APV.exe help how do I remove this?

Norton Security | Norton Internet Security
1

Before I got 360 2009 (which I'm very happy with) I had Kaspersky and it wasn't all I had hoped for, I uninstalled it by Windows says Kaspersky apv.exe is slowing my computer bootup time by 55.8 seconds!  I can't seem to get rid of it...anyone got any suggestions?  Thanks again

 

2

Hi aaaja

 

Welcome to the Norton Forum

 

Sorry about your problem with N360. I have found this link for removal of Kaspersky. Please pick the appropriate removal tool from this site for the Kaspersky product that you had installed and use that, then reboot your computer. See if that alone will speed up your boot time.

 

http://support.kaspersky.com/faq/?qid=208279463

3

aaaja2044, are you certain it is APV.exe? because if it is APV.exe it’s probably malware. The Kaspersky process is AVP.exe.

4

turbo is correct on this; apv.exe is not Kaspersky Labs AV.  Kaspersky Labs’ process is avp.exe.

5

Hi aaaja

 

Can you run HiJackThis please for us so we can see what is running on your computer and also to check out if it's APV.exe or AVP.exe that you are referring to? Does this particular .exe show up in your task manager? Can you please clarify for us if it is APV.exe or AVP.exe?. Thanks.

6

If  the thread creator uses the KAS removal tool and that fixes the problem, there is no need for Hijackthis or anything else as i could just be a typo.

 

Quads 

7

The tool states it can not find it…I spent at least 3hours on the site and doing multiple things they say and still their tool does not find it nor can I find it ANYWHERE except per Windows Performance Info

8

Windows says it is Kaspersky apv.exe

 

UPDATE: Now Windows Performance Info also says other things are slowing it down:

  

              COMODO Internet Security: cmdagent.exe  52.3seconds

              McAfee, Inc.:  Mcshield.exe  32.5seconds

              Symantec Corp:  Symantec Service Framework  ccSvcHst.exe  60.7seconds today per window event viewer it took: 1608ms

 

As you can see before I purchased 360 I had tried them ALL because I didn't fell 'internet secure' but 360 has made me feel so secure and things but now I thinking maybe something has happen to 360? Also I have looked in the Event Viewer and Norton 360 History and found these couple of things that I don't know if they are 'normal' but it looks strange to me:

 

1.)   demo32.exe has stopped working

go.microsoft.com/fwlink/?linkid=50163&clcid=0x0409

Problem Event Name: APPCRASH
App Name: demo32.exe

 


App Version: 0.0.0.0
App TimeStamp: 41783a3f

 

I HAVEN'T INSTALLED ANYTHING ON MY COMPUTER IN OVER 30days! EXCEPT I did try to install the new Java17version but that never installed always got a error saying 'final installation was interupted'

 

2.)   vcredi~3.exe made 3 modifications to your system configuration
Program: c:\users\slade\appdata\local\temp\ixp000.tmp\vcredi~3.exe
Severity: Low

vcredi~3.exe accessed the system resources listed above.

Affected Area: System Config:
Modified: c:\users\slade\appdata\local\temp\ixp001.tmp\vcredist.msi

plus two registry/machine/software places

 

========

glbe56f.tmp made 8 modifications to your computer
c:\users\slade\appdata\local\temp\glbe56f.tmp

===

IPS Detection Statistical Submission by NORTON 360
Attacker: 1
Remote Port: 49637
Local Port: 80
Protocol: 6
Application Name: \DEVICE\HARDDISKVOLUME3\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
Offending URL: www.seagate.com/support/seatools........
Remote Address: 96.17.244.134
:::::::::::::::::::::::::::::::
Windows installer
C:\Windows\System32\msiexec.exe
Action Taken: Automatically create rules
Local Computer: 192.168.1.65, 49627
Traffic Description: Outbound TCP, www-http
"Firewall rules were automatically created for Windows installer. These rules determine how Windows installer accesses your network resources.

