<![CDATA[TechSpot OpenBoards - Virus & Malware removal]]>

<![CDATA[TechSpot OpenBoards - Virus & Malware removal]]> http://www.techspot.com/vb/ Is your PC troubled? Viruses, malware support and how to prevent them. en Fri, 20 Nov 2009 22:36:31 GMT vBulletin 60 http://www.techspot.com/vb/images/misc/rss.jpg <![CDATA[TechSpot OpenBoards - Virus & Malware removal]]> http://www.techspot.com/vb/ Cpu 100% randomly http://www.techspot.com/vb/topic138350.html Fri, 20 Nov 2009 13:35:40 GMT So my cpu goes to 100% alot but its not any one program, it jumps around. one minute its firefox then some svchosts... basically random programs. Iv already tried anti-virus and other programs and none work. Im running windows XP btw. hope this all helps some info: Model - Aspire 5520... So my cpu goes to 100% alot but its not any one program, it jumps around. one minute its firefox then some svchosts... basically random programs. Iv already tried anti-virus and other programs and none work. Im running windows XP btw. hope this all helps

some info:
Model - Aspire 5520
Processor - AMD Turion(tm) 64*2 Mobile technology TL-60 2.00 GHz
Memory RAM - 3.00 Gb

Processes:

Logfile of Your Anti-Hijack Program v0.2.0
Scan saved at 13:18:21, on 20/11/2009
Platform: Windows 2000
MSIE: Internet Explorer 6.0.6002
Boot mode: Normal

Running processes:
C:\Windows\system32\TASKENG.EXE
C:\Windows\system32\DWM.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\WINDOWS DEFENDER\MSASCUI.EXE
C:\PROGRAM FILES\WINDOWS LIVE\MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\WINDOWS LIVE\CONTACTS\WLCOMM.EXE
C:\USERS\MICKNAKA\APPDATA\LOCAL\TEMPIMG\CHECKVER104.EXE
C:\USERS\MICKNAKA\APPDATA\LOCAL\TEMPIMG\REGVER.EXE
C:\PROGRAM FILES\YOUR ANTI-HIJACK PROGRAM\YOURANTI-HIJACKREGNOW.EXE

