Tech Problem Aggregator

Damage to XP After MAL/Generic-L and MAL/Generic-S

Q: Damage to XP After MAL/Generic-L and MAL/Generic-S

Received this computer with numerous issues.
1. Cannont install programs - receive error 1306.
2. Microsoft FIXIT programs "Failed to process"
3. Malwarbytes Generates errors on install (both with mbam-exe and 3f34l3faa.exe). Program gives error: "CoCreateInstance failed; code 0x080040154. Class not registered." 5 times, but then is able to run, update and scan. Finds no problems. This is both in normal and safe mode. In addition. removed hard drive from PC and scanned from another computer, no virus found. Also manually updated virus definition files from usb drive, nothing found on both quick and full scans.
4. Sophos Virus Removal Tool finds 2 infections: "Mal/Generic-L" and "Mal/Generic-S", but fails on removal: "Virus removal failed".
5. IE opens and immediately closes. Uninstalled IE8, IE7, and reinstalled, no help. Firefox works (using Firefox to post this message).
6. When plugging in flash drive, get windows dialog box with one option to open folder to view files. Clicking on that does nothing. Have to open drive through my computer or windows explorer.
8. start>search fails to run.
7. Ran GMER without incident, log attached.

DDS log below.
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Owner at 19:42:12 on 2012-08-15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1983.1351 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\NetZero DSL\ConnectionCenter.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\program files\real\realone player\update\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://search.netzero.net/search?action=minisearch&source=minisearch_dsl
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uWindow Title = Internet Explorer, optimized for Bing and MSN
uSearch Bar = hxxp://search.netzero.net/search?action=minisearch&source=minisearch_dsl
uInternet Connection Wizard,ShellNext = hxxp://my.netzero.net/s/sp?r=al&cf=sp&mem=jacque5756&key=b554cc8c6a63e6aa386293d35266bde2&ts=3ff730de&A=0&B=1067241600000&C=1067241600000&D=0&I=4.0&L=g%236&M=948700800000&N=PLOC&O=A
uInternet Settings,ProxyOverride = localhost
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://search.netzero.net/search?action=minisearch&source=minisearch_dsl&mn=9451145
mSearchAssistant = hxxp://search.netzero.net/search?action=minisearch&source=minisearch_dsl&mn=9451145
uURLSearchHooks: URLSearchHook Class: {37d2cdbf-2af4-44aa-8113-bd0d2da3c2b8} - c:\program files\netzero dsl\SearchEnh1.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {243b17de-77c7-46bf-b94b-0b5f309a0e64} - c:\program files\microsoft money\system\mnyside.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Pop-up Blocker: {4224ff33-c2eb-4039-b8c8-6eed565b9d96} - c:\program files\netzero dsl\PopupBlocker.dll
BHO: Pop-up Blocker: {52706ef7-d7a2-49ad-a615-e903858cf284} - c:\program files\netzero\qsacc\X1IEBHO.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2291.0\npwinext.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
BHO: NetZero DSL Toolbar Helper: {fe3098b3-04a3-41fd-8ca9-bea39cb14c87} - c:\program files\netzero dsl\ucreg.dll
TB: ZeroBar: {f5735c15-1fb2-41fe-ba12-242757e69dde} - c:\program files\netzero\toolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: NetZero DSL: {8e613eaf-e16e-415c-bd39-f71d6a3b5518} - c:\program files\netzero dsl\Toolbar.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: @c:\program files\msn toolbar\platform\6.3.2291.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2291.0\npwinext.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: ZeroBar: {f0f8ecbe-d460-4b34-b007-56a92e8f84a7} - c:\program files\netzero\Toolbar.dll
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ccleaner] "c:\program files\ccleaner\ccleaner.exe" /AUTO
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [MoneyAgent] "c:\program files\microsoft money\system\mnyexpr.exe"
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [NetZeroDSL] "c:\program files\netzero dsl\ConnectionCenter.exe"
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [NeroCheck] c:\windows\system32\NeroCheck.exe
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe
mRun: [TkBellExe] "c:\program files\real\realone player\update\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [ALUAlert] c:\program files\symantec\liveupdate\ALUNotify.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\windows\system32\msjava.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {DD6687B5-CB43-4211-BFC9-2942CCBDCB3E} - c:\program files\microsoft money\system\mnyside.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - hxxp://www.symantec.com/techsupp/asa/LSSupCtl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1255297296272
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_06-windows-i586.cab
DPF: {CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_06-windows-i586.cab
DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - hxxp://www.symantec.com/techsupp/asa/SymAData.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{CB568F97-F3D6-4801-B6E0-F62C7B4F3F69} : DhcpNameServer = 192.168.1.1 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Notify: igfxcui - igfxsrvc.dll
Notify: OPXPGina - c:\program files\softex\omnipass\opxpgina.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\gbs4k5q4.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff5.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff6.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff7.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff8.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\all users\application data\visan\plugins\npRLSecurePluginLayer.dll
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dll
FF - plugin: c:\program files\real\realone player\netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprpjplug.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprpplugin.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_271.dll
.
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.brc - BRI/1
.
============= SERVICES / DRIVERS ===============
.
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-7-4 5160568]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 mrtRate;mrtRate; [x]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-2 250056]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\a.tmp --> c:\windows\system32\A.tmp [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-8-15 113120]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 PLTurbh;Prolific turbo filter driver for hdd;c:\windows\system32\drivers\plturbh.sys --> c:\windows\system32\drivers\plturbh.sys [?]
S3 PLTurbo;Prolific turbo filter driver for odd;c:\windows\system32\drivers\plturbo.sys --> c:\windows\system32\drivers\plturbo.sys [?]
S3 PTUMWBus;PANTECH USB Modem V2 Composite Device Driver;c:\windows\system32\drivers\PTUMWBus.sys [2011-2-24 54544]
S3 PTUMWCSP;PANTECH USB Modem V2 Connection Port;c:\windows\system32\drivers\PTUMWCSP.sys [2011-2-24 160400]
S3 PTUMWFLT;PTUMWNET Filter Driver;c:\windows\system32\drivers\PTUMWFLT.sys [2011-2-24 12048]
S3 PTUMWMdm;PANTECH USB Modem V2 Modem Driver;c:\windows\system32\drivers\PTUMWMdm.sys [2011-2-24 160400]
S3 PTUMWNET;PANTECH USB Modem V2 WWAN Driver;c:\windows\system32\drivers\PTUMWNET.sys [2011-2-24 115216]
S3 PTUMWNSP;PANTECH USB Modem V2 NMEA Port;c:\windows\system32\drivers\PTUMWNSP.sys [2011-2-24 160400]
S3 PTUMWVsp;PANTECH USB Modem V2 Diagnostic Port;c:\windows\system32\drivers\PTUMWVsp.sys [2011-2-24 160400]
S3 rootrepeal;rootrepeal;\??\c:\windows\system32\drivers\rootrepeal.sys --> c:\windows\system32\drivers\rootrepeal.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2003-8-8 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-08-16 00:03:06 -------- dc-h--w- c:\windows\ie8
2012-08-16 00:02:55 -------- d--h--w- c:\windows\msdownld.tmp
2012-08-15 22:00:29 -------- d-----w- C:\d5457f66aed0b00db6e1cac98f12
2012-08-15 21:40:56 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2012-08-15 21:40:56 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2012-08-15 11:51:47 16864 ----a-w- c:\program files\mozilla firefox\plugin-container.exe
2012-08-14 22:45:31 -------- d-----w- c:\documents and settings\all users\application data\Sophos
2012-08-14 22:45:29 73728 ----a-r- c:\documents and settings\owner\application data\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-08-14 22:45:29 73728 ----a-r- c:\documents and settings\owner\application data\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-08-14 22:45:29 73728 ----a-r- c:\documents and settings\owner\application data\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\ARPPRODUCTICON.exe
2012-08-14 22:30:59 -------- d-----w- c:\documents and settings\owner\application data\AVG2012
2012-08-14 16:54:31 -------- d-sh--w- C:\$RECYCLE.BIN
2012-08-14 15:32:25 -------- d-----w- c:\program files\mbam
2012-08-14 00:50:15 -------- d-----w- c:\documents and settings\all users\application data\FixMeStick SmartBoot
2012-08-14 00:50:10 -------- d-----w- c:\program files\FixMeStick SmartBoot
2012-08-14 00:49:35 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2012-08-14 00:49:35 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2012-08-14 00:49:07 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2012-08-14 00:49:07 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2012-08-11 21:30:20 -------- d-----w- c:\program files\Sophos
2012-08-11 21:27:59 -------- d-----w- c:\documents and settings\owner\application data\Malwarebytes
2012-08-11 21:27:44 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-08-11 20:39:40 -------- d-----w- c:\windows\Microsoft Antimalware
.
==================== Find3M ====================
.
2012-08-15 12:28:32 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-15 12:28:31 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-05 01:23:37 1409 ----a-w- c:\windows\QTFont.for
2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40:15 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:49:33 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-02 17:49:32 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05:43 385024 ----a-w- c:\windows\system32\html.iec
2012-06-06 13:49:52 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 20:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 20:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 20:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 20:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 20:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 20:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 20:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 20:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-24 21:18:40 4472832 ----a-w- c:\windows\system32\GPhotos.scr
.
============= FINISH: 19:43:07.93 ===============

A: Damage to XP After MAL/Generic-L and MAL/Generic-S

Update: Ran Sophos again, and here is the log. it shows 3 different scans I have run.

34 more replies
Answer Match 91.14%

Hi there! Thanks for taking the time to help me out.

Yesterday, McAfee started detecting trojans in my system: Generic!Artemis, Generic.dx and Generic Rootkit.w

I don't know if these are three different trojans or one and the same. I'm not getting any pop-ups (apart from the mcafee warnings), but it is making my computer run slower and me very worried.

I'm running Windows XP Pro.

Any help most appreciated.

I can post a hijack this log if that's of any use.

A:Trojan: Generic!Artemis, Generic.dx and Generic Rootkit.w infection

Here are some of the details from the McAfee detection log ((I haven't listed all the files here because there are too many, so I'll just provide one example of each):

Detection name: Generic.dx (Trojan), Generic.dx (Trojan)

File: C:\Windows\system32\drivers\109.exe
Process: C:\windows\system32\svchost.exe
process description: generic host process for win 32 services

Detection Name: Generic!Artemis (Trojan)

File: E:\system volume information\_restore{5E0A6BCC-1246-45C3-BBAA-DBEC343BA767}\RP173\A0131417.exe
Process: C:\Program Fioles\Malwarebytes' Anti-Malware\mbam.exe
Process description: Malwarebytes' Anti-Malware

Detection name: Generic Rootkit.w (Trojan), Generic Rootkit.w (Trojan)
File: C:\Windows\system32\drivers\netsik.sys
Process: C:\Docume~1\Mike\Locals~1\Temp\BN7.tmp
Process description: (as process)

The generic.dx has been repaired and removed from 12 files so far by mcafee

The Generic!Artemis one has been quarantined from 7 files so far

The rootkit.w one has been repaired and removed from three files so far

2 more replies
Answer Match 79.8%

I need help. I've been having trouble with my internet connection.

What do you mean that's not enough info to help?

Oh, ok.

