_c.MMI";"Object is white-listed (critical/system file that should not be removed)"
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:39:23, on 22/07/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Microsoft\RATTV3\RATT.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\Trend Micro\Browser Guard\BGUI.exe
C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray... Read more

More replies
Answer Match 108.78%

This is my log report from combofix, I have not received any threat detections since but please help me! Is there any further action required?
ComboFix 12-07-27.03 - Sniff 07/28/2012 20:53:54.1.1 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2038.780 [GMT -4:00]
Running from: c:\users\Sniff\Desktop\ComboFix.exe
AV: AVG Internet Security 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Sniff\AppData\Roaming\nfone.dll
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\Installer\{f1d25ed1-aed9-2b1b-8510-f2a1ef0c03f9}\@
c:\windows\Installer\{f1d25ed1-aed9-2b1b-8510-f2a1ef0c03f9}\L\[email protected]
c:\windows\Installer\{f1d25ed1-aed9-2b1b-8510-f2a1ef0c03f9}\L\201d3dde
c:\windows\Installer\{f1d25ed1-aed9-2b1b-8510-f2a1ef0c03f9}\U\[email protected]
c:\windows\Installer\{f1d25ed1-aed9-2b1b-8510-f2a1ef0c03f9}\U\[email protected]
c:\windows&... Read more

A:Combofix Log report for Trojan horse Dropper.Generic_C.MMI

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/462919 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

2 more replies
Answer Match 108.78%

Hi ,
I need help with the removal of dropper.generic virus. Below are the Hijackthis, dds and combo fix logs for a windows 7 operating system. Appreciate your help . Thanks.

**************Hijack this********************************************

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:58:23 PM, on 9/1/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Users\Arnitha\Downloads\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=5489... Read more

A:help with removal of trojan horse dropper.generic_c.mmi windows 7

12 more replies
Answer Match 108.78%

was told to Create a topic here, here is my old thread for reference, http://www.bleepingcomputer.com/forums/topic461723.html/page__gopid__2774014#entry2774014

TDSSKiller log:

15:08:37.0684 2372 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
15:08:37.0965 2372 ============================================================
15:08:37.0965 2372 Current date / time: 2012/07/21 15:08:37.0965
15:08:37.0965 2372 SystemInfo:
15:08:37.0965 2372
15:08:37.0965 2372 OS Version: 6.1.7601 ServicePack: 1.0
15:08:37.0965 2372 Product type: Workstation
15:08:37.0965 2372 ComputerName: CHRIS-PC
15:08:37.0965 2372 UserName: Chris
15:08:37.0965 2372 Windows directory: C:\Windows
15:08:37.0965 2372 System windows directory: C:\Windows
15:08:37.0965 2372 Running under WOW64
15:08:37.0965 2372 Processor architecture: Intel x64
15:08:37.0965 2372 Number of processors: 3
15:08:37.0965 2372 Page size: 0x1000
15:08:37.0965 2372 Boot type: Normal boot
15:08:37.0965 2372 ============================================================
15:08:38.0932 2372 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:08:38.0947 2372 ============================================================
15:08:38.0947 2372 \Device\Harddisk0\DR0:
15:08:38.0947 2372 MBR partitions:
15:08:38.0947 2372 \Device\Harddisk0\DR0\Partiti... Read more

A:Google redirects/trojan horse.Dropper.Generic_c.MMI

Greetings And Welcome To The Forums!!My name is Gringo and I'll be glad to help you with your malware problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

19 more replies
Answer Match 108.78%

I am trying to help a friend get rid of this virus...Google redirects/trojan horse.Dropper.Generic_c.MMI. Google works sometimes, but it later starts redirecting me to other websites. Also, my antivirus sees the virus, but does not remove it. Please help...Thanks!

A:Google redirects/trojan horse.Dropper.Generic_c.MMI

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results hereDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

4 more replies
Answer Match 108.78%

Hi,

I recently got a recurring message from my AVG9 that C:/Windows/System32/services.exe has been infected with a Trojan. The only option I am given is to "Ignore", presumably because it's a system file and cannot be removed. I am competent enough with a computer but this is my first virus so hopefully someone can help me.

