Get BullGuard Premium Protection to stay safe from all threats:

  • Credit card frauds and identity theft
  • WannaCry, Petya / Golden Eye Virus and all ransomware
Buy Now 60% off

HOW TO REMOVE VBSMALWARE

Posted 9/19/2011 3:33 AM
#92324
User avatar

NICELLE Member

Date Joined Nov 2016
Total Posts: 2
Hi..my computer are infected with VBS:Malware-gen virus...avast detects it..but can't delete it...pls help!!!


I ran Combofix and here is the log:
ComboFix 11-09-18.03 - User -09-19 星期一 10:57:09.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.936.86.1033.18.1014.507 [GMT 8:00]
执行位置: c:\documents and settings\User\My Documents\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
注意 - 这台电脑没有安装恢复控制台 !!
.
.
((((((((((((((((((((((((((((((((((((((( 被删除的档案 )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\autorun.inf
c:\documents and settings\User\My Documents\My Music\My Music.exe
c:\documents and settings\User\My Documents\My Pictures\My Pictures.exe
c:\documents and settings\User\My Documents\new folder.exe
c:\new folder\New Folder.exe
c:\program files\INSTALL.LOG
c:\program files\UNWISE.EXE
C:\setup.exe
c:\windows\ST6UNST.000
D:\autorun.inf
Pass LEGAL for license information. Built Sat Jun 25 23:20 2011c:\documents and settings\User\My Documents\2005.xls
.
.
((((((((((((((((((((((((((((((((((((((( 驱动/服务 )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_RKHIT
-------\Service_RkHit
.
.
((((((((((((((((((((((((( 2011-08-19 至 2011-09-19 的新的档案 )))))))))))))))))))))))))))))))
.
.
2011-09-17 06:12 . 2004-11-17 09:11 65536 ----a-w- c:\windows\system32\EEBUtil.dll
2011-09-17 06:12 . 2004-11-17 08:04 110592 ----a-w- c:\windows\system32\EEBDSCVR.dll
2011-09-17 06:12 . 2004-11-17 07:56 131072 ----a-w- c:\windows\system32\EEBAPI.dll
2011-09-17 06:12 . 2004-11-17 07:37 69632 ----a-w- c:\windows\system32\EBAPI.dll
2011-09-17 06:12 . 2003-12-16 17:01 55808 ----a-w- c:\windows\system32\EEBSDKIF.dll
2011-09-17 06:12 . 2011-09-17 06:12 -------- d-----w- c:\program files\Common Files\EPSON
2011-09-17 06:10 . 2004-08-03 15:01 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2011-09-17 06:10 . 2004-08-03 15:01 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2011-09-17 01:41 . 2007-09-26 00:18 249994 --sha-r- C:\SSCVIIHOST.exe
2011-09-16 04:46 . 2011-09-16 04:46 -------- d-----w- c:\documents and settings\User\Application Data\searchqutoolbar
2011-09-16 04:46 . 2011-09-16 05:26 -------- d-----w- c:\documents and settings\All Users\Application Data\boost_interprocess
2011-09-16 03:55 . 2011-09-16 03:55 -------- d-----w- c:\documents and settings\User\Application Data\Bandoo
2011-09-16 03:54 . 2011-09-16 03:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Bandoo
2011-09-16 03:54 . 2011-09-16 03:54 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Ilivid Player
2011-09-16 03:53 . 2011-09-16 03:54 -------- d-----w- c:\program files\Bandoo
2011-09-16 03:50 . 2011-09-16 03:50 -------- d--h--w- c:\documents and settings\All Users\Application Data\{94D867E5-DFF5-4374-ADEE-C3F5BE97F03A}
2011-09-16 03:48 . 2011-09-16 03:49 -------- d-----w- c:\program files\Windows iLivid Toolbar
2011-09-16 03:48 . 2011-09-16 03:48 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\PackageAware
2011-09-14 06:53 . 2011-09-17 01:44 -------- d-----w- C:\logs
2011-09-14 06:53 . 2011-09-14 06:53 -------- d-----w- c:\documents and settings\User\ChikkaV5
2011-09-14 06:53 . 2011-09-14 06:53 -------- d-----w- c:\program files\Chikka Messenger
2011-09-13 01:45 . 2001-08-17 05:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2011-09-13 01:45 . 2001-08-17 05:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2011-09-07 01:29 . 2011-09-07 01:29 -------- d-----w- c:\documents and settings\User\Application Data\Rovio
2011-09-05 17:04 . 2011-09-05 17:04 183696 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-18 01:26 . 2011-08-17 02:53 286720 ------w- c:\windows\Setup1.exe
2011-08-18 01:26 . 2011-08-17 02:53 73216 ----a-w- c:\windows\ST6UNST.EXE
2011-08-18 00:35 . 2011-08-08 06:10 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-17 10:33 . 2011-08-17 10:33 1056768 ----a-w- c:\windows\system32\temp.002
2011-08-17 10:33 . 2011-08-17 10:33 30749 ----a-w- c:\windows\system32\temp.001
2011-08-17 10:03 . 2011-08-17 10:03 379152 ----a-w- c:\windows\system32\temp.000
2011-08-11 00:44 . 2011-08-08 06:09 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-08-11 00:44 . 2011-08-08 06:09 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-08-08 07:23 . 2011-08-08 06:50 69632 ----a-w- c:\windows\system32\MY3L_EX.DLL
2011-08-08 07:23 . 2011-08-08 06:50 53248 ----a-w- c:\windows\system32\NT_DLL2.DLL
2011-08-08 07:23 . 2011-08-08 06:50 135168 ----a-w- c:\windows\system32\YutianEx.DLL
.
.
((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白与合法缺省登录将不会被显示
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-08-08 39408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-09-12 17351304]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-24 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-24 137752]
"RTHDCPL"="RTHDCPL.EXE" [2009-05-21 17881600]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
c:\documents and settings\User\Start Menu\Programs\Startup\
IPMSG for Win32.lnk - c:\program files\IPMsg\ipmsg.exe [2011-8-11 210432]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
EPSON Status Monitor 3 Environment Check 2.lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2011-9-17 131584]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer_Service.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows iLivid Toolbar\\Datamngr\\ToolBar\\dtUser.exe"=
.
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-8-8 14:09 136360]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbguard.exe [2011-8-8 14:52 81920]
R2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-10-19 2011944]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbserver.exe [2011-8-8 14:52 2732032]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-8-8 14:14 136176]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-8-8 12:24 1684736]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-8-8 14:14 136176]
.
‘计划任务’ 文件夹 里的内容
.
2011-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-08 06:14]
.
2011-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-08 06:14]
.
.
------- 而外的扫描 -------
.
uStart Page = hxxp://www.searchqu.com//406
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
TCP: DhcpNameServer = 124.106.5.2 124.106.6.2
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\5i0ycwro.default\
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com//406
FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&appid=102&systemid=406&sr=0&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
AddRemove-YT Security Key Driver - c:\progra~1\UNWISE.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-19 11:03
Windows 5.1.2600 Service Pack 2 NTFS
.
扫描被隐藏的进程 。。。
.
扫描被隐藏的启动组 。。。
.
扫描被隐藏的文件 。。。
.
扫描完成
被隐藏的档案: 0
.
**************************************************************************
.
------------------------ 其他运行进程 ------------------------
.
c:\windows\system32\conime.exe
c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\windows\RTHDCPL.EXE
c:\progra~1\WINDOW~4\Datamngr\DATAMN~1.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Bandoo\Bandoo.exe
c:\windows\system32\wscntfy.exe
c:\program files\TeamViewer\Version5\TeamViewer.exe
c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
.
**************************************************************************
.
完成时间: 2011-09-19 11:08:01 - 电脑已重新启动
ComboFix-quarantined-files.txt 2011-09-19 03:07
.
Pre-Run: 7,897,862,144 bytes free
Post-Run: 7,898,595,328 bytes free
.
- - End Of File - - C483760C94DAE291710A6A3D0487FC32
Posted 9/19/2011 1:46 PM
#92337
User avatar