Well, to some degree it works ok. On a good day, pages load in my browser fine, and I can even stream video. Steam logs in ok, and if everything's going well, I can use Skype and play games fine. Most days are not good days. Today, for example, Steam and Skype will sign in (just about, takes a while to try, and Skype doesn't seem to load my online contacts properly), web pages will generally load, but voice chat via Steam or Skype is impossible, and no games will connect. Other days voice will be fine, but browsing and/or games will be pretty impossible. Days when everything works perfectly are rare, but so are days when I get absolutely nothing at all (when browsing, pages will generally half load, no matter how bad stuff is).

I was running Windows Vista, I've since upgraded to Windows 7. I've had the same problem with three different routers on two different connections, and on both a USB dongle (tried a few, one was a Belkin if it's relevant) and an internal wifi card (Ralink, drivers up to date). I've tried turning off the power saving setting on the card ("allow my PC to turn this device off to save power"). Sometimes, just after making a change, it seems like I get a small improvement, but such impressions are generally fleeting and I'm guessing down to wishful thinking. Turning Windows Fir... Read more

A:Single Machine Connectivity Issues (Generic Title For a Fairly Generic Problem)

15 more replies
Answer Match 79.8%

Hello, my husband's computer seemed to contract quite a few trojans lately according to AVG free. I tried to use it to get rid of them, but I just wanted to check if it had done the job and if there is anything still lingering. Also I would like to prevent thhese infections happening again, as it seems a bit weird to me to have 5 different trojans at once. Can anyone say how the following trojans managed to download?

In temp folder: trojan horse generic 14.ABXY & trojan horse SHeur2.APYR

In system volume information _restore: trojan horse Downloader Generic 8.BJPU & another 14.ABXY

In temp internet files: trojan horse generic 13.BUBK

Thanks a lot for your time and please let me know if you need anymore info!! I appreciate it

DDS log:

DDS (Ver_09-07-30.01) - NTFSx86
Run by Gerard Sabapathy at 21:40:44.50 on 25/08/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.319.64 [GMT 2:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre6\bin&... Read more

A:Trying to get rid of trojans generic 14.ABXY, SHeur2.APYR, Downloader Generic 8.BJPU

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.??If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine.??Please perform the following scan:Download DDS by sUBs from one of the following links.??Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool.??No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Answer Match 79.8%

I have got a problem with my computer, no matter how i try to get rid of these, they will not go. i am using BitDefender internet security 2009.
which fine these trojan. but when i run my trojan remover it tell me i have no trojan and my computer is free of all..? i have not notice that my computer is not playing up. but when trying to get rid of the three trojan it tells me it cannot because it is part of the system. i tryed in safe mode but it will not let me scan. but i can scan with my trojan remover, and it come up clean, some people say my computer has been kidnap and the trojan is hiding and pretending to be part of the system. the names are....Adware.Generic.44240. Applcation.Generic.26964. Application.Keygen.BD. with thanks Erwin

A:Adware.Generic.44240. Applcation.Generic.26964. Application.Keygen.BD

Hello ..I am moving this from XP to Am I Infected as it is a malware problem.Next run MBAM:Please download Malwarebytes Anti-Malware (v1.34) and save it to your desktop.alternate download link 1alternate download link 2If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives sel... Read more

1 more replies
Answer Match 79.38%

Hello all,

McAfee keeps popping up a trojan alert every couple of minutes, and as I've watched them closely for the last few days, they seem to be the same 12 or so - over and over again. I have tried full scans using both McAfee and Spybot, and while they both indicate that they fix the problems, these trojan alerts keep showing up. My comp has become very sluggish, IE in particular.

Also, every time I restart after a scan requires it, I get the error message "Owner.exe - DLL initialization failed". I noticed that this process (Owner.exe) jumps around a bit in the task manager, especially when McAfee pops up with the alerts.

Below is my DDS. Please help!

-Jim

DDS (Ver_09-03-16.01) - NTFSx86
Run by Owner at 20:57:27.90 on Mon 04/20/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2595 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
svchost.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\Photos... Read more

A:repeating trojan alerts - Generic rootkit, Generic!Artemis

Hi,* Please download Malwarebytes' Anti-Malware from Here or HereDouble Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.In case you already used MBAM previously, please update it before proceeding with the scan. To do this, click the "Update" tab and click the "Check For updates" button.Once the program has loaded and updates were downloaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply along with a fresh HijackThis log.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

14 more replies
Answer Match 79.38%

Computer Runs very slow..bit defender finds Trojan.Generic 25641 and 1)Generic Peed.Eml.Ea92)Generic.Peed.Eml.AB3)Generic.Peed.Eml.FDO4)Generic.Peed.Eml.Fad..but bit defender cant disinfect or moved these viruses...and nowadays my computer runs really slow

Deckard's System Scanner v20071014.68
Run by Bishakha on 2008-02-23 14:31:36
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
52: 2008-02-23 20:31:45 UTC - RP164 - Deckard's System Scanner Restore Point
51: 2008-02-23 04:52:49 UTC - RP163 - System Checkpoint
50: 2008-02-22 04:31:29 UTC - RP162 - Software Distribution Service 3.0
49: 2008-02-21 04:33:06 UTC - RP161 - Removed InterVideo DeviceService
48: 2008-02-21 04:27:18 UTC - RP160 - Removed Pando.


-- First Restore Point --
1: 2007-12-24 19:59:33 UTC - RP113 - Installed Windows XP KB899589.


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-02-23 14:33:24
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM32\SMSS.EXE
C:\WINDOWS\SYSTEM32\WINLOGON.EXE... Read more

More replies
Answer Match 79.38%

Hello, PC responsiveness is slowly deteriorating in last 2 weeks with symptoms including - browser (IE7) redirects- slow processing times (usage often pegged at 100% or several activities going on at the same time), - OExpress and IE unable to open occasionally. -Mcafee identified and quarantined: generic.dx!(variants including tdy, tcy), Artemis!D671308b..., Generic Dropp.va, FakeAlert-FakeSpy!env.a, Obfuscated Script.i- Also at start up an apparent MS message says "Error loading JSUSA2.DLL Specified Module not found" (this loads before Mcafee opens)- Have run DDS (log below, attach.txt attached) but GMER crashes system when it runs (in safe mode also).Thanks for your help...DDS (Ver_10-03-17.01) - NTFSx86 Run by Robert at 9:31:27.43 on Sun 07/18/2010Internet Explorer: 7.0.5730.13AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}============== Running Processes ============================= Pseudo HJT Report ===============uStart Page = hxxp://my.yahoo.com/uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8mStart Page = hxxp://www.google.comuInternet Settings,ProxyOverride = *.localuSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%suURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae06... Read more

A:Need help removing stubborn Trojans - artemis, generic.dx, generic dropp

Today another symptom: mcafee identified a buffer overflow in c:\windows\system32\svchost.exe at the same time that a host process error occurred... screen shot of all message alerts are attached. system is detriorating with frequent blue screens while rnning a virus scan or logger (ie MalwareBytes and gmer) I would appreciate a quick response if possible so I can get this one and only family pc up and running again. Thank you.

3 more replies
Answer Match 79.38%

To Whom it may concern. On July 9th AVG Free Edition found the virus JS/Psyme which it was unable to heal and since then i have received numerous Trojan horse Generic 10 viruses that AVG states it healed but continue to hamper the performance of my computer. (Generic 10. BDVA, BEIA, BEWK, BAZL, BCCW, BVRB, BCQA, BCPW & Generic 7.SOQ & Agent AHMX. Im totally out of my witts here and i need some help. Thanks in advanceDeckard's System Scanner v20071014.68Run by Jean Marc McLean on 2008-07-27 11:25:15Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 4 Restore Point(s) --4: 2008-07-27 15:25:32 UTC - RP4 - Deckard's System Scanner Restore Point3: 2008-07-26 23:00:59 UTC - RP3 - System Checkpoint2: 2008-07-24 03:36:00 UTC - RP2 - Software Distribution Service 3.01: 2008-07-24 01:23:07 UTC - RP1 - System CheckpointBacked up registry hives.Performed disk cleanup.Percentage of Memory in Use: 81% (more than 75%).Total Physical Memory: 256 MiB (512 MiB recommended).-- HijackThis Clone ------------------------------------------------------------Emulating logfile of Trend Micro HijackThis v2.0.2Scan saved at 2008-07-27 11:31:17Platform: Windows XP Service Pack 2 (5.01.2600)MSIE: Internet Explorer (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\SYSTEM32&... Read more

A:Infected With Trojan Horse Generic 10 Bewk And Other Generic 10 Trojans

Hello, my name is fenzodahl512 and welcome to BC.. Please do the following...Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program.Under Main choose: Select AllClick the Empty Selected button.If you use Firefox browserClick Firefox at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browserClick Opera at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.NEXTPlease visit below webpage for instructions for downloading and running ComboFixhttp://www.bleepingcomputer.com/combofix/how-to-use-combofixThis includes installing the Windows XP Recovery Console in case you have not installed it yet.For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. DO NOT select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.Post the log from ComboFix (located in C:\combofix.txt) when you've accomplished that, along with a new HijackThis log.Regardsfenzodahl512

2 more replies
Answer Match 79.38%

DDS (Ver_09-01-18.01) - NTFSx86
Run by Owner at 8:21:49.90 on Wed 01/21/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.447.141 [GMT -6:00]
============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Java\jre6\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\Program Files ... Read more

A:Infected with Win/Heur, Downloader.generic Trojan and Backdoor Generic

Please close this post. Problem has been fixed.

2 more replies
Answer Match 78.54%

Hello, my Dell running XP (SP3) responsiveness is slowly deteriorating in last 2 weeks with symptoms including

- browser (IE7) redirects
- slow processing times (usage often pegged at 100% or several activities going on at the same time),
- OExpress and IE unable to open occasionally.
-Mcafee identified and quarantined: generic.dx!(variants including tdy, tcy), Artemis!D671308b..., Generic Dropp.va, FakeAlert-FakeSpy!env.a, Obfuscated Script.i
- Also at start up an apparent MS message says "Error loading JSUSA2.DLL Specified Module not found" (this loads before Mcafee opens)

- Have run DDS (log below, attach.txt attached) but GMER crashes system when it runs (in safe mode also).

Thanks for your help...
**************************


DDS (Ver_10-03-17.01) - NTFSx86
Run by Robert at 9:31:27.43 on Sun 07/18/2010
Internet Explorer: 7.0.5730.13
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============


============== Pseudo HJT Report ===============

uStart Page = hxxp://my.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p... Read more

A:Need help with Trojans including - artemis, generic.dx, generic dropp

Hello again, obxhockeydad_1. Even though it's been almost a year since the last disinfection, which is ok, it's still a bit disheartening to see you back in the forums with another infection. Please be sure all who access the machine are taking great care when surfing the internet, opening emails, downloading files, etc...

Also, IE7 is not as secure as IE8. IE should be updated once the machine is clean.

I'd like to try to get a log from GMER rootkit scanner.

Let's try this version of gmer.


Download GMER Rootkit Scanner from here to your desktop. Double click the exe file.
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan.
In the right panel, you will see several boxes that have been checked. Ensure the following are unchecked IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)

Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop, and attach it in reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

If you still have troubles, try running the scan in Safe Mode.

Restart your computer and boot into Safe ... Read more

19 more replies
Answer Match 78.54%

Hi,

I have MacFee Virus Scan copy installed on my laptop. It displays virus detection and deleted messages for Generic.dx, Generic downloder.dx, and Puper Trojons in Temp folder. These messages keeps coming back.