There are no initial "symptoms". Windows is working fine, computer isn't shutting down, Hard drive isn't deleting itself but the problem is there and I'd like to get rid of it ASAP. Here are the log files requested:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:07:05, on 02/08/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\TeamViewer\Version5\TeamViewer.exe
C:\Program Files (x86)\VLC Streamer\VLC Streamer Configuration.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraGrd.exe
C:\Users\Conor\AppData\Local\Facebook\Update\FacebookUpdate.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\Conor\AppData\Local\Akamai\netsession_win.exe
C:\Users\Conor\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Nero\Nero 11\Nero Ba... Read more

A:Services.exe infected with Trojan Horse Dropper.Generic_c.MMI

16 more replies
Answer Match 108.78%

Dear gurus, I desperately need your help. I tried to remove a trojan that was first detected by Avira with no luck. Then I tried AVG, no luck. I tried to follow some of the posts here but they seem to be personalized. Please help.AVG reports:"";"C:\Windows\System32\services.exe";"Trojan horse Dropper.Generic_c.MMI";"Object is white-listed (critical/system file that should not be removed)"Running:Microsoft Windows 7 EnterpriseMotherboard: ASUSTeK Computer INC. | | SABERTOOTH P67Processor: Intel® Core™ i7-2600K CPU @ 3.40GHz | LGA1155 | 3401/100mhzDDS:.DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_32Run by H at 15:56:08 on 2012-08-10Microsoft Windows 7 Enterprise 6.1.7601.1.1252.358.1033.18.8169.5355 [GMT 3:00].AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: COMODO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Program Files (x86)\NVIDIA Corporat... Read more

A:Pls help: AVG finds Trojan horse Dropper.Generic_c.MMI in services.exe

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

16 more replies
Answer Match 108.78%

AVG keeps telling me that I am infected and I have tried everything to clean it (Malwarebytes,ESET, AVG Scan, etc...). The message is as follows: "Object name";"C:\Windows\System32\services.exe", "Detection name";"Trojan horse Dropper.Generic_c.MMI", "Object type";"file", "SDK Type";"Core", "Result";"Object is white-listed (critical/system file that should not be removed)". The symptoms I have are as follows:

1. AVG Warning every hour or so
2. redirect problems when clicking search results in Google using FireFox
3. Can't open Gmail using Google Chrome
4. tabs are occasionally opened in FireFox with make money pages
5. can't enable Windows Firewall

Other than that my computer is working normally.

Results of DDS aree as follows:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_32
Run by stnewton at 16:03:59 on 2012-07-31
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8140.5039 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)... Read more

A:Infected with services.exe Trojan horse Dropper.Generic_c.MMI

Hello and welcome to Bleeping Computer! I am D-FRED-BROWN and I will be helping you. Please print or save this topic. It will make it easier for you to follow the instructions and complete all of the necessary steps.----------Step 1----------------I know you've already run TDSSKiller before, but please run it one more time so we have an up-to-date idea of what may be remaining on the computer. Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.Click the Start Scan button.Do not use the computer during the scanIf the scan completes with nothing found, click Close to exit.If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.Ensure Skip is selected, then click Continue > Reboot now to finish the cleaning process.
Note: Do not choose Cure or Delete unless instructed.A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually ... Read more

18 more replies
Answer Match 108.78%

AVG alerted me that services.exe (c:/windows/system32/services.exe) is a trojan horse. Because it's an integral system file, AVG white lists it but I'm still concerned about how it could be affecting my computer. Any instructions on resolving this problem would be greatly appreciate. Thank you for taking the time to read this.

A:Services.exe detected as Trojan horse Dropper.Generic_c.MMI

what is your operating system?Please run the following:Please download DDS from either of these linksLINK 1 LINK 2and save it to your desktop.Disable any script blocking protection Double click dds to run the tool. When done, two DDS.txt's will open. Save both reports to your desktop.---------------------------------------------------Please include the contents of the following in your next reply:DDS.txtAttach.txt. NEXTPlease download aswMBR to your desktop.Double click the aswMBR.exe icon to run itWhen asked if you want to download Avast's virus definitions please select Yes.Click the Scan button to start the scanOn completion of the scan, click the save log button, save it to your desktop and post it in your next reply.You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well

4 more replies
Answer Match 108.78%

Hi,

Lately I have been getting notifications from AVG telling me that a Trojan horse dropper.generic_c.mmi has infected services.exe and is white-listed. Apparently, AVG is unable to heal the infection. I appreciate all the help you are willing to give, thank you in advance!