 

---------

Submissions to Norton Community has been ZERO for 3months! But for past
2wks 360 has been TRYING TO SUBMIT (says: Your item could not be submitted to Symantec at this time. Another attempt will be made shortly.)   submitting many things to Norton Community Watch, mostly
2 things:
     1.)  IPS Detection Statistical Submission (says local or remote attacker: 2) - App. Name: System

      2.) Norton Community Watch Feedback (Machine ID:---File Vote Count:0 DLL Association Count:32 and then just endless lines of numbers&letters

 Also in 360 Firewall-Network & Connections it continually says "IP address has disappeared from adaper Teredo Tunneling Pseudo-Interface and is no longer being protected (IP address:fe80::ffff.ffff.fffe).---OR will say: "IP address has disappeared from adaper Teredo Tunneling Pseudo-Interface and is no longer being protected (IP address:2001::4137.9e50:344d:18b9:9). OR this: "IP address has disappeared from adaper Dell Wireless 1397 WLAN Mini-Card and is no longer being protected (IP address:fe80::10d7:---)

Anyway you get the picture here, so any ideas?


-----
   When I look at 360 Security History it also says NO ERRORS reported, however for the FIRST TIME since i've had this computer (a year now) NORTON 360 did crash and went 'off line' . I had to reboot my computer for it to start working again!

 

--

 

OK sorry this is SO LONG but I wanted to give some details here because it seems to be getting worse....

9

 

Please give me URL to download MalwareBytes if you think I need it. Thanks again

10

Hi aaaja

 

The reason you are having problems with N360  is that you have remnants of several other security programs on your computer. You will need to remove these other leftovers of programs before N360 will work properly. You can get the free version of malwarebytes here. www.malwarebytes.org.  Download, install, update and run the full scan.

 

I still think it is a good idea to have a log posted from HiJackThis to see just what is installed on the poster's computer since it appears that various security programs are still being run on the computer, or at least remnants of the other security programs. We have seen mentioned kaspersky and now commodo, so that is at least 2 other programs other than 360.

 

 

As you can see now, having more than one security program does NOT protect you more. It just creates more problems and the end result is that NONE of the programs can protect you at all with all the interferences and conflicts produced by all the different program. You will have to get these other programs completely removed before N360 will work properly. You will have to remove N360 also using the removal tool because most likely N360 didn't install properly with all these other programs installed also.

 

What is happening most likely is that none of the removal tools from even the other companies can work properly because there are interferences caused by all the different programs. Have you tried using the kaspersky tool in safe mode? You will have to use the removal tools from all the different security programs you have had or still have installed on your computer before any thing will work properly.

Message Edited by floplot on 11-15-2009 10:11 AM
11

OK...I am SO SO SO very sorry and this will NOT happen again but I have 2 computers and got them confused. Please continue to help me if at all possible.

 

FOR COMPUTER ONE: (SLADE)

This is the computer that says 360 crashed,

Had this error report:

demo32.exe has stopped working

go.microsoft.com/fwlink/?linkid=50163&clcid=0x0409

Problem Event Name: APPCRASH
App Name: demo32.exe
App Version: 0.0.0.0
App TimeStamp: 41783a3f

 

Has this error report:

MEDIUM SEVERITY:
Unauthorized access logged (Acces Process Data)
Actor:  c:\windows\system32\mrt.exe
Actor PID:  2852
Action: Access Process Data
Reaction: Unauthorized access logged

 

 

AND this computer (SLADE) has the multiple submissions to NortonCommunity & continuous "IPS Detection Statistical Submission"

 

VISTA INDEX SAYS that (SLADE) is having these startup problems:

STARTUP PROGRAMS CAUSING SLOW START:
            Symantec Service Framework - ccSvcHst.exe - Symantec Corp. 60.7 seconds
            COMODO Internet Security - cmdagent.exe - COMODO 52.3 seconds
            On-Access Scanner service - Mcshield.exe - McAfee, Inc. 32.5 seconds

 

AND THIS:

