BleepingComputer.com: dds log help, computer shutting off

Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Forum Guidelines

Posted Image Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Posted Image Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.


Posted Image DO NOT RUN ComboFix unless requested to.


Posted Image Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


Posted Image When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Posted Image Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  • 3 Pages +
  • 1
  • 2
  • 3
  • You cannot start a new topic
  • This topic is locked

dds log help, computer shutting off comp shuts off on own

#1 User is offline   sunnybo 

  • Forum Regular
  • PipPipPip
  • Find Topics
  • Group: Members
  • Posts: 313
  • Joined: 03-October 06

Posted 19 June 2009 - 10:49 PM

pleae help me with my desktop issue. i downloaded and ran the dds logs and copied and attached them. pleaes help me find out y my computer is exsessively slow and rudely shutting off. thanks



DDS (Ver_09-05-14.01) - NTFSx86
Run by Owner at 23:41:44.93 on Fri 06/19/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.247.46 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\wt\updater\wcmdmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=presario&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=presario&pf=desktop
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.yahoo.com/
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=presario&pf=desktop
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: {549B5CA7-4A86-11D7-A4DF-000874180BB3} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton antivirus\NavShExt.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton antivirus\NavShExt.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [AOL Fast Start] "c:\program files\america online 9.0\AOL.EXE" -b
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [VTTimer] VTTimer.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [NAV CfgWiz] c:\program files\common files\symantec shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [wcmdmgr] c:\windows\wt\updater\wcmdmgrl.exe -launch
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg311v3\wlancfg5.exe
uPolicies-system: DisableTaskMgr = 1 (0x1)
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: Add To Compaq Organize... - c:\progra~1\hewlet~1\compaq~1\bin\core.hp.main\SendTo.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\owner\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1242064409084
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://javadl.sun.com/webapps/download/AutoDL?BundleId=29223
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Notify: igfxcui - igfxsrvc.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\vfuu2zrg.default\
FF - plugin: c:\program files\real\realone player\netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprpjplug.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2003-8-15 255136]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2003-8-15 234656]
R2 navapsvc;Norton AntiVirus Auto Protect Service;c:\program files\norton antivirus\navapsvc.exe [2003-8-18 158376]
R2 SAVRTPEL;SAVRTPEL;c:\program files\norton antivirus\Savrtpel.sys [2003-8-7 35008]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20040304.008\NAVENG.Sys [2004-4-3 67752]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20040304.008\NavEx15.Sys [2004-4-3 598632]
R3 SAVRT;SAVRT;c:\program files\norton antivirus\savrt.sys [2003-8-7 300736]
S2 mrtRate;mrtRate; [x]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2003-8-15 87200]
S3 SAVScan;SAVScan;c:\program files\norton antivirus\SAVScan.exe [2003-8-10 193816]

=============== Created Last 30 ================

2009-05-30 19:37 108,144 a------- c:\windows\system32\CmdLineExt.dll
2009-05-30 19:18 <DIR> --d----- c:\docume~1\owner\applic~1\TMNT
2009-05-28 19:12 38,160 a------- c:\windows\system32\LMRTREND.dll
2009-05-28 19:12 140,800 a------- c:\windows\system32\tm20dec.ax
2009-05-28 19:12 182,032 a------- c:\windows\system32\dxtmsft3.dll
2009-05-28 19:12 63,488 a------- c:\windows\system32\unam4ie.exe
2009-05-28 19:12 11,776 a------- c:\windows\system32\mciqtz.drv
2009-05-28 19:12 10,240 a------- c:\windows\system32\vidx16.dll
2009-05-28 19:12 5,672 a------- c:\windows\system32\quartz.vxd
2009-05-28 19:12 194,320 a------- c:\windows\system32\qcut.dll
2009-05-28 19:12 4,608 a------- c:\windows\system32\w95inf32.dll
2009-05-28 19:12 2,272 a------- c:\windows\system32\w95inf16.dll
2009-05-23 23:11 <DIR> --d----- c:\program files\Disney Interactive
2009-05-23 23:10 1,555 a------- c:\windows\disney.ini
2009-05-23 23:02 827 a------- c:\windows\EReg515.dat

