Over 1 million tech questions and answers.

Closed TopicStart new topic > Infected by various malware. Help !!, Malware pop ups and could not open link from se...

Q: Closed TopicStart new topic > Infected by various malware. Help !!, Malware pop ups and could not open link from se...

Please reopen the case:http://www.bleepingcomputer.com/forums/t/278792/infected-by-various-malware-help/ Original message, posted on December 14, 2009:My computer is infected by malwares. Earlier I got help from bleepingcomputer staff under topic malware and has tried to use these software to clean my infected computer but still to no avail. The volunteer who helped me earlier asked me to use hijackthis and paste the logs on this forum.Malwarebytes Anti-Malware (v1.41)TFC by Old TimerKaspersky Virus Removal ToolEset Online Antiivirus Scanner.Kaspersky Online Virus Scanner.Sophos Anti-rootkitNorman Malware CleanerThe problems are:- When I use Internet Explorer or Mozilla, sometimes another window open automatically that mentions google hiring, websurvey, etc- When I use search engine to find something, I could not click the link to bring me to the shown result that I want, instead it brings me to an unfamiliar site. I have to copy and paste the web address to open it. If I click the link, sometimes it brings me to an anti-virus ad that force me to download the software (it would not allow me to close the browser) so I have to end the whole internet session forcefully.----------------------------------------------------------------------------------------------------------------------------------------------LOGFILE IS ATTACHEDLogfile of random's system information tool 1.06 (written by random/random)Run by USER1 at 2010-01-07 19:27:45Microsoft Windows XP Professional Service Pack 3System drive C: has 13 GB (34%) free of 38 GBTotal RAM: 1023 MB (9% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:28:51 PM, on 1/7/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\system32\bmwebcfg.exeC:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\McAfee\SiteAdvisor\McSACore.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exec:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\McAfee\MPF\MPFSrv.exeC:\Program Files\McAfee\MSK\MskSrver.exeC:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exeC:\WINDOWS\System32\svchost.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exeC:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exeC:\WINDOWS\system32\Ati2evxx.exec:\PROGRA~1\mcafee.com\agent\mcagent.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Intel\Wireless\Bin\ifrmewrk.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\Program Files\Dell\QuickSet\quickset.exeC:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Lexmark 1200 Series\lxczbmgr.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Yahoo!\Search Protection\SearchProtection.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\WINDOWS\tsnp2std.exeC:\WINDOWS\vsnp2std.exeC:\Program Files\Lexmark 1200 Series\lxczbmon.exeC:\Program Files\Windows Live\Messenger\msnmsgr.exeC:\Program Files\iPod\bin\iPodService.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Messenger\msmsgs.exeC:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exeC:\Program Files\Skype\Phone\Skype.exeC:\Program Files\TRENDnet\TEW-424UB\WlanCU.exec:\PROGRA~1\mcafee\msc\mcshell.exeC:\Program Files\Skype\Plugin Manager\skypePM.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcods.exec:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Java\jre6\bin\java.exeC:\Documents and Settings\USER1\Desktop\RSIT.exeC:\PROGRA~1\TRENDM~1\HIJACK~1\USER1.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1" target="_blank" class="wLink">http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.comR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%sR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dllR3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dllO2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dllO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dllO2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dllO2 - BHO: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dllO2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dllO2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dllO2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\YTSingleInstance.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dllO3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dllO3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dllO3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dllO4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/WirelessO4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeO4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exeO4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"O4 - HKLM\..\Run: [Cingular Communication Manager] C:\Program Files\Cingular\Communication Manager\CingularCCM.exe -aO4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptionsO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"O4 - HKLM\..\Run: [ResumeQuickupDownload] C:\PROGRA~1\OMNIQU~1\acappaa.exeO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkeyO4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hideO4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exeO4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exeO4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /backgroundO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quietO4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exeO4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimizedO4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exeO4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: Wireless Configuration Utility.lnk = C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exeO9 - Extra button: Popup Slasher - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\WINDOWS\system32\shdocvw.dllO9 - Extra 'Tools' menuitem: Popup Slasher - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\WINDOWS\system32\shdocvw.dllO9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dllO9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exeO9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dllO10 - Unknown file in Winsock LSP: bmnet.dllO10 - Unknown file in Winsock LSP: bmnet.dllO10 - Unknown file in Winsock LSP: bmnet.dllO16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cabO16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cabO16 - DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} (Domino Web Access 8 Control) - http://pcm.mfrpc.com/dwa8W.cabO18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dllO18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dllO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO21 - SSODL: welejofeb - {f9b4cf24-b70a-47ab-a7a4-297123c8e494} - (no file)O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - C:\WINDOWS\system32\bmwebcfg.exeO23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exeO23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exeO23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXEO23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exeO23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exeO23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exeO23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exeO23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeO23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeO23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exeO23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exeO23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exeO23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exeO23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exeO23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exeO23 - Service: WLANKEEPER - Intel? Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exeO23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe--End of file - 14409 bytes======Scheduled tasks folder======C:\WINDOWS\tasks\McDefragTask.jobC:\WINDOWS\tasks\McQcTask.jobC:\WINDOWS\tasks\ParetoLogic Registration.jobC:\WINDOWS\tasks\ParetoLogic Update Version2.jobC:\WINDOWS\tasks\User_Feed_Synchronization-{57B81AEA-A51F-42CB-932C-17311FE50504}.job======Registry dump======[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll [2009-09-19 1172280][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-11-18 1082880][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}]McAfee Phishing Filter - c:\PROGRA~1\mcafee\msk\mskapbho.dll [2009-10-02 246800][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-09-02 308856][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2009-11-04 62784][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-11-23 204048][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-12-04 41760][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-12-04 73728][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn6\YTSingleInstance.dll [2009-09-19 158008][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll [2009-09-19 1172280]{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160]{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-11-23 204048][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2004-10-30 385024]"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-05-12 344064]"Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset.exe [2005-12-15 839680]"Acrobat Assistant 7.0"=C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [2008-04-23 483328]"Cingular Communication Manager"=C:\Program Files\Cingular\Communication Manager\CingularCCM.exe [2006-07-18 19456]"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2005-10-26 159744]"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-10-25 282624]"Lexmark 1200 Series"=C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe [2006-07-12 57344]"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2006-10-30 256576]"YSearchProtection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2009-02-03 111856]"ResumeQuickupDownload"=C:\PROGRA~1\OMNIQU~1\acappaa.exe [2008-02-09 46456]"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-09-02 185896]"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-12-04 149280]"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-10-29 1218008]"McENUI"=C:\PROGRA~1\McAfee\MHN\McENUI.exe [2009-07-07 1176808]"tsnp2std"=C:\WINDOWS\tsnp2std.exe [2005-11-03 106496]"snp2std"=C:\WINDOWS\vsnp2std.exe [2005-08-16 339968][HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]"MsnMsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]"Messenger (Yahoo!)"=C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe [2009-11-10 5244216]"Search Protection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2009-02-03 111856]"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2008-11-18 21633320]"YSearchProtection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2009-02-03 111856]C:\Documents and Settings\All Users\Start Menu\Programs\StartupAdobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exeAdobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeAdobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeWireless Configuration Utility.lnk - C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]C:\WINDOWS\system32\Ati2evxx.dll [2005-05-12 46080][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IntelWireless]C:\Program Files\Intel\Wireless\Bin\LgNotify.dll [2004-09-07 110592][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-08-24 133120]welejofeb - {f9b4cf24-b70a-47ab-a7a4-297123c8e494}[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]"authentication packages"=msv1_0nwprovau"notification packages"=scecligerabuse.dll[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]"dontdisplaylastusername"=0"legalnoticecaption"="legalnoticetext"="shutdownwithoutlogon"=1"undockwithoutlogon"=1[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]"NoDriveTypeAutoRun"=145[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]"NoDriveAutoRun"="NoDriveTypeAutoRun"="HonorAutoRunSetting"=[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019""C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server""C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes""C:\Program Files\Yahoo!