O4 - HKLM\..\Run: [Windows Defender]
O4 - HKLM\..\Run: [Acer Tour]
O4 - HKLM\..\Run: [eRecoveryService]
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\MSCONFIG.exe" /auto
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O9 - (Extra Button) Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - HKLM\Software\Microsoft\Internet Explorer\Extensions
O9 - (Extra Button) PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - HKLM\Software\Microsoft\Internet Explorer\Extensions
O9 - (Extra Button) Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - HKLM\Software\Microsoft\Internet Explorer\Extensions
O9 - (Extra Menu) Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - HKLM\Software\Microsoft\Internet Explorer\Extensions
O14 - C:\Windows\inf\iereset.inf: [IEReset.inf is missing]:
O14 - C:\Windows\inf\iereset.inf: [IEReset.inf is missing]:
O14 - C:\Windows\inf\iereset.inf: [IEReset.inf is missing]:
O14 - C:\Windows\inf\iereset.inf: [IEReset.inf is missing]:
O14 - C:\Windows\inf\iereset.inf: [IEReset.inf is missing]:
O14 - C:\Windows\inf\iereset.inf: [IEReset.inf is missing]:
O14 - C:\Windows\inf\iereset.inf: [IEReset.inf is missing]:
O16 - DPF: desktop.ini - desktop.ini - C:\Windows\Downloaded Program Files
O2 - BHO: Yahoo! Toolbar Helper C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
O2 - BHO: Adobe PDF Reader Link Helper C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
O2 - BHO: Spybot-S&D IE Protection C:\Program Files\Spybot - Search & Destroy\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F} - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
O2 - BHO: - {5C255C8A-E604-49b4-9D64-90988571CECB} - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
O2 - BHO: ShowBarObj Class C:\Windows\system32\ActiveToolBand.dll - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
O2 - BHO: Windows Live ID Sign-in Helper C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6} - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
O2 - BHO: AIM Toolbar Loader C:\Program Files\AIM Toolbar\aimtb.dll - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
O22 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler : [{8C7461EF-2B13-11d2-BE35-3078302C2030}]: Component Categories cache daemon
R1 - HKCU\Software\Microsoft\Internet Explorer\Main = [url]http://en.uk.acer.yahoo.com[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main = [url]http://en.uk.acer.yahoo.com[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\URLSearchHooks = {03402f96-3dc7-4285-bc50-9e81fefafe43}
R1 - HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks = {03402f96-3dc7-4285-bc50-9e81fefafe43}
R1 - HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks = {EF99BD32-C1FB-11D2-892F-0090271D4F88}
O23 - Service: Extensible Authentication Protocol - EapHost - C:\Windows\System32\svchost.exe -k netsvcs
O23 - Service: eDataSecurity Service - eDataSecurity Service - "C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe"
O23 - Service: eLock Service - eLockService - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - eNet Service - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service - eRecoveryService - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service - eSettingsService - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: IKE and AuthIP IPsec Keying Modules - IKEEXT - C:\Windows\system32\svchost.exe -k netsvcs
O23 - Service: LightScribeService Direct Disc Labeling Service - LightScribeService - "C:\Program Files\Common Files\LightScribe\LSSrvc.exe"
O23 - Service: Network Location Awareness - NlaSvc - C:\Windows\System32\svchost.exe -k NetworkService
O23 - Service: NVIDIA Display Driver Service - nvsvc - C:\Windows\system32\nvvsvc.exe
O23 - Service: IPsec Policy Agent - PolicyAgent - C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
O23 - Service: Cyberlink RichVideo Service(CRVS) - RichVideo - "C:\Program Files\CyberLink\Shared Files\RichVideo.exe"
O23 - Service: SBSD Security Center Service - SBSDWSCService - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: System Event Notification Service - SENS - C:\Windows\system32\svchost.exe -k netsvcs
O23 - Service: Secure Socket Tunneling Protocol Service - SstpSvc - C:\Windows\system32\svchost.exe -k LocalService
O23 - Service: Windows Time - W32Time - C:\Windows\system32\svchost.exe -k LocalService
O23 - Service: Windows Live ID Sign-in Assistant - wlidsvc - "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
O23 - Service: ePower Service - WMIService - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: Windows Driver Foundation - User-mode Driver Framework - wudfsvc - C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
O23 - Service: XAudioService - XAudioService - C:\Windows\system32\DRIVERS\xaudio.exe ]]> micknaka http://www.techspot.com/vb/topic138350.html Severe.exe, conime.exe, ÖØÒª×ÊÁÏ.exe - i need urgent help to remove it please http://www.techspot.com/vb/topic138345.html Fri, 20 Nov 2009 08:40:49 GMT Hi i need urgent help to remove these viruses. Everytime i attempt to delete them it reappears, and i can tell its slowing down my computer quite badly.

Furthermore, there are occasions when they automatically open internet explorer and randomly spam a site called "www.ctv...something" and then i have to end the iexplorer process in task manager. I've also noticed that this virus doesn't allow me to open hidden files...when i go Tools > Folder Options > View > Tick view hidden files. It has also stuffed up my msn messenger i think.

Can someone please assist me as soon as possible !

Kind Regards,
David

Attached Files

hijackthis.log (10.3 KB)

]]> citrusjuice http://www.techspot.com/vb/topic138345.html Need help w/ virues, malware, etc.. http://www.techspot.com/vb/topic138321.html Thu, 19 Nov 2009 22:54:38 GMT Umm.. I attached the Hijackthis log, so whats next? Umm.. I attached the Hijackthis log, so whats next?

