Tech Problem Aggregator

Infected with Safe and Easy malware and cannot get rid of it!

Q: Infected with Safe and Easy malware and cannot get rid of it!

Hi there
 
Out of the blue today when I started up chrome my normal tab opened (I use new tab redirect) and another tab called easylife.search opened up as well.
I ran malwarebytes and it kept blocking the program over and over but to no avail.
After wards I ran rougekiller and when it popped up as PUP i deleted it (this was in chrome) it was gone, however i was signed out of chrome and I need to stay signed into chrome for work purposes. When I signed back in it was back and now when I run rougekiller it will not disappear.
 
I went to C:/ProgramData and tried to delete the DLL files there however that didn't work either.
In my control panel there is a random program called Fast and Safe by Gtgroup however when I try deleting it it comes up with an error message stating:
There was a problem starting C:\PROGRA~3\FASTAN~1\FASTAN~1.DLL The specified module could not be found
 
I believe it is referring to the files I tried to delete earlier
 
I really am at a lose as to what to do and require some assistance!
 
Here are the DDS LOGS
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17126  BrowserJavaVersion: 10.55.2
Run by Kossi at 14:26:09 on 2014-06-21
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.61.1033.18.12248.8078 [GMT 10:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\GFNEXSrv.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\atieclxx.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\TOSHIBA\PeakShift\TPSCMain.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPNetworkCommunicator.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe
C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtKbd.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\windows\system32\taskmgr.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\msiexec.exe
C:\windows\SysWOW64\cmd.exe
C:\Users\Kossi\AppData\Local\Akamai\netsession_win.exe
C:\Users\Kossi\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.easylifeapp.com/
uDefault_Page_URL = hxxp://www.google.com/
mStart Page = hxxp://search.easylifeapp.com/
uProxyOverride = <local>
mWinlogon: Userinit = userinit.exe,
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [HP Photosmart 5510 series (NET)] "C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN1AS054YQ05NR:NW" -scfn "HP Photosmart 5510 series (NET)" -AutoStart 1
uRun: [Akamai NetSession Interface] "C:\Users\Kossi\AppData\Local\Akamai\netsession_win.exe"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [Norton Ghost 15.0] "C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe"
StartupFolder: C:\Users\Kossi\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe
StartupFolder: C:\Users\Kossi\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\windows\System32\RunDll32.exe
StartupFolder: C:\Users\Kossi\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SAMSUN~1.LNK - C:\Program Files (x86)\Samsung SSD Magician\Samsung SSD Magician.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr/200
IE: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{851EECD7-064D-49A1-9D3F-249F6CFBD0C8} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://search.easylifeapp.com/
x64-mWinlogon: Userinit = Userinit.exe,
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - 
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [SRS Premium Sound HD] "C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe"  /f="C:\Program Files\SRS Labs\SRS Control Panel\SRS_Premium_Sound_HD.zip" /h
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [TPSCMain] C:\Program Files (x86)\TOSHIBA\PeakShift\TPSCMain.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [CDAServer] C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kossi\AppData\Roaming\Mozilla\Firefox\Profiles\t2jzmku3.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.easylifeapp.com/
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\id Software\QuakeLive\npquakezero.dll
FF - plugin: C:\Users\Kossi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll
.
============= SERVICES / DRIVERS ===============
.
P2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2013-10-12 9216]
R0 iaStorA;iaStorA;C:\windows\System32\drivers\iaStorA.sys [2013-1-24 652344]
R0 iaStorF;iaStorF;C:\windows\System32\drivers\iaStorF.sys [2013-1-24 28216]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\windows\System32\drivers\iusb3hcs.sys [2012-1-5 16152]
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\windows\System32\drivers\dtsoftbus01.sys [2013-2-26 283200]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2013-1-25 235520]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-4-11 1390720]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-4-11 1764992]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe [2011-6-8 250296]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe [2011-6-8 47032]
R2 GFNEXSrv;GFNEX Service;C:\windows\System32\GFNEXSrv.exe [2013-1-25 162824]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-1-24 14904]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-3 628448]
R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2013-1-25 128280]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-1-25 161560]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-6-21 1809720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-6-21 860472]
R2 mi-raysat_3dsmax2014_64;mental ray Satellite for Autodesk 3ds Max 2014 64-bit;C:\Program Files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe [2011-9-15 86016]
R2 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2012-8-30 133928]
R2 SplashtopRemoteService;Splashtop® Remote Service;C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2013-1-28 551264]
R2 SSPORT;SSPORT;C:\windows\System32\drivers\SSPORT.SYS [2013-11-26 11576]
R2 SSUService;Splashtop Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2013-8-7 609056]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2011-11-25 294848]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-20 14472]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-1-25 363800]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\windows\System32\drivers\AtihdW76.sys [2013-1-25 93712]
R3 BtFilter;Bluetooth LowerFilter Class Filter Driver;C:\windows\System32\drivers\btfilter.sys [2011-8-9 45168]
R3 GenericMount;Generic Mount Driver;C:\windows\System32\drivers\GenericMount.sys [2010-2-12 66608]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\windows\System32\drivers\iusb3hub.sys [2012-1-5 355096]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\windows\System32\drivers\iusb3xhc.sys [2012-1-5 786200]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\windows\System32\drivers\LEqdUsb.sys [2009-6-18 74256]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\windows\System32\drivers\LHidEqd.sys [2009-6-18 13328]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2014-6-21 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\windows\System32\drivers\MBAMSwissArmy.sys [2014-6-21 122584]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\windows\System32\drivers\mwac.sys [2014-6-21 63704]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2013-1-25 38096]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2013-1-25 251496]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2013-1-25 565352]
R3 SymSnapService;SymSnapService;C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe [2010-2-11 2963960]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2013-1-25 57216]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-11-26 138152]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2011-12-15 833976]
S2 64af91bf;Fast And Safe;C:\windows\System32\rundll32.exe [2009-7-14 45568]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 Andbus;LGE Android Platform Composite USB Device;C:\windows\System32\drivers\lgandbus64.sys [2013-2-3 19456]
S3 AndDiag;LGE Android Platform USB Serial Port;C:\windows\System32\drivers\lganddiag64.sys [2013-2-3 27648]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;C:\windows\System32\drivers\lgandgps64.sys [2013-2-3 27136]
S3 ANDModem;LGE Android Platform USB Modem;C:\windows\System32\drivers\lgandmodem64.sys [2013-2-3 34304]
S3 androidusb;ADB Interface Driver;C:\windows\System32\drivers\lgandadb.sys [2013-2-3 31744]
S3 FlexNet Licensing Service 64;FlexNet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2014-1-6 1471352]
S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2013-1-25 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 GenericMount Helper Service;GenericMount Helper Service;C:\Program Files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelperx64.exe [2010-2-12 2227216]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-6-11 111616]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\windows\System32\drivers\MijXfilt.sys [2013-4-3 121416]
S3 PrintNotify;Printer Extensions and Notifications;C:\windows\System32\svchost.exe -k print [2012-4-10 27648]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2013-1-25 19456]
S3 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;C:\windows\System32\dllhost.exe [2009-7-14 9728]
S3 Tomcat7;Apache Tomcat 7.0 Tomcat7;C:\Program Files\Apache Software Foundation\Tomcat 7.0\bin\Tomcat7.exe [2013-3-22 103936]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2014-5-15 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2013-1-25 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2013-1-25 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== File Associations ===============
.
ShellExec: SC2Editor.exe: open="C:/Program Files (x86)/StarCraft II/Support/SC2Editor.exe" "%1"
ShellExec: SC2Switcher.exe: open="C:/Program Files (x86)/StarCraft II/Support/SC2Switcher.exe" "%1"
.
=============== Created Last 30 ================
.
2014-06-21 04:07:31 -------- d-----w- C:\FRST
2014-06-21 04:03:43 -------- d-----w- C:\Program Files\Enigma Software Group
2014-06-21 04:03:14 -------- d-----w- C:\windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-06-21 02:29:30 -------- d-----w- C:\ProgramData\RogueKiller
2014-06-21 01:40:36 122584 ----a-w- C:\windows\System32\drivers\MBAMSwissArmy.sys
2014-06-21 01:40:25 91352 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys
2014-06-21 01:40:25 63704 ----a-w- C:\windows\System32\drivers\mwac.sys
2014-06-21 01:40:25 25816 ----a-w- C:\windows\System32\drivers\mbam.sys
2014-06-21 01:40:25 -------- d-----w- C:\ProgramData\Malwarebytes
2014-06-21 01:40:25 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-21 01:35:34 -------- d-----w- C:\Program Files (x86)\grreatsavinG
2014-06-20 06:34:18 -------- d-----w- C:\ProgramData\7fc2f3c75154a193
2014-06-20 06:34:12 -------- d-----w- C:\Users\Kossi\AppData\Local\Packages
2014-06-20 06:23:57 10779000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AF4B58B7-9D28-4C03-83D1-15A1620237AC}\mpengine.dll
2014-06-18 08:15:38 10779000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-06-14 23:57:31 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4D9B84B7-4DA8-4987-91F5-46963C778916}\gapaengine.dll
2014-06-13 23:29:16 -------- d-----w- C:\Users\Kossi\AppData\Local\Adobe
2014-06-11 07:47:50 506368 ----a-w- C:\windows\System32\aepdu.dll
2014-06-11 07:47:50 424448 ----a-w- C:\windows\System32\aeinv.dll
2014-06-06 10:47:08 4558848 ----a-w- C:\windows\SysWow64\GPhotos.scr
2014-05-31 07:03:14 -------- d-----w- C:\Users\Kossi\AppData\Local\ESN
2014-05-31 07:02:56 -------- d-----w- C:\Program Files (x86)\Battlelog Web Plugins
2014-05-31 07:02:11 -------- d-----w- C:\ProgramData\EA Logs
2014-05-31 04:20:20 -------- d-----w- C:\ProgramData\SmartCMS2
2014-05-31 04:20:02 -------- d-----w- C:\Program Files (x86)\Samsung Easy Color Manager
2014-05-31 04:16:11 -------- d-----w- C:\Program Files\Common Files\Common Desktop Agent
2014-05-31 04:16:11 -------- d-----w- C:\Program Files (x86)\Common Files\Common Desktop Agent
2014-05-31 02:51:09 48648 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2014-05-31 02:51:07 -------- d-----w- C:\Users\Kossi\AppData\Local\Windows Live
2014-05-31 02:51:06 336208 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2014-05-31 02:45:14 -------- d-----w- C:\Users\Kossi\AppData\Local\Innovative Solutions
2014-05-31 02:24:49 -------- d-----w- C:\Program Files (x86)\SamsungPrinterLiveUpdateInstaller
2014-05-31 02:24:49 -------- d-----w- C:\Program Files (x86)\SamsungPrinterLiveUpdate
2014-05-31 02:24:02 643120 ----a-w- C:\windows\System32\eed_sl.exe
2014-05-31 02:24:01 2427392 ----a-w- C:\windows\System32\eed_ec.dll
2014-05-31 01:40:19 34304 ----a-w- C:\windows\System32\sst6ylm.dll
2014-05-31 01:40:15 89600 ----a-w- C:\windows\System32\sst6yci.dll
2014-05-31 01:40:15 151552 ----a-w- C:\windows\System32\sst6yci.exe
2014-05-31 01:31:59 49677664 ----a-w- C:\Easy_Color_Manager_V3.02.04.exe
2014-05-30 14:08:16 -------- d--h--w- C:\Program Files (x86)\Common Files\EAInstaller
2014-05-29 09:36:49 -------- d-----w- C:\Users\Kossi\AppData\Roaming\Samsung
2014-05-29 09:35:45 41984 ----a-w- C:\windows\System32\Spool\prtprocs\x64\sst6cpc.dll
2014-05-29 09:35:30 1571160 ------w- C:\windows\TotalUninstaller.exe
2014-05-29 09:34:40 34304 ----a-w- C:\windows\System32\sst6clm.dll
2014-05-29 09:34:40 226424 ----a-w- C:\windows\System32\SBuySupplies.exe
2014-05-29 09:34:12 89600 ----a-w- C:\windows\System32\sst6cci.dll
2014-05-29 09:34:12 151552 ----a-w- C:\windows\System32\sst6cci.exe
2014-05-29 07:14:52 -------- d-----w- C:\Program Files (x86)\Origin Games
2014-05-29 07:14:26 -------- d-----w- C:\Users\Kossi\AppData\Roaming\Origin
2014-05-29 07:14:25 -------- d-----w- C:\Users\Kossi\AppData\Local\Origin
2014-05-29 07:11:58 -------- d-----w- C:\ProgramData\Origin
2014-05-29 07:11:56 -------- d-----w- C:\Program Files (x86)\Origin
.
==================== Find3M  ====================
.
2014-06-13 23:28:18 71344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-06-13 23:28:18 699056 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2014-05-30 14:08:00 189248 ----a-w- C:\windows\SysWow64\PnkBstrB.ex0
2014-05-30 10:02:37 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2014-05-30 10:02:09 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2014-05-30 09:39:43 548352 ----a-w- C:\windows\System32\vbscript.dll
2014-05-30 09:39:23 66048 ----a-w- C:\windows\System32\iesetup.dll
2014-05-30 09:38:29 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2014-05-30 09:21:23 139264 ----a-w- C:\windows\System32\ieUnatt.exe
2014-05-30 09:21:05 111616 ----a-w- C:\windows\System32\ieetwcollector.exe
2014-05-30 09:20:36 752640 ----a-w- C:\windows\System32\jscript9diag.dll
2014-05-30 09:11:24 940032 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe
2014-05-30 09:08:22 5782528 ----a-w- C:\windows\System32\jscript9.dll
2014-05-30 09:02:39 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-05-30 08:55:36 38400 ----a-w- C:\windows\System32\JavaScriptCollectionAgent.dll
2014-05-30 08:44:28 455168 ----a-w- C:\windows\SysWow64\vbscript.dll
2014-05-30 08:43:06 61952 ----a-w- C:\windows\SysWow64\iesetup.dll
2014-05-30 08:42:16 51200 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
2014-05-30 08:28:33 112128 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2014-05-30 08:27:56 592896 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2014-05-30 08:24:19 1249280 ----a-w- C:\windows\System32\mshtmlmedia.dll
2014-05-30 08:23:22 2040832 ----a-w- C:\windows\System32\inetcpl.cpl
2014-05-30 08:10:46 32256 ----a-w- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-05-30 07:56:56 2266112 ----a-w- C:\windows\System32\wininet.dll
2014-05-30 07:56:50 4244992 ----a-w- C:\windows\SysWow64\jscript9.dll
2014-05-30 07:50:09 1068032 ----a-w- C:\windows\SysWow64\mshtmlmedia.dll
2014-05-30 07:49:38 1964544 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2014-05-30 07:21:10 1790976 ----a-w- C:\windows\SysWow64\wininet.dll
2014-05-08 09:32:11 3178496 ----a-w- C:\windows\System32\rdpcorets.dll
2014-05-08 09:32:11 16384 ----a-w- C:\windows\System32\RdpGroupPolicyExtension.dll
2014-04-25 02:34:59 801280 ----a-w- C:\windows\System32\usp10.dll
2014-04-25 02:06:17 626688 ----a-w- C:\windows\SysWow64\usp10.dll
2014-04-14 16:34:10 1070232 ----a-w- C:\windows\SysWow64\MSCOMCTL.OCX
2014-04-14 10:13:43 96168 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-04-12 02:22:05 95680 ----a-w- C:\windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05 155072 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38 29184 ----a-w- C:\windows\System32\sspisrv.dll
2014-04-12 02:19:38 136192 ----a-w- C:\windows\System32\sspicli.dll
2014-04-12 02:19:37 28160 ----a-w- C:\windows\System32\secur32.dll
2014-04-12 02:19:32 1460736 ----a-w- C:\windows\System32\lsasrv.dll
2014-04-12 02:19:05 31232 ----a-w- C:\windows\System32\lsass.exe
2014-04-12 02:12:06 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2014-04-12 02:10:56 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
2014-04-05 02:47:20 1903552 ----a-w- C:\windows\System32\drivers\tcpip.sys
2014-04-05 02:47:09 288192 ----a-w- C:\windows\System32\drivers\FWPKCLNT.SYS
2014-03-26 14:44:48 2002432 ----a-w- C:\windows\System32\msxml6.dll
2014-03-26 14:44:48 1882112 ----a-w- C:\windows\System32\msxml3.dll
2014-03-26 14:41:39 2048 ----a-w- C:\windows\System32\msxml6r.dll
2014-03-26 14:41:39 2048 ----a-w- C:\windows\System32\msxml3r.dll
2014-03-26 14:27:50 1389056 ----a-w- C:\windows\SysWow64\msxml6.dll
2014-03-26 14:27:50 1237504 ----a-w- C:\windows\SysWow64\msxml3.dll
2014-03-26 14:25:14 2048 ----a-w- C:\windows\SysWow64\msxml6r.dll
2014-03-26 14:25:14 2048 ----a-w- C:\windows\SysWow64\msxml3r.dll
.
============= FINISH: 14:26:24.77 ===============