==================== Find3M ====================

2009-05-15 09:42 81,395 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-05-15 09:38 307,200 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\presario\xphnars4en\plugin\bin\pchealthplugin.dll
2009-05-11 15:49 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-07 03:31 3,888 a------- c:\windows\viassary-hp.reg
2009-05-04 04:22 4,132 a--shr-- c:\windows\system32\drivers\HP_PC182A-ABA SR1103WM NA430_YC_Pres_QCNC430_E43NAheREG3_4_IGamila Giovani Neon series_SMICRO-STAR INTERNATIONAL CO., LTD_V030_B3.11_T040517_WXH1_L409_M248_J40_7Intel_8Celeron_92.53_1_N10EC8139_P_Z11C1048C_K_A808624C5.MRK
2009-04-29 00:46 666,624 a------- c:\windows\system32\wininet.dll
2009-04-29 00:46 81,920 -------- c:\windows\system32\ieencode.dll
2009-04-17 08:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-15 10:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2006-03-15 14:19 212,992 a------- c:\windows\inf\wg311v3\CopyWHQLDriver.exe
2006-01-26 17:55 280,576 a------- c:\windows\inf\wg311v3\WG311v3.sys
2005-10-06 15:17 280,576 a------- c:\windows\inf\wg311v3\WG311v3XP.sys
2005-08-21 05:26 0 a--sh--- c:\windows\sminst\HPCD.SYS

============= FINISH: 23:42:50.28 ===============

Attached File(s)


#2 User is offline   thcbytes 

  • Bleepin' Teacher
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Instructor
  • Posts: 11,589
  • Joined: 09-December 08
  • Gender:Male

Posted 25 June 2009 - 07:15 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://organdonor.gov/index.html

#3 User is offline   sunnybo 

  • Forum Regular
  • PipPipPip
  • Find Topics
  • Group: Members
  • Posts: 313
  • Joined: 03-October 06

  Posted 26 June 2009 - 05:52 PM

ok my computer keeps shutting off and restarting on its own. ive had this problem several times in past to but dont know what is was, and i did the dds reports, and before this day i installed speed fan to see the temps of my fans. hope this helps. hes new reports. thanks



DDS (Ver_09-05-14.01) - NTFSx86
Run by Owner at 18:48:07.03 on Fri 06/26/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.247.42 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\wt\updater\wcmdmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=presario&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=presario&pf=desktop
uSearch Bar = hxxp://www.google.com/ie
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=presario&pf=desktop
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: {549B5CA7-4A86-11D7-A4DF-000874180BB3} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton antivirus\NavShExt.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton antivirus\NavShExt.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [AOL Fast Start] "c:\program files\america online 9.0\AOL.EXE" -b
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [VTTimer] VTTimer.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [NAV CfgWiz] c:\program files\common files\symantec shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [wcmdmgr] c:\windows\wt\updater\wcmdmgrl.exe -launch
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg311v3\wlancfg5.exe
uPolicies-system: DisableTaskMgr = 1 (0x1)
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: Add To Compaq Organize... - c:\progra~1\hewlet~1\compaq~1\bin\core.hp.main\SendTo.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\owner\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1242064409084
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://javadl.sun.com/webapps/download/AutoDL?BundleId=29223
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Notify: igfxcui - igfxsrvc.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\vfuu2zrg.default\
FF - plugin: c:\program files\real\realone player\netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprpjplug.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2003-8-15 255136]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2003-8-15 234656]
R2 navapsvc;Norton AntiVirus Auto Protect Service;c:\program files\norton antivirus\navapsvc.exe [2003-8-18 158376]
R2 SAVRTPEL;SAVRTPEL;c:\program files\norton antivirus\Savrtpel.sys [2003-8-7 35008]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20040304.008\NAVENG.Sys [2004-4-3 67752]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20040304.008\NavEx15.Sys [2004-4-3 598632]
R3 SAVRT;SAVRT;c:\program files\norton antivirus\savrt.sys [2003-8-7 300736]
S2 mrtRate;mrtRate; [x]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2003-8-15 87200]
S3 SAVScan;SAVScan;c:\program files\norton antivirus\SAVScan.exe [2003-8-10 193816]