Attached Files

hijackthis.log (12.3 KB)

]]> partik614 http://www.techspot.com/vb/topic138321.html Lauching IE7 creates a shortcut http://www.techspot.com/vb/topic138319.html Thu, 19 Nov 2009 22:26:20 GMT I recently had to reload XP Home on an infected PC that was rendered usless by a fake Anti-Virus. After cleaning the HD of all traces of the Viruses and Malware, it was working fine until, IE7 was updated, since then whenever I click on the IE7 icon it creates a shortcut on the desktop. I tried... I recently had to reload XP Home on an infected PC that was rendered usless by a fake Anti-Virus. After cleaning the HD of all traces of the Viruses and Malware, it was working fine until, IE7 was updated, since then whenever I click on the IE7 icon it creates a shortcut on the desktop. I tried to uninstall IE7 but it won't let me. I was about to install IE8, but I want to make sure it's OK before going to IE8.

Attached are the log files from Hi-Jack This and ComboFix.

Thanks in advance.

CB

Attached Files

	ComboFix111809.txt (18.7 KB)
	hijackthis111809.log (4.4 KB)

]]> Code Butcher http://www.techspot.com/vb/topic138319.html Google Redirect Virus http://www.techspot.com/vb/topic138318.html Thu, 19 Nov 2009 22:23:44 GMT Hi,

I'm really please to have found this forum! I'm in the same boat as a few others here, I seem to have a google redirect virus.

A couple of days ago I got a virus which appeared to install "advanced spyware" software. Dialog boxes kept popping up saying I had a virus. It hijacked my desktop background and replaced it with a blue background with a box in the middle saying I was infected. It blocked me from accessing sites like myspace, youtube etc. And it redirected my google search engine.

Prior to finding this site I downloaded Malwarebytes' Anti-Malware and it seems to have removed most of the problem, except for the google re-directs. Either the search doesn't run properly at all, or if it does, any links I click get redirected to other sites, It is doing this in both IE and Firefox. I have XP on my computer.

I have followed the 8 Step virus removal as best I can and attached the logs. Any help to get rid of the problem (and advice on how to speed up my pc if I have too many things starting up etc) would really be appreciated.

Thanks.

Attached Files

	mbam-log-2009-11-19 (23-37-46).txt (1.4 KB)
	SUPERAntiSpyware Scan Log - 11-20-2009 - 00-55-07.log (1.6 KB)
	hijackthis.log (24.7 KB)

]]> BEB http://www.techspot.com/vb/topic138318.html 2 sessions of iexplore.exe http://www.techspot.com/vb/topic138301.html Thu, 19 Nov 2009 19:48:51 GMT I am seeing 2 sessions of iexplore.exe running in my task manager. I also suspect that I have a virus or two. I am attaching a HJT log file. Can someone please give this a lookover and help me out? Thanks in advance Rockon I am seeing 2 sessions of iexplore.exe running in my task manager. I also suspect that I have a virus or two. I am attaching a HJT log file. Can someone please give this a lookover and help me out? Thanks in advance

Rockon

Attached Files

hijackthis.log (7.5 KB)

]]> Rockon http://www.techspot.com/vb/topic138301.html <![CDATA[Getting blue screen 'your system is infected']]> http://www.techspot.com/vb/topic138289.html Thu, 19 Nov 2009 16:34:54 GMT Looking for help...I am running windows XP and get a [B]blue screen [/B]with an error message in a black box on the center of the screen saying [B]' [U]Your system is infected' and that spyware has been detected[/U][/B]. I also get a [B][U]red circle with an X in it on the taskbar on my screen. [/U][/B]

I ran AVAST and AD-AWARE and corrupted files are removed but I still get the error message and red circle.