Log Name:      Microsoft-Windows-Diagnostics-Performance/Operational
Source:        Microsoft-Windows-Diagnostics-Performance
Date:          11/15/2009 11:42:29 AM
Event ID:      203
Task Category: Shutdown Performance Monitoring
Level:         Warning
Keywords:      Event Log
User:          LOCAL SERVICE
Computer:      Slade-PC
Description:
This service caused a delay in the system shutdown process:
     File Name  : iprip
     Friendly Name  : Microsoft RIP for Internet Protocol
     Version  : 6.0.6000.16386 (vista_rtm.061101-2205)
     Total Time  : 8540ms
     Degradation Time : 4540ms
     Incident Time (UTC) : 11/15/2009 4:34:12 PM
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Diagnostics-Performance" Guid="{cfc18ec0-96b1-4eba-961b-622caee05b0a}" />
    <EventID>203</EventID>
    <Version>1</Version>
    <Level>3</Level>
    <Task>4007</Task>
    <Opcode>41</Opcode>
    <Keywords>0x8000000000010000</Keywords>
    <TimeCreated SystemTime="2009-11-15T17:42:29.241Z" />
    <EventRecordID>3037</EventRecordID>
    <Correlation ActivityID="{00000000-9B8C-0001-4D1E-32871A66CA01}" />
    <Execution ProcessID="368" ThreadID="3052" />
    <Channel>Microsoft-Windows-Diagnostics-Performance/Operational</Channel>
    <Computer>Slade-PC</Computer>
    <Security UserID="S-1-5-19" />
  </System>
  <EventData>
    <Data Name="StartTime">2009-11-15T16:34:12.808Z</Data>
    <Data Name="NameLength">6</Data>
    <Data Name="Name">iprip</Data>
    <Data Name="FriendlyNameLength">36</Data>
    <Data Name="FriendlyName">Microsoft RIP for Internet Protocol</Data>
    <Data Name="VersionLength">39</Data>
    <Data Name="Version">6.0.6000.16386 (vista_rtm.061101-2205)</Data>
    <Data Name="TotalTime">8540</Data>
    <Data Name="DegradationTime">4540</Data>
    <Data Name="PathLength">30</Data>
    <Data Name="Path">C:\Windows\System32\iprip.dll</Data>
    <Data Name="ProductNameLength">37</Data>
    <Data Name="ProductName">Microsoft® Windows® Operating System</Data>
    <Data Name="CompanyNameLength">22</Data>
    <Data Name="CompanyName">Microsoft Corporation</Data>
  </EventData>
</Event>

 

 

I ran Malwarebytes and it found nothing wrong but here is the results:

 

Malwarebytes' Anti-Malware 1.41
Database version: 3175
Windows 6.0.6002 Service Pack 2

11/15/2009 12:39:47 PM
mbam-log-2009-11-15 (12-39-47).txt

Scan type: Full Scan (C:\|)
Objects scanned: 235513
Time elapsed: 50 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
-------

Malwarebytes' Anti-Malware 1.41
Database version: 3175
Executable location: C:\Program Files\Malwarebytes' Anti-Malware
Database location: C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref

Username: Slade
Windows folder: C:\Windows
System folder: C:\Windows\system32
Root drive: C:
Program Files: C:\Program Files
Common Files: C:\Program Files\Common Files

Desktop: C:\Users\Default\Desktop
Desktop: C:\Users\Guest\Desktop
Desktop: C:\Users\Public\Desktop
Desktop: C:\Users\Slade\Desktop

Start Menu: C:\ProgramData\Microsoft\Windows\Start Menu
Start Menu: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu
Start Menu: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu
Start Menu: C:\Users\Slade\AppData\Roaming\Microsoft\Windows\Start Menu

User Root: C:\Users\Default
User Root: C:\Users\Guest
User Root: C:\Users\Public
User Root: C:\Users\Slade

Favorite: C:\Users\Default\Favorites
Favorite: C:\Users\Guest\Favorites
Favorite: C:\Users\Public\Favorites
Favorite: C:\Users\Slade\Favorites

Application Data: C:\ProgramData
Application Data: C:\Users\Default\AppData\Roaming
Application Data: C:\Users\Guest\AppData\Roaming
Application Data: C:\Users\Slade\AppData\Roaming

Quick Launch: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch
Quick Launch: C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch
Quick Launch: C:\Users\Slade\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch

Temporary Folder: C:\Windows\Temp
Temporary Folder: C:\Users\Default\AppData\Local\Temp
Temporary Folder: C:\Users\Guest\AppData\Local\Temp
Temporary Folder: C:\Users\Slade\AppData\Local\Temp