\Messenger\YAHOOM~1.EXE"="C:\Program Files\Yahoo!\Messenger\YAHOOM~1.EXE:*:Enabled:Yahoo! Messenger""%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000""C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger""C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger""C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer""C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)""C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call""C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger""C:\Documents and Settings\USER1\Local Settings\Temp\b.exe"="C:\Documents and Settings\USER1\Local Settings\Temp\b.exe:*:Enabled:b""C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:explorer""C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon""C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent""C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019""C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)""%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000""C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)""C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call""C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"======File associations======.js - edit - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1"======List of files/folders created in the last 1 months======2010-01-07 19:27:45 ----D---- C:\rsit2009-12-26 18:37:06 ----A---- C:\WINDOWS\WindowsXP-KB822603-x86.exe2009-12-26 18:37:05 ----A---- C:\WINDOWS\tsnp2std.exe2009-12-26 18:37:04 ----A---- C:\WINDOWS\vsnp2std.exe2009-12-26 18:37:03 ----A---- C:\WINDOWS\snp2std.ini2009-12-26 18:36:59 ----D---- C:\Program Files\Common Files\snp2std2009-12-26 18:36:59 ----A---- C:\WINDOWS\usnp2std.exe2009-12-26 18:36:59 ----A---- C:\WINDOWS\system32\vsnp2std.dll2009-12-26 18:36:59 ----A---- C:\WINDOWS\system32\rsnp2std.dll2009-12-26 18:36:59 ----A---- C:\WINDOWS\system32\csnp2std.dll2009-12-18 14:36:53 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$2009-12-18 14:08:31 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$2009-12-14 10:11:16 ----A---- C:\RootRepeal report 12-14-09 (10-11-16).txt2009-12-10 12:54:10 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$2009-12-10 12:43:18 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$2009-12-10 12:32:52 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$2009-12-09 20:03:41 ----A---- C:\WINDOWS\system32\MRT.exe2009-12-08 22:50:16 ----D---- C:\WINDOWS\system32\URTTEMP2009-12-08 22:49:46 ----SHD---- C:\Config.Msi2009-12-08 20:42:42 ----D---- C:\Program Files\Sophos2009-12-08 10:05:58 ----D---- C:\Documents and Settings\All Users\Application Data\SiteAdvisor2009-12-08 09:55:23 ----D---- C:\Program Files\Common Files\McAfee2009-12-08 09:55:17 ----D---- C:\Program Files\McAfee.com2009-12-08 09:54:58 ----D---- C:\Program Files\McAfee======List of files/folders modified in the last 1 months======2010-01-07 19:28:10 ----D---- C:\WINDOWS\temp2010-01-07 19:28:09 ----D---- C:\Documents and Settings\USER1\Application Data\Skype2010-01-07 19:27:36 ----D---- C:\WINDOWS\Prefetch2010-01-07 18:44:15 ----A---- C:\WINDOWS\RTacDbg.txt2010-01-07 18:31:18 ----D---- C:\Program Files\Mozilla Firefox2010-01-07 18:18:43 ----D---- C:\Documents and Settings\USER1\Application Data\skypePM2010-01-07 18:17:42 ----D---- C:\WINDOWS2010-01-07 00:38:35 ----A---- C:\WINDOWS\SchedLgU.Txt2010-01-03 21:14:03 ----SHD---- C:\WINDOWS\CSC2009-12-30 21:27:50 ----RHD---- C:\Documents and Settings\USER1\Application Data\yahoo!2009-12-30 17:38:53 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion2009-12-30 17:31:50 ----SHD---- C:\WINDOWS\Installer2009-12-30 17:30:57 ----D---- C:\Program Files\Common Files\Microsoft Shared2009-12-30 17:30:56 ----D---- C:\WINDOWS\WinSxS2009-12-30 15:53:26 ----D---- C:\WINDOWS\system322009-12-29 23:09:25 ----AC---- C:\WINDOWS\lexstat.ini2009-12-29 19:54:04 ----D---- C:\Program Files\Internet Explorer2009-12-26 18:45:15 ----HD---- C:\WINDOWS\inf2009-12-26 18:45:06 ----D---- C:\WINDOWS\system32\drivers2009-12-26 18:44:56 ----RSHDC---- C:\WINDOWS\system32\dllcache2009-12-26 18:37:25 ----A---- C:\WINDOWS\win.ini2009-12-26 18:37:04 ----D---- C:\WINDOWS\twain_322009-12-26 18:36:59 ----D---- C:\Program Files\Common Files2009-12-26 18:36:53 ----HD---- C:\Program Files\InstallShield Installation Information2009-12-26 06:44:42 ----D---- C:\WINDOWS\system32\CatRoot22009-12-21 15:53:47 ----D---- C:\temp2009-12-21 15:08:45 ----D---- C:\Insurance2009-12-18 15:37:52 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI2009-12-18 14:12:19 ----A---- C:\WINDOWS\imsins.BAK2009-12-17 18:25:20 ----D---- C:\KKIH choir2009-12-12 15:08:40 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee2009-12-11 16:20:19 ----D---- C:\TCEQ2009-12-10 13:01:05 ----HD---- C:\WINDOWS\$hf_mig$2009-12-09 16:28:13 ----RD---- C:\Program Files2009-12-09 16:28:09 ----D---- C:\Documents and Settings\All Users\Application Data\Ulead Systems2009-12-09 15:52:31 ----D---- C:\Documents and Settings\USER1\Application Data\Move Networks2009-12-08 22:50:15 ----RSD---- C:\WINDOWS\assembly2009-12-08 20:19:44 ----D---- C:\Program Files\Malwarebytes' Anti-Malware2009-12-08 12:09:41 ----D---- C:\Program Files\Common Files\AVSMedia2009-12-08 12:09:34 ----D---- C:\Program Files\AVS4YOU2009-12-08 10:02:19 ----D---- C:\WINDOWS\system32\CatRoot2009-12-08 09:56:03 ----SD---- C:\WINDOWS\Tasks2009-12-08 09:28:40 ----D---- C:\Program Files\Omniquad Anti-Virus======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-11-04 214664]R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2009-07-16 120136]R1 OMCI;OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-08-22 13632]R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]R1 tcpipBM;Bytemobile Kernel Network Provider; C:\WINDOWS\system32\drivers\tcpipBM.sys [2006-07-25 18432]R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-04 63232]R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-04 55936]R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2004-08-31 11354]R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-05-12 1132544]R3 b57w2k;Broadcom NetXtreme 57xx Gigabit Controller; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2004-08-23 121472]R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]R3 GTIPCI21;GTIPCI21; C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2005-05-31 87936]R3 IWCA;Intel Wireless Connection Agent Miniport for Win XP; C:\WINDOWS\system32\DRIVERS\iwca.sys [2004-08-12 234496]R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-11-04 79816]R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-11-04 35272]R3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-11-04 34248]R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-11-04 40552]R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2008-04-13 163584]R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]R3 RimSerPort;RIM Virtual Serial Port; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2005-08-16 18432]R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]R3 SNP2STD;USB2.0 PC Camera (SNP2STD); C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2005-09-21 8816128]R3 STAC97;SigmaTel C-Major Audio; C:\WINDOWS\system32\drivers\STAC97.sys [2005-03-10 273168]R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]R3 w29n51;Intel? PRO/Wireless 2200BG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2004-10-21 3210496]S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]S3 MEMSWEEP2;MEMSWEEP2; \??\C:\WINDOWS\system32\1B.tmp []S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]S3 MSIRCOMM;Microsoft IR Communications Driver; C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys [2008-04-13 22016]S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]S3 NWUSBModem;Novatel Wireless USB Modem Driver; C:\WINDOWS\system32\DRIVERS\nwusbmdm.sys [2005-04-01 65152]S3 NWUSBPort;Novatel Wireless USB Status Port Driver; C:\WINDOWS\system32\DRIVERS\nwusbser.sys [2005-04-01 65152]S3 PCTINDIS5;PCTINDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCTINDIS5.SYS []S3 PTDCBus;PANTECH PC Card Composite Device Driver (UDP); C:\WINDOWS\system32\DRIVERS\PTDCBus.sys [2007-04-01 27520]S3 PTDCMdm;PANTECH PC Card Drivers (UDP); C:\WINDOWS\system32\DRIVERS\PTDCMdm.sys [2007-04-01 41728]S3 PTDCVsp;PANTECH PC Card Diagnostic Serial Port (UDP); C:\WINDOWS\system32\DRIVERS\PTDCVsp.sys [2007-04-01 39808]S3 PTDCWWAN;PANTECH PC Card WWAN Controller device driver; C:\WINDOWS\system32\DRIVERS\PTDCWWAN.sys [2007-04-30 58240]S3 RTL8187B;TRENDnet TEW-424UB 54M USB Dongle; C:\WINDOWS\system32\DRIVERS\RTL8187B.sys [2007-07-19 264576]S3 SjyPkt;SjyPkt; \??\C:\WINDOWS\System32\Drivers\SjyPkt.sys []S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]S3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-08-17 35913]S3 SMNDIS5;SMNDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS []S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]S3 WmaCDriverV32;WmaCDriverV32; C:\WINDOWS\system32\drivers\WmaCDriverV32.sys [2007-01-30 513152]S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-05-12 364544]R2 bmwebcfg;Bytemobile Web Configurator; C:\WINDOWS\system32\bmwebcfg.exe [2006-07-25 118784]R2 Capture Device Service;Capture Device Service; C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe [2007-03-06 198168]R2 EvtEng;EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2004-09-07 86016]R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-12-04 153376]R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2006-04-17 311296]R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-12-08 93320]R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-10-29 865832]R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2009-07-07 2482848]R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-07-08 359952]R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-11-04 144704]R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-10-27 895696]R2 MSK80Service;McAfee Anti-Spam Service; C:\Program Files\McAfee\MSK\MskSrver.exe [2009-10-02 26640]R2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe [2005-12-15 380928]R2 NWCWorkstation;Client Service for NetWare; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]R2 NwSapAgent;SAP Agent; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]R2 RegSrvc;RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2004-09-07 139264]R2 S24EventMonitor;Spectrum24 Event Monitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2004-09-07 360521]R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]R2 WLANKEEPER;WLANKEEPER; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2004-09-07 225353]R2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2006-10-30 492608]R3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-10-28 365072]R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-11-04 606736]S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2006-08-10 69632]S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]-----------------EOF-----------------

RELEVANCY SCORE 200
Preferred Solution: Closed TopicStart new topic > Infected by various malware. Help !!, Malware pop ups and could not open link from se...

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Closed TopicStart new topic > Infected by various malware. Help !!, Malware pop ups and could not open link from se...

