Posts by PhilliePhan

It can be used to enable/disable programs to start automatically.

Yeah. That's called diagnostic startup for a reason. :)

Meh. It's not worth arguing about.
My friend chaslang sums it up pretty well here Dealing with Startup Processes.

Cheers :)
PP

Msconfig is a diagnostic tool and not a "startup manager."

You should try something such as CodeStuff's Starter to manage your unwanted startups.

Cheers :)
PP

Hi Claudia,

The log doesn't show any obvious culprit. If a separate program is launching IE, it is not showing.
I doubt it is malware, but let's try one more scan:
Please run the ESET Online Scanner and post the scanlog for me.

If that comes back completely clean, you can try a couple more things:
-- Reset IE as per the linky and see if that stops the problem. I suggest using doing this manually as per the linky rather than downloading the automated fix.
-- If that fails, please Install Firefox and be sure to set Firefox as your Default Browser.
Then, let me know if IE still opens by itself (or, if Firefox opens by itself) and we'll go from there.

Cheers :)
PP

Thank you so much in advance for helping me out and getting this resolved. I really appreciate it.

Hi Claudia,

Happy to try to help :)

Those scanlogs look clean to me.
Let's see if we can isolate what is launching Internet Explorer.

Please download Process Explorer from the linky below.
http://download.sysinternals.com/files/ProcessExplorer.zip

-- Extract the Process Explorer Folder from the ZIP and onto the Desktop.
-- Open the foder and run Procexp.exe.

Just leave PE open and running until Internet Explorer launches on its own. Once IE opens, you should be able to see it reflected in the Process Explorer window. If you were to launch IE yourself in the usual manner, it will be located in the tree under Explorer.exe (which is Windows Explorer).
If something else launches it, IE will be in that tree, under the program that launched it.

Anyhoo, once Internet Explorer launches on its own, please click the File tab in in the upper left of the Process Explorer window and select Save As and save the log to the desktop as PE Log 1 and please post that for me.

Let's see if that shows us what is launching IE.

Cheers :)
PP

Can you run the scans in the linky below and post the requested logs?

http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/threads/134865/read-me-before-posting-a-request-for-assistance

We no longer have any regular volunteers in this section, but I'll have a look as time permits.
Ideally, I'd just like to see an updated MBAM scanlog along with the DDS scanlog. If you can post the error messages you mentioned as well, that might help too.

-- Also, you should probably ditch ARO 2012. Registry cleaners are generally unnecessary and often do more harm than good. The other things it does can be done manually or with better, and free, tools.... Just my $.02 there.

Cheers :)
PP

Welcome and congratulations to all! :)

No you cant, not if the PS3 drives are like the Xbox ones.

Xbox ones have some sort of hardware-level encryption, and the hdd and disk drive are paired, you have to crack them to read it with a PC or upgrade them.

You may be right, James.

But, I would go ahead and try my option 2 and swap out the old drive into the working PS3. I have replaced hard drives in PS3s before (upgrade to larger drive), but I've never actually tried swapping them. I pulled the data off before upgrading and then copied it back. I know that works....

PP:)

A new Sticky Post detailing our Spyware Forum policy is now in place.

Forum Rules and Policy for First Responders
-- Any and all feedback is welcome. Just PM me with comments and concerns.

I think it is pretty clear, but I'll hit the main points again:

1) Our forum is OPEN and the majority here would like to keep it that way. Most other forums are not and they require a vetting process or some other proof of ability before people are allowed to offer advice.
Personally, I'd rather allow knowledgeable and willing volunteers to post and have the moderating team guide them if they are going in the wrong direction.

And, yes - there are many wrong directions and it is not egotistical to point them out. And, quite frankly, even those of us who have been doing this for years have had to shed some of our bad habits over that time (disabling System Restore before cleaning / forcing Safe Mode, etc...).

2) We like to have all people who request assistance run our Read Me First Sticky post steps in order to establish a plan for further cleaning. That is pretty much the way it is in every forum these days. We try to keep the steps simple and up to date.