Programs: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
Programs: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
Programs: C:\Users\Slade\AppData\Roaming\Microsoft\Windows\Start Menu\Programs

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Startup: C:\Users\Slade\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

Documents: C:\Users\Public\Documents
Documents: C:\Users\Default\Documents
Documents: C:\Users\Guest\Documents
Documents: C:\Users\Slade\Documents

 

I will make another post here for computer2.  Please help me community

12

Hi aaaja

 

As stated before, your slade computer has various security programs running at the same time. This computer cannot have all these security programs running at the same time. Before you can expect N360 to run properly, all these other security products have to be removed. They are all conflicting with each other and will cause your computer to have all sorts of problems. None of them will work right. You have so many different security programs running or partial ones left over, that you MUST get rid of all these remnants or complete programs removed from your computer first. Please post a log from HiJacKThis so we can see what is actually installed on this Slade Computer.

13

THIS IS COMPUTER 2 (JEFF)

SLOW STARTUP DUE TO:
Kaspersky Anti-Virus
avp.exe
Kaspersky Lab - 55.6seconds

 

Symantec Service Framework
ccSvcHst.exe
Symantec Corp - 46.8seconds

 

Service Executable
MsMpEng.exe
Microsoft Corp - 29.7seconds

 

I attempted to use Kaspersky removal tool many times including in safemode but it says it can't find it.

 

360 TamperProtection has many of these:
Unauthorized Access Logged
Actor: c:\windows\system32\mrt.exe
Target: c:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe

 

And 360 multiple submissions of "IPS Detection Stat Submission"  but the submissions "could not be submitted to Symantec at this time"

 

AND it has these two programs on it that run but I'd like to know if they are legit:

HpqToaster.exe VERSION: 1.10.1.6 (its not signed nor has a publisher)

BLService.exe VERSION: 1,0,0,8 (says STServices)

 

Thanks again for ANY and all help!

 

This is the Malwarebytes info:
Malwarebytes' Anti-Malware 1.41
Database version: 3175
Windows 6.0.6002 Service Pack 2

11/15/2009 12:44:46 PM
mbam-log-2009-11-15 (12-44-46).txt

Scan type: Full Scan (C:\|)
Objects scanned: 280777
Time elapsed: 1 hour(s), 8 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSIVXserv.sys (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Users\Jeff2274354\AppData\Roaming\Virus Shield 2009 (Rogue.VirusShield2009) -> Quarantined and deleted successfully.

Files Infected:
(No malicious items detected)

---
Malwarebytes' Anti-Malware 1.41
Database version: 3175
Windows 6.0.6002 Service Pack 2

11/15/2009 12:44:46 PM
mbam-log-2009-11-15 (12-44-46).txt

Scan type: Full Scan (C:\|)
Objects scanned: 280777
Time elapsed: 1 hour(s), 8 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSIVXserv.sys (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Users\Jeff2274354\AppData\Roaming\Virus Shield 2009 (Rogue.VirusShield2009) -> Quarantined and deleted successfully.

Files Infected:
(No malicious items detected)

 

THANK YOU GUYS AGAIN, if you can let me know how to get the computer to boot faster that would be great because right now it takes around 4.5minutes and just a month ago it only took about 1.5minutes

 

I WILL RUN HiJacKThis and the post for both computers.  I have used HiJacKThis before but never really understood most of it, it was 'user friendly enough' lol  I'm so glad you are here to educate me about these things. I'll post HiJacKThis ASAP.

 

 

14

FOR COMPUTER (SLADE)

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:27:49 PM, on 11/15/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DigitalPersona Fingerprint Software Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.5.2.11\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Global Startup: Bluetooth.lnk = ?
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - (no file)
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - (no file)
O13 - Gopher Prefix:
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - http://support.dell.com/systemprofiler/SysProExe.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - http://imikimi.com/download/imikimi_plugin_0.5.1.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O20 - AppInit_DLLs:  
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_1c3385ce\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\Program Files\Fingerprint Sensor\AtService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: @C:\Program Files\DigitalPersona\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MotoConnect Service - Unknown owner - C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Unknown owner - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_1c3385ce\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe

--
End of file - 7361 bytes
======
=====
=====

Comparison of your HijackThis log file items to others
The table below compares the items HijackThis found on your computer with those on other people's computers. The column "% of PCs with item" indicates what percent of other people's HijackThis log files contain the item in that row of the table. Additional information will be provided as more HijackThis log files are added to the AnalyzeThis database.