Here is my HJT log file
=========================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:35:34 PM, on 10/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Cisco Systems\CSAgent\bin\CSAControl.exe
C:\Program Files\Cisco Systems\CSAgent\bin\leventmgr.exe
C:\WINDOWS\system32\CmgShieldSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Funk Software\Odyssey Client\odClientService.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\PROGRA~1\Altiris\ALTIRI~1\AeXNSAgent.exe
C:\Program Files\Connected\AgentSrv.EXE
C:\WINDOWS\system32\ccsrvc.exe
C:\Program Files\Altiris\Carbon Copy\shellker.exe
C:\PROGRA~1\CISCOS~1\CEPS\CEPSWA~1.EXE
C:\WINDOWS\system32\clipsrv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Credant\Gatekeeper\Gatekeeper.exe
C:\Program Files\Google\Common\Go... Read more

A:Generic downloder.dx, Generic.dx and Puper Trojon on my laptop

I had real time anti spyware enabled for my previous HiJackThis so now I have disabled the same and run HiJackThis again.

The new log is given below.
===================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:46:41 PM, on 10/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Cisco Systems\CSAgent\bin\CSAControl.exe
C:\Program Files\Cisco Systems\CSAgent\bin\leventmgr.exe
C:\WINDOWS\system32\CmgShieldSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Funk Software\Odyssey Client\odClientService.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\PROGRA~1\Altiris\ALTIRI~1\AeXNSAgent.exe
C:\Program Files\Connected\AgentSrv.EXE
C:\WINDOWS\system32\ccsrvc.exe
C:\Program Files\Altiris\Carbon Copy\shellker.exe
C:\PROGRA~1\CISCOS~1\CEPS\CEPSWA~1.EXE
C:\WINDOWS\system32\clipsrv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Credant\Gatekeeper\Gatekeeper.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateSe... Read more

1 more replies
Answer Match 78.54%

Hi there Tech Support Guru! my computer has been invaded by these three trojans: generic!Artemis, generic.dx and generic rootkit.w

At least, that's what McAfee is telling me.

I am using Windows XP pro

Here is my Hijack This log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:18:47 PM, on 18/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\ASUS\Asus Probe\AsusProb.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Prog... Read more

A:Please help! Generic!Artemis, generix.dx and generic rootkit.w have invaded

Here are some of the details from the McAfee detection log ((I haven't listed all the files here because there are too many, so I'll just provide one example of each):

Detection name: Generic.dx (Trojan), Generic.dx (Trojan)

File: C:\Windows\system32\drivers\109.exe
Process: C:\windows\system32\svchost.exe
process description: generic host process for win 32 services

Detection Name: Generic!Artemis (Trojan)

File: E:\system volume information\_restore{5E0A6BCC-1246-45C3-BBAA-DBEC343BA767}\RP173\A0131417.exe
Process: C:\Program Fioles\Malwarebytes' Anti-Malware\mbam.exe
Process description: Malwarebytes' Anti-Malware

Detection name: Generic Rootkit.w (Trojan), Generic Rootkit.w (Trojan)
File: C:\Windows\system32\drivers\netsik.sys
Process: C:\Docume~1\Mike\Locals~1\Temp\BN7.tmp
Process description: (as process)

The generic.dx has been repaired and removed from 12 files so far by mcafee

The Generic!Artemis one has been quarantined from 7 files so far

The rootkit.w one has been repaired and removed from three files so far
 

2 more replies
Answer Match 78.54%

Have Compaq Presario CQ56 laptop running Win7 64bit. I use Norton thru my ISP and so far so good until a few days ago! Norton popped a box saying it had detected a problem and when I expanded the box it showed 3 trojans and only 1 removed. It then began popping up a box telling me to reboot so it could make the needed fix and I did but it didn't I downloaded Housecalls and the scan found nothing. Next I tried AVG and that scan found nothing! Now I can't even get on the web or open any desktop icons.... I get a pop-up stating "There was a problem sending the command to the program" and it refuses to do anything. I can't run any of the diagnostics posted on the self help instructions above... I need HELP Please!!! Thanks,
Jan
 

A:TROJANS: Generic dxlb2rms and Generic Backdoor!1sw - NEED HELP TO REMOVE PLEASE!!!

Please don't forget this post.... I really need help! THANKS!
 

1 more replies
Answer Match 78.54%

McAfee found those files and I wondering if they are slowing down my computer. I am also having problems removing programs and installing Microsoft security updates. When ever I try to remove certain programs I get a message that says, "This installation is forbidden by system policy. Contact your system administrator." My computer is a stand alone and I have admin privileges . Here is my log. Any help would be appreciated. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:51:38 PM, on 4/25/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16827)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exeC:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicen... Read more

A:Help removing Generic!Artemis, MK Recorder, and Generic Downloader

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resul... Read more

2 more replies
Answer Match 77.28%

Hi,My device has been infected with ZeroAccess, which proceeded to bring along the 2 generic trojans. My main problems are that windows is very laggy (most things has to be done through Safe Mode at the moment), my firewall won't stay on (in normal and safe modes) and occasionally a pop-up appears with the title [Web Browser] warning that I should stop a script from running. It looks something like this: (I forgot to take a screenshot when it popped up, so here's the exact same thing that I found through google)Before I start off, here are some details about my machine.Windows 7 SP1McAfee SecurityCenter v11.0McAfee VirusScan v15.0 last updated today (17/6/12)McAfee Personal Firewall v12.0A few days ago, my friend was using my machine when McAfee popped up saying that it had quarantined some trojans and no further action was required.Afterwards, the computer was getting significantly more laggy with each reboot; McAfee Personal Firewall and Real-time protection were also unable to stay on. Looking through the quarantined list of items, there were multiple instances of the same 3 items:ZeroAccessGeneric.Backdoor!1ubGeneric.dx!b2ptAll 3 appeared in C:\Windows\Installer\post:27338360\UMy friend had already deleted the zip file which probably allowed ZeroAccess in. Since McAfee's complete scan of the computer was unable to complete due to the significant lag, I then downloaded and ran Spybot S&D and Ad-Aware Antivirus in Safe Mode, but n... Read more

A:Help with Zeroacess / Generic.Backdoor!1ub / Generic.dx!b2pt

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the ... Read more

50 more replies
Answer Match 77.28%

My wife downloaded a file through bearshare and now the computer is lagging bad and avg keeps picking up these 2 trojans. I navigated to and deleted the file that the generic arly was in. I have tried to run malware bytes,trend micro housecall and they lock up before finishing as avg also locks up before finishing. I have run spybot and it removed several things. Also if possible i would like to remove any garbage programs i dont need. Plese let me know what else you will need.

Thanks a lot

1. DDS LOG
DDS (Ver_09-06-26.01) - NTFSx86
Run by Jamion at 12:40:26.86 on Mon 07/06/2009
Internet Explorer: 8.0.6001.18783
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.3034.1773 [GMT -4:00]

SP: Lavasoft Ad-Watch Live! *enabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.in... Read more

A:Trojan generic 11zne and generic arly

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

7 more replies
Answer Match 74.76%

Here is my HijackThis Log:Logfile of HijackThis v1.99.1Scan saved at 9:07:22 PM, on 10/14/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\windows\System32\smss.exeC:\windows\SYSTEM32\winlogon.exeC:\windows\system32\services.exeC:\windows\system32\lsass.exeC:\windows\system32\svchost.exeC:\windows\System32\svchost.exeC:\windows\system32\spoolsv.exeE:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\windows\Explorer.EXEC:\windows\system32\nvsvc32.exeC:\windows\system32\svchost.exeC:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exeC:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exeC:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exeC:\Program Files\Softwin\BitDefender9\vsserv.exeC:\windows\SOUNDMAN.EXEC:\Program Files\CyberLink\PowerDVD\PDVDServ.exeE:\iTunesHelper.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Softwin\BitDefender9\bdmcon.exeC:\Program Files... Read more

A:Infected With Generic.xpl.iespoof.79e52b4a And Generic.xpl.iespoof.cd88c331, Both Located In My Temporary Internet Files Folder.

Reboot into Safe mode then follow these steps.Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet ExplorerGo to Control Panel > Internet Options > General tabClick the "Delete Cookies" buttonNext to it, Click the "Delete Files" buttonWhen prompted, place a check in: "Delete all offline content", click OK* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu on the left side of the Options window.Click the Clear button located to the right of each option (History, Cookies, Cache).Click OK to close the Options window
Alternatively, you can clear all information stored while browsing by clicking Clear All.
A confirmation dialog box will be shown before clearing the information.* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.Does that remove them?

2 more replies
Answer Match 74.34%

Hi! McAfee detected two trojans (generic.dx) a few days ago, which I chose to remove. The computer had been running slowly and freezing quickly after booting up. Later during another scan, McAfee detected a generic downloader which really alarmed me because it was in my program files for all my passcodes (?)

I have not seen any pop-ups so far in Firefox, no strange or unusual messages; just a really slow boot-up and a new trojan found every time McAfee runs scans. It doesn't seem to go away =(

If you could help me that would be great!!!! Here is the HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:32:38 PM, on 9/26/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Creative\SBLive 24-Bit External\Volume Panel\VolPanlu.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\AIM\AIM Pro\aimpro.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Fi... Read more

More replies
Answer Match 74.34%

I can't get rid of the the Generic Rootkit w. My virus software warning window keeps popping up saying the Trojan is detected even after I ran SDFix.

Generic Rootkit w
File: c\WINDOWS\system32|securetm.sys
Process: c:\Docume~1\Valerie\LOCALS~1|Temp|BNF6FD.tmp

Generic Downloader.x!i
File: c:\Documents & Settings\Valerie\Valerie.exe
Process: c:c:\Documents & Settings\Valerie\Valerie.exe
Thanks for your help,
Valerie
______________________________________

DDS (Ver_09-03-16.01) - NTFSx86
Run by Valerie at 9:30:34.68 on Wed 04/22/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1283 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\V... Read more

A:Generic Rootkit w and Generic Downloader

Hello and welcome to TSF.

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please note that the forum is very busy and if I don?t hear from you in three days this thread will be closed.

2 more replies
Answer Match 74.34%

I received notifacation by McAfee on Generic!atr & Generic dx $ DNSChanger.o. Must have gotten them from DVD X Copy pro download, it is the only file download I did. I do not check email on this computer. It is the only thing I can think of unless I got them surfing. I did all the things in log 793721 as It looked identical but I just want to make sure so I am posting a few logs. Thank you very much for looking into this for me.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:01, on 2009-01-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
c:\program files\microsoft corporation\msn remote record service\remoterecordclient.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\e... Read more

More replies
Answer Match 74.34%

About every week or two McAfee finds either generic.dx or generic downloader.dx. It's installed as a service. I have to run McAfee in safe mode to remove it. My fear is that something is installed on my PC that activates every week or two and re-installs this trojan. I've run a complete McAfee which doesn't find anything. I did the on-line Kapersky primary area scan. I've also run SpyBot and MalwareBytes and they haven't found anything. I also have Windows Defender installed. I run the Windows Xp firewall. I run Secunia PSI and MS Baseline Security so Im pretty up to date on my patches. My fear is that something is installed that hasn't been found that wakes up every week or two and tries to re-install this trojan. I've attached the hijack this log and info below. thanks for looking at this.info.txt logfile of random's system information tool 1.04 2008-12-01 06:58:34======Uninstall list======-->C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe /uninstall-->C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe /uninstall-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}3CIPCalc-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\3Com\3CIPCalc\Uninst.isu&... Read more

A:generic.dx and generic downloader.dx Trojan

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable ... Read more

6 more replies
Answer Match 74.34%

McAfee installed on computer but was "complaining" that the computer wasn't protected but when clicking fix - nothing changed. Finally tonight was able to get the updates and now it says machine is protected and it quarantined:

Generic Dropper.cx, Generic Downloader.x.