3) Generally, telling a person to run "such and such" scanner does not help. The tools in the Read Me First are …

This Sticky Post is intended for all potential volunteers who would like to contribute to Daniweb's Viruses, Spyware and other Nasties Forum.

Please be advised that this forum remains one of the last few open Anti-Malware forums on the web.

By open, we mean that anybody in the Daniweb community is allowed to respond to posts for assistance. There is no vetting process or any other knowledge requirement as to be found in the majority of other Security Forums.
Frankly, we welcome any knowledgeable volunteers who are willing to devote some of their free time to assisting others in need.

However, if you choose to post a response in this forum, we ask that you please adhere to the following Standard Operating Procedure:

-- Please refer initial posters for assistance to our Read Me First Sticky Post
We would like everyone to start with these steps so that a "baseline" for further assistance can be established.

-- Please be prepared to follow through to the end with any thread to which you respond. If you bite off more than you can chew and get in over your head, any of the moderators of this forum will be happy to assist you. This is another reason why we'd like all threads to start with the Read Me First Sticky Post.
If you are not willing or able to follow through with a poster until their machine is clean, …

I suggest Comodo Internet Security.

This is an excellent free security suite.

Cheers :)
PP

Please tell me if there are negative factors of these tricks (I am saying this because i am not sure about Step 1. I have created Sys-Restore after installing my XP [4 years ago] and i haven't re-installed my OS or used system restore after that because my PC works fine)

Step one is not accurate - Really won't help you to recover from a significant malware infestation.

In all honesty, I would recommend buying a 2nd hard drive (they are cheap these days) and running a clone of your OS. That is what I do and it has made life much easier...

In fact, just last week my 8 year old Dell threw one of those nasty config\system corrupted errors and would not boot. The solution is usually to boot the XP disk and run a repair. I could have done that, but I'd have been forced to use an 8 year old system.exe and that would've presented a hassle (lots of updating).

Instead, I just wiped the drive and installed a fresh clone from my drive of backups.

Also, I recommend NOT using a separate partition as your main backup in the event of disk failure. But, if you've got the disk space, regular backups to a "backup partition" makes this system even more convenient....

Cheers :)
PP

Far too complicated for this old man. I guess I'm a hopeless cause, huh? Thanks for your time, anyway.

Nah - nobody is hopeless :)

Hang in there - we can talk you through most of this stuff, if need be.

-- Did you try System Restore and restoring your computer to a time when all was working as it should?
That would be a good step - let us know if you need help trying that.

Also, try this:
Download OTL.exe to the Desktop.
-- Run it and click Scan All Users and then hit Quick Scan and post me the Two resulting logs. They should open automatically in notepad. They should also be saved next to OTL.exe

Just copy and paste them into the thread here for us.

PP:)

I also wanted to add this:

http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Adware%3AWin32%2FClickPotato

That's a fairly thorough enumeration of the changes this baddie makes to you machine (though they may vary for 64-bit OS). You might want to check and see if there is anything that you missed....

ClickPotato is not a particularly pernicious baddie - I probably wouldn't worry too much about it.

Best :)
PP

well, it was worth a shot. thought someone would be interested in opening up an xbox 360 machine and doing some work on it. thanks.

Sorry - I never saw this thread.

A guy who owns one of the support sites I used to moderate does this. You could send it to him or give it a go yourself. I'd save the cash and go the DIY way:

http://www.iamnotageek.com/opening_xbox.php

http://www.iamnotageek.com/fix_rrod.php

Yeah, yeah... I know the links are off site, but I think the statute of limitations have expired for this thread....

Best Luck :)
PP

OK - Let's go in this direction:

You can print out the bit for AVP Tool if need be.

-- See if you are able to run the GMER scans from the Read Me linky. If so, post those logs for me.

-- Also, I'd like to see the DDS Attach log

-- Please Download Kaspersky's AVP Tool

-- Save AVP Tool to your Desktop.
-- Please boot to Safe Mode (tap F8 at reboot - Do Not use msconfig!)