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17126  BrowserJavaVersion: 10.55.2
Run by Kossi at 14:26:09 on 2014-06-21
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.61.1033.18.12248.8078 [GMT 10:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\GFNEXSrv.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\atieclxx.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\TOSHIBA\PeakShift\TPSCMain.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPNetworkCommunicator.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe
C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtKbd.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\windows\system32\taskmgr.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\msiexec.exe
C:\windows\SysWOW64\cmd.exe
C:\Users\Kossi\AppData\Local\Akamai\netsession_win.exe
C:\Users\Kossi\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.easylifeapp.com/
uDefault_Page_URL = hxxp://www.google.com/
mStart Page = hxxp://search.easylifeapp.com/
uProxyOverride = <local>
mWinlogon: Userinit = userinit.exe,
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [HP Photosmart 5510 series (NET)] "C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN1AS054YQ05NR:NW" -scfn "HP Photosmart 5510 series (NET)" -AutoStart 1
uRun: [Akamai NetSession Interface] "C:\Users\Kossi\AppData\Local\Akamai\netsession_win.exe"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [Norton Ghost 15.0] "C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe"
StartupFolder: C:\Users\Kossi\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe
StartupFolder: C:\Users\Kossi\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\windows\System32\RunDll32.exe
StartupFolder: C:\Users\Kossi\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SAMSUN~1.LNK - C:\Program Files (x86)\Samsung SSD Magician\Samsung SSD Magician.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr/200
IE: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{851EECD7-064D-49A1-9D3F-249F6CFBD0C8} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://search.easylifeapp.com/
x64-mWinlogon: Userinit = Userinit.exe,
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - 
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [SRS Premium Sound HD] "C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe"  /f="C:\Program Files\SRS Labs\SRS Control Panel\SRS_Premium_Sound_HD.zip" /h
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [TPSCMain] C:\Program Files (x86)\TOSHIBA\PeakShift\TPSCMain.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [CDAServer] C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kossi\AppData\Roaming\Mozilla\Firefox\Profiles\t2jzmku3.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.easylifeapp.com/
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\id Software\QuakeLive\npquakezero.dll
FF - plugin: C:\Users\Kossi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll
.
============= SERVICES / DRIVERS ===============
.
P2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2013-10-12 9216]
R0 iaStorA;iaStorA;C:\windows\System32\drivers\iaStorA.sys [2013-1-24 652344]
R0 iaStorF;iaStorF;C:\windows\System32\drivers\iaStorF.sys [2013-1-24 28216]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\windows\System32\drivers\iusb3hcs.sys [2012-1-5 16152]
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\windows\System32\drivers\dtsoftbus01.sys [2013-2-26 283200]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2013-1-25 235520]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-4-11 1390720]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-4-11 1764992]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe [2011-6-8 250296]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe [2011-6-8 47032]
R2 GFNEXSrv;GFNEX Service;C:\windows\System32\GFNEXSrv.exe [2013-1-25 162824]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-1-24 14904]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-3 628448]
R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2013-1-25 128280]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-1-25 161560]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-6-21 1809720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-6-21 860472]
R2 mi-raysat_3dsmax2014_64;mental ray Satellite for Autodesk 3ds Max 2014 64-bit;C:\Program Files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe [2011-9-15 86016]
R2 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2012-8-30 133928]
R2 SplashtopRemoteService;Splashtop® Remote Service;C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2013-1-28 551264]
R2 SSPORT;SSPORT;C:\windows\System32\drivers\SSPORT.SYS [2013-11-26 11576]
R2 SSUService;Splashtop Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2013-8-7 609056]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2011-11-25 294848]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-20 14472]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-1-25 363800]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\windows\System32\drivers\AtihdW76.sys [2013-1-25 93712]
R3 BtFilter;Bluetooth LowerFilter Class Filter Driver;C:\windows\System32\drivers\btfilter.sys [2011-8-9 45168]
R3 GenericMount;Generic Mount Driver;C:\windows\System32\drivers\GenericMount.sys [2010-2-12 66608]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\windows\System32\drivers\iusb3hub.sys [2012-1-5 355096]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\windows\System32\drivers\iusb3xhc.sys [2012-1-5 786200]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\windows\System32\drivers\LEqdUsb.sys [2009-6-18 74256]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\windows\System32\drivers\LHidEqd.sys [2009-6-18 13328]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2014-6-21 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\windows\System32\drivers\MBAMSwissArmy.sys [2014-6-21 122584]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\windows\System32\drivers\mwac.sys [2014-6-21 63704]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2013-1-25 38096]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2013-1-25 251496]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2013-1-25 565352]
R3 SymSnapService;SymSnapService;C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe [2010-2-11 2963960]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2013-1-25 57216]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-11-26 138152]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2011-12-15 833976]
S2 64af91bf;Fast And Safe;C:\windows\System32\rundll32.exe [2009-7-14 45568]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 Andbus;LGE Android Platform Composite USB Device;C:\windows\System32\drivers\lgandbus64.sys [2013-2-3 19456]
S3 AndDiag;LGE Android Platform USB Serial Port;C:\windows\System32\drivers\lganddiag64.sys [2013-2-3 27648]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;C:\windows\System32\drivers\lgandgps64.sys [2013-2-3 27136]
S3 ANDModem;LGE Android Platform USB Modem;C:\windows\System32\drivers\lgandmodem64.sys [2013-2-3 34304]
S3 androidusb;ADB Interface Driver;C:\windows\System32\drivers\lgandadb.sys [2013-2-3 31744]
S3 FlexNet Licensing Service 64;FlexNet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2014-1-6 1471352]
S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2013-1-25 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 GenericMount Helper Service;GenericMount Helper Service;C:\Program Files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelperx64.exe [2010-2-12 2227216]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-6-11 111616]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\windows\System32\drivers\MijXfilt.sys [2013-4-3 121416]
S3 PrintNotify;Printer Extensions and Notifications;C:\windows\System32\svchost.exe -k print [2012-4-10 27648]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2013-1-25 19456]
S3 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;C:\windows\System32\dllhost.exe [2009-7-14 9728]
S3 Tomcat7;Apache Tomcat 7.0 Tomcat7;C:\Program Files\Apache Software Foundation\Tomcat 7.0\bin\Tomcat7.exe [2013-3-22 103936]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2014-5-15 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2013-1-25 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2013-1-25 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== File Associations ===============
.
ShellExec: SC2Editor.exe: open="C:/Program Files (x86)/StarCraft II/Support/SC2Editor.exe" "%1"
ShellExec: SC2Switcher.exe: open="C:/Program Files (x86)/StarCraft II/Support/SC2Switcher.exe" "%1"
.
=============== Created Last 30 ================
.
2014-06-21 04:07:31 -------- d-----w- C:\FRST
2014-06-21 04:03:43 -------- d-----w- C:\Program Files\Enigma Software Group
2014-06-21 04:03:14 -------- d-----w- C:\windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-06-21 02:29:30 -------- d-----w- C:\ProgramData\RogueKiller
2014-06-21 01:40:36 122584 ----a-w- C:\windows\System32\drivers\MBAMSwissArmy.sys
2014-06-21 01:40:25 91352 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys
2014-06-21 01:40:25 63704 ----a-w- C:\windows\System32\drivers\mwac.sys
2014-06-21 01:40:25 25816 ----a-w- C:\windows\System32\drivers\mbam.sys
2014-06-21 01:40:25 -------- d-----w- C:\ProgramData\Malwarebytes
2014-06-21 01:40:25 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-21 01:35:34 -------- d-----w- C:\Program Files (x86)\grreatsavinG
2014-06-20 06:34:18 -------- d-----w- C:\ProgramData\7fc2f3c75154a193
2014-06-20 06:34:12 -------- d-----w- C:\Users\Kossi\AppData\Local\Packages
2014-06-20 06:23:57 10779000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AF4B58B7-9D28-4C03-83D1-15A1620237AC}\mpengine.dll
2014-06-18 08:15:38 10779000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-06-14 23:57:31 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4D9B84B7-4DA8-4987-91F5-46963C778916}\gapaengine.dll
2014-06-13 23:29:16 -------- d-----w- C:\Users\Kossi\AppData\Local\Adobe
2014-06-11 07:47:50 506368 ----a-w- C:\windows\System32\aep

A: Infected with Safe and Easy malware and cannot get rid of it!

Hi Littlegreen, to Bleeping Computer.
My name is Jason and I'll be helping you with your computer problems. You can call me by my screename jntkwx or Jason is fine.
Some things to remember while we are working together.
Do not run any other tool untill instructed to do so!
Please do not attach logs or put logs in code or quote boxes (unless explicitly asked to)
Tell me about any problems that have occurred during the fix.
Tell me of any other symptoms you may be having as these can also help.
Do not run anything while running a fix.
If you don't understand a step, please ask for clarification before continuing with any future steps.
In the upper right hand corner of the topic you will see the Follow This Topic button. Click on this then choose Receive Notification Immediately and then click Follow This Topic and you will be sent an email once I have posted a response and make the cleaning process faster.Note to others: The instructions here are intended for the person who began this topic. If you need help, please create your own topic in the appropriate forum.adwCleaner
Please download AdwCleaner by Xplode and save to your Desktop.
Double click on AdwCleaner.exe to run the tool.Vista/Windows 7/8 users right-click and select Run As Administrator
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
Copy and paste the contents of that logfile in your next reply.
A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

4 more replies
Answer Match 85.26%

Hi there
 
Out of the blue today when I started up chrome my normal tab opened (I use new tab redirect) and another tab called easylife.search opened up as well.
I ran malwarebytes and it kept blocking the program over and over but to no avail.
After wards I ran rougekiller and when it popped up as PUP i deleted it (this was in chrome) it was gone, however i was signed out of chrome and I need to stay signed into chrome for work purposes. When I signed back in it was back and now when I run rougekiller it will not disappear.
 
I went to C:/ProgramData and tried to delete the DLL files there however that didn't work either.
In my control panel there is a random program called Fast and Safe by Gtgroup however when I try deleting it it comes up with an error message stating:
There was a problem starting C:\PROGRA~3\FASTAN~1\FASTAN~1.DLL The specified module could not be found
 
I believe it is referring to the files I tried to delete earlier
 
I really am at a lose as to what to do and require some assistance!
 
Here are the DDS LOGS
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17126  BrowserJavaVersion: 10.55.2
Run by Kossi at 14:26:09 on 2014-06-21
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.61.1033.18.12248.8078 [GMT 10:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
S... Read more

A:Infected with Safe and Easy malware and cannot get rid of it!

Please stick to one thread here. Thanks.

1 more replies
Answer Match 62.16%

Hello... Looking for help.
 
Tricked into downloading an "update" without understanding it was an advertisement.  
 
Here's the 9 items that were installed all at once:  
 
Cinema-Plus-1.2
DesktopWeatherAlerts
Easy Speed Check
Easy Speed PC
FreeSoftToday 025.163
NewPlayer
NewPlayer
Remote Desktop Access (VuuPC)
Snap.Do; Snap.Do Engine
 
There's pop-ups tabs and hovering ads happening all over the place.  
 
Hoping someone can help talk me down off the ledge!  
 

A:Infected with Malware Snap.Do, NewPlayer, Easy Speed, etc.

Hi there,please run a FRST scan:Please download Farbar Recovery Scan Tool and save it to your Desktop.(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)Start FRST with administator privileges.Make sure the option Addition.txt is checked and press the Scan button.When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.Please copy and paste these logs in your next reply.

22 more replies
Answer Match 57.12%

Hi guys. I just joined this site and this is my first post. My desktop has been infected with Malware/Viruses and won't boot in any mode (safe, safe + networking, last good setting, or normal mode). The closest thing I get is when i go to safe mode and i get a total black screen with no start button or taskbar and on each of the four corners says "safe mode". However, I cannot do anything else on the screen. (Using laptop right now due to desktop being down)

After some research on the web I found that I could try the Avira Rescue CD and would hopefully remove the malware/virus. It's been almost a week but if memory suits me right, the virus was called Cleanup Antivirus. I also was experiencing google redirects. I have already finished most of the steps on the following Avira rescue cd instructions website:

http://forum.avira.com/wbb/index.php?page=Thread&threadID=82163

I am currently stuck on step 7 part 2&3. The reason for this is because in the command line, I type exactly what is instructed but the only thing it does is in the next line says:

"Devices" (text is in a neon greenish-blue font) (This is when i type in "ls /mnt")
When i type in " /mnt " it then says "/bin/ash: /mnt: Permission denied"

Not sure what to do because I have already restarted my computer and tried all modes including safe and normal but am still unable to get my normal computer settings.

I would get my log files with Hijack ... Read more

More replies
Answer Match 56.7%

Here are my log files. PLease help. I cant get this off no matter what I do. Deckard's System Scanner v20071014.68Run by Nikky on 2008-05-10 18:01:05Computer is in Normal Mode.--------------------------------------------------------------------------------Percentage of Memory in Use: 82% (more than 75%).Total Physical Memory: 254 MiB (512 MiB recommended).-- HijackThis Clone ------------------------------------------------------------Emulating logfile of Trend Micro HijackThis v2.0.2Scan saved at 2008-05-10 18:01:36Platform: Windows XP Service Pack 2 (5.01.2600)MSIE: Internet Explorer (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\system32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\AOL\ACS\AOLacsd.exeC:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exeC:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exeC:\Program Files\Common ... Read more

A:Infected With Safe-strip Spyware/malware?

Can anyone please take a look at this and possible help me. My computer is going so slow now. Thanks

3 more replies
Answer Match 55.44%

My laptop has been infected by malware/spyware. This is the first time i have joined any forum so look forward to your help. I have been working in safe mode since 2 days and need immediate help as this is my company laptop and i need access to programs that i cant get in safe mode.
Below is the HJT log report and attached is DDS. I could not run GMER in safe mode, let me know what to do. I also see that their is an "iexplore" process running in task manager which is a Trojan, as it launches itself after regular intervals even after i kill the process.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:25:25 PM, on 3/31/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\amit\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\amit\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\amit\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\amit\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\taskmgr... Read more

A:infected by malware/spyware.. running PC in safe mode since 2 days..need help

Hello and Welcome to TSF.


Quote:




this is my company laptop




We are sorry but this forum is intended for the home user.

Please contact your company's IT department for help and best of luck with your issues.

This thread shall now be closed.

------------------------------------------------------

1 more replies
Answer Match 54.6%

I seem to have some kind of infection that wont let my computer boot into safe mode. This has also caused my clock to show up on my desktop as military time, although when i try to fix it it's showing it to be in normal time. This all started after one strange day when my google started to redirect me to weird search sites, and other weird things on firefox. I have ran malwarebyes, spybot, and avg internet security 9.0 and they are all finding nothing. I can't seem to remove this from the computer and I really need some help. Windows XP Media Edition Version 2002 SP3. Thank you so much for your time and help, here are the logs.DDS (Ver_09-12-01.01) - NTFSx86 Run by HP_Administrator at 23:50:08.40 on Mon 01/25/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}============== Running Processes ============================= Pseudo HJT Report ===============uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.htmluInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=ieho... Read more

A:Infected with a virus/Trojan/Spyware/or malware that wont let me safe boot

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I'll ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.We need to create an OTL ReportPlease download OTL from hereSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Under the Custom Scan box paste this innetsvcs%SYSTEMDRIVE%\*.exe/md5starteventlog.dllscecli.dllnetlogon.dllcngaudit.dllsceclt.dllntelogon.dlllogevent.dlliaStor.sysnvstor.sysatapi.sysIdeChnDr.sysviasraid.sysAGP440.sysvaxscsi.sysnvatabus.sysviamraid.sysnvata.sysnvgts.sysiastorv.sysViPrt.syseNetHook.dllahcix86.sysKR10N.sys/md5stop%systemroot%\*. /mp /s%systemroot%\system32\*.dll /lockedfilesCREATERESTOREPOINTClick the "Run Scan" button.The scan should take just a few minutes.Please copy and paste both logs back here in your next reply.