=============== Created Last 30 ================

2009-06-26 16:20 <DIR> --dsh--- c:\documents and settings\owner\IETldCache
2009-06-25 15:48 102,912 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-06-25 15:47 <DIR> --d----- c:\windows\ie8updates
2009-06-25 15:46 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-06-25 15:46 1,985,024 -c------ c:\windows\system32\dllcache\iertutil.dll
2009-06-25 15:46 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-06-25 15:46 11,064,832 -c------ c:\windows\system32\dllcache\ieframe.dll
2009-06-25 15:43 <DIR> -cd-h--- c:\windows\ie8
2009-06-20 20:09 54,156 a---h--- c:\windows\QTFont.qfn
2009-06-20 20:09 1,409 a------- c:\windows\QTFont.for
2009-06-20 03:18 <DIR> --d----- c:\program files\SpeedFan
2009-06-20 03:18 45 a------- c:\windows\system32\initdebug.nfo
2009-05-30 19:37 108,144 a------- c:\windows\system32\CmdLineExt.dll
2009-05-30 19:18 <DIR> --d----- c:\docume~1\owner\applic~1\TMNT
2009-05-28 19:12 38,160 a------- c:\windows\system32\LMRTREND.dll
2009-05-28 19:12 140,800 a------- c:\windows\system32\tm20dec.ax
2009-05-28 19:12 182,032 a------- c:\windows\system32\dxtmsft3.dll
2009-05-28 19:12 63,488 a------- c:\windows\system32\unam4ie.exe
2009-05-28 19:12 11,776 a------- c:\windows\system32\mciqtz.drv
2009-05-28 19:12 10,240 a------- c:\windows\system32\vidx16.dll
2009-05-28 19:12 5,672 a------- c:\windows\system32\quartz.vxd
2009-05-28 19:12 194,320 a------- c:\windows\system32\qcut.dll
2009-05-28 19:12 4,608 a------- c:\windows\system32\w95inf32.dll
2009-05-28 19:12 2,272 a------- c:\windows\system32\w95inf16.dll

==================== Find3M ====================

2009-05-15 09:42 81,395 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-05-15 09:38 307,200 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\presario\xphnars4en\plugin\bin\pchealthplugin.dll
2009-05-13 01:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-11 15:49 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-07 03:31 3,888 a------- c:\windows\viassary-hp.reg
2009-05-04 04:22 4,132 a--shr-- c:\windows\system32\drivers\HP_PC182A-ABA SR1103WM NA430_YC_Pres_QCNC430_E43NAheREG3_4_IGamila Giovani Neon series_SMICRO-STAR INTERNATIONAL CO., LTD_V030_B3.11_T040517_WXH1_L409_M248_J40_7Intel_8Celeron_92.53_1_N10EC8139_P_Z11C1048C_K_A808624C5.MRK
2009-04-17 08:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-15 10:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2006-03-15 14:19 212,992 a------- c:\windows\inf\wg311v3\CopyWHQLDriver.exe
2006-01-26 17:55 280,576 a------- c:\windows\inf\wg311v3\WG311v3.sys
2005-10-06 15:17 280,576 a------- c:\windows\inf\wg311v3\WG311v3XP.sys
2005-08-21 05:26 0 a--sh--- c:\windows\sminst\HPCD.SYS

============= FINISH: 18:49:07.71 ===============

Attached File(s)


#4 User is offline   farbar 

  • Just Curious
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Instructor
  • Posts: 16,842
  • Joined: 08-December 07
  • Gender:Male
  • Location:The Netherlands

Posted 28 June 2009 - 06:23 AM

Hi sunnybo,

Welcome to BC HijackThis forum. I am farbar. I am going to assist you with your problem.

Please refrain from making any changes to your system (updating Windows, installing applications, removing files, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult.
  • To disable automatic startup:
    • Go to start right-click My computer and select Properties.
    • Under Advanced tab in the section Startup and Recovery press Settings.
    • Under System failure section:
      • Write an event to the system log option should be checked.
      • Send an administrative alert should be checked.
      • Uncheck Automatically restart.
      • Click OK twice.
      • The next time Windows encounter a problem will not restart automatically and gives you an error message. If it happens Note the exact message and post it to your reply.


  • Optional:Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

    http://www.clickz.com/news/article.php/3561546

    I suggest you uninstall the following program via Add or Remove Programs if your are using it:

    Viewpoint Media Player.

    If you uninstalled it also remove the folder in bold: C:\Program Files\Viewpoint


  • This small application you may want to keep and use to keep the computer clean.
    Download CCleaner from here http://www.ccleaner.com/
    • Run the installer to install the application.
    • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
    • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
    • Click Run Cleaner.
    • Close CCleaner.


  • You have both Yahoo Toolbar and Google Toolbar I recommend keep one of them and uninstall the other one.


  • Please download Malwarebytes' Anti-Malware from one of these locations:
    malwarebytes.org
    majorgeeks.com
    • Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the MBAM log.