Robert Mateescu Advanced member

Date Joined Nov 2016
Total Posts: 427
Hi NICELLE,

Here is what you need to do:

1. Reboot your PC in Safe Mode with Networking
2. Download HijackThis from here [url]http://free.antivirus.com/hijackthis/?page=download [/url] (the executable version) and run it. Choose the "Do a system scan and save a log file" option to perform your scan.
3. Provide me with a detailed description of your issue.
4. Post your Avast and HijackThis logs here.

Cheers!
Robert Mateescu
Senior Support Technician EN
[url]support@bullguard.com[/url]
www.bullguard.com

Download the Free Trial version of BullGuard Internet Security

You have a BullGuard related problem? Contact our Support team directly via Live Chat for immediate assistance: http://www.bullguard.com/support.aspx!
Posted 9/20/2011 9:27 AM
#92341
User avatar

NICELLE Member

Date Joined Nov 2016
Total Posts: 2
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:27:14, on 2011-9-20
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\WINDOW~4\Datamngr\DATAMN~1.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\IPMsg\ipmsg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files\Bandoo\Bandoo.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\TeamViewer\Version5\TeamViewer.exe
C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_SM1MT2.EXE
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 8\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Loader Class - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~1\WINDOW~4\Datamngr\BROWSE~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~1\WINDOW~4\Datamngr\DATAMN~1.EXE
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: IPMSG for Win32.lnk = C:\Program Files\IPMsg\ipmsg.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: c:\progra~1\bandoo\bndhook.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Bandoo Coordinator - Bandoo Media Inc. - C:\Program Files\Bandoo\Bandoo.exe
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe

--
End of file - 6587 bytes
Posted 9/20/2011 11:35 AM
#92344
User avatar

Robert Mateescu Advanced member

Date Joined Nov 2016
Total Posts: 427
Hi NICELLE,


I am afraid that you have not posted the Avira scanlog and a detaliated description of your issue.
However, here is what you need to do:

1. Uninstall Bandoo.
2. Save the scanlog in which the infection is detected, then uninstall Avira, Avast and Best Spyware Protection.
3. Download and install a free trial of BullGuard Internet Security 10 from here: http://www.bullguard.com/try/bullguard-internet-security.aspx.
4. Reboot your PC in Safe Mode with Networking, update BullGuard and run a full computer scan.
5. Return with the log saved on the 2nd step and BullGuard scanlog.

Cheers!
Robert Mateescu
Senior Support Technician EN
[url]support@bullguard.com[/url]
www.bullguard.com

Download the Free Trial version of BullGuard Internet Security

You have a BullGuard related problem? Contact our Support team directly via Live Chat for immediate assistance: http://www.bullguard.com/support.aspx!
  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Thursday, July 20, 2017, 2:46 PM (GMT +2)
There are a total of 61,306 posts in 13,483 threads.
In the last 3 days there were 1 new threads and 3 reply posts.

Who's online

This forum has 38,065 registered members. Please welcome our newest member, vladtc.
There are currently no users on-line.
We use cookies to ensure that we give you the best experience on our website. By continuing to browse, we are assuming that you have no objection in accepting cookies. You can change your cookie settings at any time.