I can see from the logs that on 1/25 it supposedly removed Generic.dx. Obviously, this machine still had a problem so I ran dds and mbam - although in reverse meaning ran mbam first. Logs below. Perhaps MBam has fully resolved but I'd like an expert to confirm. Thank you.
*****************************************************************
Malwarebytes' Anti-Malware 1.33
Database version: 1736
Windows 6.0.6000

2/6/2009 8:39:56 PM
mbam-log-2009-02-06 (20-39-56).txt

Scan type: Quick Scan
Objects scanned: 51894
Time elapsed: 10 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT... Read more

A:Generic Dropper.cx Generic Downloader.x

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until instruc... Read more

2 more replies
Answer Match 74.34%

Hello,

I noticed last week that my browsers (Mozila and IE) were not working properly: all the searches I was doing were redirected. I can't access to some websites as this one or McAfee...
I can't update my McAfee Security Center software nor perform a restore system and Malwarebytes doesn't launch.
McAfee found the following trojans: Generic.dx, JS/Tenia.d and Generic PUP.z and I deleted them. However, my problems are still not solved. I was wondering if someone here could please help me to fix theses issues or if I should just reformat my hard drive (will this get rid of all viruses/trojans for sure?)?

Thanks in advance for all your inputs!
Fanny

You'll find here below the contents of the DDS.txt log:

DDS (Ver_09-01-19.01) - NTFSx86
Run by Fanny at 13:11:49,90 on 26/01/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_10
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.509 [GMT -8:00]

AV: McAfee VirusScan *On-access scanning disabled* (Outdated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\... Read more

A:Infected with Generic.dx, JS/Tenia.d and Generic PUP.z

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed. Use the 'Add Reply' and add the new log to this thread. Also please explain your problem as fully as possible. Each little detail will help in getting your system cleaned up and functional again.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scans:Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mba... Read more

3 more replies
Answer Match 71.82%

Hiya! I'd originally come aboard with the intention of asking why I see one or two "Generic volume shadow copy" driver installs EVERY DAY in perfmon/Reliability Monitor. After reading other threads on this topic, I'm now convinced this is related to my leaving a USB drive plugged into my PC 24/7 for ReadyBoost, and ditto for an external USB-attached hard disk (for backups).


My questions have now become:
1. I have 98(!!!) Generic volume shadow copy entries in the "Storage volume shadow copies" element in Device Manager (and my rebuilt Vista install is about 5 weeks old, installed on 8/7/08). Should I be concerned? What can I do to get this number down? How do I keep it down? The obvious bonehead answer appears to me to be "Delete them all, and keep it up every day, or write a script to do likewise." Is this even reasonable?
2. I have 5 "Generic volume" entries in the "Storage Volumes" element in Device Manager. Same questions as before...
3. I can't get any meaningful info from the Properties windows under either heading, though complete coverage of "Storage Volumes" and random sampling of "Generic volume shadow copy" entries all say "The device is working properly"

Any input, ideas, advice, or references that will help me understand how to proceed from here will be greatly appreciated.

TIA for your help and support,

--Ed--

A:Device Mgr: 98 Generic volume shadow copy, 5 Generic volume entries

Just FYI in scanning elsewhere on the Web I've found other posts that report this same behavior. For example: http://www.vistax64.com/vista-genera...talling-s.html (no resolution). This posting may offer some relief, and recommends uninstalled the USB Root Hub drivers so they can be rediscovered upon bootup: http://www.vistax64.com/vista-genera...ecognized.html. Haven't tried this yet, though, so I don't know if it helps or not.

HTH,
--Ed--

3 more replies
Answer Match 70.98%

First off, I'd like to thank everyone who contributes to this forum. I just found it and I've already learned a lot from the stickies and other posts. I really appreciate the time put into it.

Now, I have a problem I was hoping to get some help with. I'm running Windows XP and for the past week my McAfee SecurityCenter has been reporting a lot of trojans/viruses/PUPs that have been removed or quarantined or that could not be repaired. Since this has happened, I've noticed my computer (especially web applications) running incredibly slowly from time to time for no obvious reason. I've also occasionally been redirected from websites that I frequent to websites I've never been to.

Below I've included a list of the items detected by McAfee and the actions it took (minus duplications) and a current HijackThis log. Any help would be appreciated, thanks.

Generic Dropper (quarantined)
Generic.dx (quarantined)
Generic Downloader (quarantined)
Generic.dx (removed)
Generic Dropper (removed)
Adware-PurityScan (cannot be repaired)
Downloader-BCF (removed)
Adware-ISM (removed)
Adware-BHO.gen.c (cannot be repaired)
Generic Pup.d (removed)
W32/Sdbot.worm (quarantined)
FakeAlert-AB!htm (removed)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:59:24 PM, on 11/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winl... Read more

More replies
Answer Match 70.14%

Help,

Nothing seem to work. I tried scanning with BitDefender but beside finding the virus, it cannot put both virus in quarantine.

I tried doing the technic that includes, rebooting in safe mode, using ATF Cleaner then doing a full scan with ewido (ewido 4.0). But ewido cannot spot the virus.

Can anyone help?

A:Infected With Generic.xpl.iespoof.79e52b4a And Generic.xpl.iespoof.cd88c331

I just updated to AVG Anti-Spyware 7.5

2 more replies
Answer Match 68.88%

Hi,

I can't get rid of either or these trojans. Please help!!!!

I ran the HiJackThis and here is the log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:04:34 PM, on 1/16/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\PackethSvc.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\COMPAQ\Compaq Advisor\bin\compaq-rba.exe
C:\WINDOWS\System32\CTsvcCDA.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\lanmanwrk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:... Read more

A:Generic.dx and generic RookKit.a

Hi, niki804

Welcome.

We can definitely help you, but first you need to help us. The first step in this process is to apply Service Pack 1a for Windows XP, or Service Pack 4 if you are running Win2k. Without this update, you're wide open to re-infection, and we're both just wasting our time. Click here Apply the update, reboot, and post a fresh Hijackthis log.
 

2 more replies
Answer Match 68.88%

Downloaded AVG?.

Found:
Trojan horse Collected Z C:\Windows\toolbar.exe
Trojan horse Downloader.Generic.FCB C:\Windows\tool1exe

Updated AVG files?.

Found:
Trojan horse Downloader.Generic.ITN C:\Windows\loadnew.exe
Trojan horse PSW.Generic.DYD C:\Windows\kl.exe
Trojan horse Downloader.Generic.ITN C:\Windows\1sv22cb9.exe
Trojan horse PSW.Generic.DYD C:\Windows\ibm00001.exe
Trojan horse PSW.Generic.DYD C:\Windows\ibm00001.dll
Trojan horse PSW.Generic.DYD C:\Windows\ibm00002.dll
Trojan horse Startpage.UN C:\Windows\paytime.exe

I then Rebooted?..

AVG Boot-up Scanner (ver 7.1)
Detected a virus
C:\Winstall.exe spyware spytrooper.G
Recommend reboot and restart system from virus free diskette then use AVG Rescue Disk and remove the virus by healing.

Did this and it found nothing.
Ran AVG found nothing.

Still detects [C:\Winstall.exe spyware spytrooper.G] on boot-up


HJT Log:
Logfile of HijackThis v1.99.1
Scan saved at 12:05:23 AM, on 11/18/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2614.3500)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\OFFICE51\SOINTGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FI... Read more

A:Downloader.Generic.FCB + PSW.Generic.DYD + others

just a bump

14 more replies
Answer Match 68.04%

Trojan Horse Generic7.VWR, Adware Generic.ANL, Trojan Horse generic 10.BDQU, YLG & ARQZ, Backdoor Generic9.UXL, Trojan Horse SHeur.AZUV & JS/PsymeMy wifes freind complained that her computer was too slow and needed some new hardware. She wanted me to have a look> I was thinking check for RAM, Vid card, Sound card kind of stuff. What I found instead was a computer that was so slow it was near unusable and virus/ad/mal/spyware infested. Further research found that this was one of the Packard Bell's that was shipped with Norton Internet Security 2004, but she had not updated the license. So basicaly, since 2006, she has been online with no protection at all. I wwent to the Packard Bell site and got the application to uninstall Norton and replaced it with AVG (Free version) and Sygate Personal Firewall (Free version) and turned off Windows Firewall.I have scanned with AVG, installed and ran ad-aware, Spybot S&D, Bit Defender, Mcafee Stinger, Updated the OS and installed HiJack this. Here is the log:Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:27:20, on 03/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS ... Read more

A:Trojan Horse Generic7.vwr, Adware Generic.anl, Trojan Horse Generic 10.bdqu, Ylg & Arqz, Backdoor Generic9.uxl, Trojan Hors...

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please reply to this topic stating that you still need help and I will work with you on resolving your computer problems.

Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, feel free to create a new one.

Once again, I apologize for the delay in responding to this topic.

1 more replies
Answer Match 67.2%

Hi. I am hoping you may be able to help. I was using Youruninstaller (which I now think was infected) to uninstall a programme. I noticed the CPU usage and processor were working overtime. I did a scan with Spyware Doctor and it detected Email-worm.Zhelatin which I removed and thought I was in the clear.

I then tried to uninstall Youruninstaller with Revo Uninstaller. When doing this Kaspersky internet security quarantined riskware Trojan.generic.

I did another Spyware doctor scan which detected no further virsuses. However, the processor is still working overtime and often spikes, making the computer slow. Also, I cannot install new programmes without getting a error message.

What should I do to restore the system? I have deleted TEMP and TIF files and enabled Show Hidden Files & Folders. Thank you for any help.

Here is my DSS report

DDS (Ver_09-01-07.01) - NTFSx86
Run by Family at 18:40:26.73 on 08/01/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_11
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.44.1033.18.1790.1181 [GMT 0:00]

AV: Kaspersky Internet Security *On-access scanning enabled* (Updated)
FW: Kaspersky Internet Security *enabled*

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2e... Read more

A:Riskware Trojan.generic & riskware worm.P2P.Generic

Howdy, my name is Hoov, and I will be helping you with your dilemma. I appologize for the delay in getting you help.Please make sure you watch this thread for responses. If you click the options tab at the top of your first post, you can select to track this thread. Here is what I am asking you to do during the repair of your computer*Tell me everything that you have done, if anything, to try and fix this problem.*Please only use 1 forum to help clear up your problem. Posting on more than 1 and following instructions from more than 1 forum will cause those helping you to pull out thier hair.*Follow my instructions - If you can't for some reason, or if you don't understand something, please tell me. If you deviate from my instructions, tell me, it may make a difference on where we go. Don't install anything, even other programs that have nothing to do with security or malware, it could cause things to change, and I would never know it. *Have faith. I will do all I can to get your computer working, and if I can't - someone else here will know something else to try. *Stick with me to the end. My aim is to fix your problems, and give you the tools and knowledge to keep this from happening again.Now onto trying to fix your computer.It has been a while since you posted your log, if you still want help could you please post a new one?Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to ... Read more

3 more replies
Answer Match 65.94%

Hi, I keep getting the following message "Generic Host Process for Win32 Services has encountered a problems and needs to close." Short after that I lose my Internet connection. I went to the chat and was asked to post a HijackThis log here. I ran Adaware and Spybot and deleted what it found.Below please find my HijackThis logLogfile of HijackThis v1.99.1Scan saved at 19:12:56, on 04.09.2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Programme\AntiVir PersonalEdition Classic\sched.exeC:\Programme\AntiVir PersonalEdition Classic\avguard.exeC:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\RunDLL32.exeC:\WINDOWS\SOUNDMAN.EXEC:\Programme\AntiVir PersonalEdition Classic\avgnt.exeC:\Programme\Java\jre1.5.0_06\bin\jusched.exeC:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exeC:\WINDOWS ... Read more

A:Generic Host Problem - Loosing Internet Connection / Generic Host Problem

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. I apologize for the delay getting to your log, the helpers here are very busy.Your log is clean, so I don't think the issue is malware related. But let's see if we can figure it out for you.Click Start -> Run -> eventvwr.mscLook in SYSTEM and APPLICATIONS for anything around the time you are getting the error.Double click on anything you see with a red X, press the Copy button, and then paste it here in your next reply.