I ran Trend Micro HijackThis and received the following log....Can anyone tell me how to correct? Thanks in advance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:32:32 AM, on 11/19/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\winupdate86.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Documents and Settings\Darin Hartwell\Desktop\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://www.dell.ca/myway[/url]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DC[/url]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.google.ca/[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [url]http://search.aol.ca/dirsearch.adp?query=google[/url]
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll (file missing)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [winupdate86.exe] C:\WINDOWS\system32\winupdate86.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe ]]> navanite http://www.techspot.com/vb/topic138289.html Google Hijack. Is that it? http://www.techspot.com/vb/topic138282.html Thu, 19 Nov 2009 14:19:07 GMT I just want to thank Bobbye for all his help. He has been patient and courteous with me. I believe my problem is now solved, but unfortunately our thread itself got hijacked and closed before resolution could be confirmed. I just want to thank Bobbye for all his help. He has been patient and courteous with me.
I believe my problem is now solved, but unfortunately our thread itself got hijacked and closed before resolution could be confirmed. ]]> Shaftmonde http://www.techspot.com/vb/topic138282.html Problem: Malware in registry http://www.techspot.com/vb/topic138274.html Thu, 19 Nov 2009 08:26:35 GMT I've been able to delete malware that sends command to load this program that msconfig blocks. I want to get rid of this program that appears in msconfig. According to msconfig the program, I want rid of, resides in HKCU/SOFTWARE/Microsoft/Windows/CurrentVersion/Run. When I go there I can find one registry key that could be it but when I try to delete it an error appears. I've tried to delete it in safemode and I have tried to delete it as administrator but even then I get an error. I have all the permissions that should allow me to delete that key. Anyone have any idea how to solve this problem? ]]> Ventress http://www.techspot.com/vb/topic138274.html Plethora of Malware (Google Redirect, too) 8 Steps http://www.techspot.com/vb/topic138259.html Thu, 19 Nov 2009 02:40:49 GMT I've been trying to figure out how to fix this for a few days now. I have the annoying Google Redirect Virus, as well as something that prevents my computer from rebooting in Safe Mode. Any help is GREATLY appreciated.

Attached Files

	mbam-log-2009-11-18 (20-36-23).txt (125.3 KB)
	SUPERAntiSpyware Scan Log - 11-18-2009 - 21-21-26.log (1.2 KB)
	hijackthis.log (11.3 KB)

]]> Liam414 http://www.techspot.com/vb/topic138259.html Another Google Redirect Virus http://www.techspot.com/vb/topic138213.html Wed, 18 Nov 2009 05:34:37 GMT Links that appear in Google search lead to random advertising pages. Have run the 8 step process. Any help is much appreciated. Here are the logs: Links that appear in Google search lead to random advertising pages. Have run the 8 step process. Any help is much appreciated. Here are the logs:

Attached Files

	hijackthis.log (18.3 KB)
	mbam-log-2009-11-17 (16-30-57).txt (842 Bytes)
	SUPERAntiSpyware Scan Log - 11-17-2009 - 16-47-02.log (549 Bytes)

]]> reubencahn http://www.techspot.com/vb/topic138213.html Possible infection? http://www.techspot.com/vb/topic138203.html Wed, 18 Nov 2009 01:08:12 GMT Hi,

I have a problem with my Avira Antivir. Just recently when I performed a complete scan it stucks on the [i]tracking.log[/i]. So I did the necessary steps in the [url]http://www.techspot.com/vb/topic58138.html[/url] thread and Malwarebytes' Quick Scan resulted in nothing but SuperAntiSpyware caught Tracking Cookies which I ultimately removed after the scan has finished.

I was thinking that a virus/malware must be causing the graphical distortion of a recent game that I installed, or maybe I'm just being paranoid. Anyway, the logs are attached below.

Thanks in advance. :)

Attached Files

	mbam-log-2009-11-18 (08-03-43).txt (834 Bytes)
	SUPERAntiSpyware Scan Log - 11-18-2009 - 08-51-06.log (1.7 KB)
	hijackthis.log (4.1 KB)

]]> iCharles http://www.techspot.com/vb/topic138203.html No virus but perhaps policies and RA problems http://www.techspot.com/vb/topic138202.html Wed, 18 Nov 2009 00:40:53 GMT Hi,

I've had all 8 machines from my company infected in Thailand and now returned to australia to start over.

There doesn't appear to be any viruses on the surface but somethings not right. I've found strange entries etc but i'm far from an expert. If you could take a look for me would be appreciated. Thanks.