Once in Safe Mode:
-- DoubleClick the AVP Tool setup file to run it.
Follow the prompts and it should install to your Desktop Folder
-- If you get a prompt for scanning in Safe Mode, click OK.
-- AVP Tool will open.
-- Click the Manual Disinfection Tab
-- Click the Gathering system information Button and let it run
-- When it finishes, click the link “Open folder” to access the folder where the report is saved.

Please save the log and post it for me with the others.

THEN:
Please select the Automatic Scan Tab
Be sure the following boxes are checked:
• System Memory
• Startup Objects
• Disk Boot Sectors.
• My Computer.
• All other drives

-- Please click the Scan Button.
AVP Tool should Neutralize any objects it finds. If some …

Is this what you wanted? I am in and out too.

Yes - That's the one.

Nothing really jumps out at me from the scanlog.
The thing is, it looks as though you have done a lot already. I see combofix has been run around a week ago - that will get a lot of the most recent baddies.

I'd really need to see the combofix log to get a handle on what you have been battling in order to advise you further.

-- Did you run combofix on your own or did you use a service such as LogMeIn Rescue Service?

-- Also, I don't see any Anti-Virus program. Did you remove one?

-- What about CyberDefender AntiSpyware 2010? Did you install that? I seem to recall a Rogue by that name a few years ago.

Let me know what symptoms you are still experiencing (other than issues with MBAM) as well as the above and we can try another tack - Without knowing what has already been removed, it's tough to deal with the collateral damage left behind.

Cheers :)
PP

I did. Scan log = access denied.
What next?

Hey JJ,

What problems/symptoms are you having?

-- The viewing of hidden files is not really that necessary unless you are doing manual removal of baddies. Not a good idea if one is inexperienced. Especially if you are poking around the registry.......

-- Are you able to run DDS as per the linky?
http://www.daniweb.com/forums/thread134865.html

Try DDS and post that for me. Let me know if there is a problem.

I am not around much these days due to work, but I generally check in a couple times a day.

Cheers :)
PP

Malwarebytes will not update and it seems clear that this step was important. I asked them for help and got some instructions about going to some hidden files but the tab for "show hidden files is not available. . . .

Are you able to run Malwarebytes' Anti-malware?
If you just recently downloaded it, please go ahead and run it and post the scanlog and we'll have a look.

Cheers :)
PP

this thread is 3 years old that poster is long gone in future check post date. Later---

They were just spamming a link to their forum.

It was poor etiquette, so I fixed it for them :)

Hi Nathan,

Let's see if we can wrap this up, shall we?

-- Do you use or have you used Zan Image Printer?
I would like to see if this file is legit:
c:\windows\system32\winzvprt5.sys
Can you locate it and tell me if it belongs to Zan. (RightClick and look at properties) You'll need to enable the viewing of hidden files to see it.

Here are the next cleaning steps:

FIRST:
-- Reboot your machine and select the option for the Recovery Console.
Once in Recovery Console, type fixmbr at the command prompt and hit ENTER.

REBOOT.

NEXT:
Remove the following via Add/Remove Programs:
Adobe Reader 7.0
MyWay Search Assistant

Then, download and install the updated and more secure Adobe Reader 9

THEN:
Please download JavaRa.zip to your Desktop and Extract it to its own folder.
-- Make sure ALL browsers are CLOSED.
-- DoubleClick on JavaRa.exe to run it and then select your language of choice.
-- Click Remove Older Versions.
-- Follow the prompts and a log will pop up. You can post this if you wish - I really don't need it, though.
-- Then, please go to http://www.java.com/en/ to download and install the latest version of Java.

THEN:
-- Please delete your copy of ComboFix and download a fresh one to your Desktop
-- Download the attached …

so is this success..??
aNd if so how now..??
what can i do to copy them (if that's what i am supposed 2do)
can i open the files listed or..??

Yeah - Great!