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.Please tell me if you wish to continue in this topic or have the other one reopened.regards myrti

Read other 17 answers
RELEVANCY SCORE 81.6

.....Office started the chain of events I think

Last week I installed Office 2007, but Outlook wouldn't send email. Despite changing my anti virus to AVG in an attempt to solve this, it still didn't work.
I then tried to un-install Office - but it froze half way each time. I manually sent all the programme files to the recycle bin but the computer wouldn't delete all of them.
So I reinstalled Office, outlook wouldn't send again and on trying to delete the programme I encountered the same set of problems.

Feeling I had no other choice I carried out a system restore. All three times it didn't complete, citing a system fault/power cut.

How can I make it all better? - Have I made some really bad novice mistakes?

Is there anymore info I need to give to get help from you guys?

A:Reply to this topicStart new topic > Vista Unable To Complete A System Restore

I have tried on safe mode too.

Below is the problems as I try to system restore..

then

And once my computer has rebooted and taken 5 minutes to think about it, this comes up......

Read other 1 answers
RELEVANCY SCORE 81.6

Hello, I foolishly ran an .exe file that installed a virus on my desktop PC that will not let me run many forms of virus protection and spyware removal. The virus has defeated Hijackthis, hijackfree, Spybot, Malwarebytes, combofix, and AVG, and a few others even in safe mode. I have tried renaming the install files and the exe files to no avail. So at this point I cannot even post a logfile.

AntiVira will run but cannot seem to remove the virus, additionally I have run ATF cleaner and Vundofix which ran successfully (Vundofix with zero detections.)

The desktop runs Windows XP Service Pack 3.
I have tried renaming the files and running all of the above programs renamed in Safe Mode. Additionally I have used TrendMicro's House Call
I can access the internet, but the virus often redirects me away from sites such as this one. I have perused multiple forums and haven't found a fix yet. If anyone can help I would be deeply in their debt.

Thanks

Read other answers
RELEVANCY SCORE 80.8

Well, I had a rootkit.TDSS, and i originally used malware bytes to remove it. I then thought that it was over and saw some suspicious things going on with my games n stuff not working properly...so I tried for another 3-4 hours running virus scans and stuff and even tho nothing came up, I knew that there was still something wrong.

So I then decided that I didn't care if i lost all my data, and did a reformat...That didn't fix the problem either. So I tried using a webroot windows washer boot disc thingy that my dad made a couple years ago to securely wipe my hard drive with the DOD setting (3 passes), then reformatted..I am now having problems like after i reformatted my windows update wont work and things are going slow.

I need some help will someone please help me! I will appreciate it alot!

A:I think I am infected with a bad rootkit/malware (Sorry about other topic, didn't read posting guide)

Hi Brandon21,

Have you reinstalled all your drivers?

Read other 4 answers
RELEVANCY SCORE 74.4

Referred here from Am I Infected forum. The link provided is to that topic. ~ OBhttp://www.bleepingcomputer.com/forums/t/192258/our-main-pc-has-been-infected-by-this/Are these logs of any use? Managed to run Malware in SAFE MODE which deleted or Quarenteened 3,400approx ,(when I rebooted Windows loaded but no Desktop appeared) as well as HJT I tried to install SuperAntiSpyWare but got a message saying Admin will not allow this program to run .Logs for Malware& HJT :Logfile of Trend Micro HijackThis v2.0.2Scan saved at 14:09:36, on 11/01/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: Safe modeRunning processes:D:\WINDOWS\System32\smss.exeD:\WINDOWS\system32\winlogon.exeD:\WINDOWS\system32\services.exeD:\WINDOWS\system32\lsass.exeD:\WINDOWS\system32\svchost.exeD:\WINDOWS\System32\svchost.exeD:\WINDOWS\Explorer.EXED:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcrobatInfo.exeD:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.evertonfc.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http:/... Read more

A:Infected PC see link to a previous topic

Howdy, my name is Hoov, and I will be helping you with your dilemma. I appologize for the delay in getting you help.Please make sure you watch this thread for responses. If you click the options tab at the top of your first post, you can select to track this thread. Here is what I am asking you to do during the repair of your computer*Tell me everything that you have done, if anything, to try and fix this problem.*Please only use 1 forum to help clear up your problem. Posting on more than 1 and following instructions from more than 1 forum will cause those helping you to pull out thier hair.*Follow my instructions - If you can't for some reason, or if you don't understand something, please tell me. If you deviate from my instructions, tell me, it may make a difference on where we go. Don't install anything, even other programs that have nothing to do with security or malware, it could cause things to change, and I would never know it. *Have faith. I will do all I can to get your computer working, and if I can't - someone else here will know something else to try. *Stick with me to the end. My aim is to fix your problems, and give you the tools and knowledge to keep this from happening again.Now onto trying to fix your computer.Run an online virus scan called Kaspersky from HERE.1. At the main page. Press on "Accept". After reading the contents.2. At the next window Select Update. Allow the Database to update.Note: If prompted to run or update your Java, then follow... Read more

Read other 2 answers
RELEVANCY SCORE 73.2

Hello! I've noticed a "Good link and associates" icon appear on my computer. When I looked online to see what the cause might be I found my way to this forum where people had helped folk like me with a similar problem.
 
Following advice from Alexstrasza to someone with a similar past problem, I have:
1) Run MiniToolBox and saved result.txt, in case that might be useful
2) Run SecurityCheck.exe and saved the checkup.txt log
 
Would it be helpful if I posted these up? Thanks so much to anyone who can help!
 
 

A:Infected with "Good link and associates" chinese malware?

Hello and welcome to BC,
 
Yes, you can post results here, but we should do some checks.
 
Please download Rkill to your Desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/
 
§  Double-click on the Rkill desktop icon to run the tool.
§  If using Windows Vista, 7, 8 or 10 right-click on it and choose Run As Administrator.
§  A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
§  If not, delete the file, then download and use the one provided in Link 2.
§  Do not reboot until instructed.
§  If the tool does not run from any of the links provided, please let me know.
If normal mode still doesn't work, run the tool from Safe Mode.
When the scan is done Notepad will open with rKill log.
Post it in your next reply.
NOTE. rKill.txt log will also be present on your desktop.
-----
 
Kaspersky Virus Removal Tool
Please download Kaspersky Virus Removal Tool from here.
§  Right click on KVRT.ex... Read more

Read other 18 answers
RELEVANCY SCORE 72

Have been using Win 7 Ultimate x64 for quite a while but tonight ran into a small problem. I like to keep the titles for links very short and want to rename "Malwarebytes Anti-Malware" (I am a registered, paid user) to simply "Malwarebytes". I am listed as an Administrator and I used LockHunter to unlock the file but it still does not allow me to shorten the description. When I shorten the name and hit OK I am told "You'll need to provide administrator permission to rename this file" Since I am the administrator on this machine I do not know what to do. Continuing does nothing. Anyone have any suggestions? /* Philip */

A:Changing File Decription for link to Malware Bytes Anti-Malware

Not sure but I think Malwarebytes is trying to protect itself.
That is one of the first things a virus would try to do is change the name/link and get it out of the infection way.

I can change the name of the desktop Icon to MBAM.

Read other 9 answers
RELEVANCY SCORE 71.6

i having a problem with my laptop that my laptop sometimes will receive a msn offline message with a website link from anyone who in my friendlist. I also facing my laptop sometimes will having schedule error when i start the program. The date will set at 1st of Jan 1988. I also realized there are many copies of same files name appear in my windows file. i suspect it is the action of malwares to copy its files repeatly into windows file.

A:infected by malware or spyware, msn send offline message with a website link

DDS (Version 1.0.1) - NTFSx86
Run by jkkt87 at 11:21:04.90 on 12/13/2008 Sat
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_03
Microsoft Windows XP Professional 5.1.2600.2.936.86.1033.18.1022.551 [GMT 8:00]

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Acer\eManager\anbmServ.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Ringz Studio\Storm Codec\stormliv.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\RINGZS~1\STORMC~1\Stormser.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\jkkt87\Desktop\dds.com
C:\WINDOWS\system32\conime.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.uusee.net/
uSearch Page = hxxp://www.goog... Read more

Read other 2 answers
RELEVANCY SCORE 71.6

To whom is kind enough to help with this...

My father opened up an email from FedEx and clicked on a link embedded in the email, which I assume linked to malware. Since doing so, the following has happened:

There was a FedEx notification e-mail--
Opened it--said delivery did not take place and click here for the address
Did click--it was blank
Went back to e-mail--
Icon(box) came up multiple times (maybe 20)
Could not get out of FedEx e-mail

File Recovery Box came on automatically--appeared on desktop
Right clicked on the File Recovery to delete the icon--it did delete

McAfee came up--said it was a trojan--then blocked access--showed it
came from IP address

Tried to reboot
Computer screen black--black screen (no picture anymore)
Only few icons on screen--Firefox was one, so there are many hidden files
Folders were not showing (about 6)

Ironically, we did have a package delivered that day, so it's hard to fault him for cliking on the link...