4 more replies
Answer Match 63.42%

Hello everyone. I had a problem with my PC once in the past & someone here was really nice & showed me how to fix it so here I am again with another problem hoping that someone can help me again.

I got a result in my AVG Anti-Virus scan that had 10 infected files that were not removed.
These are the files:

C:\System Volume Information\_restore{6C78443-313E-4C28-8F15-6B7C41ECCE60}\RP43\A0038541.exe
Trojan horse Generic11.AV
C:\System Volume Information\_restore{6C78443-313E-4C28-8F15-6B7C41ECCE60}\RP43\A0038541.exe:\IMKKZI~1.EXE
Trojan horse Generic11.AV
C:\System Volume Information\_restore{6C78443-313E-4C28-8F15-6B7C41ECCE60}\RP43\A0038544.exe
Trojan horse Dropper.Generic.AAMD
C:\System Volume Information\_restore{6C78443-313E-4C28-8F15-6B7C41ECCE60}\RP43\A0038544.exe:\setup.exe
Trojan horse Dropper.Generic.AAMD
C:\System Volume Information\_restore{6C78443-313E-4C28-8F15-6B7C41ECCE60}\RP43\A0038549.exe
Trojan horse Generic11.AV
C:\System Volume Information\_restore{6C78443-313E-4C28-8F15-6B7C41ECCE60}\RP43\A0038549.exe:\IMKKZI~1.EXE
Trojan horse Generic11.AV
C:\System Volume Information\_restore{6C78443-313E-4C28-8F15-6B7C41ECCE60}\RP43\A0038551.exe
Trojan horse Dropper.Generic.AAMD
C:\System Volume Information\_restore{6C78443-313E-4C28-8F15-6B7C41ECCE60}\RP43\A003851.exe:\setup.exe
Trojan horse Dropper.Generic.AAMD
C:\System Volume Information\_restore{6C78443-313E-4C28-8F15-6B7C41ECCE60}\RP43\A0038556.exe
Trojan horse Generic11.AV
C:\System Volum... Read more

A:Trojan horse Generic 11.AV & Trojan horse Dropper.Generic.AAMD

9 more replies
Answer Match 62.58%

System - Windows 7 Home Premium - 64 bit
After Mcafee scan shows: 2 "unresolved issues". They are 1. Generic PUP.x!ct 2. Generic PUP.z!ca. Mcafee says under "potentially unwanted programs" that they were "unable to delete" these malware programs. What are they and are they harmful to my system? How do I remove them if necessary? I am a bit of a novice so thanks for the help. THX, SK
 

A:"Generic PUP.z!ca" & "Generic PUP.x!ct" Mcafee - "unable to delete" after scan

Hi there.

Those are most probably false positives. What files are being detected as such?

When something is labeled "Generic" it means that McAfee doesn't know what it is but that it looks like something else it knows about.
 

3 more replies
Answer Match 55.44%

I am administrator of 70 PCs with domain.

When i scanned one of my client machine (winxpsp2) by Mcafee 8.5i, i found Generic VB.i Trojan in that pc under Temp folder. I tried to remove it but nothing succeeded.

Is there any method or anti trojan which can remove this.
prompt reply is highly appreciated.

More replies
Answer Match 55.44%

Hi guys, lately i have been having a generic pws.i being cleaned out by mcafee, it will pop up saying that the trojan has been detected and deleted but it will pop back up minutes or hours later and sometimes a day later. I scanned with Hijackthis and this is what i came across. any help would be appreciated. Thank you in advance.
Edit- I have disabled system restore and rebooted but it doesn't seem to work either.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:33:10 PM, on 12/20/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\windows\System32\svchost.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\windows\System32\svchost.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\windows\system32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\W... Read more

More replies
Answer Match 55.44%

I have a computer XP infected w/ Mal Generic A if not other stuff :-( I've been able to get a ComboFix log (see below) any help very much appreciated.

ComboFix 10-08-15.01 - Dan Smith 08/15/2010 13:56:48.3.2 - x86
Running from: c:\documents and settings\Dan Smith\Desktop\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2010-07-15 to 2010-08-15 )))))))))))))))))))))))))))))))
.
2010-08-15 18:27 . 2010-08-15 18:27 -------- d-----w- c:\program files\Microsoft Silverlight
2010-08-15 18:22 . 2010-08-15 18:22 -------- d-----w- c:\documents and settings\Dan Smith\Local Settings\Application Data\PackageAware
2010-08-15 15:02 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-15 20:49 . 2005-12-13 05:22 -------- d-----w- c:\program files\Webroot
2010-06-30 12:31 . 2004-08-10 18:51 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-28 22:35 . 2010-06-28 22:35 -------- d-----w- c:\documents and settings\Dan Smith\Application Data\InstallShield
2010-06-24 12:22 . 2004-08-10 18:51 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2004-08-10 18:51 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2005-12-05 23:05 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-14 14:31 . 2004-08-10 19:02 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2004-08-... Read more

More replies
Answer Match 55.44%

i need help to remove this virus im not sure what it really does, but so far all its done is make my internet browser act odd. Like the name of the site im on wont show at the top of the window and it wont show in the box at the bottom of the screen, also i can't get in to my internet options to get rid of it since form the little ive found out it affects the web browser so id assume itd also affect everyhting involved with except one or two things, one more thign ive descovered it does i cant seem to be able to use the delete key. well that all i know about it can some one help me?
 

More replies
Answer Match 55.44%

I have a generic pup on my computer and its running very very slow, McAfee says it can not fully remove it can anyone help please??????????
 

A:generic pup

16 more replies
Answer Match 55.44%

I have McCafee and it keeps coming up with "Generic PUP X." I tell it to delete it but then I get the message again a few hours later. The biggest problem is that all of the sudden my computer is crashing and running at a snails pace. Any suggestions?
 

A:Generic PUP X.

16 more replies
Answer Match 55.44%

Mcafee keeps telling me I have this trojan horse. Here is my hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 6:48:40 PM, on 8/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\... Read more

A:generic.dx

I have run the sas, combo, and hijack posted above
 

1 more replies
Answer Match 55.44%

i was scanning with mcafee when it found a virus named generic.dx, i googled it and i do have many symptoms, i thought that now would be a good time to try and get help for it as it will not go away!

I did a hijackthis log here ->

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:50:39, on 28/04/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16830)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\WLTRAY.EXE
C:\Windows\sttray.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Users\sean\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program F... Read more

A:Please Help! Generic.dx

bump
 

1 more replies
Answer Match 55.44%

I got this message everytime i start up the PC or when connecting to internet (after disconnection).
I use a win XP pro SP2.

HJT log :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:53:53, on 8-9-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\SiteAdvisor\... Read more

More replies
Answer Match 55.44%

Hi,
McAfee keeps trying to remove the above "Potentially Unwanted Program" but cannot because it may be part of a required program. It's location is C:\ WINDOWS\SYSTEMS32\antiwpa.dll
Comp has been very slow and as of today, cannot delete anything, even by "sliding" into 'delete folder'.
Can anyone help?
Thanks.
 

A:Generic PUP

The file antiwpa.dll comes from the undesirable program Antiwpa.

I suggest you post your thread in the Malware Removal section of the forum.
 

2 more replies
Answer Match 55.44%

I have McAfee and Rootweb spyware and after I ran both of these programs, I was found to have about 27 problems and all of them were fixed and I no longer have any viruses, adware or trojans that I can detect on my system. The problem is that my system keeps telling me that it can not find "C:\documents and settings\owner\local\temp.tt3.tmp.vbs." and my system does not open up the way I had it set up to before this occured. Upon checking it seems that this file was where Generic.dx attached its self. When it was quarantined it appearently removed this file or program. How do I restore this file with out reactivating Generic.dx

I hope this is simple.

JJARX1
 

More replies
Answer Match 55.44%

I've got it bad and that aint good. My first indication was a svchost response on Mcafee and now I'm find other infections as I perform a major scan. Mcafee is finding and cleaning a majority of trojans but that svchost.exe problem wont clean, quarantine or delete. Any suggestions?

My HJT log file is below:
Logfile of HijackThis v1.99.1
Scan saved at 7:40:04 PM, on 9/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\PROGRA~1\MUSICM~1\MU... Read more

A:Generic VB.b

Hi and welcome to TSG,

If you have taken anything out of startups via msconfig please go to Start – Run – type in msconfig – click OK and click on the Startup tab. Click on Enable All then Apply and OK. Then please do the following:

Click here to download HJTsetup.exe

Save HJTsetup.exe to your desktop.
Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

 

2 more replies
Answer Match 55.44%

Hello, I found multiple virus alerts on my mcafee virus scan. Only a few are deleted all the other 4000 or so say file is not cleanable. I'm using windows xp Home edition. All the virus alerts read Generic.dx!hv.t trojan.
Can anyone help?

More replies
Answer Match 55.44%

Well earlier today McAfee starting giving me alerts that say Trojan Detected, and they said:Detection: Generic.dx (Trojan), Generic.dx (Trojan)File Path: C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\dat1443.tmpTheres also another that will come up that says all the same, except it has "dat1442" instead of 1443.Every time I click Remove this file, it simply says it cannot be removed and asks if I want to restart and scan for it. When I say yes it restarts, and it just gives me the alert again and tells me it can't be removed. Its also seems to be causing performance problems with my computer.I ran Deckard's System Scanner earlier and it gave me both the main.txt and the extra.txt, but told me I had to update my HijackThis. So I did, and now whenever I run DSS its only giving me the main.txt and not the extra....Here's the main:Deckard's System Scanner v20071014.68Run by Compaq_Owner on 2008-06-08 00:48:39Computer is in Normal Mode.--------------------------------------------------------------------------------Total Physical Memory: 511 MiB (512 MiB recommended).-- HijackThis (run as Compaq_Owner.exe) ----------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:48:52 AM, on 6/8/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16640)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:�... Read more

A:Generic.dx!

Uninstall Limewire please.Download ComboFix from Here or Here to your Desktop.Double click combofix.exe and follow the prompts.When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next replyNote: Do not mouseclick combofix's window while its running. That may cause it to stall

1 more replies
Answer Match 55.44%

This Generic PUP.x warning pops up on start of my computer every day. The warning is only through McAfee. I have scanned with everything known to mankind so don't tell me to download adawarewindowsdefendermalwarespybotccleaner or any other thing else (except Hijack This of course, ahem). No other program detects anything and I have scanned daily. I have updated dat files etc. Mcafee doesn't even pick it up in their scan even though they are the ones giving the popup warning! If I close the popup warning it IMMEDIATELY pops back up with a new ~os.tmp\AppInit.dll file number. It cannot be deleted either. In fact the file name changes with each warning but the warning is always "Generic PUP.x" McAfee's India techie in mumbai or delhi or something had me do things I had already done on my own then proceeded to direct me to the Virus Removal Group (HA) to the tune of $89.95 because she/he did not know what they were doing. This almost makes me think my little hidden temp file (I can never find it) is totally innocent and the generic pup is a money making scam. The popup is getting ANNOYING though. HELP ME!!!!!!!!
 