You should be able to do this the easy way. Just navigate to the Files/Folders that you want to save and Copy&Paste them to your external drives.

-- Do you see a "Documents and Settings" Folder?
If so, just copy the whole thing to your External Hard Drive (500GB Hard Disk: Expansion Drive).

Let me know if you can do that or if you are having problems.

PP:)

OK Thanks for your help so far. Between you and MalwareBytes I got down to one evil Bug. I was able to get a program to create a bootable CD with McAfee on it. But their latest definition file didn't correct this rootkit problem. Hopefully noone else get this.

Having not seen any logs, I am 100% guessing, but you may have one of the MBR Rootkits that is going around.
No need to panic.
If you can boot to recovery console (via Windows disc or burn an ISO) and use the fixmbr command, that might help.
Chances are also good that a valid system file has been modified (I see a lot of atapi.sys modifications) and with any luck, combofix will address that.

But again, if somebody in another forum is guiding you through combofix run, it is best you stick with them to avoid conflicting instructions.

-- You may suggest to them to talk you through the running of GMER as well.....

Best Luck :)
PP

or is it still possible that something has severed the ties between Windows and the AV or worse?

It's probably just Vista being Vista....

If you haven't solved this already, you can try this:

-- Open an Elevated Command Prompt
-- At the prompt, type: net stop winmgmt ENTER

Keep the command prompt open.

-- Navigate to C:\Windows\System32\Wbem\Repository
Then, either delete the Repository Folder or, better yet, Rename it to Repository_OLD

-- Go back to your command prompt and type: net start winmgmt ENTER and close the prompt.

Give it some time to rebuild and you ought to be good to go.

Cheers :)
PP

I am afraid I do not know how to "boot to safe mode"

Hi Richard,

-- What is the OS?
-- Are you posting from a clean computer?
-- Do you have a USB thumb drive?
-- Are you able to get a command prompt on ill machine?
(START > RUN > Type cmd > OK
or
(START > RUN > Type command.com > OK

PP :)

That is good news indeed! And, a very generous thank-you offer to boot!
Generally, I am happy if people "pay it forward" and do a good turn for somebody else in need. I figure that eventually it'll work its way back to me :)

I'd like to run a couple more tools to check for lingering malware and then we can move on to making sure everything is updated and put some additional protective measure in place.

-- Please Update your MBAM (update tab) and then run the Full Scan and have it remove all it finds.
Post the log for me.

-- Then, please download GMER Rootkit Scanner:
http://www.gmer.net/download.php

-- DoubleClick the .exe file and, if asked, allow the gmer.sys driver to load.
-- If you receive a warning about Rootkit Activity and GMER asks if you want to run a scan, Click NO

-- Make sure the Rootkit/Malware Tab is selected (Top Left of GMER GUI)
Along the Right Side of the GMER GUI there will be a number of checked boxes. Please Uncheck the following:
- Sections
- Drives or Partitions other than your Systemdrive (usually C:\)
- Show All (be sure this one remains Unchecked)

-- Then, click the Scan Button
Allow the scan as long as it needs and then click the save button and name the log GMER – 1.log and save it to where you can …

it is here :)

Finally! LOL! Lovin' that Vista!

See if you are able to install Adobe now - hopefully that will complete OK and then we can look at security again.

Typical busy Fall weekend upcoming - will check in as time permits.

PP:)

I don't have any credit card info on this computer. Thanks for the links I will look them over tonight. So, all that said... Back to the issue at hand.

AllRightyThen - On we go!

Let's try again to set up that reg key and see what happens:

Open another elevated command prompt and Copy&Paste

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS" /v "Installed" /d "1" /f
and hit ENTER

Then, Copy&Paste

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS" /ve /f
and hit ENTER

You should get a confirmation/success message each time. Then, open registry editor and drill down and verify the MSFS key truly exists.

With any luck, that will work :)
PP

it says FixPerms.cmd is not recognized as an internal or external command, operable program or batch file

OK - Either it wasn't extracted from the zip or it wasn't located properly.