Attached Files

	hijackthis.log (5.9 KB)
	mbam-log-2009-11-18 (09-47-00).txt (834 Bytes)
	SUPERAntiSpyware Scan Log - 11-18-2009 - 10-20-48.log (465 Bytes)

]]> FleetX http://www.techspot.com/vb/topic138202.html Psw.onlinegames3 / done all 8 steps but still stays http://www.techspot.com/vb/topic138200.html Wed, 18 Nov 2009 00:15:01 GMT guess the topic says it all, ive done all 8 steps but after restarting my pc my AVG still reporting it and cant heal it . pls heeeeeeeeeeeeeelp , my wow account has been suspended for 24 hrs because of this trojan and i cant get rid of it Attachment 53594... guess the topic says it all, ive done all 8 steps but after restarting my pc my AVG still reporting it and cant heal it . pls heeeeeeeeeeeeeelp , my wow account has been suspended for 24 hrs because of this trojan and i cant get rid of it

Attachment 53594

Attachment 53595

Attachment 53596

Attached Files

	hijackthis.log (5.2 KB)
	mbam-log-2009-11-18 (02-47-16).txt (1.7 KB)
	SUPERAntiSpyware Scan Log - 11-18-2009 - 03-28-26.log (594 Bytes)

]]> Kold http://www.techspot.com/vb/topic138200.html Analyze a Log http://www.techspot.com/vb/topic138193.html Tue, 17 Nov 2009 20:31:49 GMT Hi, having problems with slooowwww, Microsoft XP 2002. Was getting tons of Spam in Outlook Express. I have a log ready and wanted to see how i can get someone to tell me what i should do with it. Thanks!! Huckleberry Hi, having problems with slooowwww, Microsoft XP 2002. Was getting tons of Spam in Outlook Express. I have a log ready and wanted to see how i can get someone to tell me what i should do with it.

Thanks!!
Huckleberry ]]> huckleberry http://www.techspot.com/vb/topic138193.html <![CDATA[I can't get rid of Google Redirect Virus]]> http://www.techspot.com/vb/topic138184.html Tue, 17 Nov 2009 18:48:55 GMT I've tried every forum, installed every spyware scanner I could get. Removed IE 8, installed Firefox and Safari, but all 3 still exhibit symptoms of Redirect Virus. They are now also popping up new, tabs/pages.

I am attaching my hijackthis.log

Can anyone help me get rid of this malware?

Attached Files

hijackthis.log (12.7 KB)

]]> davejake http://www.techspot.com/vb/topic138184.html Google Redirect, 8 steps completed http://www.techspot.com/vb/topic138179.html Tue, 17 Nov 2009 17:51:01 GMT My roommate apparently got a virus or more, on her computer. It was one of those fake shields with pop-ups saying things were infected that asking you to pay for software. I managed to get rid of that (I think). But then she noticed that google links were being re-directed to random sites. I... My roommate apparently got a virus or more, on her computer. It was one of those fake shields with pop-ups saying things were infected that asking you to pay for software. I managed to get rid of that (I think). But then she noticed that google links were being re-directed to random sites.

I searched here, and found several similar cases, so I ran through the 8 steps. Log sheets are attached.

I also ran combofix, which seemed to be the next step in all the posts. Though I now see the sticky saying not to run it unless told, my bad. It did seem to have some issues running. I ran it once, and it downloaded a new version then during autoscan, a Microsoft error window (PEV.exe needed to close... do you want to send report...), but Combofix was still running so I just ignored the window. CF then restarted the computer after saying it found an infection. On start-up it CF came up and said it couldn't find Combo-fix.sys, then said it was creating a log sheet, then the computer just restarted, and CF never came back up. I renamed combofix to combo-fix and re-ran. This time, no windows popped up, it found no infections, but after it said it was creating a log sheet, it just restarted again and combofix never came back up. I looked and found the log sheet but it didn't really have any details, basically same as the one attached. I ran it a third time, and it found an infection, restarted, said it was creating log sheet, then restarted again, with no log sheet displayed.

The google redirect is still there. Any help would be greatly appreciated.