A:Generic pup.x

16 more replies
Answer Match 55.44%

My computer is infected with generic.dx
McAfee says it deletes the file, yet when I turn off the computer and log back in, it's back. I've had this trojan for awhile and I believe it's starting to cause serious problems in my computer, so I want it off as soon as possible. If you can help me, thank you so much! And there may be more problems... I'm not that good with my computer... -__- A family member owned this computer before me, too.
Here's the HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:15:06 AM, on 3/21/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Microsoft SQL Server\MSSQL$RETSDATA\Binn\sqlservr.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost... Read more

A:Need help getting rid of generic.dx (HJT log)

7 more replies
Answer Match 55.44%

I am but another victim of Generic.dx. Please advise process for removal.Window ME, 4.90.3000, Pentium III, 512MB RAM.

Based on other posts, I downloaded ComboFix. After I double click, it gives me a window foe a millisecond. I am unable to get the Hijack this log.
 

A:Generic.dx help

attached is mj HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:35:15 PM, on 11/25/2008
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCSHLD9X.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\OASCLNT.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCTSKSHD.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 4\CREATECD\CREATECD.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\EXIF LAUNCHER\QUICKDCF.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSFTSN.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\PROGRAM FILES\TREND MICRO\HIJACKTHIS\HIJACKTHIS.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=
F1 - win.ini: run=hpfsched
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolba... Read more

2 more replies
Answer Match 55.44%

I have this virus on my computer that McAfre says cannot be repaired (removed)
Any help?
THX
 

More replies
Answer Match 55.44%

I have the same problem as "Stuby". McAfee cant delete it, has significantly slowed my computer, and now in the last 2 days I have had a virtual memory low pop-up a few times. I have installed and ran the HiJackThis as Km2357 suggested. Waiting for next step please advise. Thank you.
Windows XP SP3
 

A:Generic PUP.x

Bump
 

3 more replies
Answer Match 55.44%

Ok I need help please! My Nortons expired awhile back and last night something happened from a program or website I was on. I was trying to download a movie but anway I have windows vist 32 bit.. All of a sudden a windows security window popped up and said my firewall was off and it something about you have no Anti Virus detected on your computer and I may have clicked on install now I don't remember what I did but some malware defender or something installed and I uninstalled it.. I see this windows security icon in my taskbar and it won't let me exit it out. It keeps saying your computer has serious threats danger. I downloaded AVG.. I am having the peoblems as earlier posyers above. I keep getting this fake security center alert window poping up.. I keep getting all these different names. I am getting the back door one this Net-Worm.Win32.DipNet.d,Trojan.Win32Agent.doc,RootKit.Win32.Agent.pp,Win32.Hala.a and a couple other named ones. AVG found a threat and in the vault it says Trojan Horse Generic 16.BVN. It says it is in C/users/Owner/appdata/local/temp/installer.exe The security window popping up says unblock keep blocking which are greyed out and then enable protection. When I click on enable protection it says Threat found and the same generic 16.BVN keeps going to the vault and this is happening over and over but I keep getting this red circle with a white X that says Windows cannot acess the specified device,path, or file. You may not have the ap... Read more

A:Generic 16.BVN

Hello, I moved this here..First some advice on this infection.One or more of the identified infections is a backdoor trojan.This allows hackers to remotely control your computer, steal critical system information and download and execute files.I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?When Should I Format, How Should I ReinstallWe can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.To start cleaning ,Run RKill....Please download Rkill by Grinler and save it to your desktop.Link 2Link 3Link 4Double-click on the Rkill desktop icon to run the tool.If using Vista, right-click on it and Run As Administrator.A black DO... Read more

1 more replies
Answer Match 55.44%

My girlfriends comp got the blue screen of death. I rebooted to last known stable time was and Immediately a McAfee popup showed the prescence of Generic.dx.

I know that there are files that have to be removed manually but I don't know what to look for.

I will attach the HJT logfile

Thanks in advance for the help guys
 

A:Generic.dx Help!!!!

14 more replies
Answer Match 55.44%

I have a generic pup on my computer and its running very very slow, McAfee says it can not fully remove it can anyone help please
 

A:generic pup.x

16 more replies
Answer Match 55.44%

Have spyhunter3 and everytime I do a scan this generic.dx trojan pops up. I downloaded and ran Hijackthis and here is a log.
Any help is much appreciated.
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe... Read more

A:Generic.dx Help

forgot to add this part of the log
Scan saved at 7:09:08 PM, on 12/14/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
 

1 more replies
Answer Match 55.44%

Webroot Sypsweeper reported I had a couple trojans and generic-a I was able to clean up the trojans but can not get rid of generic-a and need some help please!! I have attached the hijack this report and have the combofix log if you need to see it.

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/12 07:41
Program Version: Version 1.3.5.0
Windows Version: Windows XP Media Center Edition SP2
==================================================

Drivers
-------------------
Name: catchme.sys
Image Path: C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\catchme.sys
Address: 0xF78D0000 Size: 31744 File Visible: No Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF0E4D000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7AC0000 Size: 8192 File Visible: No Signed: -
Status: -

Name: PROCEXP90.SYS
Image Path: C:\WINDOWS\system32\Drivers\PROCEXP90.SYS
Address: 0xF7B02000 Size: 6464 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xED95E000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

SSDT
----------... Read more

A:MAL/Generic-A

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Answer Match 55.44%

I need help removing trojan Generic.dx
windows xp did scan McAfee cls cannot be removed
E:\Drivers\win_9x\LXCFSR9X.EX
 

More replies
Answer Match 55.44%

Hello , I have mcafee virus scan on my computer and It is coming up with multiple Generic.dx trojans that it cannot remove. I have windows xp Home Edition. Can anyone help?
 

More replies
Answer Match 55.44%

Although I have seen many threads in here that helped, I have recently acquired a game from my roommate that he most likely downloaded...I installed it and McAfee being the program it is, caught an infection "LOGONSYS.EXE GenericPWS.y, GenericPWS.y, GenericPWS.y, GenericPWS.y". I did a system scan shortly after and found another little tidbit "is162728.exe Vundo.gen.m". McAfee asked for a restart to remove them and I promply restarted. When everything started back up, McAfee saw no threat and I continued doing my everyday work. Sometime midday McAfee poped-up and said it found "LOGONSYS.EXE Generic PWS.y". Again it asked for a restart. This repeated 2 more times in the past two days. I decided to snoop around and found in %TEMP% a copy of the game which is gone now. Curiously there was a txt file that shot out at me.
key.txt
I opened it and sure enough it was a keylogger with personal information in it. I manually deleted the txt file, but I feel rather unsafe. So now I am here, a step before a reinstall of Vista to see if I can do without such a step.
(*note: my computer was clean 4 days ago.)
Heres the HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:04:47 PM, on 2/20/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\PROGRA~2\McAfee\MSC... Read more

More replies
Answer Match 55.44%

My Laptop has been infected by this Trojan and even my Mcafee is not able to update after this infection. The internet is also not Connecting What shall i do to get rid of this virus.

I came to know about it when i downloaded a file onto a pen drive and then used it on my desktop which in turn then detected it to have this virus

Please help

Tanay
 

More replies
Answer Match 55.44%

I have been using a generic-store-brand cdrw drive on my PC for abouta year.

Many times (too many) I see my other drives -a, c, d, e, but I do not see my cd rom drive listed when I click on "My Computer" within XP PRO.

Sometimes I can find the cd rw drive using the "Add new hardware" option in XP PRO. Other times the cd rw drive is not listed to select from within the add new hardware menu.

Sometimes I reboot and find my cd rw drive normally along with the other drives, and other times (too many) I do not find my cd rw drive.

Please note the drive is correctly plugged in.

What can I do to assure that ALL my drives load up during boot process?

 

A:Generic CD RW and XP PRO

8 more replies
Answer Match 55.44%

I have a virus/trojan, i have installed HiJackThis and here is my log Logfile of Trend Micro HijackThis v2.0.2Scan saved at 21:57:43, on 2009-02-16Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16791)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exeC:\Program Files\Analog Devices\SoundMAX\Smax4.exeC:\Program Files\McAfee\Common Framework\UdaterUI.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exeC:\Program Files\McAfee\Common Framework\McTray.exeC:\Program Files\iTunes\iTunesHelper.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Druide\Antidote\Gestionnaire A... Read more

A:Generic.dx

I got infected by some MSN link

(I'm new to this forum)

Thank you,

12 more replies
Answer Match 55.44%

Trend Micro keeps finding RAP Generic on it's daily scan. It will not delete it so I am hoping you guys can help.Here is my Log from HijackThis:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:30:04 PM, on 08/11/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\Explorer.EXEC:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exeC:\WINDOWS\ehome\RMSvc.exec:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exeC:\WINDOWS\system32\svchost.exeC:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exeC:\Prog... Read more

A:Rap Generic

Hello and welcome to BCWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. We aim to provide the valuable service known to come from BC to every member we can, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay. Please see here for instructionshow to install HijackThis and make a logfile. Save it into convenient location and include it to your next reply, please.NextPlease do a scan with Kaspersky Online ScannerNote: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.Click on the Accept button and install any components it needs.The program will install and then begin downloading the latest definition files.After the files have been downloaded on the left side of the page in the Scan section select My ComputerThis will start the program and scan your system.The scan will take a while, so b... Read more

2 more replies
Answer Match 55.44%

Hi
Can anyone help me with my problem, I have this virus or whatever called generic.dx and i'm not able to remove it ..someone help me please ! !
 

A:Generic.dx

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:33:57, on 2009-05-24
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MétéoMédia\MétéoÉclair\WeatherEye.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\Program Files\Fichiers communs\Network Associates\McShield\Mcshield.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackTh... Read more

1 more replies
Answer Match 55.44%

Trying to fix a friends machine, but I am stumped on this one. The Trojan shows in McAfee as "Generic PWS.aq". Have looked high and low for a fix to no avail. I know the registry keys/values involved, but they keep regenerating. In the log below, the main culprit is:

O20 - AppInit_DLLs: winmm.dll
But I cn't seem to get rid of it.

Mcafee recognizes the name of the file as: FDCWQ.old or fdcwq.old Detected as Generic PWS.aq Located in the users profile in the temp folder.