Any help would be greatly appreciated!!!

tatiana

The GMER log is attached, along with the Attach file.
DDS Log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by william at 22:11:50 on 2012-09-12
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.541 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
=... Read more

A:Infected with a version of File Recovery virus/malware from email link

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

Read other 24 answers
RELEVANCY SCORE 70.8

Daughter clicked email link and infected with malware. The Just-inTme debugging keeps popping up telling me their is a new instance of microsoft Script editor.Koobface worm and Rootkit.TDSS found by malwarebytesEven after malware bytes found those two items I had popus (the bad kind designed to infect) asking me to click something to prevent my computer from being infected. It won't let me post this message with the DDS log. I;ve attached the other logs.something must have happened to the DDS log file; I cannot even email the contents so i can post it from another computer. Should I try again to post it or re-run DDS?I also get a message that Windows defender is turned off by group policy when i try to open it.Merged posts. The infection is blocking the log. Please wait for a helper to respond. ~ OB

A:Daughter clicked email link and infected with malware. Script editor keeps popping up.

Hello, .My name is etavares and I will be helping you with this log.Here are some guidelines to ensure we are able to get your machine back under your control.Please do not run any unsupervised scans, fixes, etc. We can work against each other and end up in a worse place.Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.Please reply within 3 days to be fair to other people asking for help.When in doubt, please stop and ask first. There's no harm in asking questions!OK, bad news, you're infected iwth a backdoor rootkit, but we can regain control if you want.Backdoor WarningOne or more of the identified infections is a backdoor trojan.This allows hackers to remotely control your computer, steal critical system information and download and execute files.I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely co... Read more

Read other 47 answers
RELEVANCY SCORE 68.8

Hello all,

Hope someone can help me, this is driving me nuts. This just happond today. First I was not allowed to access the internet at all. My modem and vonage were working fine. Tried to open, spybot and malware with no luck. I could open Adware, which found a browser hijacker and did a full AVG scan which was ok. It allowed me to gain Internet access again, but still could not open any of my spyware programs.

I tried to download some other spyware problems to check for problems, but the computer wont even allow a setup of them.
Next I tried a safe mode scan with spybot and malware. Same thing, it wont let them open. Why I still have internet access for now, I figured I would come here for help. What should I do next to try and solve this program?

I'm running xp, avg free, spybot, malwarebytes, adware.

Thanks

A:Cant open spybot or Malware, infected

Know I cant access the internet or open anything else, inless I'm in safemode.
Rebooting is only working 25%, I'm getting a black screen with the pointer, reboot again.

Any suggestions?

Read other 13 answers
RELEVANCY SCORE 68.4

Hi

I stupidly tried to installl some pirate software. Now, I'm getting random popups. My normal virus software is spynomore. This will not run, saying "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access this item.". I tried reinstalling a demo version, which started scanning, coming up with ransomware before it shut down, and won't start with the same error message. I installed Ad Aware, which started scanning, saying there was malware, then shut down, and will not run. Error: Failed to connect to service. I installed hijackthis, which started running, then shut down and will not start again. Same error as spynomore. I tried renaming it, but got access denied. Fsecure easyclean starts, then gets the usual windows crash error: F-Secure Easy Clean has encountered a problem and needs to close. We are sorry for the inconvenience.

Am out of ideas now, as this thing seems to shut down all the stuff I throw at it. I hope someone can help me.

I am running Windows XP on the latest service packs and updates.

Thanks

Kit

A:probably malware [Merged topic]

HiI tried making a post in another forum, but have had no replies, so I'm risking your wrath by posting here as well. Sorry if that is wrong. This is my other post:http://www.bleepingcomputer.com/forums/t/257021/probably-malware-merged-topic/The problem appeared when I stupidly used a keygen-like program. I got popups and my antivirus (spynomore) stopped working. This will not run now, saying "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access this item.". I tried reinstalling a demo version, which started scanning, coming up with ransomware before it shut down, and won't start with the same error message. I installed Ad Aware, which started scanning, saying there was malware, then shut down, and will not run. Error: Failed to connect to service. I installed hijackthis, which started running, then shut down and will not start again. Same error as spynomore. I tried renaming it, but got access denied. Fsecure easyclean starts, then gets the usual windows crash error: F-Secure Easy Clean has encountered a problem and needs to close. We are sorry for the inconvenience. I've tried some more since. Most of the time I am not able to even go to the webpage of the antivirus software. If I download something using another computer, I either cannot install, it installs but shuts down, or it needs to connect to a webserver on first startup, which it fails to do. I have gone into C:\Windows and C:\Windows\System and deleted s... Read more

Read other 1 answers
RELEVANCY SCORE 68.4

I need help to fix followed the direction on to resulve this errorI receive a "Microsoft Internet Explorer has encountered a problem and needs to close.

Plz help thanks ahead of time

randy

error message is the following
here is what the detail says

AppName: iexplore.exe AppVer: 7.0.6000.16735 ModName: unknown
ModVer: 0.0.0.0 Offset: 7e83435d

I followed the direction on the page Preparation Guide for use before posting about your potential Malware problem
Here is reports my generated report log by RSIT
**************************************************************
info.txt logfile of random's system information tool 1.04 2008-11-30 13:23:46

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player-->C:\WINDO... Read more

A:My/new malware removal topic

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable ... Read more

Read other 2 answers
RELEVANCY SCORE 68

Running 64-bit Vista, so GMER won't run properly. Attaching my DDS log, and I also ran Combofix before stumbling onto this site so I'll attach that as well (as log.txt).

Ran TDSS previously and it did not detect anything. aswMBR blue screens even in safe mode.

Previous to this my browser would freeze and then I would get a request from the UAC to run something, I used process explorer to find the requesting file and the one that it was trying to run and deleted both, however I am still running into a similar issue with IE popping up randomly and opening as many tabs as it can so there is clearly something I missed. This suggests at some point earlier I've been infected by something even more hidden that I haven't rooted out?

A:Infected by Malware: Open IE and spams tabs

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about y... Read more

Read other 17 answers
RELEVANCY SCORE 68

I tryied toi run camelion  i wewnt through all 13 tests but none of them worked.   Then I ran scan disc this morning and the cbs.log says there are several corupted files.    Can someone please help me

A:help please malware bytes wont open I think im infected.

Malwarebytes Chameleon Technology is a feature which deals with malware that targets Malwarebytes Anti-Malware and other security tools to keep them from running properly. Is Malwarebytes not working and that is the reason you are trying to use Chameleon?Usually when a computer is infected with malware there will be indications (signs of infection) that something is wrong. If the problem is only with Malwarebytes, one of the solutions generally suggested by the Help Desk to try first is to uninstall/reinstall as follows:* How to fully Uninstall/Reinstall Malwarebytes Anti-Malware - MBAM Clean Removal Process 2x* How to fully Uninstall/Reinstall Malwarebytes Anti-Malware - MBAM Clean Removal Process 1.75-- If using the Premium version, you will need to reactivate Malwarebytes' using the license ID and key you were sent by email. Make sure you save that information so it is readily available when reinstalling.-- Launch the program and set the Protection and Registration. Then go to the UPDATE tab and check for updates if not done during installation.-- Restart the computer again and verify that Malwarebytes is showing in the task tray if using the Premium version. Then setup any file exclusions that may be required in your Anti-Virus/Internet-Security/Firewall applications.If you are dealing with a confirmed malware infection, the you should start a new topic in the Am I infected? What do I do? forum OR follow the instructions provided in the Malware Removal and Log Section Pre... Read more

Read other 1 answers
RELEVANCY SCORE 68

Dear kind people (grovel, grovel)

I seem to have been infected with a virus. I noticed this first when both my anti virus and firewall stopped working. On attempting to start them manually, I received an error message stating that the *.exe files were "not valid Win32 applications" - this is where the screaming started.

I tried to open other programs and again was either presented with an error message stating that the application was "not a valid Win32 application", or they refused to work such as my KMPlayer which seemed to have lost all codecs. My Video driver started to play up and the internet was exceedingly slow and would crash.

Before discovering your site I had un-installed my video drivers and both the anti virus and firewall apps and tried to reinstall them but they again returned error messages saying that they were yes, not valid Win32 applications.

I went to Esat to buy some decent anti virus software, via the 30 day trial, but upon downloading the apps and installing them the services could not be started so I am a bit flummoxed.

Upon doing a search for the error message "not a valid Win32 application" I discovered your site and followed the five steps. This has removed or disinfected some of the malware via the Panda scanner, but some remains - srosa.sys and hldrrr.exe seem to be the nasties

Unfortunately the highjackthis app returns a "not a valid Win32 application" error message but the Panda log ... Read more

Read other answers
RELEVANCY SCORE 68

Hello, can i ask how can i scan scan my computer using hijackthis properly? Everytime i scan my computer using this, this message (see in the attached file) always appears. My friend told me that i can remove malwares from my computer using this by sending scan log files to the experts. But how can i send that log file if i cannot continue to scan because of this message appearing? Please help me.Thanks in advance. HijackThis is not providing accurate information for 64 bit systems.In your case we need to see a DDS Log.I would remove HijackThis using the Add/Remove Programs list.Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.DDS.scr DDS.pifDDS.COMDouble click on the DDS icon, allow it to run. A small box will open, with an explanation about the tool. No input is needed, the scan is running. Notepad will open with the results. Follow the instructions that pop up for posting the results.Please note: You may have to disable any script protection running if the scan fails to run.Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.