Attached Files

	mbam-log-2009-11-17 (01-31-54).txt (1.0 KB)
	SUPERAntiSpyware Scan Log - 11-17-2009 - 02-02-52.log (651 Bytes)
	hijackthis.log (5.2 KB)
	ComboFix.txt (350 Bytes)

]]> christo76 http://www.techspot.com/vb/topic138179.html The Shield Deluxe 2010 antivirus question http://www.techspot.com/vb/topic138165.html Tue, 17 Nov 2009 04:32:07 GMT Anybody know much about this av program. It is cheap but rated an editors choice. Anybody know much about this av program. It is cheap but rated an editors choice. ]]> ingeborgdot http://www.techspot.com/vb/topic138165.html A Case of the Vundo http://www.techspot.com/vb/topic138122.html Mon, 16 Nov 2009 15:44:40 GMT A computer for the company I work for just got this nasty bugger on one of our computers.

I followed the steps here:
[url]http://www.techspot.com/vb/topic58138.html[/url]

And I had initially found you guys from this thread:
[url]http://www.techspot.com/vb/topic119190.html[/url]

I downloaded ComboFix, but have not ran it yet and I won't until its required.

I had seen many other posts about this trojan and how to get rid of it. Tried a few. But to no avail. My logs are attached.

Note that, the McAfee VirusScan log I copied and created from the results of the scan. Looks the exact same. Also, the program "VirtumundoBeGone.exe" is a program I had found on another forum to use (I'm sure y'all have heard of it). I didn't try it yet. So, let me know if its worthless.

We didn't want to do any registry deletions/changes ourselves without a going through y'all first. We did manage to delete some files via FileAssassin and renaming.

Also, at one point, we thought it was just the sdra64.exe virus. But I'm guessing it all comes back to Vundo. If there's any other info you need, just let me know in reply.

(Btw, I work in IT at a company. I understand that this is y'alls specialty. I don't mind consulting with experts.) ;-)

Thanks in advance,
FO4R

Attached Files

	hijackthis.log (7.6 KB)
	mbam-log-2009-11-16 (08-46-35).txt (876 Bytes)
	SUPERAntiSpyware Scan Log - 11-16-2009 - 09-15-46.log (1,019 Bytes)
	McAfeeVirusScan_log.txt (541 Bytes)

]]> FO4R http://www.techspot.com/vb/topic138122.html Stupid bad image pop ups http://www.techspot.com/vb/topic138110.html Mon, 16 Nov 2009 04:58:25 GMT I have done all the eight steps because of the stupid bad image pop ups. here are the logs that you requested. thank you. al I have done all the eight steps because of the stupid bad image pop ups. here are the logs that you requested. thank you.

al

Attached Files

	mbam-log-2009-11-14 (23-42-42).txt (3.1 KB)
	hijackthis.log (11.5 KB)
	SUPERAntiSpyware Scan Log - 11-15-2009 - 00-58-14.log (1.8 KB)

]]> acvaneg http://www.techspot.com/vb/topic138110.html Google redirect... again http://www.techspot.com/vb/topic138108.html Mon, 16 Nov 2009 03:26:26 GMT I need help fixing my computer again. The same thing happened to me 6 months ago and I was able to get the problem fixed using this site. I followed the 8 step guide and I've attached the logs. I hope you can help me again.

Attached Files

	hijackthis.log (9.9 KB)
	mbam-log-2009-11-15 (20-43-42).txt (1.4 KB)
	SUPERAntiSpyware Scan Log - 11-15-2009 - 21-45-07.log (2.7 KB)

]]> yinato http://www.techspot.com/vb/topic138108.html Another Google Redirect http://www.techspot.com/vb/topic138094.html Sun, 15 Nov 2009 21:45:45 GMT I've followed the 8 step guide but this does seem to be a difficult one based on the other threads I've read.

I would appreciate any help you can provide.

Just for clarity - when I do a google search this virus redirects the results I click on to another site. It seems to affect Firefox, IE, Chrome and Safari.

Attached are the requested logs.