Try extracting it to the desktop and then Copy and paste FixPerms.cmd into the C:\ProgramFiles\Windows Resource Kits\Tools folder.

Open the elevated command prompt and type or copy&paste:

C:\ProgramFiles\Windows Resource Kits\Tools\FixPerms.cmd
and hit Enter

That ought to do it.

If not, I'll rewrite the .cmd file when I get home.

PP:)

Let me put together that program for the registry. I'll try to post it tonight.

OK - Let's give this a whack at it:

-- Download the attached FixPerms.zip to your Desktop and Extract FixPerms.cmd from the ZIP to the folder where subinacl.exe was installed ---> C:\ProgramFiles\Windows Resource Kits\Tools

Then, open an Elevated Command Prompt
At the prompt, type: cd "%programfiles%\Windows Resource Kits\Tools" ENTER
-- Note cd <space> "%programfiles%. . . . ..

Then, type: FixPerms.cmd ENTER

Let it run for as long as it takes - might be a while as subinacl.exe "walks" the registry.
When it finishes, press any key and a log ought to pop up. Please post that for me.

Let me know if you run into any trouble.

Best Luck :)
PP

It says start time: 11/18/2009 8:07 PM
Finish Time: 11/21/2009 3:27 PM
lol

Good grief!

Please run the AVP Tool again.
-- Click the Manual Cure Tab
-- Click the Collect system information Button and let it run
-- When it finishes, it will say Completed. Report saved to LOG\avptool_syscheck.zip

Please save the log and post it for me.

PP:)

Lets take another whack at it.

Where would I get the OS disk for that price though? Im sure I will need it eventually.

Well . . . That estimation was probably a bit low. I haven't priced XP recently, but I'd imagine you'll find it for significantly less than Vista or 7.

-- Let's have another try with MBAM.
Download a new version and transfer it to ill machine.
-- Also, download RKILL by Grinler. Download all four of these and place them on ill compy:
http://download.bleepingcomputer.com/grinler/rkill.pif
http://download.bleepingcomputer.com/grinler/rkill.scr
http://download.bleepingcomputer.com/grinler/rkill.com
http://download.bleepingcomputer.com/grinler/rkill.exe

First, run RKILL. You only need to run it once. If it runs successfully, a black screen will appear and then disappear.
If one doesn't run, try the next and so.

Once RKILL runs, immediately start MBAM and do the quick scan. Remove what it finds an post the log.

Let me know how you fare.

PP:)

It's the never ending computer issue... :( Maybe I need a Mac

LOL! . . . Macs have problems too :)

I've been unexpectedly busy this week (not that I'm complaining given the economy) so please bear with me.

-- For the registry issue, please download and install subinacl.exe

We'll have another crack at the registry. My fear, though, is that we'll finally be able to add the desired key and then Adobe will still have an issue with it..... But, I'd still like to give it a try.

-- For the other issues, we'll need another combofix log. Hold off on that for now until I can go back over some things.

-- And, just to complicate things a bit more . . . . Are you able to create a New Administrator account on the ill computer? Let me know.

PP:)

still says Access Denied... Vista is like a plague, one small thing rapidly infecting the whole system...

I do not know how much of an exaggeration that is.....
It's that bloody UAC - Now, you did say you disabled this, but I want to double-check that.
Also, there are a couple programs we can try as well.

I ought to be available to wade back into the fray this evening :)

PP

got to go to bed, sorry, hate to bail but I've got my grandson at 7:00 am and he is 2yrs old and happens to be visually impaired so I need my rest :) He's a handful. I'll check in tomorrow, thank you.

No problem! We've all got "real lives" and they take precedence.....

This freaking Vista is really annoying.

-- Try running Regedit with an "elevated command prompt" and then try the permissions change from a few posts ago (post #126).

To get the elevated prompt, Click Start > All Programs > Accessories, RightClick Command Prompt, and then click Run as Administrator.