10 more replies
Answer Match 54.18%

Sorry ahead of time - I'm not sure what the actual malware is.I cannot reach gmail (or if I can, it is very sporadic) - the page displays with the following error:Not FoundThe requested URL /accounts/ServiceLogin was not found on this server.Apache/2.2.3 (Red Hat) Server at www.google.com Port 443I am also not able to get to google reader - it brings me to google itself, and the header image doesn't load.Search results in google and yahoo do not resolve either, but redirect to another site with ads (such as searchclick8.com/....)Finally, if I try to reboot into safe mode, the system reboots again, so if I continue to go to safe mode, it's just a loop of failure and disappointment.I have downloaded combofix but have not yet run it, and I'm including my DDS and GMER logs in this post. Sorry I couldn't give more information, but I'd be happy to look into anything that could further clarify the issue.Thanks!Sorry! Forgot my DDS.txt log:DDS (Ver_09-12-01.01) - NTFSx86 Run by Matt Kowalski at 20:38:18.28 on Wed 02/17/2010Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.231 [GMT -5:00]AV: avast! Antivirus *On-access scanning enabled* (Updated) Copyright Information 5============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files... Read more

A:Infected with malware - no gmail, search results do not resolve, and safe mode loop

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEnetsvcsmsconfigsafebootminimalsafebootnetworkactivexdrivers32%systemroot%�... Read more

17 more replies
Answer Match 49.98%

Many people think that sandboxing is difficult to use. It is, in fact, very, very simple. Here is what you do to be safe on the web, which I think is the most important. The other functions you can explore yourself.

Step1 - Download and install Sandboxie from here: http://www.sandboxie.com/index.php?DownloadSandboxie

Step2 - Go into All Programs, click on Sandboxie and make a shortcut on the desktop from “Run webbrowser sandboxed” (you can also pin it to the Start menu, Quick launch or Taskbar).

Step3 - Launch your webbrowser with that shortcut. Now you are safe.

A:Safe surfing with Sandboxie - very, very easy

  
Quote: Originally Posted by whs


Many people think that sandboxing is difficult to use. It is, in fact, very, very simple. Here is what you do to be safe on the web, which I think is the most important. The other functions you can explore yourself.

Step1 - Download and install Sandboxie from here: Sandboxie - Download Sandboxie

Step2 - Go into All Programs, click on Sandboxie and make a shortcut on the desktop from ?Run webbrowser sandboxed? (you can also pin it to the Start menu, Quick launch or Taskbar).

Step3 - Launch your webbrowser with that shortcut. Now you are safe.


Thanks WHS, I had never explored the option as i didnt realise it was that simple.

9 more replies
Answer Match 49.98%

My computer is often showing blue screens and nothing I've done seems to correct the STOP 0x00000050 error about "page fault in the non_paged area". So I guess is time for me to back-up everything ASAP. Which I never did. Because I donīt know how. Could someone with good will guide me on the steps to get an EASY & SAFE back up using CD's ?

I will be grateful for your assistance

Oniro

XP 2000
1.20 gigahertz AMD Duron processor
256 MGHZ
40 gigs HD
IBM Clon
 

A:How to Back-Up Easy and safe ??? Please teach me

16 more replies
Answer Match 49.98%

Many people think that sandboxing is difficult to use. It is, in fact, very, very simple. Here is what you do to be safe on the web, which I think is the most important. The other functions you can explore yourself.

Step1 - Download and install Sandboxie from here: Sandboxie - Download Sandboxie

Step2 - Go into All Programs, click on Sandboxie and make a shortcut on the desktop from ?Run webbrowser sandboxed? (you can also pin it to the Start menu, Quick launch or Taskbar).

Step3 - Launch your webbrowser with that shortcut. Now you are safe.

A:Safe surfing with Sandboxie - very, very easy

Originally Posted by whs


Many people think that sandboxing is difficult to use. It is, in fact, very, very simple. Here is what you do to be safe on the web, which I think is the most important. The other functions you can explore yourself.

Step1 - Download and install Sandboxie from here: Sandboxie - Download Sandboxie

Step2 - Go into All Programs, click on Sandboxie and make a shortcut on the desktop from ?Run webbrowser sandboxed? (you can also pin it to the Start menu, Quick launch or Taskbar).

Step3 - Launch your webbrowser with that shortcut. Now you are safe.



I was reviewing this same program from advice from Tews.

I agree

2 more replies
Answer Match 49.56%

Start Windows 8 PC - hold power button for 5 seconds whilst it's loading Windows - Warning - this comes at risk of corrupting user profile if not windows it's self though Microsoft in all its wisdom has seen fit to remove the F8 accessibility to safe mode. MS seems to get stupider the harder they try - unbelievable!! 

A:Easy way to get Windows 8 safe mode - not recommended though

Why post something that's not recommended?A very simple solution to regain F8 safe mode....Go to above tutorials....and look under W8...This will also explain why Microsoft chose to go this way.

3 more replies
Answer Match 46.62%

The other day I noticed my computer slowing down over the day. I saw an 'explorer.exe' process bouncing up and down in the TaskManager and 'flashing'. I used Sysinternals ProcMon to dump the stack for this process and found some weird-named dll in the stack. I did some surfing and it seemed like a 'Vundo' virus. I did some more searching, downloaded HJT, SUPERAntivirus Free Edition, and MalwareBytes. saw some bad stuff in the HJT log, marked and removed and then tried to run MalwareBytes which was now missing from the installation folder. so, I deleted some bad-looking dll's in the System32 folder using HJT, rebooted and was able to re-install and run MB and remove the virus's successfully.all was good until yesterday afternoon where the same symtoms appeared. I followed much the same strategy as before and all was good until earlier this afternoon. now, no matter what I do, I cannot seem to get rid of the crap which seems to have infected every process that is running. so, I'm waving the white flag and asking for help.The preparation guide says to run DDS.scr, save the .txt files and create a new post. I'm posting the DDS.txt file here, attaching Attach.zip and rootrepeal log as requested. I'm also attaching the previous mbam logs from my previous attempts to clean this up. your help is greatly appreciated and I do hope I can learn more about this whole topic.DDS (Ver_09-10-26.01) - NTFSx86 Run by ckoobs at 16:23:34.79 on Fri 10/30/2009Internet Explorer: 7.0.5730.13 B... Read more

A:These virus's/malware won't go down easy

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand corner ... Read more

2 more replies
Answer Match 46.62%

A day or two ago, I downloaded something from a sendspace.com link that my friend sent me. Shortly after, I noticed that Google Chrome was hijacked and started redirecting my homepage to a website "hxxp://search.easylifeapp.com/" (censored the url so no one accidentally clicks). I ran MSE and Spybot SD. Spybot found and cleared some issues but the redirects continued.Then I scoured my installed programs listing and uninstalled a program called "Easy Life", "Easy Life Updater" and "Browse2Save". Even after uninstalling, they still had folders and files saved under Program Files and Program Data so I went in and deleted them as well. Still, I get the homepage redirects.Google kept pointing me here because another guy had a similar issue a few days ago....so here I am. I appreciate any help that anyone can give. I ran DDS like the FAQ asks, here are the texts:DDX.txtDDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: BrowserJavaVersion: 10.4.1Run by Jeremy at 17:20:34 on 2013-01-26Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8187.5838 [GMT -5:00].AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system3... Read more

A:Easy Life App malware

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top o... Read more

14 more replies
Answer Match 46.2%

Hi people at BleepingComputer.com,
 
I recently got infected by Easy Life App malware. I have tried MBAM, SpyHunter and manual removal of files in the control panel in an attempt to remove it from my laptop myself. Unfortunately, that was very unsuccesful
 
Normally I use Firefox as default browser, but within minutes after opening Firefox it closes again by itself. So, now I have started my computer in the safe mode (using F8) and started Explorer to post this issue.
 
Can you (please, pretty please :-) help me remove Easy Life App permanently? I have Norton antivirus, but apparantly it didn't stop this horrible app.
 
Kind regards,
Sarista
 
I have run dds and attached Attach.txt:
 
dds.txt:
DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK
Internet Explorer: 9.0.8112.16464  BrowserJavaVersion: 10.13.2
Run by Jorne at 20:49:08 on 2013-03-04
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.31.1043.18.3070.2466 [GMT 1:00]
.
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows... Read more

A:Infected with Easy life app

Hello Sarista Welcome to The Forums!!Around here they call me Gringo and I'll be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at you... Read more

18 more replies
Answer Match 45.36%

I'm sure the solution to this is simple, and just one of those commands I don't know. Yet.

Running XP Pro, sp2.

After removing some rather pesky trojans using a combination of AdAware, HijackThis, and finally Killbox, I'm left with a minor annoyance. One of those trojans (trogandumper as I recall) created the file C:\copy.exe that would run anytime I opened c:\, e:\, etc. After Killboxing it, whenever I try to open open of those directories, I get the error "Cannot find copy.exe Browse to..." etc. By right clicking on the drive, I can see that the default action (the bold one) has been changed from "Open" to "Autoplay". I can open the drives with no problem if I right click and hit open. So my question is this:

How do I change the default action of my drives back to Open from Autoplay?

Thanks for your time!
 

More replies
Answer Match 45.36%

We told you how to tell if you?re infected with malware. We told you how to clean up the infection if you get it. How about how to stop the infection from happening in the first place?

Yes, it?s possible to clean up an infected computer and fully remove malware from your system. But the damage from some forms of malware, like ransomware, cannot be undone. If they?ve encrypted your files and you haven?t backed them up, the jig is up. So your best defense is to beat the bad guys at their own game.

While no single method is ever 100 percent fool-proof, there are some tried and true cybersecurity techniques for keeping malware infections at bay that, if put into practice, will shield you from most of the garbage of the Internet.

Without further ado:

Protect vulnerabilities
One of the top delivery methods for malware today is by exploit kit. Exploit kits are sneaky little suckers that rummage around in your computer and look for weaknesses in the system, whether that?s an unprotected operating system, a software program that hasn?t been updated in months, or a browser whose security protocols aren?t up to snuff (we?re looking at you, Internet Explorer).

Here are some ways you can protect against exploits and shield your vulnerabilities:
Update your operating system, browsers, and plugins. If there?s an update to your computer waiting in queue, don?t let it linger. Updates to operating systems, browsers, and plugins are often released to patch any securit... Read more

More replies
Answer Match 44.94%

I recieved a message from Time Warner Cable today that a machine in my household is compromised and I must deal with it. There are 3 machines on the lan currently. For two of them I have been able to run malwarebytes and it didn't find anything. I am currently at work and only able to access the two remotely. I ran a CBL look up and it said a machine is infected with rustock. Is there an easy way to identify which machine is infected without having to run cleanup up on all 3? Also, the 3 computers have all different operating systems from XP to win7. I would have tried to run Combofix on them but it only works for XP. Any help is appreciated.

PS. I Posted this in the log section previously by accident. I didn't read where I should post this until now. Sorry about that.

A:> Infected with rustock, easy way to find which machine?

Some more information. I ran advanced port scanner which found 6 devices. 3 computers, 1 printer, 1 router and 1 Wii. I looked at the open ports for all of the devices and there is no indication SMTP or any port that isn't normal is open.

2 more replies
Answer Match 44.94%

Hello Shoka, Welcome to Bleeping Computer.
My name is fireman4it and I will be helping you with your Malware problem.

Please take note of some guidelines for this fix:
Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.1.Please download aswMBR ( 511KB ) to your desktop.Double click the aswMBR.exe icon to run itClick the Scan button to start the scanOn completion of the scan, click the save log button, save it to your desktop and post it in your next reply.2.Download RogueKiller on the desktop Close all the running processesUnder Vista/Seven, right click -> Run as AdministratorOtherwise just doub... Read more

A:Infected with Easy A-Z Search Google Redirect

Hello.Are you still there?If you are please follow the instructions in my previous post.If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.Please reply back telling us so. If you don't reply within 3-5 days the topic will need to be closed.Thanks for understanding With Regards,fireman4it

13 more replies
Answer Match 44.94%

The titles listed in the subject line recently appeared on my desktop along with a VERY hijacked machine.

I get a common pop up that states "Warning! Potential Spyware Operation! Your computer is making unauthorised copies of your system and internet files. Run full scan now to prevent any unauthorised access to your files! Click here to download Spyware Remover..."

This is a personal home computer.

I tried the five step process and met with the following results:

1) Can not access addd/remove tab - following error message:
Restrictions
This operation has been cancelled due to restrictions in effect on this computer. PLease contact your system adminstrator.

2) Can not run Panda ActiveScan - get message "internet explorer cannot display the webpage" when scan window attempts to run, all pop-up blockers disabled

3) Successful instal of both Spyware Blaster and IE-Spyad

4) Could not use windows update - following error message:
Network policy prevents you from using this website to get updates for your computer

5) Deckard's maint.txt log:

Deckard's System Scanner v20071014.68
Run by Daddy on 2008-01-15 17:51:57
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 2 Restore Point(s) --
2: 2008-01-15 22:52:0... Read more

A:Bad Malware infection - Spy-rid, InfeStop, Easy Spyware Cleaner

SpyBot-SD Just caught a process identified as Virtumonde.crack. I told it to kill the process next time it is encountered.

19 more replies
Answer Match 44.94%

Hi there,

I'm a new User and this is my first thread. I read the FAQ's and I hope I don't make any mistakes.

My problem is quite self-explaining. I have a malware in my system but I don't know how to delete it.

When Windows starts (XP Professional) my firefox starts also automatically with a google-search (it searchs for "easy money" and directs me to (I guess) the spanish google)

The next problem is, that - and I'm not sure if I'm right here - the same malware took over my live messenger. WLM is automatically sending links to all of my contacts.

These are the two main problems that I have.
I've to say that this is not my computer. It's my brothers and he's using illegal p2p programs (limewire) - due to the site rules I deleted it and some other stuff he downloaded. And I'm pretty sure that this malware came from some crap he downloaded. The problem is, that I don't know which of his programs are cracked and which are original. If anyone recognizes an illegal program please let me know and I'll delete it immediately.

I let hijackthis scan my system today and and found the win7services.exe process and fixed it but I still have the same problems.

so here are the DDS Logfiles:

-------------------------------------------------------------------------


DDS (Ver_09-07-30.01) - NTFSx86
Run by Administrator at 19:22:46,21 on 28.08.2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.... Read more

A:Easy-Monez malware - sending WLMessenger links

Hi,

Please do the following:

Download Combofix from either of the links below. You must rename it before saving it.
Save it to your desktop.

**Note: In the event you already have Combofix, delete it, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**
If you are using Firefox, make sure that your download settings are as follows:Tools->Options->Main tab
Set to "Always ask me where to Save the files".



Link 1
Link 2



During the download, rename Combofix to Combo-Fix as follows:





--------------------------------------------------------------------It is important you rename Combofix during the download, but not after.
Please do not rename Combofix to other names, but only to the one indicated.


-----------------------------------------------------------Double click on Combo-Fix.exe & follow the prompts.When finished, it will produce a report for you.
Please post the "C:\Combo-Fix.txt" for further review.
**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**


-----------------------------------------------------------
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictab... Read more

2 more replies
Answer Match 44.94%

Malware sucks. In the best-case scenario, it craps up your system with unwanted files and occasionally makes itself known in the form of a persistent pop-up window or annoying browser-based toolbar. In the worst-case scenario, malware completely takes over your desktop or laptop and ruins your life.

Your system slows it to a crawl. You can?t even boot into Windows in the time it takes you to walk to the kitchen and back. Your data gets sent off to a faraway Internet land or, worse, your actual keystrokes are recorded for some unsavory individual to see. Malware locks down you browser, making you unable to actually do any browsing without being carted off to some bogus domain. You can barely run a program in Windows without getting bombarded by fake advertisements, programs, and dancing people on your desktop.

We can?t make this stuff up.

So what?s a computer enthusiast to do? Step zero: Read this guide, because we?re going to walk you through all the key details you need to know to both rid your computer of this junk and keep it free of downloaded problems forevermore.



Read more at: Maximum PC | Scrub Your PC Clean: Remove Malware in Four Easy Steps

More replies
Answer Match 44.52%

A little background:
I have a Win98 system with 5 users. 6, if you count the default user (click on cancel at the Windows Login dialog box). When I found I was infected the other day, I manually cleaned up my PC while logged in as a user. Or so I thought. I then logged in under the users to make sure it was clean. I found other malware on these logins, and now the one I thought I had cleaned up is re-infected. Also, sometimes I get a lot of "rundll32 has performed an illegal operation" errors, sometimes I get none. Periodically, I restore rundll32.exe from the CAB files, which seems to help for awhile. But then it comes back. I am now trying to work through the guide before posting HijackThis logs.