Each entry is coded to indicate the type of item it is on your computer. An explanation of these codes may be found at the bottom of this page.


Index % of PCs with item Code Data
1 0.0% O1 ::1 localhost
2 0.0% O13 
48 0.0% P01 C:\WINDOWS\Explorer.EXE
49 0.0% P01 C:\WINDOWS\system32\NOTEPAD.EXE
50 0.0% P01 C:\Windows\ehome\ehtray.exe
51 0.0% P01 C:\Windows\ehome\ehmsas.exe
52 0.0% P01 C:\Program Files\Windows Media Player\wmpnscfg.exe
53 0.0% P01 C:\Windows\system32\taskeng.exe
54 0.0% P01 C:\Windows\system32\Dwm.exe
55 0.0% P01 C:\Windows\system32\wbem\unsecapp.exe
56 0.0% P01 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
57 0.0% P01 C:\Windows\System32\mobsync.exe
58 0.0% P01 C:\Program Files\Dell Support Center\bin\sprtcmd.exe
59 0.0% P01 C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
60 0.0% P01 C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
61 0.0% P01 C:\Program Files\Dell\DellDock\DellDock.exe
62 0.0% P01 C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
63 0.0% P01 C:\Program Files\DigitalPersona\Bin\dpagent.exe
64 0.0% P01 C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
65 0.0% P01 C:\Program Files\DellTPad\Apoint.exe
66 0.0% P01 C:\Program Files\DellTPad\ApMsgFwd.exe
67 0.0% P01 C:\Program Files\DellTPad\Apntex.exe
68 0.0% P01 C:\Program Files\DellTPad\HidFind.exe
69 0.0% R0 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
70 0.0% R0 HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
71 0.0% R0 HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
72 0.0% R0 HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
73 0.0% R0 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
74 0.0% R1 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
75 0.0% R1 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
76 0.0% R1 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
77 0.0% R1 HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
78 0.0% R1 HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
79 0.0% R1 HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
80 0.0% R1 HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve

Explanation of the codes

R - Registry, StartPage/SearchPage changes


R0 - Changed registry value
R1 - Created registry value
R2 - Created registry key
R3 - Created extra registry value where only one should be

F - IniFiles, autoloading entries


F0 - Changed inifile value
F1 - Created inifile value
F2 - Changed inifile value, mapped to Registry
F3 - Created inifile value, mapped to Registry

N - Netscape/Mozilla StartPage/SearchPage changes


N1 - Change in prefs.js of Netscape 4.x
N2 - Change in prefs.js of Netscape 6
N3 - Change in prefs.js of Netscape 7
N4 - Change in prefs.js of Mozilla

O - Other, several sections which represent:


O1 - Hijack of auto.search.msn.com with Hosts file
O2 - Enumeration of existing MSIE BHO's
O3 - Enumeration of existing MSIE toolbars
O4 - Enumeration of suspicious autoloading Registry entries
O5 - Blocking of loading Internet Options in Control Panel
O6 - Disabling of 'Internet Options' Main tab with Policies
O7 - Disabling of Regedit with Policies
O8 - Extra MSIE context menu items
O9 - Extra 'Tools' menuitems and buttons
O10 - Breaking of Internet access by New.Net or WebHancer
O11 - Extra options in MSIE 'Advanced' settings tab
O12 - MSIE plugins for file extensions or MIME types
O13 - Hijack of default URL prefixes
O14 - Changing of IERESET.INF
O15 - Trusted Zone Autoadd
O16 - Download Program Files item
O17 - Domain hijack
O18 - Enumeration of existing protocols and filters
O19 - User stylesheet hijack
O20 - AppInit_DLLs autorun Registry value, Winlogon Notify Registry keys
O21 - ShellServiceObjectDelayLoad (SSODL) autorun Registry key
O22 - SharedTaskScheduler autorun Registry key
O23 - Enumeration of NT Services
O24 - Enumeration of ActiveX Desktop Components

 