There are a couple other options to try as well. I'll post them Tuesday if the above fails to work.

PP:)

At first i never thought vista could be so vulnerable to viruses unlike xp. I was shocked when i noticed my laptop is starting to act weird. I used to use ComboFix before,when i don't know what virus is residing in my computer. Try to use Malwarebytes,ComboFix and Removeit pro, that usually solves my problem when I'm not really sure what virus is in my computer

This situation is a bit different :)

first one says: ERROR: Access is denied, 2nd did nothing

OK - Let's try this:

Open Registry Editor and RightClick on HKEY LOCAL MACHINE and select Permissions
Select Everyone and check the box to Allow Full Control and click APPLY
Click OK

Then try the command prompt reg add step again and let me know.

I'll be back in 30 min or so.

PP :)

Sorry for the delay - I guess I'm "in demand" these days LOL!

Let's try this:
Open a command prompt (start>run>type cmd)
At the prompt, copy&paste the following and hit ENTER each time:

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS" /v "Installed" /d "1" /f

then

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS" /ve /f

You should get a confirmation/success message each time. Then, drill down and verify MSFS key.

Let me know if that works.

PP :)

nope, still not there, admin doesn't come up on right click but I tried it again anyway

OK - let me double-check some things & I'll get back to you.

PP :)

I may be doing something wrong, it says error, cannot access the registry

Bloody hell - it's probably a Vista thing . . .LOL.

-- Did you try RightClicking and running as Administrator?

Also, do the drill down with registry editor and check if MSFS key exists now.
I've had users get error messages and yet still have the keys created.

If that doesn't work, we'll try another way.

PP :)

alright, what did I do wrong? and it's still redirecting

Looks like there was an error copying atapi.sys to C:\

Can you navigate to C:\windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys

Copy and paste it to your C:\ drive --> C:\atapi.sys

Then, try the Avenger step again.

PP :)

So, should I go ahead and order the "OS disks" from Sony? couldn't hurt to have them just in case.

Definitely get your OS disks (I'm assuming Windows disc and sony drivers)! They are good to have on hand and, given all that has been tried thus far, they may be necessary.
I'd still like to scrutinize this thread a bit more when I have the time - awfully busy right now - to see if we missed something.

PP :)

I seem to have gotten rid of the Vundo infection, however explorer.exe shows as running but is not appearing at the bottom of the screen.

You HJT is out of date - go ahead and delete it.

-- Can you post your MBAM scanlog?

-- Please download DDS by sUBs and save it to your Desktop
-- If your AV has a script blocker, please disable it
-- DoubleClick on dds.scr to run the tool

* A command box will open, displaying added information for your reading pleasure while DDS completes its scan.
* Upon completion, a Dialog Box should open instructing you to save and post the TWO resulting logs (DDS.txt & Attach.txt).

- Copy&Paste the DDS.txt into your next post.
- Please post Attach.txt as an attachment to your post - there is no need to Zip it. If you don’t know how to post an attachment, please Copy&Paste it along with the DDS.txt scanlog.

I or one of the other volunteers will check back as time permits.
I'll be gone until Tuesday evening EST.

Cheers :)
PP

I have the same problem like nmslagle, keep having the address redirected to fake address. can you help to check my log, below is my log.

Please do the following:

Download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

• DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
• Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform full scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.

REBOOT and then:

-- Download DDS by sUBs and save it to your Desktop
-- If your AV has a script blocker, please disable it
-- DoubleClick on dds.scr to run the tool

* A command box will open, displaying added information for your reading pleasure while DDS completes its scan.
* Upon completion, a Dialog Box should open instructing you to save and post the TWO resulting logs (DDS.txt & Attach.txt).

- Copy&Paste the DDS.txt into your next post.
- Please …

I am not clear as to what your problem is.

Let's go ahead and do this:
Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

• DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
• Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform full scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.