Questions:
1. Do I have to go through the malware removal cycle (scan, post HijackThis logs, etc.) for each of these users?

2. Should the scans such as Ad-Aware, Spybot, SuperAntiSpyware, etc. be run all in safe mode, or logged in as a user?

3. Are the rundll32 errors caused by malware?

Thanks,

Tim

A:A Couple Or Three Easy General Questions Re: Malware Removal Process

I have already replied to you here. If you have additional questions related to the thread you already started, please confine them there. Posting a new thread for each question is confusing and makes it harder to provide the assistance you may need.Thanks for your cooperation. I am closing this thread.

1 more replies
Answer Match 44.1%

According to spy doctor free version i have Trojan.PWS.Tanspy in
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\currentversion\controlpanel\load


AVG Anti Virus found 2 other trojans which it cleared for me trojan.Pakes.edg and trojan.Agent.qt
Panda active scan logfile

Incident Status Location

Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Jay\Desktop\ComboFix.exe[ComboFixT\nircmd.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Jay\My Documents\Unzipped\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\nircmd.exe
Potentially unwanted tool:Application/Processor Not disinfected O:\Downloads\SDFix.exe[SDFix\apps\Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected O:\Downloads\SmitfraudFix.zip[SmitfraudFix/Process.exe]

AVG Anti spyware logfile

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 21:17:12 15/05/2007

+ Scan result:

C:\System Volume Information\_restore{0873BBAA-A75B-4D4F-906F-27CE12FE99B6}\RP83\A0024653.exe/keygen.exe -> Adware.Virtumonde : Ignored.
O:\System Volume Information\_restore{0873BBAA-A75B-4D4F-906F-27CE12FE99B6}\RP83\A0024625.exe/keygen.exe -> Adware.Virtumonde : Ignored.
O:\System Volume Information\_restore{0873BBAA-A75B-4D4F-906F-27CE12FE99B6}\RP86\A0024914... Read more

A:Help! Infected with Trojan.PWS.Tanspy (inc saved logs for easy diagnosis)

Sigh:

http://www.geekstogo.com/forum/Trojan-PWS-Tanspy-HJT-log-here-t158308.html
http://forums.spywareinfo.com/index.php?showtopic=99069
http://forum.malwareremoval.com/viewtopic.php?p=179043#179043
http://forums.spybot.info/showthread.php?p=86256#post86256

Moderators, please close this thread. Thanks.
 

2 more replies
Answer Match 44.1%

You log onto your computer and it takes forever to boot. When it finally does, a few unfamiliar applications litter your desktop, and your browser immediately sends you to an ad for hair loss products.

Sounds like your PC has a problem with malware.

So what should you do? Before you flip out, try these simple steps to clean up your infected computer.

Computer acting suspect? Do a little digging and check for symptoms.

Does your web browser freeze or become unresponsive?
Do you get redirected to web pages other than the ones you are trying to visit?
Are you bombarded with pop-up messages?
Does your computer run slower than usual?
Do you see new icons on your desktop that you don?t recognize?
These are just some of the issues that are characteristic of a malware infection. Unfortunately, even if you see nothing wrong with your computer, there may be trouble brewing under the surface, sneaking around and screwing with your files undetected. So here?s what to do:
Use protection: Enter safe mode.

Remove CDs and DVDs, and unplug USB drives from your computer. Then shut down.
When you restart, press the F8 key repeatedly. This should bring up the Advanced Boot Options menu.
Select Safe Mode with Networking and press Enter. Only the bare minimum programs and services are used in this mode. If any malware is programmed to automatically load when Windows starts, entering safe mode may block the attempt.

Back up your files, including documents, photos, and videos. Especially... Read more

A:10 easy steps to clean your infected computer (Malwarebytes articles)

Just for advertising purposes. The only advice that user should receive is from trained experts,malware nowadays is more complex
 

3 more replies
Answer Match 42%

Dear helper,

Am I infected ?? What should I do ?

Window XP, Internet Explorer 6, Sony VGN-SZ18GP laptop bought in 2006.

System crash last night, with rapid lost of hard-disc drive space (from 15 GB down to 100 Mb within 2 hours). Norton security (2006 version) & Internet explorer were busted afterward, was not able to run at all. The build-in system recovery programme was also affected.

Was forced to use back-up system recovery CD to restore the laptop back in its origin shipping state.

However afterward it is still not right. Installed McAfee (from my internet service provider) but the update function is not working - repeatly state that it can now update because I am not connect to the internet, when I'm actually conneted to your website typing this email right this moment. Also internet access to microsoft and all other common antivirus website (Norton, McAfee, AVG, Kaspersky, Avast, etc) are all block. Hence I can't even attempt to find out what happen to my laptop.

What virus have I been infected ? What programme should I use to remove the malware now that I cannot access to any of the antivirus website or microsoft website ?

Thank you

Jason

More replies
Answer Match 42%

Please reopen the case:http://www.bleepingcomputer.com/forums/t/278792/infected-by-various-malware-help/ Original message, posted on December 14, 2009:My computer is infected by malwares. Earlier I got help from bleepingcomputer staff under topic malware and has tried to use these software to clean my infected computer but still to no avail. The volunteer who helped me earlier asked me to use hijackthis and paste the logs on this forum.Malwarebytes Anti-Malware (v1.41)TFC by Old TimerKaspersky Virus Removal ToolEset Online Antiivirus Scanner.Kaspersky Online Virus Scanner.Sophos Anti-rootkitNorman Malware CleanerThe problems are:- When I use Internet Explorer or Mozilla, sometimes another window open automatically that mentions google hiring, websurvey, etc- When I use search engine to find something, I could not click the link to bring me to the shown result that I want, instead it brings me to an unfamiliar site. I have to copy and paste the web address to open it. If I click the link, sometimes it brings me to an anti-virus ad that force me to download the software (it would not allow me to close the browser) so I have to end the whole internet session forcefully.----------------------------------------------------------------------------------------------------------------------------------------------LOGFILE IS ATTACHEDLogfile of random's system information tool 1.06 (written by random/random)Run by USER1 at 2010-01-07 19:27:45Microsoft Windows XP Professional Service Pa... Read more

A:Closed TopicStart new topic > Infected by various malware. Help !!, Malware pop ups and could not open link from se...

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand cor... Read more

17 more replies
Answer Match 41.58%

I have run into a terrible problem and can no longer use my computer. It started a few days ago when I believe I was infected by malware...I noticed a program running in my task manager...one of those short 3 letter exe programs, so I decided to run malware bytes. Malware bytes succesfully found that program and I think called it a rootkit or something else. I chose to remove the found problems and then it asked me to restart. Following restart, I get a blue screen of death shortly after the windows XP title comes on. When I choose any of the options (Safe Mode, Safe mode with networking, Safe mode with command prompt, or normal windows) I always get the blue screen and cannot log into windows.

The error message reads:
A problem has been detected and windows has been shut down to prevent damage to your computer. If this is the first time you've seen this stop error screen restart your computer. If this screen appears again follow these steps: Check for viruses on your computer. Remove any newly installed hard drives or hard drive controllers. Check your hard drive to make sure it is properly configured and terminated. Run CHKDSK /F to check for hard drive corruption, and then restart your computer.

Technical Information:
STOP: 0x0000007B (0xBA4C7524, 0XC0000034, 0x00000000, 0x00000000)

So at this point I ordered startup/recovery CDs from dell. I am using a dell computer with OEM installed windows XP home edition. I got the recovery CD today, and can now boot from CD.... Read more

A:Blue screen after running malware bytes - infected with malware

Hello, lets see if we can find the cause of this problem. I will move this topic to the malware removal forum.Try this please. You will need a USB drive.Download GETxPUD.exe to the desktop of your clean computerRun GETxPUD.exeA new folder will appear on the desktop.Open the GETxPUD folder and click on the get&burn.batThe program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.Click on Start and follow the prompts to burn the image to a CD.Remove the USB & CD and insert it in the sick computerBoot the Sick computer with the CD you just burnedThe computer must be set to boot from the CDGently tap F12 and choose to boot from the CDFollow the promptsA Welcome to xPUD screen will appearPress FileExpand mntsda1,2...usually corresponds to your HDDsdb1 is likely your USBClick on the folder that represents your USB drive (sdb1 ?)Press Tool at the topChoose Open TerminalType the following and press enter:

dd if=/dev/sda of=mbr.bin bs=512 count=1

Press EnterAfter it has finished a file will be located on your USB drive named mbr.binRemove the USB drive and insert it back in your working computer and navigate to mbr.bin, zip it up and attach it to your next reply.This will allow me to have a look at the MasterBootRecord of your drive and see if it is infected.

4 more replies
Answer Match 41.58%

It is so similar to MaxGen's problem that I have used some of his description of what is happening to me(us).I got infected by a nasty malware while surfing the internet. popups were created immediately so I knew right away something was happening. I wasted no time in running Norton AV and Ad-aware. Norton says it had found and removed the problem (Trojan.Vundo and Trojan.Metajuan)and I should restart. But everything got worse after first restart. No programs wanted to work. I even tried to backup personal files to Cd/Dvd and Nero did not recognize my burner. Now my situation is:1. Even in safe mode, I cannot run any anti-spyware software: Spybot and Spyeraser do not show up even though they are seen running in windows task manager. Then the .exe application file will no longer work. When I tried to run them again, it will say "Windows cannot access he specified device, path, or file. You may not have the appropriate permission to access the item."2. Cannot connect to any website, it always shows trying to connect. (The connection itself shows OK). - I downloaded AVG after the first restart and it found and fixed 8 of 12 problems found. I rebooted and was then unable to get on internet and AVG does not work anymore. 3. Worst of all, I can't even post the HijackThis logs. It does not start - telling me I do not have permissionsLike MaxGen there could be other symptoms I have yet to discover. I too have never seen this kind of nasty stuff. Please help!... Read more

A:ME TOO!! Infected by extremley nasty malware, can't even run HJT, please help, Unknown malware, windows XP

If you cannot get DDS to work, please try this instead.Please download RSIT by random/random and save it to your Desktop.Note: You will need to run this tool while connected to the Internet so it can download HijackThis if it is not located on your system. If you get a warning from your firewall or other security programs regarding Rist attempting to contact the Internet, please allow the connection.Close all applications and windows so that you have nothing open and are at your Desktop.Double-click on RSIT.exe to start the program.If using Windows Vista, be sure to Run As Administrator.Click Continue after reading the disclaimer screen.Leave the drop down box set to default: "List/folders created or modified in the last 1 month (30 days).When the scan is complete, a text file named log.txt will automatically open in Notepad.Save the log file to your desktop and copy/paste the contents into a new topic in the HijackThis Logs and Malware Removal forum, NOT here.Important: Be sure to mention that you tried to follow the Prep Guide but were unable to get DDS to run.If RSIT did not work, then reply back here.

6 more replies
Answer Match 41.58%

Already did some scans with tdsskiller and hitmanpro and they detected Trojan-Spy.Win32.Zbot, Rootkit.Win32.PMax.gen, and rootkit boot.cidox.b, I'm not sure how this machine got so badly infected. The user may have opened a link or some file by accident.
 
The infected svchost.exe is causing the most problems, creating multiple various connections and slowing down the internet connection. Explorer.exe would also crash and would create connections as well. Internet explorer would pop up to back-linking websites.
 
No restore cd for this computer. Although I do have a copy of xp meant for dell machines and this is a dell.
 
Just need to know how i can stop the svchost.exe from creating connections.
 
dds attached

 dds1.txt   9.67KB
  1 downloads

A:Infected with mutliple malware, Cidox,Trojan-Spy.Win32.Zbot,Infected svchost.exe

Hello! Welcome to BleepingComputer Forums!
My name is Georgi and and I will be helping you with your computer problems.
Before we begin, please note the following:
I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
The logs can take some time to research, so please be patient with me.
Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
Instructions that I give are for your system only!
Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.
 
 
Please download Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your re... Read more

15 more replies
Answer Match 41.58%

I have a mild adware infection that is affecting every computer that goes through my network. Superantispyware can find and remove ONE file(no active, no registry) that is associated with this attack and the problem is resolved (ie. it does not come back unless i log into this particular network, it's still gone when I restart the computer, etc). The adware does not affect any of my cleaned computers unless I am logged into MY network. A clean load of windows XP with service packs loaded will immediately be infected on my network without so much as going anywhere aside from google.com.

As best I can tell my hijack this log is clean, but here it is for those of you who are far superior at this than I am. This is from the machine I am using which is currently infected.

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 10:43:09 AM, on 12/24/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\TrendMicro\HiJackThis\HiJ... Read more

More replies
Answer Match 41.58%

I was at a hotel a few weeks ago, and afterwards firefox kept redirecting me to ad sites. I ran Microsoft Security Essentials and detected and removed (partially?) a program called Nimda, but the redirects continued. None of my security software indicated any other problem, and the redirects seemed to be to fairly harmless sites, so I figured I'd wait for my programmer brother to get home for thanksgiving to fix the issue. Today, firefox redirected to a site with the words "please wait, loading." I immediately closed out but my computer was already infected. A program called "privacy.exe" in taskmanager started up- it's your typical faux-security program that prompts you to "clean your computer" presumably by downloading all kinds of other awful crap. This particular program kept closing down taskmanager after a couple seconds every time I tried to open it, automatically closed security essentials, closed all my other background programs, and wouldn't let me open hijackthis or firefox. I restarted in safe mode and ran security essentials, which found and removed something called "VirTool:JS/Obfuscator.CE," then restarted normally, but the situation hadn't changed. After some trying, I was able to open taskmanager and manually shut down "privacy.exe" before it shut me out, and that's as far as I've gotten. Keep in mind when reading my DDS log that I shut this program down already, because it prevents me ... Read more

A:Infected with unknown trojan/malware, has infected pc with rogue:win32/fakerean, VirTool:JS/Obfuscator.CE, and others so far

Hi,BitTorrentAbove listed ones are P2P file sharing programs. P2P downloads are nowadays one of those things that most likely bring infection into the system. My recommendation is to uninstall these (and other if present) P2P file sharing programs.Please visit this webpage for download links, and instructions for running ComboFix tool:http://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease ensure you read this guide carefully first.Please continue as follows:Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
Remember to re-enable them afterwards.

Click Yes to allow ComboFix to continue scanning for malware.When the tool is finished, it will produce a report for you. Please include the following reports for further review, and so we may continue cleansing the system:C:\ComboFix.txtNew dds log.A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

2 more replies
Answer Match 41.58%

Hello,

I was contacted by some friends last Sunday who said they received lots of wierd emails from my email account. The emails contained nothing but a link. I did not send any emails over the weekend so I don't know how this happened. This must be a virus, right? I noticed my antivirus (avast!) began (a few days back) blocking a couple of malwares when downloading emails to Outlook 2007 on my laptop. It identified a infection called "Win32-Malware-gen". It now does this everytime I try to download emails and I now have duplicate emails in my Inbox. My antivirus identified the infected emails having subject "DHL Express Delivery" or "FedEx Service Notification" and a document.zip attachment which I think contained document.exe if I'm reading the Avast! log correctly. I did not open any of these emails. The antivirus moved them to chest but it seems the problem wasn't resolved. I then get a microsoft message saying Outlook encountered a problem and cannot exit. It offers me an "End Now" button, but it seems to get into a loop and the whole scenario happens again whereby Outlook reloads and I get the malware messages again.

Another problem I noticed which might be connected is that in IE8, whenever I attempt to login to any site it blocks and reloads webpage with "This tab has been recovered - A problem with this website caused Internet Explorer to close and reopen tab" message. Then it asks me t... Read more

A:Infected with Win32-Malware-gen - Emails (Infected?) spammed from my email account to many recipients without my knowledge etc.

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

13 more replies
Answer Match 41.16%

 Hi all,
 
 I am Pousoidis and I would like to thank you for the services you provide. I am pretty sure that I have a virus in my laptop. My system is an Ideapad U410 with Intel® core ™ i5-3317u 1.70ghz, 8gb ram memory, 64 operating, with windows 7.
 