My computer:
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: AMD A4-3300M APU with Radeon(tm) HD Graphics, AMD64 Family 18 Model 1 Stepping 0
Processor Count: 2
RAM: 7656 Mb
Graphics Card: AMD Radeon HD 6480G, 512 Mb
Hard Drives: C: Total - 205083 MB, Free - 127060 MB; D: Total - 246254 MB, Free - 70050 MB;
Motherboard: ASUSTeK Computer Inc., K73TA
Antivirus: Trend Micro Titanium Internet Security, Disabled (Running AVG free 2012)

Requested logs:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:21:38, on 10.9.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16448)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
C:\Users\Juhana\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
C:\Program Files (x86)\ASUS\ASUS Sonic Foc... Read more

A:Trojan horse dropper.generic_c.mmi services.exe problem.

13 more replies
Answer Match 108.78%

I have been experiencing google redirects and avg constantly gives me alerts about "Trojan horse.Dropper.Generic_c.MMI" Which i will add a screenshot of and it finds around 7-8 objects named Luhe.Sirefef.A in the latest scans. Also malwarebytes keeps finding one object over and over, I'm not sure how to attach those logs.Malwarebytes Anti-Malware 1.62.0.1300www.malwarebytes.orgDatabase version: v2012.07.20.02Windows 7 Service Pack 1 x64 NTFSInternet Explorer 9.0.8112.16421Chris :: CHRIS-PC [administrator]7/21/2012 4:31:26 AMmbam-log-2012-07-21 (04-31-26).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 245384Time elapsed: 16 minute(s), 14 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 1C:\Windows\Installer\{1113e04a-9e9d-f085-58fc-05e365fdb631}\U\[email protected] (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.(end)

A:Google redirects/trojan horse.Dropper.Generic_c.MMI

I'm having the same problem. It also keeps opening web pages if I am online. And it seems to be blocking this site. I had to log on from a different pc. Everytime I try to log in my laptop locks up.

7 more replies
Answer Match 107.52%

Hi, I just received a dell pc from my uncle who passed away a couple of weeks ago. It appears to have some virus issues. I tried running AVG to clear them out but I am still having issues, the trojan horse dropper keeps popping up in agv. Chrome will launch but IE doesn't recognize the internet connection. I can't enable windows firewall. The error message I get is Windows firewall can't change some of your settings error code 0x80070424. I am using a wireless usb to connect to the router. Chrome stops me from accessing gmail. This is a windows 7 64 bit pc :

The site's security certificate is signed using a weak signature algorithm!
You attempted to reach mail.google.com, but the server presented a certificate signed using a weak signature algorithm. This means that the security credentials the server presented could have been forged, and the server may not be the server you expected (you may be communicating with an attacker).
You cannot proceed because the website operator has requested heightened security for this domain.

I have downloaded malwarebites but have not run it yet. I'm pretty clueless on what to do next. I tried creating a repair disk in case the pc crashes but even though I format the disk when I attempt to burn it the repair toolkit tells me the disk is not blank.

Help!

Thanks for your time,

Derrek

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by butch at 17:57:36 on 2012-07-13
Microsoft Window... Read more

A:trojan horse dropper.generic_c.mmi/ can't access gmail/IE not working

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the ... Read more

18 more replies
Answer Match 107.52%

Hey everyone, thanks for taking this post. This started a while back when I decided I wanted to try Microsoft Security Essentials. What happened after a scan is it said it found the Trojan horse Dropper.Generic_c.MMI, and needed to restart to fix the problem. After restarting it made my pc restart over and over again. I then was able to remove Security Essentials so it wouldn't force restart anymore, but then it started to say it can't validate windows, not sure if that has anything to do with the virus.

On another note, I have random sound that comes up and have noticed it's when one of my svchost.exe's is using a ridiculous amount of memory. Help with both of these would be extremely appreciated.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_35
Run by Fuzz at 23:22:13 on 2012-09-26
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4087.2519 [GMT -5:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C... Read more

A:Trojan horse Dropper.Generic_c.MMI and svchost.exe bizarro sounds

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

31 more replies
Answer Match 107.52%

My PC has been infected by a virus. I use AVG software and it is showing Trojan horse Dropper.Generic_C.MMI and Found Luhe.Sirefef.A on recent scans.
It is keeping me from accessing the internet. In order for me to do my work I will have to download your tools to a thumb drive. I hope it will work this way.
I see DDS does its work over the internet. Is there another way I can get you this information?
Thanks in advance
Don

A:Trojan horse Dropper.Generic_C.MMI and Found Luhe.Sirefef.A

Hello ddibowski, Welcome to Bleeping Computer.
My name is fireman4it and I will be helping you with your Malware problem.