Message Edited by aaaja2044 on 11-15-2009 12:45 PM
15

FOR COMPUTER 2 (JEFF)

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:28:29 PM, on 11/15/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.5.2.11\IPSBHO.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} (System Requirements Lab) - http://intel-drv-cdn.systemrequirementslab.com/audio/bin/sysreqlab_srlx.cab
O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_ind.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7480 bytes
====
====
=====

Comparison of your HijackThis log file items to others
The table below compares the items HijackThis found on your computer with those on other people's computers. The column "% of PCs with item" indicates what percent of other people's HijackThis log files contain the item in that row of the table. Additional information will be provided as more HijackThis log files are added to the AnalyzeThis database.

Each entry is coded to indicate the type of item it is on your computer. An explanation of these codes may be found at the bottom of this page.


Index % of PCs with item Code Data
1 0.0% O1 ::1 localhost
2 0.0% O13 
12 0.0% O17 NameServer = 208.67.220.220,208.67.222.222
46 0.0% P01 C:\WINDOWS\Explorer.EXE
47 0.0% P01 C:\WINDOWS\system32\NOTEPAD.EXE
48 0.0% P01 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
49 0.0% P01 C:\WINDOWS\system32\igfxpers.exe
50 0.0% P01 C:\Program Files\Windows Media Player\wmpnscfg.exe
51 0.0% P01 C:\WINDOWS\system32\igfxsrvc.exe
52 0.0% P01 C:\Windows\system32\taskeng.exe
53 0.0% P01 C:\Windows\system32\Dwm.exe
54 0.0% P01 C:\Windows\system32\wbem\unsecapp.exe
55 0.0% P01 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
56 0.0% P01 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
57 0.0% P01 C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
58 0.0% P01 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
59 0.0% P01 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
60 0.0% P01 C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
61 0.0% P01 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
62 0.0% P01 C:\Program Files\Java\jre6\bin\jusched.exe
63 0.0% P01 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
64 0.0% P01 C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
65 0.0% P01 C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
66 0.0% R0 HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
67 0.0% R0 HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
68 0.0% R0 HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
69 0.0% R0 HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
70 0.0% R0 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
71 0.0% R0 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = yahoo.com
72 0.0% R1 HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
73 0.0% R1 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com
74 0.0% R1 HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
75 0.0% R1 HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
76 0.0% R1 HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com
77 0.0% R1 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = yahoo.com
78 0.0% R1 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com

 

16

Hi aaaj

 

Slade Computer appears to have Comodo security suite, at least part of it, McAfee parts and N360. Your computer cannot function with all of these conflicting programs. You can see in your logs that there are starting up problems. You can see that there are shutting down problems and in all likelihood problems while the computer is trying to function.

 

Your first step is going to remove Comodo security suite and your McAfee product.  N360 will crash with all this other stuff on your computer......

17

How do I remove them? They do not show up on Slade Computer  'ADD/REMOVE' programs.  I don't think 'reinstalling and the uninstalling' would work either. 

 

ANY other ways to get COMODO and McAfee off the computer?  They do not have files/folders in either 'PROGRAM FOLDERS' or 'PROGRAM FILES' so where are they located and how do I get rid of them?

18

Here is instructions for McAffee removal

 

http://www.wikihow.com/Uninstall-McAfee-Security-Center

 

You can also try doing a search on your computer for the 2 products and see if you can find anything.

19

Hi

 

I Notice on the PC named "Slade"?? the W32.Tidsev", not sure how much of it is actually on there.

 

 

I will not remove Malware on this forum any longer using programs to detect / fix which file is involved, using multiple programs to log and fix as I once did..

 

You may have to go to a Forum with Malware removal rules and guidelines for further help. This way You will get someone who are trained and can use programs like I do.

 

Like Forum  www.bleepingcomputer.com

 

 

 

Quads 

20

Just my luck, you decide to quit helping people identify problems  LOL

 

Any problems you see please let me know, you do not have to give solutions just identify for me the problem if you can please.

 

As for W32.Tidev (r) I certainly do not see it so can you please tell me where your seeing it?  Please enlighten me a lilttle.

 

As for bleepingcomputers.com  I have experience with that site, in my opinion the site was multiple prob's.