A:nightsinger's malware removal topic

Hi, can anyone help me if what should I do next? After using the DDS.COM program, this is the log file scanned:.DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_31Run by microsoft at 0:04:16 on 2012-07-13.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exeC:\Windows\system32\atiesrxx.exeC:\Windows\system32\atieclxx.exeC:\Windows\system32\FBAgent.exeC:\Program Files\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exeC:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exeC:\Windows\System32\spoolsv.exeC:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Application Updater\ApplicationUpdater.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exeC:\ProgramData\Globe Tattoo Broadband\OnlineUpdate\ouc.exeC:\ProgramData\DatacardService\HWDeviceService.exeC:\Program Files\Canon\IJPLM\IJPLMSVC.EXEC:\Windows\system32\PnkBstrA.exeC:\Program Files\... Read more

Read other 17 answers
RELEVANCY SCORE 68

  
Quote: Originally Posted by richc46


... Download MSE, Microsoft Security Essentials for anti virus and use that in conjunction with malwebytes to avoid future problems


Hey Rich, nothing personal so I hope you don't take that way. But, the continuing MSE recommendations here are not well serving the OP and beginning to border on nonsense! Sure it's a good Free-ware alternative but hardly a complete solution that in my mine doesn't deserve all the Kudos it receives here. Again IMO.

Everyone is looking for free, but the are many outstanding "complete solutions" that include (antivirus -malware - spyware -spam) that are extremely economical, like $30.00 to $40.00 annually...

At this price point why would anyone want to load multiple apps that need to be run manually just to save $30.00? I don't get it...

Didn't mean to highjack the thread, so carry on and flame away if necessary.

Regards-

A:The off Topic Anti-Malware Thread ;)

  
Quote: Originally Posted by win7clutz









  
Quote: Originally Posted by richc46


... Download MSE, Microsoft Security Essentials for anti virus and use that in conjunction with malwebytes to avoid future problems


Hey Rich, nothing personal so I hope you don't take that way. But, the continuing MSE recommendations here are not well serving the OP and beginning to border on nonsense! Sure it's a good Free-ware alternative but hardly a complete solution that in my mine doesn't deserve all the Kudos it receives here. Again IMO.

Everyone is looking for free, but the are many outstanding "complete solutions" that include (antivirus -malware - spyware -spam) that are extremely economical, like $30.00 to $40.00 annually...

At this price point why would anyone want to load multiple apps that need to be run manually just to save $30.00? I don't get it...

Didn't mean to highjack the thread, so carry on and flame away if necessary.

Regards-


No offense taken, but each member is free to share his or her opinion. Mine is shared by many at this forum. The OP, of course is free to choose mine or yours.

Read other 9 answers
RELEVANCY SCORE 68

I started this post in the Vista forum, but have been redirected here. It seems that whenever I try to open a program I get asked by windows what do I want to open it with. If I download a program or try to open certain programs I get the pop up window that states:

C:\Users\Owner\Desktop\xyz.com (name of downloaded file)
The extended attributes are inconsistent

Then another window will pop up that states:

Consent UI for administrative applications stopped and was closed.

I was advised to post these two logs from defogger which are as follows:

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Owner at 15:11:43 on 2011-12-08
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.3006.2421 [GMT -8:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\... Read more

A:Vista topic moved here...malware?

Sorry, forgot to mention that I couldn't run GMER because I am using a Windows Vista 64(?). I tried before and got a blue screen (see previous forum post that was linked).

Thanks,
Mike

Read other 34 answers
RELEVANCY SCORE 67.2

Hi dear,
suddenly,my system infected by MALWARE,and i did all the recommended action given by the antivirus programm,but i found after that,i cant open hard dirve C & D,,,but i can use desktop and my documents,,
please help me to solve this problem as soon as possible.
thanks
regards
 

A:ITS URGENT,MY SYSTEM INFECTED BY MALWARE,,I CANT OPEN harddrives C & D

Please do not create multiple threads for the same problem! Read >>Posting help read first<< if you feel you are not getting help.

Closing duplicate thread, please continue here: http://forums.techguy.org/malware-removal-hijackthis-logs/717009-its-very-urgent-i-can.html
 

Read other 1 answers
RELEVANCY SCORE 67.2

Hi, would really appreciate someones help with this as I am at my wits end and know nothing about how to fix this!

I've had malware problems on my system for a while as it is Xp and is quite an old laptop, however it was a present and I cannot give it up so everytime I've had problems I've shipped it out to be fixed and normally it has been with some deft scanning and removal with Malwarebytes' Anti-malware.

However on this occasion the infection was particulary nasty and even on the scan and removal of infected files with malwarebytes, whenever i restarted my computer the pop-ups and bubbles appeared once more. Someone suggested e-scan to me and since I couldn't access the internet from my normal account, I restarted in safemode with networking, went through the administrator account, downloaded e-scan (mwav) and that fixed everything for me....... but when it came to trying to get on the internet again, it kept saying it couldn't connect - though my ethernet connection was alive and my modem was fine and I could access windows live messenger(!)

Someone suggested I try firefox so again I went through safe mode with networking, into the administrator account only to find it wouldn't let me on the internet then either - unless I clicked on the email icon in the start menu. I downloaded firefox no problem but that won't connect either and have no idea why this is doing it? I have even tried the command prompt of dns flushing. But as y... Read more

Read other answers
RELEVANCY SCORE 67.2

My computer has gone into a strange habit of repeatedly typing the "v" key on its own. (like if I run Notepad it types vvvvvvv ) I looked under the v key and removed what dust was there, but the "vs" continue. This happens when I am not pressing any key on the keyboard.I use Windows Vista as my operating system and have kept it up to date (my internet service provider requires the latest Norton Antivirus and an up to date OS in order to use the internet service).I tried pressing Ctrl-Alt-Del and nothing comes up. I suspect a piece of (badly coded?) malware may be preventing me from solving the problem.I already ran SpyBot, AdAware, and SuperAntiSpyware (all installed after the "v" situation started), but they didn't remove the problem ("v"s are still continuing) - i tried safe mode, and the "v"s still continue. I also tried running Malwarebytes in Safe mode, and it found nothing.This occurred after I tried to install "Super Mario Yoshi Island - The Yoko" from a website, but when running it, it didn't seem to work (the program never started), so as I was trying to uninstall it the "v" thing started to happen. I don't know if it is exactly what caused it, but it's the last thing I remember before the crisis started.While I ran hijackthis on my own (and Hijackthis was unable to write to the hosts.txt file), I am not posting it here because this isn't the place for those logs. Should I immed... Read more

A:Computer types "v"s on its own - topic with malware logs

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 12 answers
RELEVANCY SCORE 67.2

So about a week ago I realized that I had some rogue anti-spyware on my machine. System Security 2009. So i ran malwarebytes and spybot search and destroy-- the problem seemed to be fixed. Yesterday I encountered more trouble. Another rogue anti-virus showed up (I don't remember which one). So I tried to run spybot s&d and malwarebytes. The malware didn't allow these to start up. So I renamed malwarebytes to winlogon.exe which got it past the malware, and it found all sorts of infections and removed them.

Then, results from google searches began to get redirected to bogus sites, which is bothersome. I tried to run malwarebytes again (still called winlogon) and halfway through the scan my computer screen went to a glitchy blue and my machine rebooted. I was out of the room when this happened. When i came back a dialog box was showing that said "windows has recovered from an unexpected shut off" or something like that. I walked away in disgust, but then some really spooky ass music started playing on my computer-- music that certainly isn't in my library- and itunes or media center definitely weren't open. I've since stared experimenting with Hijack This-- but to be honest- registries are a bit over my head. I got rid of a few that I was positve weren't legit, but I'm wary of deleting a bunch of stuff willy nilly.

Whatever is on my machine has been blocking all sorts of programs-- I keep getting dialog boxes that say "Firefox has stopped working" or &q... Read more

A:Definite Malware. Too much to explain in the topic title.

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 67.2

Here is the link to my other topic: http://www.bleepingcomputer.com/forums/topic404707.html/page__gopid__2309837#entry2309837Anyways, I am unable to run DeFogger and the same with DDS.scr.I can download them to desktop, but when I try to run them I get the error, "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access them."I am the administrator on this laptop, there is only 1 user account, and I am running Windows XP.I had google redirects, but that is since fixed, but the computer still overall runs slowly, there are 60 processes running the background, some files that I download etc I cannot open them, same case as with trying to run DDS.scr. I have ran Malwarebytes with the more currect version on a full scan and it finds nothing. Same with Super Anti-Spyware on complete scan, still nothing.I was able to run GMER.Here is the log for that.GMER 1.0.15.15640 - http://www.gmer.netRootkit scan 2011-06-26 19:50:47Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS541616J9SA00 rev.SB4OC74PRunning: gmer.exe; Driver: C:\DOCUME~1\Gini\LOCALS~1\Temp\fwrcraod.sys---- System - GMER 1.0.15 ----SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xB63C5982]SSDT \SystemRoot\System32\Driver... Read more

A:Requested to make topic here, help with malware issues

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

Read other 10 answers
RELEVANCY SCORE 66.8

I have a default Yoog Search in my Search Engines, i try to remove it and set it as google but it would again default to Yoog. Next thing is I just cannot run 'sybot search & destroy' and doesnt let me open any anti-malware related sites. I cant download any anti malware apps. I am just stuck. I saw a post " Win 2K hijack issue - unable to run malware apps!". I have exactly the same case on my system.