Please take note of some guidelines for this fix:
Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
I will get back to you with instructions.Can you tell me which operating system you are using. Windows Xp,Vista ,or Windows7? is it a 32 bit or 64bit system?

19 more replies
Answer Match 107.52%

I'm getting pop-ups while using Firefox, no other noticeable impact at this point. AVG is sending me warning messages about the viruses.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Sam at 19:40:16 on 2012-07-23
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.3561.1696 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Prog... Read more

A:Infected with Trojan horse Dropper.Generic_c.MMI and Luhe. Sirefef.A

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

14 more replies
Answer Match 107.52%

Hello "A newbie I am"

Just remover trojan horse dropper.generic_c.mmi from my computer and now I have no browser connections or download ability.
Windows & 64bit shows every thing fine and connections are up and running, but no pages load on Opera, FF or Explorer, gadgets are not up datng either?
Please help me ObieOneKinoBies I am loosing valuable work time.
Cheers,
Zev
 

A:trojan horse dropper.generic_c.mmi been removed but causing troubles

6 more replies
Answer Match 106.26%

Hello again.
Really desperate for some help here, pleeeeeeeeeeeeeeeeeeeeeeease!
Have since rest Winsock and Ipv4 and 6.......nothing
Done IPconfig/all and shows connection good.
Do you have any more suggestions to bridge this gap betwen working internet and it working with my PC?

Thank you al i advance,

Zev
 

A:TROJAN horse dropper.generic_c.mmi been removed but causing connection troubles

Zone Alarm corruption from Trojan. Either took over functionality or just rendered useless.
Switched off, all good.

Thank you all for you time in looking.

Cheers, Zev
 

1 more replies
Answer Match 106.26%

SYSINFO:

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Celeron(R) CPU 900 @ 2.20GHz, Intel64 Family 6 Model 23 Stepping 10
Processor Count: 1

POSSIBLE ISSUE W HighjackThis:

For some reason your system denied write access to the Hosts file. If any hijacked domains are in this file, HijackThis may NOT be able to fix this. If that happens, you need to edit the file yourself...

HighjackThis LOG:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:07:36 PM, on 6/25/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\Owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Candleworks\FXTS2\FXTSpp.exe
C:\Users\Owner\Desktop\FXPRO\terminal.exe
C:\Program Files (x86)\AVG\AVG2012\avgui.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
C:\Users\Owner\Desktop\SysInfo.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Owner\... Read more

A:c:\windows\System32\services.exec | Trojan Horse Dropper.Generic_c.MMI

Hi Charlesz and welcome to TSG. My name is Mark and I will be helping you.

Please provide the last log from Malwarebytes, then run another scan with it and post that log also.
Open Malwarebytes and click on the Logs tab.
Scroll down the list to find the relative scan dates.
Click on the entry and then click on Open.
Copy and paste the log into your next post.

Please run Malwarebytes and post the log as follows:

Open Malwarebytes and allow it to update with the latest definitions, then run a Quick Scan.
When finished, a message box will say "The scan completed successfully. Click Show Results to display all objects found".
Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
Make sure that everything is checked and then click Remove Selected.
When removal is completed, a log report will open in Notepad.
The log is automatically saved and can be viewed by clicking the Logs tab .
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
Exit Malwarebytes when done.
If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.
 

3 more replies
Answer Match 106.26%

AVG found Trojan horse Dropper.Generic_C.MMI on my computer today. Also, I've been having problems for a couple of weeks with my Google search being hijacked occasionally (it redirects me to a different page than whatever link I click on). I read through the preparation instructions and did everything but turn on the firewall, because I couldn't (I read somewhere that this problem turns off security settings). Please help!