 At some point I could not click on my start menu button without windows explorer notifying me that it had stopped working and that it was checking for a solution to the problem. I went online trying to read about what I could do. Eventually, I restarted my pc with the option of cheking for disk errors and that seemed to fix the start menu problem; now the windows explorer does not crash. But after that I noticed that I could not open certain programs such as skype and picasa 3 (and μtorrent which since then it has been uninstalled from my pc).
 
 It is then that I became more suspicious and decided to download and run anti-malware programs such as mabm and spybot. None of these can install itself on my pc, always some error message such as "privileged instruction". Was not sure how to proceed from that, so i searched online and came across your site. Thank you again for your help. I apologize in advance, I am not really well versed in the ways of technology. I did run 1 system restore before I visited this site.
 
so I am copy pasting my dds files: 
 
Run by Pousoidis at 13:46:22 on 2014-02-20
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8053.5... Read more

A:Infected with some malware. Not allowed to install and run anti-malware.

Hello Pousoidis I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same... Read more

16 more replies
Answer Match 41.16%

Hello,

I have malware that prevents me from running anti-malware programs (unless their names are changed to aliases). It also makes its presence known when I am NOT connected to the Internet. In that instance, a message box informs me that "Generic Host Process for Win32 Services" is not working, and gives me the option of sending or not sending the relevant information.

I attach to this thread the "Attach" output from DDS and the .log file from GMER. Unfortunately, I was unable to save the Scan results from GMER in any format other than .log, and when I tried to use the "Copy" function within GMER, my machine froze.

I have also run (in safe mode) MBAM, SpybotSD, SUPERAntiSpyware and the Windows kb890830 malware-detection apps. The first three DID find infected files, which I removed/quarantined in each of the respective apps. Perhaps not surprisingly, the Windows malware detection scan did not pick up anything.

I apologise for the dreadful formatting of the GMER output; the .log file is (I hope) uploaded.

Kind regards,
Adam

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:58:53, on 04/10/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17080)
Boot mode: Safe mode

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINNT\Explo... Read more

A:Infected w/Malware that doesn't let you run anti-malware apps etc.

16 more replies
Answer Match 41.16%

Hello members (: Thanks in advance for helping me.
 
So, the first time I realised something was amiss was when searches in the Chrome Omnibar were redirecting to Yahoo. If I went to google.com to conduct a search, the ads at the top of the results page would flicker, and then seemed to change (font, size etc.).
 
I uninstalled and reinstalled Chrome, I signed out, I removed all my addons and extensions before reintroducing each one. I couldn't get to the root of the problem. After a quick search, it was suggested to use SpyHunter or Malwarebytes to resolve the problem. 
SpyHunter dropped a massive list of threats after scanning only 1%. When it finally finished, there were many Red Threats, but there was the stinger: I would have to pay for the advanced version, or a license, or whatever it wanted, before removing these threats. As a poor student, I turned to an alternative. That's where Malwarebytes came in. I did a scan, it found some problems and asked me to proceed, which I did, and it claimed the problem was fixed.
Certainly, Chrome doesn't redirect at the minute, but I managed to stop it redirecting it before now; only for it to start again. I ran another SpyHunter scan, and it found all the same threats as before, which, it would seem, Malwarebytes had missed. Now, I haven't bequest any windfall since yesterday, and still can't afford SpuHunter's ransom.
So far (6%), SpyHunter has found 216 threats including Blekko (192 infections), searchinternet-a.aka... Read more

A:Infected with Malware which redirects from omnibar, plus other found malware

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Click the LogFile button and the report will open in Notepad.IMPORTANTIf you click the Clean button all items listed in the report will be removed.If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Check off the element(s) you wish to keep.Click on the Clean button follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleanerCx.txt (x is a number).===Download the version of this tool for your operating system.Farbar Recovery Scan Tool (64 bit)Farbar Recovery Scan Tool (32 bit)and save it to a folder on your computer's Desktop.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first ti... Read more

2 more replies
Answer Match 41.16%

Hi, i got infected because i was triying to run malwarebytes and it skip the part of analising the files, it ended in arount 1 minute in a full scan, and i tried to download dr web cure it, and it dont allow me, the computer seems fine, but those things are very strange, and when i was running the scan i was in safe mode...
 
thanks for the help

A:Malware infected, malware removal tools useless

Greetings samidelcueva and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.If you would allow me to call you by your first name I would prefer to do that.===================================================Ground Rules:First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter pro... Read more

0 more replies
Answer Match 41.16%

Hi,My Dell Inspirion N400 notebook Running Windows 7 64 bit (Pro), [OS Version: 6.1.7601 ServicePack: 1.0] has become a playground of miscreants from four courners of earth and time is running out. It all started 2 months ago when I opened an email with title that my teenage daughter daughter sex video is on internet. I never would click such a link but it was forwarded by my mother so I was in distress, so I clicked a link in it. It was luckily daughter of someone else and not mine since I never been or had relations with anyone from Nigeria.But from that day slowly everything breaks. My virus killers (Kaspersky then Bit Defender, and Windows Defender and Titanium Trend Micro) get turned off or stop responding. Before I had 36 processes after starting up and now I have 60, and a half hour later over 100 processes that take 100% cpu, 100% of my 8gig memory, and 100% hard drive activity.I reinstalled operating system 3 times on C drive but I have on D drive all my things in storage and in matter of a day after reformatting C and reinstalling, the ghost in machine is back. I have sometimes 10-30 errors in my event logs on a good hour, and 2-3 critical errors every few days. My external monitor port on laptop stopped working, my network cable port (looks like telephone jack) stopped working and I use usb connection to adsl modem. My camera can not be found and is unknown device accepting no drivers but sometimes it turns on and looks at me.Criminal hacker gangs are locked in bat... Read more

A:Infected by 36 Viruses/Trojans/Malware - Infected My Professor

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

1 more replies
Answer Match 40.74%

Hi guys,

There is something that happens occasionally when I am typing. Whether in a text program or typing in a messagebox on a forum, it can happen.
Hope I can explain it clearly.
OK lets say I am typing a paragraph, and (I can't type properly, so once in a while my fingers stray to the wrong keys), so after I accidentally hit some key combination, the following happens:

If I go into the previously typed paragraph, and let's say I want to insert a word, when I type, the word will appear, but will not "move' the text over, it will overwrite it. Typing more will just overwrite whatever I have already typed.
I should be able to insert a word or any text in there and the previous text should move over.

I would have to start the page over again, and everything seems ok. I KNOW it is a key I hit accidentally, or a key combination. Otherwise, like typing here everything seems fine.

What could I be hitting that would cause the new text to overwrite the previous text?
Hope I have explained it well.
Thanks in advance, Gary.
 

A:Solved: Easy question, easy answer hopefully.

10 more replies
Answer Match 40.74%

Hiya,This computer started being very slow all of a sudden yesterday. And today, I have "Malware Defender" messages popping up at me. It's pretending to be AVG, which I do have installed, by using the same colored logo.After running RRT v4.8.0.3, got a message saying "system restrictions and/or r-media malware detected! RRT needs your urgent attention!" Yup.The DDS is pasted below, and I've attached the "Attach" file. Sure do appreciate your help! - Barbaraa.k.a. WidgetWomanDDS (Ver_09-03-16.01) - NTFSx86 Run by Owner at 22:03:05.60 on Tue 03/31/2009Internet Explorer: 7.0.5730.11Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.74 [GMT -4:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Google\Update\GoogleUpdate.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\WINDOWS\System32\Drivers\WTSRV.EXEC:\WINDOWS\Explorer.EXEC:\PROGRA~1\AVG\AVG8... Read more

A:Infected with Malware Defender (and r-media malware?)

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until ... Read more

2 more replies
Answer Match 40.32%

Hi!

I seem to have been infected with some particularly vicious malware..

I get a red bubble with a white 'x' on my taksbar. The message 'your computer is infected! WIndows has detected a spyware infection! Click here to protect your computer with spyware!'

Anti - Vir is going nuts over it (It keeps on picking up trojans and worms) Malwarebytes' Anti-Malware can't get rid of it, and neither can spybot. It has turned off Windows firewall and won't let me turn it back on.

I use Windows XP, have automatic updates turned on, am running SP2 and update Antivir, Spybot and Malwarebytes' Anti-Malware regularly.

It won't let me run ad-aware or spybot.

If you require any further information, let me know!

Many thanks in advance for any help you can give me

Rob



DDS (Ver_09-07-30.01) - NTFSx86
Run by admin at 11:14:16.37 on 02/09/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.1023.453 [GMT 1:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.ex... Read more

A:I'm Infected with 'Your computer is infected' taskbar malware

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

13 more replies
Answer Match 40.32%

Hello! I am posting because I have offered to clean up a computer for a coworker, and want to make sure I do a thorough job. So far, I have seen indications of at least 4 separate malware programs. The first was Antivirus 360, which I believe I deleted for the most part via manually removing the files and registry values. I have also seen VirusProtect 3.8 and 3.9, though I had no luck locating the files I was told to delete...so I am not sure if the infection is there or not. His computer already has "Verizon Internet Security" installed, and I used that for an initial scan to see what it found. I deleted what it found, though that was done in safe mode, before I deleted all the files manually for AV360. When I enable Verizon Internet Security, it pops up two warnings, which mention a file by the name of Trojan.Win32.Monderb.xgy, in the C:\WINDOWS\system32\ljJCvSiI.dll. I looked up that file, and saw it was connected with the "Vundo" virus...or something along those lines. His computer is not connected to the internet at the moment. I am using my laptop to access the net, and transferring files via a flash drive to his computer. I have scanned with DDS, and will provide the log. I also have HJT ready to run on his desktop, as well as ComboFix. Here is the DDS log: DDS (Ver_09-01-19.01) - NTFSx86 Run by HP_Administrator at 16:34:39.23 on Mon 01/26/2009Internet Explorer: 7.0.5730.13Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033... Read more

A:Computer Infected/Possibly Infected With Various Malware

Hi,Your system is severly infected. I can see more malware present than anything else... Problem with these infections nowadays is, it causes a lot of damage. Even if we clean the malware off your system, I can't guarantee that your system will be clean afterwards, because these infections/bundles leave a lot of leftovers behind that most scanners won't even recognise and logs won't show.Also, I can't promise you we can repair all the damage it caused... Even after cleaning the malware, you can still get errors afterwards because of the damage. Solving these is not always possible since it will be searching for a needle in a haystack to find the right cause and solution.So, we can try to clean this up and do what we can, but keep in mind that we can't solve ALL problems this malware already caused.In light of this it would be wise for you to back up any files and folders that you don't want to lose before we start. Reason I am telling this is because when a system is so terribly infected and we try to clean this up manually, the damage that is already present may interfere with our removal attempts. Actually, this doesn't suprise me at all...From the log I see:AV: Authentium Antivirus *On-access scanning enabled* (Outdated)AV: Verizon Internet Security Suite Anti-Virus *On-access scanning disabled* (Outdated)FW: Verizon Internet Security Suite Firewall *disabled*What's the point in having a security Suite / Antivirus present if it's outdated and disabled.Most probably the sub... Read more

7 more replies
Answer Match 40.32%

Hi,
 
I recently was infected by .scr virus from csgolounge, where a user posted a link to a knife "screenshot". I then clicked on the link assuming it was safe and it downloaded a .scr & ran it. It then started to control my mouse and attempted to access my gmail accounts for steam, to trade off my skins. Luckily my gmail was protected and stopped the person (russian ofc) from accessing my account. It did however get my passwords (quickly changed) and managed to send a trade offer to another account. However I had steam email confirmation security so nothing was taken. Here are the steps I took:
 
1. Deleted the .scr file
2. Changed passwords
3. Restarted (was still active, moving my mouse, typing etc.)
5. Turned my computer off, turned off my internet connection.
6. Restarted (without internet), no sign of it being active.
7. Ran antivirus (windows defender, full scan, didn't find anything)
9. Did a system restore
 
Even after these steps I'm still unsure whether i'm totally safe. It had a keylogger so i don't want to type any passwords etc. I don't know if it has infected any registry stuff or whether it is still present (defender didn't find anything).
 
Can anybody help me?
 
BTW I live in Australia (UTC/GMT +9:30), so I might be quite late with replies (1am here atm) etc. 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:26-08-2015
Ran by Kyle (administrator) on BELLABOO (27-08-2015 23:57:36)
Running from C:\Users\Ky... Read more

A:Infected with .scr & not sure if safe :(

Double post, sorry.

1 more replies
Answer Match 40.32%

Hi im new here. I recently downloaded a malware remover software. But im not installing it yet because im not sure if it is safe. The software is XoftSpy. Is it safe?

A:Malware remover Is this safe?

Rogue/Suspect Anti-Spyware Products & Web SitesThis is the listing to go by. XoftSpy was on the rogue list of spyware products. But has since been taken off. (Version 4.0 that is.)The info at this link could help you too. Bleeping Computer - Simple steps to keep your computer secure!The programs listed at the above link. Are used and recommended by many here. So there would be a lot of available help if needed.

4 more replies
Answer Match 40.32%

Sloppy admin work will render any OS vulnerable, Windows or not.A network of hijacked Linux servers is apparently being used to distribute malicious software to Windows PCs. According to an analysis by web developer Denis Sinegubko, the comprised systems all have one thing in common: the light weight web server nginx is running and serving content through port 8080. Otherwise, these systems are inconspicuous and appear to operate quite normally.Rest of the article: http://www.h-online.com/security/Botnet-di...s--/news/114225Thanks to Mikko Hypponen @ F-Secure for the link.

A:Think Linux is safe from malware? Think again.

That's just a super dumb admin on linux, not a linux vulnerability or a malware for linux.These linux servers were normal web servers running Apache at port 80. The admin of such web servers should be extra cautious. Bu here the hackers stole the root password(because it was saved it on hard disk), downloaded nginx source code, compiled and installed it. Then download no-ip client source, compiled and installed it. And the admin never noticed! What more, Apache was listening on port 80 so hackers made nginx listen on port 8080. This may require port forwarding in router!Analaysis : http://blog.unmaskparasites.com/2009/09/11...ie-web-servers/Its not a botnet : http://www.itworld.com/security/77499/first-linux-botnet

10 more replies
Answer Match 40.32%

By the way all...This forum is the best and I have read dozens and dozens looking for an answer.

I have had the virus for several days now. I cannot connect to the internet. Malwarebytes finds the same two hijackers everytime I get it to run. Most programs are disabled. I cannot restore because its switched off and switches its self off. No bootrescue disk will run. taskmanager is disabled and everytime malwarebytes runs it is disabled again on startup so I have to change it once more. Sometimes it takes half an hour to boot up so constantly resetting it is a nightmare. Windows defender is disabled since my genuine windows is now labelled a fake. I have scanned countless thousands of files looking for the virus. Deleted the same ones over and over again but nothing has worked. Is it time to boot and nuke, something else I found on a forum.
My computer expertise is very limited. I have tried all the things on every forum I have trawled through. My infection is total and nothing anybody else has done works.

A:Safe Mode Malware

Hello, first of all, could you post me an MBAM log so I can see what keeps getting detected?

1 more replies
Answer Match 39.9%

Safe Transactions with Infected PCs (2 web pages).

This is an interesting technology making its way to market. It is launching to 6 million customers of an undisclosed online broker in the near future.

The method is that it uses a rootkit to burrow into your OS - Windows only for now on IE and Firefox browsers, but they are working on Linux, Mac and Safari browser versions.

I am not sure that they can guarantee that their rootkit burrows deeper than any malware based rootkit (in order to provide the deepest protection as they seem to make in their claim).

On my WinXP Pro SP2 I used a free anti-keylogger that drilled into the system ahead of everything else (services) so that it was the first to execute before any system services. If they could do it - my assertion is that the malware authors can also - and the anti-keylogger was so proficient that I remember one member did not like it being so low-level and uninstalled it - but, it did its job very well.

The way I confirmed that the anti-keylogger was first to execute was a tool from Microsoft Technet SysInternals toolset here that listed the order of execution at boot time of system services.

As with any software, try it at your own risk - and if you do - please post your review in this thread.

-- Tom
 

A:Safe Transactions with Infected PCs

If my PC was infected, I wouldn't even risk it. I'd be using extremely personal details and I'd only enter them on a PC I know is clean.
 