 

Read other answers
RELEVANCY SCORE 66.8

I recently got a new client who needed help with his computer. It was silly of me to think it would be simple. I was up all night working on it.

His initial problem was that windows would hang on "Loading personal preferences" and would only boot in safe mode. It wasn't the page file, or any of the usual things... though I did start to notice that normal Windows functions didn't work properly, from MsPaint to IExplorer. I tried to run Autoruns.exe and Hijackthis and they shutdown as soon as they were opened. IExplorer wouldn't load pages and firefox would pop up and load the pages instead.

I thought I should just repair windows, which I tried to do and accidentally installed a second copy of windows on the same partition... I then deleted the second windows installation (windows.0), but after that windows would boot fine without safe mode. That was only the beginning though. I found the google redirect on there, a bunch of old adware and a mess of a disorganized computer.

The system also booted and gave a tapi.nfo error, I searched for this and got nowhere. So I went to regedit and deleted the line causing it. It doesn't pop up anymore, but that didn't solve anything.

I looked further into the situation and found that many others are having trouble with rootkit malware that shuts down anti-malware software.

I tried loading malwarebytes, etc, and even renaming the files and the extensions. It still all shuts down immediately when its loaded.
... Read more

A:Rootkit, Malware, Tapi.nfo, Google Redirect, Can't open anit-malware

have you tried root repeal? it sounds to me like you've read that post.




Rerun Rootrepeal. After the scan completes, go to the files tab and find this file:

C:\WINDOWS\system32\drivers\UACxpqhxbvttn.sys

Then use your mouse to highlight it in the Rootrepeal window.
Next right mouse click on it and select *wipe file* option only.
Then immediately reboot the computer.

Then run a quick-scan with Malwarebytes. Keep rebooting and running quick-scans with Malwarebytes until it shows zero infections. If after 3 scans it is still not clean post the final log.

this isn't my post so I can't take credit for it but apparently it works
good luck either way. the entire post is called AntiSpy Protector 2009 you should check it out before trying this, good luck

Read other 38 answers
RELEVANCY SCORE 66.4

Hi, I'm having the exact same problem with the "designte" anti virus malware. I've followed your steps above and my Super Anti Spyware Log is below (I had to split it into several parts), if you could please help me out with it.

Cheers,

------------------------------------------
SUPERAntiSpyware Scan Log
Adware.Tracking Cookie
C:\Documents and Settings\Leyton\Cookies\[email protected][2].txt
C:\Documents and Settings\Leyton\Cookies\[email protected][2].txt
C:\Documents and Settings\Leyton\Cookies\[email protected][1].txt
C:\Documents and Settings\Leyton\Cookies\[email protected][1].txt
C:\Documents and Settings\Leyton\Cookies\[email protected][1].txt
C:\Documents and Settings\Leyton\Cookies\[email protected][1].txt
C:\Documents and Settings\Leyton\Cookies\[email protected][2].txt
C:\Documents and Settings\Leyton\Cookies\[email protected][2].txt
C:\Documents and Settings\Leyton\Cookies\[email protected][1].txt
C:\Documents and Settings\Leyton\Cookies\[email protected][1].txt
C:\Documents and Settings\Leyton\Cookies\[email protected][3].txt
acvs.mediaonenetwork.net [ C:\Documents and Settings\Leyton\Application Data\Macromedia\Flash Player\#SharedObjects\N335B82M ]
amazingteenbabe... Read more

A:"designte" anti virus malware [Split topic]

Browser Hijacker.Internet Explorer Settings Hijack
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes#URL [ http://findgala.com/?&uid=2164&q={searchTerms} ]
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes#URL [ http://findgala.com/?&uid=2164&q={searchTerms} ]
HKU\S-1-5-19_Classes\Software\Microsoft\Internet Explorer\SearchScopes#URL [ http://findgala.com/?&uid=2164&q={searchTerms} ]
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes#URL [ http://findgala.com/?&uid=2164&q={searchTerms} ]
HKU\S-1-5-20_Classes\Software\Microsoft\Internet Explorer\SearchScopes#URL [ http://findgala.com/?&uid=2164&q={searchTerms} ]
HKU\S-1-5-21-1564381213-3219775033-856796543-1007_Classes\Software\Microsoft\Internet Explorer\SearchScopes#URL [ http://findgala.com/?&uid=2164&q={searchTerms} ]
HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes#URL [ http://findgala.com/?&uid=2164&q={searchTerms} ]

Security.HiJack[ImageFileExecutionOptions]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\A.EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\A.EXE#Debugger
HKLM\Software\Microsoft\... Read more

Read other 3 answers
RELEVANCY SCORE 66

My Google Chrome is infected with Open Software Updater & Google Analytics Malware.  The browser often redirects, opens pop ups and other sites, primarily Open Software Updater sites.  Also, when I go to news sites, it seems to control the ads on the pages, shields readable content and locks me out of the site.  I know it's Google-Analytics because that's what I can see loading on the left side of the browser, among possibly other sites.
 
I have Malware Bytes, Hitman, AdwCleaner.  AdwCleaner was somewhat effective in the beginning but not anymore.  The first two are just not effective. 
 
 
Here're the FRST 64 version runs
 
 
===========================
Windows 8.1 2013, Kaspersky 2014 15.0.1.415©. Dell XPS 8500; 3.4 GHz; 12 Gb RAM; 64-bit OS; 2TB HD

A:Chrome Infected with Open Software Updater & Google Analytics Malware

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Press the windows key + r on your keyboard at the same time. This will open the RUN BOX.Type Notepad and and click the OK key.Please copy the entire contents of the code box below to the a new file. start
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew

URLSearchHook: [S-1-5-21-2767479305-1133554152-2264245223-1001] ATTENTION => Default URLSearchHook is missing
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll => No File
BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll => No File
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\VDownloader\Addons\FireFox => not found
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.87\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.87\pd... Read more

Read other 11 answers
RELEVANCY SCORE 65.6

Dear helper,

Am I infected ?? What should I do ?

Window XP, Internet Explorer 6, Sony VGN-SZ18GP laptop bought in 2006.

System crash last night, with rapid lost of hard-disc drive space (from 15 GB down to 100 Mb within 2 hours). Norton security (2006 version) & Internet explorer were busted afterward, was not able to run at all. The build-in system recovery programme was also affected.

Was forced to use back-up system recovery CD to restore the laptop back in its origin shipping state.

However afterward it is still not right. Installed McAfee (from my internet service provider) but the update function is not working - repeatly state that it can now update because I am not connect to the internet, when I'm actually conneted to your website typing this email right this moment. Also internet access to microsoft and all other common antivirus website (Norton, McAfee, AVG, Kaspersky, Avast, etc) are all block. Hence I can't even attempt to find out what happen to my laptop.

What virus have I been infected ? What programme should I use to remove the malware now that I cannot access to any of the antivirus website or microsoft website ?

Thank you

Jason

Read other answers
RELEVANCY SCORE 65.2

I have run into a terrible problem and can no longer use my computer. It started a few days ago when I believe I was infected by malware...I noticed a program running in my task manager...one of those short 3 letter exe programs, so I decided to run malware bytes. Malware bytes succesfully found that program and I think called it a rootkit or something else. I chose to remove the found problems and then it asked me to restart. Following restart, I get a blue screen of death shortly after the windows XP title comes on. When I choose any of the options (Safe Mode, Safe mode with networking, Safe mode with command prompt, or normal windows) I always get the blue screen and cannot log into windows.

The error message reads:
A problem has been detected and windows has been shut down to prevent damage to your computer. If this is the first time you've seen this stop error screen restart your computer. If this screen appears again follow these steps: Check for viruses on your computer. Remove any newly installed hard drives or hard drive controllers. Check your hard drive to make sure it is properly configured and terminated. Run CHKDSK /F to check for hard drive corruption, and then restart your computer.

Technical Information:
STOP: 0x0000007B (0xBA4C7524, 0XC0000034, 0x00000000, 0x00000000)

So at this point I ordered startup/recovery CDs from dell. I am using a dell computer with OEM installed windows XP home edition. I got the recovery CD today, and can now boot from CD.... Read more

A:Blue screen after running malware bytes - infected with malware

Hello, lets see if we can find the cause of this problem. I will move this topic to the malware removal forum.Try this please. You will need a USB drive.Download GETxPUD.exe to the desktop of your clean computerRun GETxPUD.exeA new folder will appear on the desktop.Open the GETxPUD folder and click on the get&burn.batThe program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.Click on Start and follow the prompts to burn the image to a CD.Remove the USB & CD and insert it in the sick computerBoot the Sick computer with the CD you just burnedThe computer must be set to boot from the CDGently tap F12 and choose to boot from the CDFollow the promptsA Welcome to xPUD screen will appearPress FileExpand mntsda1,2...usually corresponds to your HDDsdb1 is likely your USBClick on the folder that represents your USB drive (sdb1 ?)Press Tool at the topChoose Open TerminalType the following and press enter:

dd if=/dev/sda of=mbr.bin bs=512 count=1

Press EnterAfter it has finished a file will be located on your USB drive named mbr.binRemove the USB drive and insert it back in your working computer and navigate to mbr.bin, zip it up and attach it to your next reply.This will allow me to have a look at the MasterBootRecord of your drive and see if it is infected.