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by James at 20:05:01 on 2012-07-23
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4095.2617 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k Loc... Read more

A:Infected with Trojan horse Dropper.Generic_C.MMI and google search seems to be hijacked

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

18 more replies
Answer Match 91.56%

Yesterday, one of my PC's was infected with Trojan.Dropper.Generic_c.MMI . I realized something was wrong when Google Chrome stopped me from logging into my Facebook because the connection was insecure. Then, the trojan was detected by AVG. I had a friend (who is a lot more tech-savvy than me) come over and take a look at it. He downloaded a tool called "Combofix" and apparently it fixed the issue on that PC. I haven't had any issues with that PC since then, even after several scans with MalwareBytes, AVG, and Security Essentials.

Today, I woke up to a DIFFERENT PC being infected. This time, the symptoms were a bit different. I had tried logging into my Facebook and the same Google Chrome error appeared. Suddenly, I realized Security Essentials was offline and I got error messages when I tried reenabling it. Also, Windows Firewall was offline and when I tried to enable it, I got error 0x8007042. I ran a scan with MalwareBytes and Trojan.Dropper.BCMiner was detected. I called my friend over again and he reinstalled Security Essentials and did a scan and nothing was found. Then he installed AVG Free and "Trojan.Dropper.Generic_c.MMI" was detected. I thought that was extremely odd since my other PC had the same trojan the day before. He then ran "Combofix" on this PC. According to him, it was successful, saying that "services.exe was disinfected" or something along that line. However, Windows Firewall was still having the previou... Read more

A:Trying to deal with Trojan.Dropper.Generic_c.MMI and Trojan.Dropper.BCMiner

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) DownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results hereDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

52 more replies
Answer Match 87.36%

This is my log file form completing comboxfil process. Please help with the further removal of this trojan. Thanks.ComboFix 10-09-04.06 - Kim 06/09/2010 13:06:08.1.2 - x86Microsoft Windows 7 Starter 6.1.7600.0.1252.2.1033.18.1014.348 [GMT -2.5:30]Running from: E:\ComboFix.exe * Created a new restore point.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\programdata\FullRemove.exec:\programdata\Microsoft\Network\Downloader\qmgr0.datc:\programdata\Microsoft\Network\Downloader\qmgr1.datc:\users\Kim\AppData\Local\{A692594C-5037-4F3E-945F-35A8464290DD}c:\users\Kim\AppData\Local\{A692594C-5037-4F3E-945F-35A8464290DD}\chrome.manifestc:\users\Kim\AppData\Local\{A692594C-5037-4F3E-945F-35A8464290DD}\chrome\content\_cfg.jsc:\users\Kim\AppData\Local\{A692594C-5037-4F3E-945F-35A8464290DD}\chrome\content\overlay.xulc:\users\Kim\AppData\Local\{A692594C-5037-4F3E-945F-35A8464290DD}\install.rdfc:\users\kim\appdata\local\temp\cbywvs.dllc:\users\Kim\AppData\Local\Temp\wvvsss.dllc:\users\Kim\AppData\Local\Windows Serverc:\users\Kim\AppData\Local\Windows Server\admin.txtc:\users\Ki... Read more

A:Trojan horse dropper generic 2, log file from combofix.

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEmsconfigsafebootminimalactivexdrivers32netsvcs%SYSTEMDRIVE%\*.exe/md5st... Read more

2 more replies
Answer Match 86.52%

Hi, I found a trojan called trojan Dropper.Generic_c.MMI on my computer in the file c:\Windows\System32\services.exe and I don't know how to get rid of it. I ran the AVG free scan, which says the file is white listed and can't be removed. I really appreciate the help, guys! Oh yeah, I'm running Windows 7 Home 64.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:03:57 AM, on 7/17/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\PROGRAM FILES (X86)\ITUNES\ITUNESHELPER.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\Users\G Fresh\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Se... Read more

A:trojan Dropper.Generic_c.MMI

13 more replies
Answer Match 86.52%

Hi!

Like the others, I have a laptop infected with Dropper.Generic_C.MMI . From my forum reading, it seems to be a custom fix. Any help would be appreciated! I am running W7 Home Prem on 64-bit. Found Dropper.Generic_C.MMI with AVG.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:58:56 AM, on 8/14/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\SkyGolf\CaddieSync Express\CaddieSyncExpress.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Users\jeff\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jeff\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jeff\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jeff\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jeff\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jeff\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jeff\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jeff\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jeff\Desktop\HijackThis.exe

R1 - HKC... Read more

A:Yet another Trojan Dropper.Generic_c.MMI

16 more replies
Answer Match 86.52%

Last night my computer was attacked by a trojan disguised as a flash player update. I've run avg to no avail, and malware bytes doesn't seem to be helping either. Could someone please help me figure this out. Here are the logs as requested.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:54:17 AM, on 7/14/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Marlon\Documents\ProcessExplorer\procexp.exe
C:\Users\Marlon\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page... Read more

A:Trojan Dropper Generic_c.MMI Help!!!