1 more replies
Answer Match 39.9%

I've got a gig fixing a friend of a friend's laptop. It essentially won't boot. The laptop itself is like, God probably like 10 years old! Most likely has some form of virus or malware on it. (I'm ashamed to say my friends think they either "don't need AV," or "I can't afford [free] AV." )

Anyway, I was thinking to hot swap the hd into my rig, and scan it.
I'm running:
-full Webroot Internet Security Suite
-full Norton 360
-free Avast!
-free Avira

Obviously I won't be trying to boot from this drive until everything says it's ok. I did this last week without even thinking twice, with a different definitely-known-to-be-infected drive, and no real-time shields picked up anything. But really, how safe is this? Is it even possible for anything to try to start messing with me?

A:Hot-swapping infected hd: Is it safe?

FWIW: you might want to use one of those small <$20 external USB drive connectors that support the laptops drive and then run malware bytes and your AV against it.

I have done this and cleaned up drives without a lot of aggrivation.

rich

4 more replies
Answer Match 39.9%

http://threatpost.com/en_us/blogs/bbc-sites-serving-malware-021611
 

A:So you think big name sites are safe: BBC pushing malware

Thanks for the head up.!!!
 

2 more replies
Answer Match 39.9%

A friend of mine asked me to take a quick look at his computer just before he went on holiday as he has picked up a nasty little bit of malware. Bascily its locked us out of the computer completely. On boot up the system (Win XP) goes through all the normal things and we can see the desktop etc. but right at the end of the process we get a full screen with some guff about illegal activity being found etc. and to get it released then we have to pay Ģ100 using bitcash as a 'fine' to get it unlocked.

OK I thought just boot into safe mode and run the usual anti-vius, adware, or Spybot but it comes up even in safe mode. I cannot run any other program or get to the run command or anything as this programme just sites there. CTRL-ALT-DEL brings up the usual screen but if you try and run task manager it doesn't so its disabled that as well.

I tried booting into safe mode with command prompt but thta just hangs. Any ideas how I can stop this bloody thing loading or get to a point where I can access windows ?
 

A:Locked Out by Malware - even from safe mode

Hello shaygate,

Interesting one. I wonder if you can boot the machine from CD? If so try this:

Download Peazip to the desktop
Run and install the programme
As it installs this page will show, deselect the AVG ticks
Press decline and it will then install cleanly



Download the following files to the desktop .. Right click the links and select save as...then select desktop

Rufus

OTLPE_standard

Right click OTLPE on your desktop and select ..Open as archive


Select OTLPE standard



Click Extract, ensure that desktop is selected



Insert the USB stick Then run Rufus

Select the ISO file on the desktop via the ISO icon.

Press Start Burn
Once the USB has burnt then

Download Farbar Recovery Scan Tool and save it to the flash drive.

Reboot your infected system using the boot USB you just created.
Note : If you do not know how to set your computer to boot from USB follow the steps here
As the Programme needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads
Your system should now display a Reatogo desktop.
Locate the flash drive and run FSRT
The tool will start to run.

When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

 

1 more replies
Answer Match 39.9%

Thanks for helping....My Microsoft Security essentials found some malware earlier...and then a subsequent Malware bytes scan found some more including the first ones......at this point I would run Combofix...I am experienced IT and have used it before...but I have Windows 2008 server OS.  I am running MalwareBytes 2nd time and it hasn't found anything.  
MSE found:
1. Trojan:Peaac.gen!A!plock
2. TrojanDropper: Rovnix.P
3. Trojan: Rovnix
 
The capture file is screenshot of malware found
 
Logs:
 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-10-2015
Ran by jam (administrator) on JAKE (31-10-2015 14:58:34)
Running from D:\software\Utilities\virus\bleeping computer
Loaded Profiles: jam &  (Available Profiles: jam & ev & JakeBackup & Cate Pearson & UpdatusUser & Administrator & Classic .NET AppPool)
Platform: Windows Web Server 2008 R2 Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAP... Read more

A:Malware found earlier...just want to be safe

Okay never mind...I just restored a backup...but thanks for all the help!

2 more replies
Answer Match 39.9%

My computer suddenly ran slow, searched through the forum and downloaded Malwarebytes. Scan revealed 5 Trojans now quarantined. Computer now runs as before.

When my computer was running slow, it was opening windows by itself and downloaded and opened a pdf!

Is there anything else I should do now? Or is it safe to use?

Can I delete the quarantined files?

BTW, I run McAfee - should this have stopped the Trojans from attacking?

A:Malware quarantined - is my computer safe now?

There are some here who believe McAfee should itself be classified as a virus. You may wish to look into getting another AV.

What's the Best Anti-virus?

Since no program gets everything 100%, it would be best to follow up with other malware scanners such as AdwCleaner, TDSSKiller & Junkware Removal Tool.

Yes, you can delete the quarantined items. Be sure to make a restore point before running these just in case.

It would be a good idea to keep a careful eye on your system for the next several days. Malware doesn't like to be routed out & sometimes it's tough to get out all the way. It has a nasty habit of making a comeback sometimes.

3 more replies
Answer Match 39.9%

Please help!

I have a lot of problems here,
I had pop ups and scratchy noises when I moved my mouse and settings being changed around , Im using Malware bites, Super Antispyware and Spybot and nothing was detected, even in safe mode.
I did a Panda scan and it picked up a trojan and malware which Nod 32 did not, I can not remove Nod32 fully so I can not reinstall a new antivirus.
Thanks

A:no antiviruIn safe mode now with s and a lot of malware

try and get through this-

http://www.techsupportforum.com/secu...oval-help.html

1 more replies
Answer Match 39.48%

A few days ago, began experiencing slow ie explorer 7 issues-screen grayed out, links wouldn't work, etc. Ran usual anti-virus programs: eset, etc. Some showed no problem, others wouldn't finish running. I could not reboot in safe mode.  Can you help me? 

A:Virus/Malware-Won't boot in safe mode

Please download TDSSKiller from here and save it to your DesktopDoubleclick on TDSSKiller.exe to run the application, then click on Change parameters


Check Loaded Modules  and Detect TDLFS file system.  Do not check Verify file digital signatures (even though it is checked in the example)If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now


Click Start Scan and allow the scan process to run

If threats are detected select Skip for all of them unless I instruct you otherwiseClick Continue


Click Reboot computerPlease post the contents of  TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)in your reply===================================================aswMBR--------------------Download aswMBR and save it to your desktop.
Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.If you need help to disable your protection programs see here and here.Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.

When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.

Please post the contents of the log in your next reply.NOTE:  aswMBR will create M... Read more

45 more replies
Answer Match 39.48%

After downloading a program, AVG reported that it blocked an attempted attack and deleted the file. However, I started getting more AVG alerts. I ran Malwarebytes, but it crashed halfway (blue screen of death). When it restarted, I got to just before the login screen and it stopped with only the mouse on the screen. I rebooted into safe mode, and it worked, and ran Malwarebytes and Spybot, both of which removed multiple "threats". I also removed Windows Antivirus 2009 files and registry entries, but I still get browser redirects on Firefox. When I ran AVG, it froze my computer halfway through scanning an iTunes localization file. I ran Malwarebytes and it also froze halfway, though I don't know which file it got stuck on. Sybot, however, found nothing else. I still cannot boot normally, even if I only use services and programs used in safe mode through msconfig. I ran rootrepeal but it also gave me a blue screen, right after clicking "Scan". I ran HijackThis but I don't know if anything will show up because I can only run it in safe mode.

A:Unknown malware, only starts in safe mode

Hello fetchcomms,Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.Thanks,tea

3 more replies
Answer Match 39.48%

I am running XP-sp2.

I can't boot to normal mode. BSOD, message eds with:

*** STOP: 0x0000008E (0xc0000005, oxE1917B95, 0xBACEF350, 0x00000000)

When booted to safe mode there is a system try pop-up with various messages and larg poos with sypware warnngs, all directed to window-privacy-protection.com

I have tried spybot search and destroy several times and smitfraud fix several time. Same problem.

Any assistance will be appreciated.

A:Can Only Boot To Safe Mode - Malware Problem

Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen, click on the Show Results button t... Read more

5 more replies
Answer Match 39.48%

The following file was loaded while in safe mode, because the viruses I have do not allow notepad to open, presumably for this reason exactly. I could only get this information from hijackthis while in safe mode, and then they wouldn't let me on this website either (404 error), so I am on another computer right now so that I can access this website. Most websites related to tech support and anti-spyware software are blocked right now. Because its in safe mode, all of the information may not be there, but any suggestions are GREATLY appreciated.

Download the original attachment
Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 1:52:15 AM, on 5/20/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Safe mode


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\xwusuhzh.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...suk&channel=us

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Pa... Read more

A:Tons of malware, log booted in safe mode

Hello facepalm.jpg and welcome,

Considering the issues you stated, and the fact it has been a week since you first posted, please let me know if you still require assistance.

1 more replies
Answer Match 39.48%

Hi there,

I've had my attention drawn to my sister in laws computer that appears to be causing major problems. it won't open IE or FF but will run Chrome. when trying to place the computer into safe mode the power cuts and it reverts back to booting up. this happens at all versions of safe mode.

I've run an avast boot scan and found several files infected with Win32:rootkit-gen. I've also run malware antibytes with no luck. i'm out of ideas :S


DDS (Ver_2011-07-14.01) - NTFS_x86
Internet Explorer: 7.0.5730.13
Run by Kathrin Wallace at 20:24:21 on 2011-07-17
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.2039.1212 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImage\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenge... Read more

A:Unknown Malware preventing safe mode?

Hello and welcome to TSF Virus & Malware support. My name is Taylor and I'll be helping you with your fix.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

You may wish to subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please be patient with me during this time.

9 more replies
Answer Match 39.48%

A couple days ago my laptop, a 7 year old Compaq Presario X1030US, running WinXP, began restarting itself after about 1 to 2 minutes. It booted up normally and I could browse & check email as normal but after a couple minutes it would restart/reboot. Then I could browse & work for another 2 minutes. Restarted in Safe Mode and problem goes away (until I go back to regular mode). Here is my HJT log:Logfile created: 2/9/2011 14:34:05Ad-Aware version: 9.0.2Extended engine: 3Extended engine version: 3.1.2770User performing scan: Phillip*********************** Definitions database information ***********************Lavasoft definition file: 150.270Genotype definition file version: UnknownExtended engine definition file: 8364.0******************************** Scan results: *********************************Scan profile name: Smart Scan (ID: smart)Objects scanned: 29059Objects detected: 75Type Detected==========================Processes.......: 0Registry entries: 0Hostfile entries: 0Files...........: 0Folders.........: 0LSPs............: 0Cookies.........: 72Browser hijacks.: 0MRU objects.....: 0Uncategorized...: 3Removed items:Description: http://www.infospace.com/info/people.htm Family Name: Possible Browser Hijack attempt Engine: 1 Clean status: Success Item ID: 0 Family ID: 538Description: http://www.infospace.com/_1_4NH4UK702CMT5H4__info/wp/index.htm?ver=25809 Family Name: Possible Browser Hijack attempt Engine: 1 Clean s... Read more

A:Possible malware--continuous reboot--OK in Safe Mode

I started a thread at 7:44PM yesterday, for this problem, but I didn't include the requested files. I'm sorry about that. I reread the instructions and hopefully will include the correct files this time. You can look at that thread for extra, possibly helpful, info. Close it when you wish.I can log in and work/read email, etc, for a minute or two then sys. reboots/restarts. This started last week when I took the laptop (Compaq Presario running WinXP) with me on vacation. I can work forever in Safe Mode.Thanks,Phil
 ark.txt   959bytes
  5 downloadsDDS log:DDS (Ver_10-12-12.02) - NTFSx86 NETWORK Run by Phillip at 19:19:45.26 on Wed 02/09/2011Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1431 [GMT -10:00]AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Lavasoft\Ad-Aware\AAWTray.exeC:\WINDOWS\system32\NOTEPAD.EXEC:\WINDOWS\system32\NOTEPAD.EXEC:\WINDOW... Read more

4 more replies
Answer Match 39.48%

I was wondering if i run viruses in VMware Player 3.1.6 will it get to my host PC? Please answer.
 

A:VMware Player and malware. How do i make sure i am safe?

some time ago i was doing same thing in VMware, i had external hdd conected to WMware, and everything seem normal, run couple of malwares, some of them was detected by antivirus product, some of them was not, i was not paying much attention to that, and when i was done i shut WM off.. later i saw that, half of my external HDD was encrypted by "RSA_(cryptosystem)" and files were renamed to "_RECoVERY_+asljn" i was so angry at myself for not being aware that could happen
 

3 more replies
Answer Match 39.48%

Hi Folks, Yes I've got the privacy protection Malware, currently running windows XP on a dell laptop and I cannot start up in the safe mode, no Internet start up or execution of any programs allowed. Looks like I can strip documents & information off but thats about it. Can anyone share my options to cure this problem?

Thanks in advance - L

A:OK I've got the Privacy protect malware & no safe mode

Hello LarsLind,I moved this to Am I Infected.For the connection try these...Please click Start > Run, type inetcpl.cpl in the runbox and press enter.Click the Connections tab and click the LAN settings option.Verify if "Use a proxy..." is checked, if so, UNcheck it and click OK/OK to exit.Now check if the internet is working again.ORGo to Start ... Run and type in cmdA dos Window will appear.Type in the dos window: netsh winsock resetClick on the enter key.Reboot your system to complete the process..Please follow our Removal Guide here Remove Privacy Protection (Uninstall Guide) .After reading how the malware is misleading you ...You will move to the Automated Removal InstructionsAfter you completed that, post your scan log here,let me know how things are.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.Also the other tool log.. A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).Copy and paste the contents of that file in your next reply.

1 more replies
Answer Match 39.48%

Referred from here: http://www.bleepingcomputer.com/forums/t/275732/help-removing-proquotaexe-from-system-tray/ ~ OBGood Afternoon BC,I have just recently starting getting this issue where I can't update any programs that require internet access to reach their servers. Some programs I've tried are Malwarebytes, SuperAnti Spyware, Windows Defender and even games like World of Warcraft for any patches, etc. The last thing I did prior to this was tried cleaning some junk files using ATF Cleaner but I can't say for sure that's the reason this issue has appeared. I followed the steps shown in the Prep Guide and as requested I am providing you with the scannings log I took today. Appreciate any time you take to look into my situation. Many Thanks!DDS (Ver_09-12-01.01) - NTFSx86 Run by PC at 11:28:30.37 on Tue 12/15/2009Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_17Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2413 [GMT -5:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\WINDOWS\System32\svchost.exe -k HTTPFilterC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\IoctlSvc.exeC:\Program Files\Windows Defender\MSASCui.exeC:\WINDOWS\... Read more

A:Can only update in Safe Mode...is this a virus? malware?

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Answer Match 39.48%

I get BSOD when I attempt to boot into safe mode, but can boot into normal mode win xp. Stop code 0x0000000A (0xF799A354,0x000000FF,0x00000001,0x804E2E51). It always hangs up at drivers/mup.sys. I have not installed any new hardware or software other than suggested malware detectors and cleaners, along with new version of McAfee (which I uninstalled a couple of days ago) and Web Root Security Complete which I am running now.

I cleaned up various malware infections a couple of months ago which involved using safebootkey to access safe boot. Computer seemed to be normal then except was unable to boot into safe mode after cleanup. I then suffered another infection a couple of weeks ago which I cleaned up with MBAM but still unable to boot safe mode. A BC adviser had me send various logs and did some further cleaning with ComboFix and scripts, then declared me clean and suggested I post in Windows forum for help with safe boot problem (http://www.bleepingcomputer.com/forums/topic356014.html/page__pid__2000208#entry2000208).

I have used chkdsk and found no errors on boot disk. I am afraid to use MSCONFIG to force boot in safe mode for fear I will not be able to boot normally.

Any suggestions?

A:Can't boot safe mode after cleaning up malware

Where did you get malware removal assistance?

more replies
Answer Match 39.48%

Hello, I have scanned my systen with Malwarbytes anti-malware and I got a couple infections I was just cuious about what I should do about these?

Malwarebytes' Anti-Malware 1.41
Database version: 2905
Windows 5.1.2600 Service Pack 3

10/4/2009 11:58:06 AM
mbam-log-2009-10-04 (11-57-59).txt

Scan type: Quick Scan
Objects scanned: 54201
Time elapsed: 14 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\prodegetoolbar680.prodegetoolbar680 (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a057a204-bacc-4d26-b2fc-48f8ccab3ed4} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a057a204-bacc-4d26-b2fc-48f8ccab3ed4} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a057a204-bacc-4d26-b2fc-48f8ccab3ed4} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a057a204-bacc-4d26-b2fc-48f8ccab3ed5} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a057a204-bacc-4d26-b2fc-48f8ccab3ed6} (Trojan.BHO) -> No action... Read more

A:Malware detected some files.. Safe to remove?