Read other 4 answers
RELEVANCY SCORE 65.2

It is so similar to MaxGen's problem that I have used some of his description of what is happening to me(us).I got infected by a nasty malware while surfing the internet. popups were created immediately so I knew right away something was happening. I wasted no time in running Norton AV and Ad-aware. Norton says it had found and removed the problem (Trojan.Vundo and Trojan.Metajuan)and I should restart. But everything got worse after first restart. No programs wanted to work. I even tried to backup personal files to Cd/Dvd and Nero did not recognize my burner. Now my situation is:1. Even in safe mode, I cannot run any anti-spyware software: Spybot and Spyeraser do not show up even though they are seen running in windows task manager. Then the .exe application file will no longer work. When I tried to run them again, it will say "Windows cannot access he specified device, path, or file. You may not have the appropriate permission to access the item."2. Cannot connect to any website, it always shows trying to connect. (The connection itself shows OK). - I downloaded AVG after the first restart and it found and fixed 8 of 12 problems found. I rebooted and was then unable to get on internet and AVG does not work anymore. 3. Worst of all, I can't even post the HijackThis logs. It does not start - telling me I do not have permissionsLike MaxGen there could be other symptoms I have yet to discover. I too have never seen this kind of nasty stuff. Please help!... Read more

A:ME TOO!! Infected by extremley nasty malware, can't even run HJT, please help, Unknown malware, windows XP

If you cannot get DDS to work, please try this instead.Please download RSIT by random/random and save it to your Desktop.Note: You will need to run this tool while connected to the Internet so it can download HijackThis if it is not located on your system. If you get a warning from your firewall or other security programs regarding Rist attempting to contact the Internet, please allow the connection.Close all applications and windows so that you have nothing open and are at your Desktop.Double-click on RSIT.exe to start the program.If using Windows Vista, be sure to Run As Administrator.Click Continue after reading the disclaimer screen.Leave the drop down box set to default: "List/folders created or modified in the last 1 month (30 days).When the scan is complete, a text file named log.txt will automatically open in Notepad.Save the log file to your desktop and copy/paste the contents into a new topic in the HijackThis Logs and Malware Removal forum, NOT here.Important: Be sure to mention that you tried to follow the Prep Guide but were unable to get DDS to run.If RSIT did not work, then reply back here.

Read other 6 answers
RELEVANCY SCORE 65.2

Frank, I found your thread reply here http://forums.techguy.org/8585631-post29.html
and I tried to reply but it's closed so I thought I may need to open this new thread here...

I actually had already downloaded both the driver-only file and the file with the complete package from the intel site (also found through google), but contrary to nic515 I can't figure out what to do with either file.

The file you linked (driver-only) gives just this screen when I double click it (found the site to upload the srcreenshot here, but the image button gives broken link?): http://dfiles.eu/files/527wmcmp9

The larger file first shows this: http://dfiles.eu/files/swbxw5zg1
I click "Next" and it shows:
http://dfiles.eu/files/8w6xq70zz

But both files seem then to just die off? Nothing happens!
Any idea what the other guy (nic515) did to fix his wireless driver problem?

I don't understand why both files do nothing when I double click them :-(

PS: I know it's Easter no hurry here, I'll use the cable in the meantime (until I fall over it yeH
 

A:Solved: Closed topic but me too

huhh, all changed! I cannot explain the miracle but fact is I lost wireless connection when AVG Tuneup performed whatever "cleaning" it performs.

Now that the one-day trial period ended, this morning when looking at the laptop (it had NOT been off overnight) suddenly wireless works again!

I have no idea why! I thought a crucial file may have got deleted, but then, why would it reappear out of thin air? All VERY STRANGE!

I'd love to post here for others in a similar situation how I "solved" the wireless problem, but I genuinely have no clue!
 

Read other 1 answers
RELEVANCY SCORE 65.2

So the initial problem was redirection from google search results. This has escalated to opening browsers for me, changing my desktop background to a scary message, disabling task manager, and redirecting spontaneously from any website in firefox and ie. I wouldn't have been able to get here if I hadn't already had chrome. So. Please help. Here is the original info as well as the requested (by raktor?) gmer report.
DDS (Ver_09-12-01.01) - NTFSx86
Run by Administrator at 21:22:24.62 on Wed 12/09/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.98 [GMT -5:00]
============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\... Read more

A:Oh noes, my topic was closed!

Download Combofix from any of the links below. Link 1Link 2==================================Double click on ComboFix.exe & follow the prompts. When finished, it will produce a report for you. Please post the C:\ComboFix.txt so we can continue cleaning the system.

Read other 2 answers
RELEVANCY SCORE 65.2

My previous topic was titled:Computer is slow, I've tried everythingThe Topic url was:http://www.bleepingcomputer.com/forums/ind...p;#entry1327444Unfortunately, I lost my internet connection right before Farbar was almost done helping me. He ended up closing my Topic. But now I'm back, so I'd like to finish where we left off. Farbar's last post asked me to do a certain scan, here's what he posted:Part of slowness could be due to automatic update features or virus scan scheduled to run at startup. I personally set only my antivirus to update manually.We will do also a disk check for volume errors.Please do all the steps fully and in the order they are written. 1. I recommend you to go to the Scheduled Tasks applet in Control Panel and delete all the scheduled tasks (right-click the task you want to delete, and select Delete from the displayed context menu. Click Yes to confirm the deletion). 2. Run CCleaner (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked). Then click run cleaner. 3. Turn off Windows automatic updates as it might lead to unexpected results at this stage: * Go to start -> Control Panel -> double-click System to open it. * Go to the Automatic Updates tab. * Select the "Turn off Automatic Updates" box. * Click Apply and then OK. * Important: Reboot the co... Read more

A:Starting New Topic, old one was Closed

Hi AeroMonk,I'm preparing to go on vacation this week and will be away for four weeks.Go to start => Run => copy and paste or type next command in the field then hit enter:

"c:\documents and settings\Dan\Desktop\Accessories & Downloads\ComboFix.exe" /u
This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

It makes a clean Restore Point and clears all the old restore points in order to prevent possible reinfection from an old one through system restore.

This is the last thing you can do. Download the following application to disable or to remove unnecessary startup entries from your computer:
http://www.malwarebytes.org/startuplite.php++++++++About the slowness please also consult this:Slow Computer/browser? Check Here First; It May Not Be MalwareIf you have still a problem please open a topic here: Windows XP Home and ProfessionalHappy Surfing!

Read other 2 answers
RELEVANCY SCORE 64.8

I'm not sure if I'm posting this to the proper forum, sorry about that if its in the wrong forum. I'm seeking help for a browser redirect problem and have been trying to repeatedly post in the "Virus, Trojan, Spyware, and Malware Removal Log" forum but it wont post. I'm trying to post my Farbar results with "FRST.txt" and attach the file "Additions.txt". Everything seems to work fine and then I press the "Post New Topic" button at the bottom of the page and then you can see it uploading, but then it says waiting for response from bleepingcomputer.com then it shows me a page indicating a timeout had occured and the post doesn't post. 
 
 The page telling the timeout displays this information:
***********************************************************************************
Error 524 Ray ID: 1b1f25c9522213b3
A timeout occurred
 
Your Browser           Los Angeles             www.bleepingcomputer.com
 Working                    CloudFlare                         Host Error
                                   Working
 
The origin web server timed out responding to this request.
 
***********************************************************************************
 
Am I doing something wron... Read more

A:Cant post a topic in Virus, Trojan, Spyware, and Malware Removal Logs

Can you copy and paste the contents of FRST.txt in the "Virus, Trojan, Spyware, and Malware Removal Log" forum? If so, do that for now and provide a link to the new topic.If you cannot...start the new topic anyway and explain you could not post the required logs. Again, provide a link to the new topic so I can close this one.

Read other 7 answers
RELEVANCY SCORE 64.8

Hello members (: Thanks in advance for helping me.
 
So, the first time I realised something was amiss was when searches in the Chrome Omnibar were redirecting to Yahoo. If I went to google.com to conduct a search, the ads at the top of the results page would flicker, and then seemed to change (font, size etc.).
 
I uninstalled and reinstalled Chrome, I signed out, I removed all my addons and extensions before reintroducing each one. I couldn't get to the root of the problem. After a quick search, it was suggested to use SpyHunter or Malwarebytes to resolve the problem. 
SpyHunter dropped a massive list of threats after scanning only 1%. When it finally finished, there were many Red Threats, but there was the stinger: I would have to pay for the advanced version, or a license, or whatever it wanted, before removing these threats. As a poor student, I turned to an alternative. That's where Malwarebytes came in. I did a scan, it found some problems and asked me to proceed, which I did, and it claimed the problem was fixed.
Certainly, Chrome doesn't redirect at the minute, but I managed to stop it redirecting it before now; only for it to start again. I ran another SpyHunter scan, and it found all the same threats as before, which, it would seem, Malwarebytes had missed. Now, I haven't bequest any windfall since yesterday, and still can't afford SpuHunter's ransom.
So far (6%), SpyHunter has found 216 threats including Blekko (192 infections), searchinternet-a.aka... Read more

A:Infected with Malware which redirects from omnibar, plus other found malware

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Click the LogFile button and the report will open in Notepad.IMPORTANTIf you click the Clean button all items listed in the report will be removed.If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Check off the element(s) you wish to keep.Click on the Clean button follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleanerCx.txt (x is a number).===Download the version of this tool for your operating system.Farbar Recovery Scan Tool (64 bit)Farbar Recovery Scan Tool (32 bit)and save it to a folder on your computer's Desktop.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first ti... Read more

Read other 2 answers
RELEVANCY SCORE 64.8

Hi, i got infected because i was triying to run malwarebytes and it skip the part of analising the files, it ended in arount 1 minute in a full scan, and i tried to download dr web cure it, and it dont allow me, the computer seems fine, but those things are very strange, and when i was running the scan i was in safe mode...
 
thanks for the help

A:Malware infected, malware removal tools useless

Greetings samidelcueva and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.If you would allow me to call you by your first name I would prefer to do that.===================================================Ground Rules:First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter pro... Read more

Read other 0 answers
RELEVANCY SCORE 64.8

Hello,

I have malware that prevents me from running anti-malware programs (unless their names are changed to aliases). It also makes its presence known when I am NOT connected to the Internet. In that instance, a message box informs me that "Generic Host Process for Win32 Services" is not working, and gives me the option of sending or not sending the relevant information.