Attached Files

	hijackthis.log (14.5 KB)
	mbam-log-2009-11-15 (10-06-28).txt (5.1 KB)
	SUPERAntiSpyware Scan Log - 11-15-2009 - 11-01-20.log (30.4 KB)

]]> Creighton http://www.techspot.com/vb/topic138094.html Do Not Run Combofix without our guidance http://www.techspot.com/vb/topic138086.html Sun, 15 Nov 2009 18:41:20 GMT I'm seeing some frequent suggestions by new members that Combofix will resolve just about any problem! The latest suggestion is that it it THE fix for the Google Direct. [b]It isn't[/b] for the simple reason that there is no one cause for this redirect.

Combofix IS a good program and malware cleaning helpers do recommend it frequently, but only AFTER the preliminary programs have been run and then only if it's appropriate.

[B]Combofix should only be run if the malware helper instructs you to run it and then it will be with guidance.[/B]

The number of posts here doesn't mean much, but when a newbie starts recommending malware cleaning programs, it will not be in your best interest to run them.. Sometimes the initial problem may be resolved after running Combofix, but that does NOT mean that the system is clean, or that it was the most appropriate program to run. ]]> Bobbye http://www.techspot.com/vb/topic138086.html <![CDATA[CiD ads won't go away]]> http://www.techspot.com/vb/topic138076.html Sun, 15 Nov 2009 10:18:29 GMT for around a week now ive been getting annoying CiD ads ive tried the 8 step thing where it says download hijack this, superanti and malwarebytes but it still exists.
Some help plz? i attached the notes that were asked
sorry i couldn't find the superanti note

Attached Files

	mbam-log-2009-11-15 (15-49-03).txt (2.0 KB)
	hijackthis.log (11.9 KB)

]]> jjusttonyy http://www.techspot.com/vb/topic138076.html Help with Browser Redirect - I have tried everything http://www.techspot.com/vb/topic138073.html Sun, 15 Nov 2009 05:15:35 GMT Any help is appreciated. And, please know that I have spent hours reading everything already posted, reviewing what appears to be the exact same thing that is happening to me, but mine I cannot for the life of me get to go away. Some point about 4 days ago, while browsing through a link off of a... Any help is appreciated. And, please know that I have spent hours reading everything already posted, reviewing what appears to be the exact same thing that is happening to me, but mine I cannot for the life of me get to go away. Some point about 4 days ago, while browsing through a link off of a news site, I got directed to a shady "anti spyware" and eventually a XXX site. Some program had automatically loaded and was doing all of the "security scanning" etc etc.. By browser would launch automatically repeatedly and go to dozens of malicious sites...Through a combination of cleansing any and all cookies, temp files and running malwarebytes, I got rid of the program and the apparent problem. NOW - my computer seems to be working fine, Except - when I do a simple google search, and click on the search-result-links, my browser redirects to random shady websites.

I have closed everything, updated and run full scans of all of the following - malwarebytes, mccaffee av, adware se, ccleaner, and srubbed and removed every possible temp/cookie file known to mankind. On this forum, there were "8 steps to remove malware" - which I pretty much had done it all already. But, the one step said to disable real time scanning of my AV program, and install, update, and run "Superantispyware" - which to be honest sounded a lot like the malware program that I had fought to removed the day before, but oh well I did it and it is running right now. I also am attaching "hijackthis log, and malwarebytes log..." If you guys need the superantispyware log lemme know. I would never normally install and run this many separate 3rd party programs to "fix" anything, but this issue pas me perplexed.

If one of you guys can figure this out, I will be impressed!

Thanks,

JR

Attached Files

	hijackthis.log (6.4 KB)
	mbam-log-2009-11-14 (09-50-17).txt (846 Bytes)

]]> kazzma http://www.techspot.com/vb/topic138073.html Google redirect problem please help http://www.techspot.com/vb/topic138072.html Sun, 15 Nov 2009 05:11:39 GMT Hi, I recently had a spyware virus that I thought I eradicated but not fully. From time to time I get a pop ups on my browser that look like they are from an anti-spyware program but they are a virus. Two days ago, in addition to to my spyware problem I have encountered the google re-direct... Hi,

I recently had a spyware virus that I thought I eradicated but not fully. From time to time I get a pop ups on my browser that look like they are from an anti-spyware program but they are a virus.