When the scan is complete just de-select those items before you click on Remove AllIf you purchase Mbam you have the option to add it to an Ignore List

1 more replies
Answer Match 39.48%

Hi,
 
I use Avast but also Malwarebytes.
 
I read somewhere on the net that Avast quite like McShield malware remover (http://www.mcshield.net/) and that it works well in tandum with Avast.
 
However I would appreciate a response from you guys as to whether this is actually a good bit of kit (maybe even a new startup venture?) or whether it is just more malware advertising itself as something it is not.
 
Secondly, I am surprised it is using both a logo and name that looks similar to McAfee.
As I understand it there is a program within McAfee called McShield.exe and the http://www.mcshield.net/  download file is called McShield-setup.exe.  
 
So, I have not downloaded and installed it(even to try it out)  because I could see it maybe as a dubious program (there is no contact address) and maybe being difficult to distinguish between McAfee and McShield.
 
Their site is called http://www.mcshield.net/
 
I don't mind waiting a while for an accurate response, as I realise there may be lots of people suggesting that it is Malware and not to download, - but I would prefer to get your considered, professional opinion.
 
I could of course be completely wrong and it is a  good bit of kit.
 
Thanks
 
TH1

A:McShield malware remover.. (not McAfee)... is it safe?

Quote "MCShield is an antimalware program designed to prevent infections transmitted via removable drives. Lighter, smarter and faster than ever!"
 
Avast scans USB devices on attachment by default, so it would seem that MCShield is duplicating what Avast already does.  Whether MCShield is more effective I can't say as I haven't done any comparative testing.
 
It is interesting to note that a couple of contributors on the Avast forums who are advocating the use of this software are also listed as contributors to the development of MCShield.
 

5 more replies
Answer Match 39.48%

Hi guys, Not sure what happened here but basically all of a sudden i cannot run any spyware tools, i assumed this was some form of malware and tried to boot into safe mode, but this freezes while loading and wont continue. In addition i cannot install any other programs including Spybot S&D. There are also random issues when browsing, i am re-routed to various random sites when using search engines. For example everytime i click any link on Google i wind up somewhere totally different.I stupidly was running with no firewall or antivirus for a short period after a fresh XP install, hence this happening (doh!).Any advice for me?I can post a Hijack This log if it would help. ThanksEdit: Moved topic from XP to the more appropriate forum. ~ Animal

A:Cannot run safe mode or any spyware tools - Malware?

Hello,due to the issue with safe mode it is probably best to post the HJT log. go here HijackThis Logs and Virus/Trojan/Spyware/Malware Removal ,click New Topic,give it a relevant Title Gnd post that complete log.Let me know if it went OK.

2 more replies
Answer Match 39.48%

Hi. I just found out that I can?t boot the computer in safe mode. Pressing F8 won?t do anything, it just keeps running in Normal Mode. Windows itself seems to be running fine. I was hoping anyone could help me "decoding" this Hijackthis log, before I try anything harsher, such as reinstalling windows. Please help me on this one, if you see why I can?t enter Safe Mode andhow to repair it, let me know. Thanks, NikmarkLogfile of Trend Micro HijackThis v2.0.2Scan saved at 8:26:37 PM, on 10/26/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:D:\WINDOWS\System32\smss.exeD:\WINDOWS\system32\winlogon.exeD:\WINDOWS\system32\services.exeD:\WINDOWS\system32\lsass.exeD:\WINDOWS\system32\svchost.exeD:\WINDOWS\System32\svchost.exeD:\WINDOWS\system32\svchost.exeD:\WINDOWS\system32\spoolsv.exeD:\WINDOWS\Explorer.EXED:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeD:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exeD:\PROGRA~1\AVG\AVG8\avgwdsvc.exeD:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exeD:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exeD:\WINDOWS\system32\nvsvc32.exeD:\PRO... Read more

A:Cannot Enter Safe Mode, Suspicion Of Malware

Hello Nikmark and welcome to BC My name is SNOWHITE and I will be helping you with your Malware problem. Sorry for the late reply, but as you can see we handle more than our fair share of logs. If you still have problems please follow these steps :Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)Download gmer.zip and save to your desktop.alternate download site 1alternate download site 2Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.When you have done this, disconnect from the Internet and close all running programs.
There is a small chance this application may crash your computer so save any work you have open.Double-click on Gmer.exe to start the program.Allow the gmer.sys driver to load if asked.If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.Click on "Settings", then check the first five settings:
*System Protection and Tracing
*Processes
*Save created processes to the log
*Drivers
*Save loaded drivers to the logYou will be prompted to restart your computer. Please do so.Run Gmer again and click on the Rootkit tab.Look at the right hand side (... Read more

11 more replies
Answer Match 39.48%

My parents have the OpenCloud Malware on their computer:
http://www.bleepingcomputer.com/virus-removal/remove-opencloud-security

However, when they try to load into Safe Mode they get a BSOD.

I've found a few threads of other people getting BSODs when trying to load into Safe Mode with the OpenCloud Malware.

Any tips for getting past the BSOD to run the linked instructions?

A:BSOD on Safe Mode - OpenCloud Malware

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.Orange Blossom

22 more replies
Answer Match 39.48%

Hi, I was told that I should run my anti spyware etc.. in safe mode as it will be more effective. I tried with spybot and it found nothing new, so I was just wondering if I should use safe mode regularly, or only use it for stubborn malware as I see threads recommending it for specific problems.

I would be grateful for any advice

cheers.
 

A:Solved: malware removal in safe mode

7 more replies
Answer Match 39.48%

Didn't find bad drivers preventing safe boot so I'm back here hoping to find cause. Below is link to thread in XP forum:

http://www.bleepingcomputer.com/forums/topic359879.html/page__st__60__gopid__2082635#entry2082635

NTBTlog is last entry in that thread.

A:More can't boot safe mode after malware cleanup

For reference, previous topics, same issue faced by jstacer:Posted 11 September 2010 - 10:38 AM .... boopmehttp://www.bleepingcomputer.com/forums/topic346542.htmlPosted 19 October 2010 - 04:06 AM ...... boopme & Didier Stevenshttp://www.bleepingcomputer.com/forums/topic354506.htmlPosted 25 October 2010 - 06:18 AM .... myrti http://www.bleepingcomputer.com/forums/topic356014.htmlCan't boot safe mode after cleaning up malwarePosted 12 November 2010 - 05:18 AM ... in XP forum ... cryptodan & AustrAlienhttp://www.bleepingcomputer.com/forums/topic359879.html***************************Please do the following: Empty your temp folders using TFC (Temporary File Cleaner) in Safe ModePlease download TFC by Old Timer and save it to your desktop.
alternate download linkRun TFC:
Save any unsaved work. (TFC will close ALL open programs including your browser!)Double-click on TFC.exe to run it. (If you are using Vista, right-click on the file and choose "Run As Administrator".)Click the Start button to begin the cleaning process and let it run uninterrupted to completion.Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway allowing Windows to load normally to ensure a complete clean. Scan with SUPERAntiSpyware <<< I am assuming that SAS is still installed on your machineOpen SAS and update the definitions before scanning by selecting "Check for Updates".
(If you encounter any ... Read more

9 more replies
Answer Match 39.48%

About 2 months ago I switched my laptop from Vista to XP and went to update my display drivers today from what turned out to be an untrustworthy site and was just overrun with malware. Never dealt with anything this over the top. I have symantec endpoint that has caught and supposedly removed several viruses. I have run spybot, superantispyware, malwarebytes anti-spyware all several times and they all supposedly remove everything everytime, but I will immediately scan after the last scan completes and the same viruses pop up.

I've tried launching in safe mode to try an wipe them out that way, but it won't let me. It just reboots when it should be loading. I've tried last known good configuration to no avail. Similar to when i try to run in safe mode. Any help or ideas at this point would be greatly appreciated. It's a personal laptop, but I use it for work and have a lot of info on here I really can't afford to lose at this point...so please, help!

More replies
Answer Match 39.48%

So I misclicked an ad window last night and hit a .pdf archive that installed all kinds of joy onto my machine. I've since used Hijack This and Combofix to purge the malware (turned off system restore, ran it all through, etc, etc), and everything seems normal. AVG picked up the downloaders well before I ran Combofix, and all functionality is restored (automatic update functions again, no idiotic windows popping up every minute or so, etc). However, all said and done I'm now a bit paranoid. Can I get a second opinion on this logfile while I make my tinfoil hat and such?Thanks a ton for your site, btw. Saved my grad school homework and my contract work. Do you accept donations, of either cash or alcohol? Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:50:40 AM, on 2/2/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exeC:\WINDOWS\... Read more

A:Used Combofix for a malware clean, need to make sure I'm safe

I've also attached the combofix log file. Malware/antivirus/etc. has found nothing but I'm still paranoid.

7 more replies
Answer Match 39.48%

I have been dealing with what i think is a Malware issue.  I have not been allowed to get into the Windows 7 most of the time.  It has taken me through Startup Repair and i had no luck with it.  Once on the windows, i try to click on anything, it just spins. 
 
Can someone help?
 
I have run Farbar Recovery Scan software and got the following:
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-01-2014
Ran by SYSTEM on MININT-JG79J06 on 03-01-2014 18:44:12
Running from G:\
WIN_7 (X64) OS Language: English(US)
Boot Mode: Recovery
Attention: Could not load system hive.
Attention: System hive is missing.
==================== Registry (Whitelisted) ==================
ATTENTION: Software hive is missing.
ATTENTION: Software hive is not loaded.
HKLM\...\Winlogon: [Userinit]
HKLM-x32\...\Winlogon: [Userinit]  [x]
HKLM\...\Winlogon: [Shell]  [ ] () <=== ATTENTION
HKLM-x32\...\Winlogon: [Shell]  [ ] () <=== ATTENTION
HKLM\...\InprocServer32: [Default-wbemess]  ATTENTION! ====> ZeroAccess?
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox]  ATTENTION! ====> ZeroAccess?
==================== Services (Whitelisted) =================
==================== Drivers (Whitelisted) ====================
========================== Drivers MD5 =======================
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
=========... Read more

A:Boot Loop, no safe mode - Malware or something

Did i not do this correctly?

45 more replies
Answer Match 39.48%

My Windows XP laptop seems to be infected with malware and a possible rootkit at this point.First noticed the issue when the machine wouldn't boot up to the login screen.Went to safe mode and ran AVG. Didn't find anything. Ran superantispyware, and was able to update it(unlike avg which doesn't update from safe mode) but it found nil as well.Booted to safe mode with networking and noticed trying to go to google brought up 'kevinsmoneytree'. (frack you kevin)ok, sufficiently freaked out at this point. Manually cut off networking by switching off the wifi hardware button.Ran task manager but didn't see anything weird. I'm worried about my data now so I pull out the external hard drive.Windows backup doesn't work in safe mode. OK, so I manually start copying stuff to the external drive. I notice a folderI haven't seen before. c:\windows\pchealth . Explorer doesn't show much in it but I'm not trusting explorer at this point.I run cmd and drill down into a few of the pchealth folders and there are tons and tons of files in there (xml files). It's got a binaries folder with a dll in it. I finish copying critical files and unplug the external drive. I try to delete the pchealth folder but I cannot,something has the dll loaded. I run process explorer and search for the dll, pchsvc.dll. I find it running in a services.exe process. I kill that process, computer bluescreens. Cr*p. I boot from a XP CD into sys... Read more

A:PC Health malware or ? can only boot to safe mode

bump

1 more replies
Answer Match 39.48%

Hi. I just found out that I can?t boot the computer in safe mode. Pressing F8 won?t do anything, it just keeps running in Normal Mode. Windows itself seems to be running fine. I?ve already uninstalled Nero InCD as I read it might have interfered with the booting process. It didnt work. I have Norton Internet Security, Lavasoft Software, Unhackme, running and they don?t detect anything. I was hoping anyone could help me "decoding" this Hijackthis log, before I try anything harsher, such as reinstalling windows. Please help me on this one, if you see why I can?t enter Safe Mode andhow to repair it, let me know. Thanx in advance PauloLogfile of Trend Micro HijackThis v2.0.2Scan saved at 19:01:01, on 18-07-2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Programas\Ficheiros comuns\Symantec Shared\ccProxy.exeC:\Programas\Ficheiros comuns\Symantec Shared\ccSetMgr.exeC:\Programas\Norton Internet Security\ISSVC.exeC:\Programas\Ficheiros comuns\Symantec Shared ... Read more

A:Cannot Enter Safe Mode, Suspicion Of Malware.can You Please Help?

Hello HellsBells81We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. We aim to provide the valuable service known to come from BC to every member we can, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay. Please download Deckard's System Scanner (DSS) and save to your Desktop.alternate download siteDSS will do the following:Create a new System Restore point in Windows XP and Vista.Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.Check some important areas of your system and produce a report for an analyst to review.Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.You must be logged onto an account with administrator privilege... Read more

3 more replies
Answer Match 39.48%

Hi guys, I'm a long time lurker, first time poster. I've found the forums to be extremely informative here for a very long time and I appreciate everything you guys do.

Neither windows nor safe mode load up after a severe malware infection on a Windows XP SP3 pc.

Unfortunately, I am unable to run any apps in the "Read this first" thread because of this issue.

This occurred on my friend's computer and she asked me to fix it for her; usually I'm good with this, but this issue has me stumped.

- She was browsing a website (she doesn't remember which) when she suddenly got pop-ups and program installation notifications; the classic sign of a malware infection. Unfortunately, she either clicked "OK" on these pop-ups or clicked the X icons in them.
- She was notified that one or maybe two "Anti Virus" programs had been installed in her computer. She went into Add/Remove Programs and uninstalled these two new entries.
- When she rebooted her computer, she got a Windows Stop Error/BSOD just after the normal Windows XP loading screen.
- When she tried to log into "Last known settings that worked" or "Safe mode", these give her BSODs as well.

Here are the Stop Errors:

When trying to log onto Windows XP normally and "Last known good configuration":
(Windows XP screen and loading bar show for a few seconds, and then...)

Quote:




A problem has been detected and windows has been shut do... Read more

A:No safe mode or windows after malware infection

Bumping for reply.

Additional/revised details;

- The infection started while she was browsing Encyclopedia Dramatica.
- While the infection was saturating her desktop with pop-up windows, her desktop became a red screen (all desktop icons were gone), her taskbar was still present but the infection presented itself as a new icon on the taskbar (a red shield).
- During this process, she attempted to run a legitimate anti-malware program (probably Malware Bytes' Anti-Malware) which detected several infected entries.
- The malware pop-ups were covering her entire screen so she was forced to click into one of the windows to try to move it which asked her to reboot her system.....the rest is history. :(

After that point, she's been unable to access her desktop or safe mode and the Stop Errors are as detailed above.

She needs access to her computer ASAP so the sooner we can get it basic shape the better...

1 more replies
Answer Match 39.48%

I noticed b.exe some time ago would give me these random pop ups with audio. I would just sendthe process putting off a malwarebytes run until I "had time". Finally a few days ago, my entire computer shut down. Program by program. I have not been able to boot into Normal mode since. When I try, I get the black screen. I can boot into safe mode but not with networking as I cannot connect online. I am using another computer to download the things I need to a zip drive and implementing them to the affected computer.

I am a graphic designer and I absolutely must get rid of this virus as it is tremendously slowing down my productivity.

I have read a lot of posts but as instructed by the help forum, I didn't want to take any of the advice given to a specific person.

I have run the dds and have my two logs. I couldn't however run the gmer, it is just unresponsive on my computer as is the ability to run malwarebytes or anything that appears to try to fix the problem.

ANY help is greatly appreciated.

A:Malware (b.exe)- Can't Run Malwarebytes - Can only boot in Safe Mode

hi and welcome to TSF your first stop should be our security forum where a trained analyst can take you through the removal of your virus http://www.techsupportforum.com/f50/...lp-305963.html

4 more replies
Answer Match 39.48%

Hello my name is Austin,
 
As many other posters this past month, my father recently got infected with the Antivirus Security Pro Malware. I built this computer 8 months ago for my father, so I'm almost responsible for anything wrong with it. I'm a novice at most programming lingo, but I am really good at following processes, as it's what I do for a living. I WILL be donating to the person helping, my father needs his computer to do work this weekend. So before we start this process, I want to say "Thank You" in advance.
 
Any way, I tried doing the bleepingcomputer.com solution for the malware, but I have not been able to enter safe mode (shuts down soon after log in).
 