I attach to this thread the "Attach" output from DDS and the .log file from GMER. Unfortunately, I was unable to save the Scan results from GMER in any format other than .log, and when I tried to use the "Copy" function within GMER, my machine froze.

I have also run (in safe mode) MBAM, SpybotSD, SUPERAntiSpyware and the Windows kb890830 malware-detection apps. The first three DID find infected files, which I removed/quarantined in each of the respective apps. Perhaps not surprisingly, the Windows malware detection scan did not pick up anything.

I apologise for the dreadful formatting of the GMER output; the .log file is (I hope) uploaded.

Kind regards,
Adam

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:58:53, on 04/10/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17080)
Boot mode: Safe mode

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINNT\Explo... Read more

A:Infected w/Malware that doesn't let you run anti-malware apps etc.

Read other 16 answers
RELEVANCY SCORE 64.8

 Hi all,
 
 I am Pousoidis and I would like to thank you for the services you provide. I am pretty sure that I have a virus in my laptop. My system is an Ideapad U410 with Intel® core ™ i5-3317u 1.70ghz, 8gb ram memory, 64 operating, with windows 7.
 
 At some point I could not click on my start menu button without windows explorer notifying me that it had stopped working and that it was checking for a solution to the problem. I went online trying to read about what I could do. Eventually, I restarted my pc with the option of cheking for disk errors and that seemed to fix the start menu problem; now the windows explorer does not crash. But after that I noticed that I could not open certain programs such as skype and picasa 3 (and μtorrent which since then it has been uninstalled from my pc).
 
 It is then that I became more suspicious and decided to download and run anti-malware programs such as mabm and spybot. None of these can install itself on my pc, always some error message such as "privileged instruction". Was not sure how to proceed from that, so i searched online and came across your site. Thank you again for your help. I apologize in advance, I am not really well versed in the ways of technology. I did run 1 system restore before I visited this site.
 
so I am copy pasting my dds files: 
 
Run by Pousoidis at 13:46:22 on 2014-02-20
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8053.5... Read more

A:Infected with some malware. Not allowed to install and run anti-malware.

Hello Pousoidis I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same... Read more

Read other 16 answers
RELEVANCY SCORE 64.4

HELP! I have something stopping many programs (including HJT, GMER and Malware's anti-malware) from running.

I was able to run DDS, so here is that info:

DDS (Ver_09-09-29.01) - NTFSx86
Run by Brian at 21:50:34.81 on Thu 09/30/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============
============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotS... Read more

A:Can't open HJT, GMER or Malware's anti-malware

Sorry to reply to my own post so quickly, but I forgot to mention the error message I get when trying to run a program. That is:

"Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item."

I only have one user "Brian" and it has admin rights, so that should not be an issue.

Again Sorry,
Brian
 

Read other 1 answers
RELEVANCY SCORE 64.4

i ve seen a similar problem treated and I've studied the solution trend as stated on your site.

i have as well ran a scan using SAS and also Hjt install.i scan the system and saved my log.

This problem am reporting also started by removing macafee and gettin a blue screen error when tryin to install avast.

i use hp laptop with windows xp prof,version 2002,service park 2

attached is my log for your review.

kind regard

fowowe
.

A:Post a new topic in HijackThis Logs and Virus/Trojan/Spyware/Malware Removal

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 1 answers
RELEVANCY SCORE 64.4

I am sorry you felt this post was in contravention of your forum rules but I would like to take the opportunity to explain a bit more the reason behind my original post - seing as you've decided to block the original I have posted here.As I unfortunately didn't make clear to you in the first post, the reason why the program closes after a set time is because of price revisions. This has no bearing on me because, after all the price is set at the dealer and as I DID mention I want to refer to models of machines built in the '60s & '70s. The new discs don't go back that far. Fine for new machine users, but precious help for those of us with a passion for antique equipment. Hence having got hold of a selection of 5 year old discs [legitimately, I will add] I would have been able to do this.I guess its really down to a matter of personal opinion on just what constitutes a tweak or adjust a program on someone's personal computer as being wide of the copyright mark, after all it seems the world wide web is full of people & programs designed to make operations more user-friendly, I mistakenly believed this site might of helped my cause.Not to worry. Thanks for your time.Good-byeRichard

A:Re: Date Sensitive.....closed Topic

Alas! It is not a matter of opinion, whether mine or yours, about making changes to a programme. It is a legal matter of violating the EULA, and whether or not the application is on your own hard drive or not is not pertinent to copywrite law.
Unless the application is "open source," the licence to which you agree by using the application almost certainly has something to the effect that "This software must not be decompiled, disassembled, reverse engineered or otherwise modified."

As I understand your original and subsequent post, you were asking for help to violate law, an action not condoned by BC: any Moderator would take the same protective action as did I if it appeared that this kind of help was being requested.

Regards,
John

Read other 1 answers
RELEVANCY SCORE 64

Hi there
Angelfire gave me the all clear a few days ago from malware on my comp, but it has been worse than it ever has with no responding to clicks, cranking on high all the time etc. I just went and did a kapersky scan again, and the 4 infected objects it mentioned last week duruing my forum fix is back again. I have the scan report if you want to see it.
Thank you

A:Malware back after forum fix but thread is closed!

Hello seal123,

Your logs were indeed clean on 11/21. Yes, I'd like to see the Kaspersky report along with a fresh dds.txt

Read other 2 answers
RELEVANCY SCORE 63.6

Hey everyone, so this is something that I have been working on for a bit and had been lookin for help.

Bernardo and joeten helped me a ton but i ran off got married and never got back here and the topic was closed. so here is the run down.

i started getting the BSOD for memory management, all I would have to do is turn on my pc and open firefox and it would happen. then that stopped and my screen would fuzz out, go blank and it would say nvlddmkm stopped running. and that has been my big issue now.

I have swapped out RAM twice, Video Card once, Power Supply Once.

I have updated everything that I know of at least once.
but to no avail. I wanted to do a system restore because I believe that it is a vista OS fail but I dont want to do the full format because I cannot find my disc for Office Ultimate 2007, and that was a pretty penny, i use it too often to want to replace it by buying it again. (which btw, if anyone knows how i can get the product key off of my office and where i can get a setup.exe for it that isnt spyware I am down). oh yes, and is Startup Repair a viable option that probably should be used.
anywho. here are the only minidumps that I was able to zip thanks to joeten...
thank you all so much.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Hi this is the first dump file
Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.

Loading Dump File [C:\Users\joe\Desktop\Mini042210-01.dmp]
Mini Kernel Dump File: Only ... Read more

A:BSOD turns to IDK, resurrection of closed topic

Read other 16 answers
RELEVANCY SCORE 63.6

Hi everyone,

I was working out the final stages of a nasty infection and posted the last log requested, and my topic got locked afterwards with no response from the assistant. Does that mean my machine is clean, or did I mess something up, or post something incorrectly? I really apologize if I did something wrong.

A:My Topic was closed: Google Redirect and Iexplorer pop ups

Did you read the last three replies to your topic? It said it was closed due to lack of feedback from you. I have reopened the topic. Please continue in your original topic and supply the logs that fireman4it requested.Topic is here: http://www.bleepingcomputer.com/forums/topic399738.htmlTo avoid confusion I am closing this request.

Read other 1 answers
RELEVANCY SCORE 63.6

Hiya,This computer started being very slow all of a sudden yesterday. And today, I have "Malware Defender" messages popping up at me. It's pretending to be AVG, which I do have installed, by using the same colored logo.After running RRT v4.8.0.3, got a message saying "system restrictions and/or r-media malware detected! RRT needs your urgent attention!" Yup.The DDS is pasted below, and I've attached the "Attach" file. Sure do appreciate your help! - Barbaraa.k.a. WidgetWomanDDS (Ver_09-03-16.01) - NTFSx86 Run by Owner at 22:03:05.60 on Tue 03/31/2009Internet Explorer: 7.0.5730.11Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.74 [GMT -4:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Google\Update\GoogleUpdate.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\WINDOWS\System32\Drivers\WTSRV.EXEC:\WINDOWS\Explorer.EXEC:\PROGRA~1\AVG\AVG8... Read more

A:Infected with Malware Defender (and r-media malware?)

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until ... Read more

Read other 2 answers