Two days ago, in addition to to my spyware problem I have encountered the google re-direct problem. I have run everything: spyware blaster, malwarebytes' anti-malware, super anti-spyware, ccleaner, avast antivirus, drweb-cureit and also hijack this. However, the problem still persists.

What the @## is going on? Arrgh. Also, once this virus/spyware/malware is eradicated, do I have to continually run these free programs? I heard that it is not a good idea to have so many anti-virus programs. Which ones should I keep/get rid of?

Thank you.

Attached Files

	hijackthis.log (8.6 KB)
	GooredFix.txt (1.6 KB)

]]> hatemalware http://www.techspot.com/vb/topic138072.html IE8 hangs up and even Task manager will not run http://www.techspot.com/vb/topic138064.html Sun, 15 Nov 2009 01:24:58 GMT When I run IE8 it will periodically hang my system so badly that even Task Manager does not run. I noticed that when I start IE8 it shows TWO copies in task manager. I have attached a hijack this log of my system. I have gone into IE8 manage add ons and disabled all of them to see if that... When I run IE8 it will periodically hang my system so badly that even Task Manager does not run. I noticed that when I start IE8 it shows TWO copies in task manager. I have attached a hijack this log of my system.
I have gone into IE8 manage add ons and disabled all of them to see if that solves the problem. I think something is periodically going out to the internet for an update check but I have disabled update checks. I do use a time sync service.

Attached Files

hijackthis.log (6.3 KB)

]]> weightwatcherph http://www.techspot.com/vb/topic138064.html Exception processing message error - Windows hijack log attached http://www.techspot.com/vb/topic138052.html Sat, 14 Nov 2009 21:11:19 GMT Dear members I keep on getting this weird error . I have attached the log please help. Is thia VIRUS or a USB drive problem etc ... please help... Regards Kunal Dear members

I keep on getting this weird error . I have attached the log please help.

Is thia VIRUS or a USB drive problem etc ... please help...

Regards
Kunal

Attached Files

hijackthis.log (6.4 KB)

]]> kunnu123 http://www.techspot.com/vb/topic138052.html Possible google hijack, 8 step preliminary removal complete http://www.techspot.com/vb/topic138051.html Sat, 14 Nov 2009 20:11:13 GMT Just recently noticed that my google results (in both Firefox and IE browswers) have been redirected to some 3rd party site. I completed the 8 step prelim. removal as recommended and hope that I can be helped as this redirect is exceptionally frustrating. Thanks in advance. Just recently noticed that my google results (in both Firefox and IE browswers) have been redirected to some 3rd party site.

I completed the 8 step prelim. removal as recommended and hope that I can be helped as this redirect is exceptionally frustrating. Thanks in advance.

Attached Files

	mbam-log-2009-11-10 (22-32-36).txt (835 Bytes)
	SUPERAntiSpyware Scan Log - 11-10-2009 - 22-56-13.log (631 Bytes)
	hijackthis.log (9.0 KB)

]]> savmipls http://www.techspot.com/vb/topic138051.html <![CDATA[Win32/heur, sin32/virut, Vundo B & Trohan Generic 15. AUWC]]> http://www.techspot.com/vb/topic138037.html Sat, 14 Nov 2009 15:24:51 GMT I download remove virus programme but I could not open and run them. like comboFix & Malwarebytes, and now won't let me open avg web page or other helpful webpage.

Could not go to safe mode either.

I am using AVG 8.5 and it is wdw xp

could not go to helpful website but being hackjact to other malicious page.

It seems that I could not do anything becasue the registry being infected?

sorry I don't know any technical term to describe or run the dot programme to show the problem

Any advice please please, I just get on the internet in 2 days and haven't backed up all my personal file, so worry now....

If I reinstalled xp, would all my pre-factory installed things like 'nero' gone as well.

Thanks in advance. ]]> bear http://www.techspot.com/vb/topic138037.html