I read a post today on the first step of run the frst.exe file in the infected computer. Please let me know if you prefer for me to paste the report results within my post or attach the file. Here are the text results:
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by SYSTEM on MININT-IPBE6V6 on 18-10-2013 17:10:41
Running from H:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [MSC] - "C:\Program Files\Microsoft Security Client\msse... Read more

A:Antivirus Security Pro Malware - No Safe Mode

Justsalsa,
 
 
to BC Forums!!
 
Thanks for the FRST report. I am presuming it was run from a USB pen drive.
 
Let's see if the following works for you to remove the Antivirus Security Pro Malware ...

  Please open Notepad (Start > All Programs > Accessories > Notepad)
Copy the entire contents of the code box below
Save it to the USB pen drive, and name it: fixlist.txt
 
start
HKLM\...\Run: [MSC] - "C:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey
HKLM-x32\...\Run: [] - [x]
S2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{c2c37fed-cd7d-2662-80ff-1651ebb34c7f}\   \...\???\{c2c37fed-cd7d-2662-80ff-1651ebb34c7f}\GoogleUpdate.exe"
C:\Users\RichardRice\AppData\Local\Google\Desktop\Install
C:\Program Files (x86)\Google\Desktop\Install
C:\ProgramData\pvqdkqkjvbllroblbxh.reg
end

Once again, run FRST64 as you did before.
When the tool opens click Yes to disclaimer.
Now, press the Fix button, just once, and wait.
 
When done, FRST produces Fixlog.txt on the USB pen drive.
 
>> Please provide the Fixlog.txt on your reply.
 
 
  If (which I doubt) the computer is still under the 'spell' of the Antivirus Security Pro Malware, look for its shortcut on your Desktop .
Next, go to Control Panel > Folder Options
Click the View tab
Select/check: Show hidden files, folders and drives
Click: Apply > OK
 
Right click on the Antivirus Security Pro icon on... Read more

3 more replies
Answer Match 39.48%

I get BSOD when I attempt to boot into safe mode, but can boot into normal mode win xp. Stop code 0x0000000A

DDS (Ver_10-10-21.02) - FAT32x86
Run by John Stacer at 13:54:51.26 on Sun 10/24/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1279.769 [GMT -5:00]

AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

D:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
D:\WINDOWS\System32\svchost.exe -k netsvcs
D:\Program Files\Ahead\InCD\InCDsrv.exe
D:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
SVCHOST.EXE
SVCHOST.EXE
D:\WINDOWS\system32\spoolsv.exe
SVCHOST.EXE
D:\WINDOWS\Explorer.EXE
D:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\WINDOWS\system32\cisvc.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\WINDOWS\system32\LxrJD31s.exe
D:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\WINDOWS\system32\mfevtps.exe
D:\WINDOWS\sy... Read more

A:Can't boot in safe mode after removing malware

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:

msconfig
safebootminimal
activex
drivers32
netsvcs
%SYSTEMDRIVE%\*.exe
/m... Read more

28 more replies
Answer Match 39.48%

i was previously working with BOOPME in another forum in trying to clear up an infected PC. The post is called (AntiSpy2011Setup(4).exe - TR/Vilsel.badd and Java/Exdoer.BJ). I followed all of the steps i was asked to do but it seems to have only made the situation worse. Initially I could boot up the computer and run the internet but any attempt at running AV software failed. The virus would block any attempts to update my AV apps and if i attempted to run the AVs the virus would terminate the scan and power down my laptop. That was 2 days ago. Right now i'm at a point where I can only boot up in safe mode. If i try to boot in normal mode i get a black screen and a little scroll bar at the bottom the page. My O/S is Vista SP2. I can access the internet. I was asked to run Old timer and post the logs here.********here is OTL**************OTL logfile created on: 5/11/2011 11:08:33 PM - Run 1OTL by OldTimer - Version 3.2.22.3 Folder = G:\64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstationInternet Explorer (Version = 7.0.6002.18005)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 82.00% Memory free8.00 Gb Paging File | 7.00 Gb Available in Paging File | 93.00% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C: ... Read more

A:malware only allowing boot up in safe mode

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Please take note:If you have since resolved the original problem you were having, we would appreciate you letting us know. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available.If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply'... Read more

2 more replies
Answer Match 39.48%

I stream on twitch, and I see a lot of people get hacked and curious if there's anything else I can do?
 
My kaspersky will run out soon, and I'm debating if it's worth paying for or should just use a free anti-virus.
 
Thanks

A:I use kaspersky/malware bytes...anything else I should do to stay safe?

Here are a few articles to read: (none made by me)
An anti-virus program alone does not provide comprehensive protection and cannot prevent, detect and remove all threats at any given time. Anti-virus and anti-malware programs each perform different tasks as it relates to computer security and threat detection. Essentially, they look for and remove different types of malicious threats. However, there can be some overlap in functionality and detection features depending on the program's scanning engine, how the vendor defines a specific threat and what Naming Standards are used. Anti-virus software is inherently reactive...meaning it usually finds malware after a computer has been infected. The security community is in a constant state of change as new infections appear and it takes time for them to be reported, samples collected, analyzed, and tested by anti-virus researchers before they can add a new threat to database definitions. Further, if you're dealing with zero-day malware it's unlikely the anti-virus is going to detect anything.
Antivirus Isn't Dead, It Just Can't Keep Up
How useful is antivirus software?
Symantec Says “Antivirus Software Is Dead”
Is anti-virus software obsolete?
Anti-virus software is just not enough anymore
Why Antivirus Is Not Enough
Antivirus is a good start. But it’s not enough.
In simplistic terms, Anti-virus programs generally scan for infectious malware which includes viruses, worms, Trojans, rootkis and bots.Anti-malware pr... Read more

4 more replies
Answer Match 39.48%

I have a dell laptop the is infected with the ukash malware.
Only boots up to a rcmp (police) screen saying that it needs me to pay to unlock the computer.
I am unable to boot into safe mode, needs password that I don't have, this is in the computer not caused by ukash.
I have removed the hard drive and have connected it to my desktop computer via a sata to usb connector.
My thought was to work on the hard drive from my desktop.
I am unable to access the drive, it says that it needs to format the drive.
 

More replies
Answer Match 39.48%

HI,

I can't restart in safe mode. I know that I have malware/spyware. It appears as 3 icons on my desktop Error Cleaner, Privacy Protector and Spyware Protection - all with the url /shandler.php?id=502&aid=138&pn=5&sand=0&sg=2.

Does anyone know what files I must specfically look for in the registry to remove this trojan?

Thanks in advance.

A:Malware, Spyware - Can't Restart In Safe Mode

Some types of malware can delete or alter the safeboot key in the registry resulting in the inability to reboot into safe mode.Go to Start ? Run and type: regeditClick OK.On the left side, click to highlight My Computer at the top.Go up to File ? Export Make sure in that window there is a tick next to "All" under Export Branch.
Leave the "Save As Type" as "Registration Files".
Under "Filename" put RegBackup.Choose to save it to C:\Click save and then go to File ? Exit.Download SafeBootKeyRepair.exe by sUBs and save to your desktop.Double-click on it and follow the instructions.When finished, reboot and see if you can access safe mode.Then, if your using Win XP or 2000, do this:Please print out and follow the generic instructions for using "SmitfraudFix". Make sure you scroll down to Clean and perform the steps where you reboot in "Safe Mode" and run option #2.-- If you have downloaded SmitfraudFix previously, please delete that version and download it again as the tool is frequently updated!-- If the tool fails to launch from the Desktop, please move smitfraudFix.exe to the root of the system drive (usually C:\), and run it from there.If you still cannot use safe mode, then run the tool in normal mode.Please download RogueRemover and save to you Desktop. (compatible with Windows 2000, NT, XP, Vista)Double-click on rr-free-setup.exe to install in C:\Program Files\RogueRemover and follow the pro... Read more

7 more replies
Answer Match 39.48%

I would be very grateful for some help sorting out a friend's PC please.

I've read the First Steps page but cannot carry out all of the suggested scans.

When I boot the PC normally, it works very slowly loading XP Home, then suddenly reboots itself before getting to the login screen. I discovered that it will run in Safe Mode with Networking and I'm using it now to create this thread!

I've run dds.scr and the scan result is pasted below. (Attach.txt is included here in a zipped file). When I try to run GMER nothing happens. The egg timer appears for a few seconds but nothing more. I have downloaded SPTDinst-v162-x86.exe. Executing this file results in a popup stating "No SPTD version was detected". The Uninstall button was greyed-out but the Install button looked inviting, so I clicked it and was prompted to re-start Windows. I restarted XP in Safe Mode and it appeared to load SPTD.sys.

Before looking at this forum I was going to attempt a Windows re-install and backed up My Documents onto a USB memory stick, which I then scanned with Avira on a another laptop. This revealed 16 music files, which had been downloaded with Limewire (I presume), all containing the same virus - EXP/ASF.GetCodec.Gen. I've uninstalled LimeWire now.

I have tried to install Avira AntiVir Personal (in Safe Mode) but, after extracting a load of files to a Temp folder, it gets part way through 'Preparing Installation...' then crashes(?).

I don't know what to try n... Read more

A:Infected PC only works in Safe mode - Help please

Please close this thread - I have wiped the system and re-installed XP. It seemed like the smartest thing to do...

1 more replies
Answer Match 39.48%

(See attached)

My Firefox download progress bar has decided to take a dislike to MGlogs.zip from the malware forum.
How can I sort this out please? So sick of software thinking it's being 'useful' !
 

A:Something Deciding Safe Files Are Infected...

That could be Firefox' baked-in Google Safe Browsing/Phishing Protection (or w/e its called now), see if you can find a likely pref from this page to add/modify from about:config: https://wiki.mozilla.org/Safe_Browsing
 

1 more replies
Answer Match 39.48%

I have an infection in my DropBox.
I am hoping i disconnected before it got to my local box, but cannot tell because, I logged off/shutdown the system.
Windows 7, booting up, trying to go into Safe Mode, with networking.
As soon as it comes up, I try to log in (Still disconnected from the network, and it reboots the system.
Is this something new, or maybe unrelated?

A:Lucky Infected and No Safe Mode now?

Welcome to BC...
 
This is the second time this week that someone has posted not being able to boot into safe mode. Please
start a new topic in the Malware Removal forum and let the pros see if it is a new malware or just a coincidence.
 
Please follow the instructions in the Malware Removal and Log Section Preparation Guide starting at Step 6.
If you cannot complete a step, then skip it and continue with the next.
In Step 6 there are instructions for downloading and running FRST which will create two logs.
When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.Start a new topic, give it a relevant title and post your log(s) along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. If you cannot produce any of the required logs...start the new topic anyway. Explain that you followed the Prep. Guide, were unable to create the logs, and describe what happened when you tried to create them. A member of the Malware Removal Team will walk you through, step by step, on how to clean your computer.
After doing this, please reply back in this thread with a link to the new topic so we can close this one.
 
DO NOT bump your new topic. Wait for a response from one of the Team Members.

1 more replies
Answer Match 39.48%

Hi, last fri I received an email via my yahoo account from UPS ( which I now now is not). I think this is a nasty virus has worms too.Avira scanned the file before I unzipped it, I did not get any warning, even though I had updated avira files before, then it went spirling downhill!!I had so many windows opening up, I immediately disconnected from the net then proceded to virus scan with Avira. At the end of the scan, it could not help as it was infected. I could not open the report, even though there were warnings.I tried Spybot scan which found a majority of problems which I allowed the fix. I did not think it wise to go on the net as I kept getting Internet Explorer pages opening up.All during this time I was getting Norton virus updates and warnings - I dont have nortons so ignored them and did not open any of the files. Just closed at the X them and made sure i was disconnected from net.After spybot cleaned up, I used ATF to clean my temp files and then turned off and re-started.Since then I can not log on to windows, even in safe mode and adminstrator. I tried and logging on a number of times in a variety of ways but it keeps logging me out. I am not getting past the log on page.I cannot seem to get into windows and think I must have messed up somewhere. I have my external drive plugged in and was about to back up my monthly documents but decided to reply to my emails before! Hence now cannot access anything. I have spent the weekend reading forums and page... Read more

A:infected with UPS virus. Cannot log on even in safe mode

I tried ... logging on a number of times in a variety of ways but it keeps logging me out. I am not getting past the log on page.I have spent the weekend reading forums and pages and pages of advise. I read this forum thread as well as thread: http://thinkinginpixels.com/quick-fixes/fi...onlog-off-loop/I really need my documents and cannot afford to loose them as there are files I need to send to my mortgage lender asap.mandyRe: LogOn/LogOff LoopGo ahead with the thinkinginpixels instructions: That is your best chance to get back in to Windows. It will take several hours to complete, and you should then be able to use Windows and retrieve the documents that you need. The instructions provide a series of logical steps that are relatively easy to follow and should lead to a positive result. Any problems, let us knowShould that fail (unlikely) we can help you get those documents by another means.Let us know how you are getting on.'Alien

81 more replies
Answer Match 39.48%

Hi, I had McAfee running and it found a trojan, so i removed it right? For some odd reason my PC restarted(blue screen of death, something about memory) Every time i try to boot normally it gives me the blue screen. so now im in safe mode typing this. I've done multiple full scans on Mcafee and it still says one or more errors could not be fixed because of an error. anyways it been like this all day. I just downloaded avast version 4.8 and currently scanning my system. Any suggestions of help? I'd rather not delete the entire contents of my hard drive and reinstall vista.

I tried downloading Malwarebytes but when i try to run it, it won't open.

Edit 1-avast! Virus Cleaner Tool - version 1.0.211 Ansi

Edit 2- Currently scanning with AVG 8.5 Free Trial Safe Mode

Edit-3 It seems that AVG has cleaned my computer right, i can now boot up normally and my mcafee says im secure.tt

Edit-4 Mcafee is on overload again, my computer got blue screen again. and i am currently scanning with mcafee.

Edit-5 Mcafee has been uninstalled by me and now running avg once more

A:Help, infected laptop, currently in safe mode.

Please help anyone?

10 more replies
Answer Match 39.48%

I'm not able to use internet in regular mode of windows xp. If i restart in safe mode with network support I can access the internet.I have checked everything concerning driver issues etc. The ip is correctly assigned. I have done several scans wit MBAM, I've used registry cleaners, etc. It all started a couple weeks ago when the pc started working very slow. I did a disk cleanup, defragmented the harddisk, did registry cleans, scanned for viruses etc. It was a bit better but not too much. After a few days the internet stopped working on my pc.Is there any solution to fix this problem?Hereby the DDS.txt log:DDS (Ver_10-03-17.01) - NTFSx86 Run by Zjefne at 13:56:09,23 on vr 24/09/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.447.221 [GMT 2:00]AV: Panda Antivirus Pro 2010 *On-access scanning enabled* (Updated) {EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\system32\svchost.exe -k netsvcsC:\Program Files\Panda Security\Panda Antivirus Pro 2010\TPSrv.exeC:\Program Files\Ahead\InCD\InCDsrv.exeC:\PROGRAM FILES\PANDA SECURITY\PANDA ANTIVIRUS PRO 2010\WebProxy.exesvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\A... Read more

A:Infected? No internet, just in safe mode

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

3 more replies
Answer Match 39.48%

I finally have PC-cillin reinstalled on my pc. I have been through hell with a bot that replicated hundreds of trogans onto my pc. It nuetered PC-cillin, so I couldn't load it. D: Then downloaded AVG7, HiJack This, and Sysclean to finally get rid of everything....so I thought. Went trough heck to uninstall AVG7, then uninstall PC-cillin, then reinstall PC-cillin. I did another scan and suprise! I had more trojans. >.>` Now, I log on again, and a virus opens with one of my system files, spits out two trojans in the process. Now that PC-cillin is operational, it caught the trojans and cleaned them. But, the virus is in PCCGUIDE.EXE and PC-cillin is unable to clean or quarantine the infected file.Can I chunk it into file 13? In otherwords, delete it? I see that it's an exe file, which means I shouldn't touch it without asking first. Oh, and the orignal infection was in EXPLORER.EXE D: Evil!Did I miss anything? ;pYes, the virus is PE_TRATS.A I only remember AGOBOT from before, but I know there was a worm and two other viruses aside from the bajillion trojans.

A:Pccguide.exe Infected. Safe To Delete?

So...I searched the file, and they are part of PC-cillin itself. There were six files total. I scanned them all individually and none showed a virus, yet PC-cillin just told me there was one. *so lost*

5 more replies