If you no longer use Norton IS you should UNinstall at your earliest convenience, if you still use Norton then AVG has to go...

On to the infection....

Run the following:

Close all windows, Select > start icon > all programs > accessories > Right click on "command prompt" > select > Run as administrator > ok any alerts > at the command prompt type or copy and paste sfc /scannow > then enter. Type exit when its finished and re-boot your PC.

Next,

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

Link 1
Link 2
Ensure that Combofix is saved directly to the Desktop <--- Very important

Disable all security programs as they will have a negative effect on Combofix, instructions available Here if required. Be aware the list may not have all programs listed, if you need more help please ask.

Close any open browsers and any other programs you might have running

Double click the icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)

Instructions for running Combofix available Here if required.

If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.

W... Read more

1 more replies
Answer Match 85.68%

Hi... I appear to be another person with this problem. May I have some assistance with this one? AVG and other tools are not working as they should. Many thanks to y'all for your help.
 Attach.zip   4.39KB
  0 downloads

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by Dan at 10:52:16 on 2012-07-30
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8191.5925 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG10\avgchsva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files (x86)\R-Wipe&Clean\RwcTaskService.exe
C:\Windows\system32\atie... Read more

A:Trojan: Dropper.generic_C. MMI in services.exe

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

5 more replies
Answer Match 85.68%

Hi all. I am having a problem with this virus which AVG alerted me is in system32\services.exe.

My problem is essentially the same as the one addressed in this post http://www.bleepingcomputer.com/forums/topic459964.html but all of the codes and such are personalized to that user, so if it's not too much trouble perhaps I could have a personalized code too?

Many thanks in advance for any and all help!

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_29
Run by Codymack at 16:30:23 on 2012-07-23
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3892.1431 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRes... Read more

A:Trojan: Dropper.generic_C. MMI in services.exe

please do the following:download Farbar Recovery Scan Tool and save it to a flash drive.Plug the flashdrive into the infected PC.Enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand Prompt[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) ... Read more

13 more replies
Answer Match 85.68%

Hi all!

First of all a big thank you to all of you for your effort, support and help! I am located in Germany, hope that is not a problem?! ;-)

I got the infection information through a virus scan and already generated the 2 log files frst.txt and search.txt with the Farbar Recovery Scan Tool (hope that helps?!).

It would be great if you could help me in this case to clean the services.exe... Thanks a lot!!!

Please see the text of the 2 files below:

============
Search.txt:
============

Farbar Recovery Scan Tool Version: 09-08-2012
Ran by SYSTEM at 2012-08-13 21:02:27
Running from H:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

====== End Of Search ======
============
FRST.txt:
============

Scan result of Farbar Recovery Scan Tool Version: 09-08-2012
Ran by SYSTEM at 13-08-2012 21:00:23
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...�... Read more

A:Trojan: dropper.generic_c.mmi in services.exe

Greetings And Welcome To The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the ... Read more

3 more replies
Answer Match 85.68%

Hi. First post in the bleepingcomputer forums!

My computer is infected with the "trojan dropper.generic_c.MMI" virus. This started over a week ago. My AVG Free Home Edition will pop up every time the laptop is powered on and report that there has been this infection. The only option it gives is to ignore the threat. I will run the manual scan, only to end in the same result of ignoring the threat. I have also run Malwarebytes Anti-Malware, but it could not remove the virus either. The internet has also been hijacked- occasionally, it will randomly take me to a site where it advertises how to clean up the virus (don't worry, I don't click on the links it gives). Those are the only steps I have taken to try and remove the virus.

I am running Windows 7 Home Premium 64-bit with Service Pack 1. Browsers used are Firefox and Chrome. Protection from AVG Anti-virus Free Edition 2012 and Malwarebytes Anti-Malware.

Your assistance is greatly appreciated. Hope to hear back soon of a battleplan against this virus!

Thanks,
lmai

A:Infected with "trojan dropper.generic_c.MMI" - what do I do?

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) DownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results hereDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

3 more replies