Here is a HT log:

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 3:02:11 PM, on 3/2/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:... Read more

A:Generic PWS.aq

bump...with new info
 

1 more replies
Answer Match 55.44%

McAfee has alerted me for some time now that I have the Generic PUP.q. The window that appears gives me three options: Remove, Allow or Ignore. Initially, I clicked Remove everytime, but ultimately would wind up with a message that stated this PUP cannot be removed. Eventually, I did a search and found that bleepingcomputer.com had a fix for this problem. I followed all the steps to the letter, but still continued to have the PUP. I posted this as a new topic and received the Preparation Guide that I am now using. It was very involved and did cause problems with my computer. I lost the ability to connect to the Internet and had to contact Comcast for troubleshooting. After spending 30-45 minutes on the phone, a very nice tech was able to help me get my computer up and running again. I had to use the ADD/REMOVE function (or install on the All Programs) to remove all the previous antivirus, etc. programs your instructions had me install. I spent almost the entire day yesterday finally getting everything worked out (hopefully) and have now arrived at the conclusion to the process. I am not sure what a PUP is, much less a Generic PUP.q), but feel that my computer has not acted normally in all respects since I acquired it. For instance, I have no "Contents and Index" in the Help menu on Internet Explorer 6 (I upgraded to Internet Explorer 7 some time ago, but it wiped my computer out. I had to take it to a repair shop. They said it was a very difficult problem to diagnos... Read more

A:Generic Pup.q

Welcome to the BleepingComputer HijackThis Logs and Analysis forum FlyerEd My name is Richie and i'll be helping you to fix your problems.Download and run Fixwareout from the link below: http://www.bleepingcomputer.com/files/lonny/Fixwareout.exeAfter the reboot post the contents of the logfile C:\fixwareout\report.txt in your next reply.-------------------------------------------Please download Combofix and save to your desktop:Note: It is important that it is saved directly to your desktop Close any open browsers. Double click on combofix.exe and follow the prompts. When it's finished it will produce a log. Post the entire contents of C:\ComboFix.txt into your next reply. Note: Do not mouseclick combofix's window while it's running. That may cause the program to freeze/hang. Also post a new Hijackthis log please.

1 more replies
Answer Match 55.44%

Hello MODS,

Last month while travelling for work I unknowingly downloaded some trojans. I use Macaffe enterprise antivirus which was reporting Vundo and Generic.dx. I get trojan pop ups on start up, intermittently during the session and whenever I use windows to access My Computer.

Using spybot, I managed to stop the Macaffe pop-up alerts for Vundo but still have issues with Generic.dx (which I now know Macaffe can't eliminate). The other thing is that the trojan (or something else) is leaving ".TMP" files all over my C drive which cannot be deleted. I am sending you the HJT log report I ran last night and a screen shot of the error message I get when I try to delete those ".TMP" files. Lastly, there are two icon shortcuts on my desktop which always reappear after I delete them (it gets really annoying).
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:05:30 PM, on 3/12/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network... Read more

A:GENERIC.dx HJT log

6 more replies
Answer Match 55.44%

My Trend Micro Internet Security popped up saying I had a file infected with PAK Generic.001 that it couldn't quarantine. I found the file but couldn't delete it myself, so I moved it into a garbage folder under My Documents until I could figure out what to do with it. Here's my HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:53:28 PM, on 3/10/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Trend Micro\BM\TM... Read more

A:HELP with PAK Generic.001

bump
 

1 more replies
Answer Match 55.44%

Please help!
I am using windows xp with mcAfee and this files keeps reappearing after the scan states it has cleaned it.
Please help
 

A:generic.dx

9 more replies
Answer Match 55.44%

I am problems with my computer. It has been going slow for a while and I've been running Malaware and adaware but nothing has really come up. Today mcaffee found a trojan called generic.dx!fio. It keeps telling me that it finds it, and that it is deleted, but it instantly comes back in the folder even when I try to manually delete it. I tried starting in safe mode, but when I do it begins the process of starting up and then flashes a BSOD and restarts. I have run HJT and the log file is below.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:50:03 PM, on 9/28/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\L... Read more

A:Generic.dx!fio

If it helps any, I downloaded RunAnlyer which is from the Spybot website and I found the file that is the problem listed under services tab and under:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\
Description: Current, default

and

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\
Description: Last Known Good

I tried deleting it and disabling its start up, but after I save changes and close and re-run the program, the file is there and back to starting up with system.
 

1 more replies
Answer Match 55.44%

I am running Trend Micro PC cillin virus protection. I am receiving a pop up window every few seconds warning me that Real Time Protection detected a virus, spyware or other security risk. It reports that action taken... The quarantine action was unsucssfull manually deleting the file if you are sure that it is not needed.Inident name is C:\windows\system32\NTVDM.DLLDetection name is PE GenericI have tried to manually delete the file however I am unable to do soCan you help regards Gary CliffLogfile of HijackThis v1.99.1Scan saved at 1:22:03 PM, on 2/07/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Ahead\InCD\InCDsrv.exeC:\WINDOWS\SYSTEM32\SPOOLSV.EXEC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\EXPLORER.EXEC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\PROGRA~1\TRENDM~1\INTERN~2\PCCTLCOM.EXEC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\WINDOWS\System32\spool\DRIVERS\W32X86&#... Read more

A:Pe Generic

Hi there and welcome to Bleeping Computer !As you may have noticed already, the forums are very busy at the moment and i have noticed your log has gone unanswered so far!We look at the oldest logs first, and we were wondering that if you still need help, please start by posting a new HijackThis log in this topic and i will then be able to take a look!Thanks very much David

2 more replies
Answer Match 55.44%

Hello Everyone!

My McAfee Security Center recently found "Generic PUP.x" on my computer. I then went to the McAfee site for more information. They say it possibly could be or could not be a threat to my computer. It may be part of a license agreement from McAfee or part of some other bundled package from another software supplier. That is why I came here to see if you can help find out what it is.

Here is the search results that the McAfee scan came up with.

File Name: D:\MATTHEW-PC\Backup Set 2008-02-11 134738
\Backup Files 2008-02-11 134738\Backup iles 2.zip

I have not run any other scans yet, with: a squared free,SuperSpyware free,Spybot S&D,SpywareBlaster, or Malwarebytes Anti-Malware. I will make sure they are all up to date and then run full or deep scans.

Should I do all the scans in safe mode? or just do the scans when I am offline after a normal start up?

I know not to do all the scans at the same time.

If you need any more information just let me know.

Matt

A:"generic Pup.x"

Certain embedded files that are part of legitimate programs or specialized fix tools, may at times be detected by some anti-virus/anti-malware scanners as a "RiskTool", "Hacking tool", "Potentially unwanted program", or even "malware (virus/trojan)" when that is not the case. Such programs have legitimate uses in contexts where an authorized user or administrator has knowingly installed it. These detections do not necessarily mean the file is malware or a bad program. It means it has the potential for being misused by others. Anti-virus scanners cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert you or even automatically remove them.Do you recognize those files or know what program created them?

14 more replies
Answer Match 55.44%

Hi to all
Mcafee recently showed me that a trojan of the name of generic.dx!ttw was found in my laptop pc. They recommend to restart the computer to fix the issue but it wasnt able to resolve the problem so they kept alerting me the generic.dx!ttw was onboard the system and to restart it. I have although been able to run a scan which highlighted 3 objects detected

02/10/2010 7:15:42 PM "C:\Users\dadou\AppData\Local\Temp\D485.tmp" "Artemis!8CEE56E157B7" "5"

02/10/2010 7:15:44 PM "C:\Users\dadou\AppData\Local\Temp\FDF6.tmp" "Artemis!8CEE56E157B7" "5"

02/10/2010 8:03:14 PM "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|svchost" "WINHOST" "14"

could you please help me
thanks in advandce

A:generic.dx!ttw

Please see this report Trojan-PSW.Generic|Infostealer|Troj/Koceg-Gen|Trojan.Gen-Antivirus 365 Club
You have a Backdoor Trojan/password stealer ....

Warning! Backdoor Trojans

These are the most dangerous, and most widespread, type of Trojan.
Backdoor Trojans provide the author or ?master? of the Trojan with remote ?administration? of victim machines. Unlike legitimate remote administration utilities, they install, launch and run invisibly, without the consent or knowledge of the user. Once installed, backdoor Trojans can be instructed to send, receive, execute and delete files, harvest confidential data from the computer, log activity on the computer and more.
If your computer was used for online banking or has credit card information on it, all passwords should be changed immediately to include those used for email, eBay and forums.
You should consider them to be compromised.
They should be changed by using a different computer and not the infected one, if not an attacker may get the new passwords and transaction information.
Banking and credit card institutions should be notified of the possible security breech.
More info can be found below:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
How to report ID theft, fraud, drive-by installs, hijacking and malware? Security - dslreports.com
When should I re-format? How should I reinstall?
When should I re-format? How should I reinstall? Security - dslreports.com
If you choose to format and reinstall s... Read more

1 more replies
Answer Match 55.44%

I use McAfee with all latest updates and I keep seeing it saying it's removing files off my computer with Generic.dx in them. It seems like everyday I start my pc McAfee finds a new one and/or the same one from a "previously" fixed one. Not real sure what to do at this point, it's becoming agrivating seeing those McAfee notices on a daily bases.

I have run HJT and here is my logfile:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:32:17 PM, on 10/25/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\QUICKENW\QWDLLS.EXE
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceA... Read more

More replies
Answer Match 55.44%

Please help me to remove this virus...

My first combofix report:

ComboFix 08-02.05.3 - Administrator 2008-02-07 12:32:16.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.874.66.1033.18.259 [GMT 7:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\gsbqjdno.dll
C:\Documents and Settings\Administrator\My Documents\pos1F5.tmp
C:\Documents and Settings\Administrator\My Documents\pos1F6.tmp
C:\Documents and Settings\Administrator\My Documents\pos1F7.tmp
C:\Documents and Settings\Administrator\My Documents\pos1F8.tmp
C:\Documents and Settings\Administrator\My Documents\pos1F9.tmp
C:\Documents and Settings\Administrator\My Documents\pos1FA.tmp
C:\Documents and Settings\Administrator\My Documents\pos1FB.tmp
C:\Documents and Settings\Administrator\My Documents\pos1FC.tmp
C:\Documents and Settings\Administrator\My Documents\pos1FD.tmp
C:\Documents and Settings\Administrator\My Documents\pos1FE.tmp
C:\Documents and Settings\Administrator\My Documents\pos1FF.tmp
C:\Documents and Settings\Administrator\My Documents\pos200.tmp
C:\Documents and Settings\Administrator\My Documents\pos201.tmp
C:\Documents and Settings\Administrator\My Documents\pos202.tmp
C:\Documents and Settings\Administrator\My Documents\pos203.tmp
C:\Documents and Settings\Administrator\My Documents\pos204.tmp
C:\Documents and Settings\Administrator\My Do... Read more

A:Help!!! Generic.dx

My second combofix report:

C:\Documents and Settings\Administrator\My Documents\pos39A.tmp
C:\Documents and Settings\Administrator\My Documents\pos39B.tmp
C:\Documents and Settings\Administrator\My Documents\pos39C.tmp
C:\Documents and Settings\Administrator\My Documents\pos39D.tmp
C:\Documents and Settings\Administrator\My Documents\pos39E.tmp
C:\Documents and Settings\Administrator\My Documents\pos39F.tmp
C:\Documents and Settings\Administrator\My Documents\pos3A0.tmp
C:\Documents and Settings\Administrator\My Documents\pos3A1.tmp
C:\Documents and Settings\Administrator\My Documents\pos3A2.tmp
C:\Documents and Settings\Administrator\My Documents\pos3A3.tmp
C:\Documents and Settings\Administrator\My Documents\pos3A4.tmp
C:\Documents and Settings\Administrator\My Documents\pos3A5.tmp
C:\Documents and Settings\Administrator\My Documents\pos3A6.tmp
C:\Documents and Settings\Administrator\My Documents\pos3A7.tmp
C:\Documents and Settings\Administrator\My Documents\pos3A8.tmp
C:\Documents and Settings\Administrator\My Documents\pos3A9.tmp
C:\Documents and Settings\Administrator\My Documents\pos3AA.tmp
C:\Documents and Settings\Administrator\My Documents\pos3AB.tmp
C:\Documents and Settings\Administrator\My Documents\pos3AC.tmp
C:\Documents and Settings\Administrator\My Documents\pos3AD.tmp
C:\Documents and Settings\Administrator\My Documents\pos3AE.tmp
C:\Documents and Settings\Administrator\My Documents\pos3AF.tmp
C:\Documents and Settings\Administrator\My Documents\pos3B0.tmp
... Read more