REBOOT and then:

-- Download DDS by sUBs and save it to your Desktop
-- If your AV has a script blocker, please disable it
-- DoubleClick on dds.scr to run the tool

* A command box will open, displaying added information for your reading pleasure while DDS completes its scan.
* Upon completion, a Dialog Box should open instructing you to save and post the TWO resulting logs (DDS.txt & Attach.txt).

- Copy&Paste the DDS.txt into your next post.
- Please post Attach.txt as an attachment to your post - there is no …

I was able to download and run Vundo, but it said it did not find anything

Well . . . That's not good.

-- Try this:
Get a command prompt (start > run > type cmd > OK\
Type or Copy&Paste ipconfig /flushdns at the prompt and hit ENTER.
See if that helps at all.

-- You will probably need to purchase a flash drive and use a friend's computer or a compy at your local library or coffeeshop to download some more comprehensive cleaning tools such as MBAM and Combofix.
That would be the easiest course of action.

PP :)

Also I have no ideas what those files are.

Neither do I . . . you could probably safely delete those if you want to do so.

Here are some observations:

-- If you installed and use Oovoo, you'll need to open MBAM and click the "Quarantine" tab and restore those three items that were removed.

You should probably create a permanent folder of its own for HijackThis, rather than running it from Downloads folder.

-- The Shield Deluxe 2009 is a formerly Rogue product - It does not have a reputation for quality in the Anti-malware community.
If you are now using Microsoft Security Essentials (which I believe comprises both AV and Anti-malware), then you should probably uninstall/remove all traces of Shield Deluxe so it doesn't come into conflict with MSE.

-- There are those who consider AskBar and Viewpoint to be minor malware. You can uninstall them if you wish. I generally don't harp on those - there are worse things to worry about.

All told, I really don't see much that worries me. How are things running now? I know you mentioned some possibly non-malware related issues...

Cheers :)
PP

I thought the Thread title says, Infected computer Please Help....huhhh

Did you see anything in the HJT or MBAM logs that warrants running Combofix?

I once had a poster tell me that a virus had turned his cursor into a dinosaur......LOL! Can't always take things at face value :)

I think Brian is on point here.

Cheers :)
PP

I am fairly certain at this stage that its a F.P.

It is.

Update your MBAM to database version 2886 or later and you should have no more issues with this.

Cheers :)
PP

When I went to install the malwarebytes fix a alert popped up and said that the windows Installer service could not be accessed.

I am not in safe mode so im not sure what the deal is with that.

Ok . . . Try this:
Download Inherit.exe and put it on the Desktop. Now, drag the MBA-M installer into inherit.exe and wait for a message that pops up and says “OK” - Then try to run it again.

If that fails, try to resolve this via the steps in the linky below and let me know how you fare:
http://support.microsoft.com/kb/315353

I'll be back Wednesday night.

PP:)

No worries on the error message - just follow the steps below carefully and let me know how it shakes out.

Ok - Great . . . . Now the tricky part:

Please Download The Avenger v2 by Swandog46
http://swandog46.geekstogo.com/avenger.zip

-- Extract Avenger.exe from the ZIP to your Desktop - You have to extract this tool - do not run from the zip!
If you need a tool to Extract Avenger from the ZIP, try 7Zip

Once Avenger has been extracted to the Desktop:
-- Highlight the complete text in Red below and copy it using Ctrl+C or RightClick > Copy:

Files to move:
C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll | C:\WINDOWS\SYSTEM32\eventlog.dll

-- Now, DoubleClick avenger.exe on your desktop to run it
-- Read the Warning Prompt and press OK
-- Paste the script you just copied into the textbox, using Ctrl+V or RightClick > Paste
-- Press Execute
-- Answer YES to the confirmation prompts and allow your computer to reboot.
In some cases, The Avenger will reboot your machine a second time. No worries.
-- After reboot, The Avenger should open a log – please post that for me.

NEXT:

Click START > RUN and then Copy&Paste the following into the command field: "%userprofile%\desktop\win32kdiag.exe" -f –r

That should produce a log, as well. Please post it for me.

Let me know …