3 more replies
Answer Match 55.44%

I have this PUP in my computer, Windows XP , mu McAfee security centre can't help. Could you help? Many thanks
 

A:Generic PUP.Z

7 more replies
Answer Match 55.44%

The virus name according to avg is trojan horse downloader.generic10.umpI have been having issues with my computer, getting .dll errors and generic host errors. These usually result in my sound not working and system slowdown/freezing, but I have been able to work around it looking for answers. I came across forums about using combofix and followed guidelines and ran a scan and want to make sure everything is clean; it seems to be working very well now. I only read that I should wait to be told to use combofix on this forum after I already ran it, but I followed every step precisely.I rebooted in safe mode, ran combofix (installed microsoft recovery console), a rootkit was detected and restarted. It finished the scan and here is the log file:ComboFix 10-10-01.07 - Genghis Kahn 10/02/2010 12:28:49.1.1 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1516 [GMT -7:00]Running from: c:\documents and settings\Neaves Family\My Documents\My Downloads\ComboFix.exeAV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\documents and settings\Laurie\Application Data\jsdfgs.batC:\Install.exec:\program files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}c:\program files\Mozilla Firefox\extensions\{... Read more

A:Generic 10

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.We need to create an OTL report,Please downloa... Read more

37 more replies
Answer Match 55.44%

Hi, I just follow the tutorials from the older post. and here is part of the step that need to be fixed. Please tell me what to check so I can start clicking of Fixed Checked.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:54:21 PM, on 2/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\VM305_STI.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndex... Read more

A:Generic.dx

Hi, Welcome to TSG!!

Run HJT again and put a check in the following:

O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe

Close all applications and browser windows before you click "fix checked".
Click Here and download Killbox and save it to your desktop.
Double-click on Killbox.exe to run it.
Put a tick by Delete on Reboot.
In the "Full Path of File to Delete" box, copy and paste the following:

C:\WINDOWS\system32\amvo.exe

Click on the button that has the red circle with the X in the middle after you enter the file name.
It will ask for confimation to delete the file.
Click Yes.
It will ask if you want to reboot now,
Click Yes.

Note: It is possible that Killbox will tell you that the file does not exist.

If your computer does not restart automatically then please restart it manually.
If you get an error message "PendingFileRenameOperations Registry Data has been Removed by External Process!" message then just restart manually.

Please perform a scan with Kaspersky Webscan Online Virus Scanner

1. Read the Requirements and Privacy statement, then select "Accept".
2. A new window will appear promting you to install an ActiveX component from Kaspersky - "Do you want to install this software?".
3. Click "Yes" or select "Install" to downloa... Read more

1 more replies
Answer Match 55.44%

Hi,
McAfee keeps trying to remove the above "Potentially Unwanted Program" but cannot because it may be part of a required program. It's location is C:\ WINDOWS\SYSTEMS32\antiwpa.dll
Comp has been very slow and as of today, cannot delete anything, even by "sliding" into 'delete folder'.
Have taken the liberty pasting below HJT log,
Can anyone help?
Thanks.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:54:52 p.m., on 19/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Bonjour\mD... Read more

More replies
Answer Match 55.44%

Hi all, my laptop won't boot, it says non system disk/disk error so I want to buy a new hdd. Specs state it's an IDE ATA-5. My question is does the replacement I buy have to also be ATA-5 or can I use a generic ATA?Thanks in advance.

A:Can I use a generic ATA or must it be ATA-5 again?

ATA-5 is also called IDE-100 and ATA-6 is IDE-133. The slowest thing you are likely to find out there is ATA-4 or IDE-66. You can use any 2.5 inch laptop hard drive with the brass pins (old school, pre-SATA design) called PATA, IDE or ATA (all the same thing) and 9.5 mm thick.  Ths would work, for example.  https://www.amazon.com/160GB-HTS541616J9AT00-Inch-Laptop-Drive/dp/B017HJ2LNU/ref=sr_1_8?ie=UTF8&qid=... They are not making new ones. If you can, try to find a 7200 rpm spin speed. Again, getting very hard to find and try to be sure you are getting new old stock and not a used drive. 

1 more replies
Answer Match 55.44%

Hi,

My trend anti-virus software keeps popping up talking about pax.generic 001, I ran combofix, but I am not sure this fixed the issue.

Can anyone help?

Thx

Gary

More replies
Answer Match 55.44%

I have tried McAfee and spybot but nothing seems to get rid of this. I was recommended by The McAfee forums to download hijackthis and post the logs to sites like yours. I'm not sure if I am in the right place but i'll post it here.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:48:43, on 11/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\... Read more

A:Generic pup.i please help.

8 more replies
Answer Match 55.44%

I am receiving a Virus Warning from Trend Micro Internet Security 2007 indicating that I have the PAK Generic.001 virus.

I'm not sure how it happened; but, I read some of the posts and went ahead and downloaded the hijackthis program and ran the scan to come up with the following log (any help is appreciated):

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:09:21 AM, on 2/6/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\SYSTEM32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Digital Media Reader\shwiconEM.exe
C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgets.exe
C:\Windows\SYSTEM32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\taskmgr.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PCCMAIN.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.igl.net/ygin
R1 - HKLM\Software\Microsoft\Internet Explore... Read more

A:Help with PAK Generic.001

8 more replies
Answer Match 55.44%

My PC had ATI Mobility Radeon 4500HD, I download the driver from support.amd.com and installed it, but strange problem happened when I wanted to play some games with it.

when the game launcher opened, the graphic card shows GDI Generic, when I clicked at "Detect", it says "Card is not listed, assuming medium settings"

I also checked the update for the driver but it says driver is up to date.
I reinstalled the ATi Graphic Card but it's not solving my problem.

how to solve this?

More replies
Answer Match 55.44%

I have a Dell Vista system and am running Trend Micro PCcillin Internet Security. I also run Spybot S&D, and Lavasoft Adaware. Almost every morning (it doesn't have to be at startup) I will get a popup from TM PCcillin that states that I have RAP Generic and it cannot be deleted. Once wouldn't be too bad, but it will popup approximately 40-60 times before it finally quits. When the window pops up, it comes up on top of whatever I'm doing, thereby I'm unable to do anything until it's gone. BTW my experience level would probably experienced beginner. Thanks in advance for your help.

More replies
Answer Match 55.44%

Hey guys mcafee poped up and said my computer is infested with generic.dx, I am attaching a hjt log please help. Thank YouLogfile of Trend Micro HijackThis v2.0.2Scan saved at 5:12:42 PM, on 2009-01-08Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeC:\WINDOWS\system32\DVDRAMSV.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\WINDOWS\system32\lxcycoms.exeC:\Program Files\McAfee\Common Framework\FrameworkService.exeC:\Program Files\McAfee&... Read more

A:Generic.dx

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed. Use the 'Add Reply' and add the new log to this thread. Also please explain your problem as fully as possible. Each little detail will help in getting your system cleaned up and functional again.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scans:Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mba... Read more

2 more replies
Answer Match 55.44%

Hey guys. I'm new here and appreciate your patience in advance! I had a virus last week and i reformatted my harddrive. Spybot comes back clean. However, Malwarebytes comes back with Generic.Bot.h and it won't go away! Can I get some help with this? Would you need to see the log from the Malwarebytes "removal"? Or possibly a HiJackThis log? Please let me know~

A:Generic.Bot.h

Hello and wlcome..We need to disable Spybot S&D's "TeaTimer" if it's running.TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.If prompted with a legal dialog, accept the warning.Click and then on "Advanced Mode"
You may be presented with a warning dialog. If so, press Click on Click on Uncheck this checkbox:
Close/Exit Spybot Search and DestroyNext run ATF and SAS: If you cannot access Safe Mode,run in normal ,but let me know.Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".From your regular user account..Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..DO NOT run yet.Open SUPER from icon and install and Update itUnder Scanner Options make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program. DO NOT run y... Read more

7 more replies
Answer Match 55.44%

After going through the first (long) process of downloading programs and scanning, my computer became unable to connect to the Internet. I solicited Comcast Tech Support's help and they showed everything to be okay. We began one at a time to uninstall all the software programs (AVG, SpyBot, etc.) until I was finally able to reconnect. After this, I was left with no anti-virus or spyware on my computer. Since McAfee's complete security package is free with Comcast service, I attempted to download all it's components again. They would not download. I went back and did downloads of the "free" programs from SpyBot and AVG (Grisoft) to have at least minimum protection. Immediately, I became inundated with various pop-ups (guess that's what you would call them). They kept telling me my computer was infected with various viruses and that my system wasn't protected, etc. They had names like Error Cleaner, Spyware&M...Protection, Ultimate Defender, Ultimate Cleaner, WinAntispyware, Drive Cleaner, etc. One entitled Privacy Protector took over my desktop with a satanic looking symbol in the middle, changed the screen color to bright red, and had the following wording under the symbol: "Your Privacy is in Danger" and "Download Privacy Protection Software Now". I can close these and delete their icons from my desktop, but they just keep coming back over and over again. My computer is now in a much bigger mess than it has ever been. HELP!Logfile of Tre... Read more

A:Generic Pup.q

I'm really not sure what I've pasted here. Part of it may be a duplication. I'm not much of a computer guru, so I'm kind of "winging" it so to speak. Hope this is what you need along with the new Hijack This Log I posted. If you need more info, just let me know what and HOW!FlyerEd"Owner" - 2007-07-10 12:07:26 - ComboFix 07-07-10.5 - Service Pack 2 ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))C:\DOCUME~1\Owner\Desktop.\Error Cleaner.urlC:\DOCUME~1\Owner\Desktop.\Privacy Protector.urlC:\DOCUME~1\Owner\Desktop.\Spyware&Malware Protection.urlC:\DOCUME~1\Owner\Desktop\internet.lnkC:\DOCUME~1\Owner\FAVORI~1.\Error Cleaner.urlC:\DOCUME~1\Owner\FAVORI~1.\Privacy Protector.urlC:\DOCUME~1\Owner\FAVORI~1.\Spyware&Malware Protection.urlC:\WINDOWS\dat.txtC:\WINDOWS\main_uninstaller.exeC:\WINDOWS\msddx.dllC:\WINDOWS\msqnx.dllC:\WINDOWS\privacy_dangerC:\WINDOWS\privacy_danger\images\capt.gifC:\WINDOWS\privacy_danger\images\danger.jpgC:\WINDOWS\privacy_danger\images\down.gifC:\WINDOWS\privacy_danger\images\spacer.gifC:\WINDOWS\privacy_danger\index.htmC:\WINDOWS\qnxplugin.dllC:\WINDOWS\rs.txt(((((... Read more

12 more replies
Answer Match 55.44%

My McAfee keeps finding the Generic PUP x or z even though I keep removing it. It tends to come back every hour or two and the computer is extremely slow. I have tried System Restore to an earlier day and have scanned it using McAfee which doesn't find anything when I scan. I have also tried the Housecall by TrendMicro, but it just gets stuck on "testing platform and browser" for hours without any progress. What can I do? Thanks for your help.
 

A:Generic Pup X and Z

7 more replies