    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Posted Image

This is a voluntary free service. However, if you would like to donate to my account click on Posted Image

#5 User is offline   sunnybo 

  • Forum Regular
  • PipPipPip
  • Find Topics
  • Group: Members
  • Posts: 313
  • Joined: 03-October 06

Posted 28 June 2009 - 12:23 PM

ok thanks i am performing these things. please give me few mins. thanks

#6 User is offline   sunnybo 

  • Forum Regular
  • PipPipPip
  • Find Topics
  • Group: Members
  • Posts: 313
  • Joined: 03-October 06

Posted 28 June 2009 - 07:56 PM

Malwarebytes' Anti-Malware 1.38
Database version: 2346
Windows 5.1.2600 Service Pack 3

6/28/2009 2:00:37 PM
mbam-log-2009-06-28 (14-00-37).txt

Scan type: Quick Scan
Objects scanned: 88396
Time elapsed: 12 minute(s), 7 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 13
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 6

Memory Processes Infected:
C:\Program Files\Gamevance\gamevance32.exe (Adware.Gamevance) -> Unloaded process successfully.

Memory Modules Infected:
C:\Program Files\Gamevance\gamevancelib32.dll (Adware.Gamevance) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{0ed403e8-470a-4a8a-85a4-d7688cfe39a3} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0ed403e8-470a-4a8a-85a4-d7688cfe39a3} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0ed403e8-470a-4a8a-85a4-d7688cfe39a3} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{014c4232-6904-47b9-9144-7e0fb7277444} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{0ab02d6c-f605-425f-b7cb-b9e96c9faf1e} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{32864a05-9d09-472c-abd0-081818ec713b} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{beac7dc8-e106-4c6a-931e-5a42e7362883} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{beac7dc8-e106-4c6a-931e-5a42e7362883} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{beac7dc8-e106-4c6a-931e-5a42e7362883} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gamevance (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\gvtl (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Gamevance (Adware.Gamevance) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\Gamevance (Adware.Gamevance) -> Delete on reboot.

Files Infected:
C:\Program Files\Gamevance\gamevancelib32.dll (Adware.Gamevance) -> Delete on reboot.
c:\program files\gamevance\ars.cfg (Adware.Gamevance) -> Quarantined and deleted successfully.
c:\program files\gamevance\gamevance32.exe (Adware.Gamevance) -> Quarantined and deleted successfully.
c:\program files\gamevance\gvtl.dll (Adware.Gamevance) -> Quarantined and deleted successfully.
c:\program files\gamevance\gvun.exe (Adware.Gamevance) -> Quarantined and deleted successfully.
c:\program files\gamevance\icon.ico (Adware.Gamevance) -> Quarantined and deleted successfully.

#7 User is offline   sunnybo 

  • Forum Regular
  • PipPipPip
  • Find Topics
  • Group: Members
  • Posts: 313
  • Joined: 03-October 06

Posted 28 June 2009 - 08:09 PM

heres a log file of ccleaner ok.

CLEANING COMPLETE - (116.343 secs)
------------------------------------------------------------------------------------------
97.9MB removed.
------------------------------------------------------------------------------------------

I edited the post to remove the long CCleaner's log in order to make it easy to go back and forth through the posts. Thanks,
farbar

This post has been edited by farbar: 29 June 2009 - 12:36 PM

#8 User is offline   farbar 

  • Just Curious
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Instructor
  • Posts: 16,842
  • Joined: 08-December 07
  • Gender:Male
  • Location:The Netherlands

Posted 29 June 2009 - 02:52 AM

Well done. :thumbup2:

Please run the F-Secure Online Scanner
Note: This Scanner is for Internet Explorer Only!
Follow the Instruction here for installation.
Accept the License Agreement.
Once the ActiveX installs,Click Full System Scan
Once the download completes, the scan will begin automatically.
The scan will take some time to finish, so please be patient.
When the scan completes, click the Automatic cleaning (recommended) button.
Click the Show Report button and Copy&Paste the entire report in your next reply.
Posted Image

This is a voluntary free service. However, if you would like to donate to my account click on Posted Image

#9 User is offline   sunnybo 

  • Forum Regular
  • PipPipPip
  • Find Topics
  • Group: Members
  • Posts: 313
  • Joined: 03-October 06

Posted 29 June 2009 - 12:33 PM

Scanning Report
Monday, June 29, 2009 10:48:57 - 13:00:59

Computer name: YOUR-C8BH3JAGLT
Scanning type: Scan system for malware, spyware and rootkits
Target: C:\ D:\
5 malware found
TrackingCookie.2o7 (spyware)

* System (Disinfected)

TrackingCookie.Atdmt (spyware)

* System (Disinfected)

TrackingCookie.Doubleclick (spyware)

* System (Disinfected)

TrackingCookie.Webtrends (spyware)

* System (Disinfected)

TrackingCookie.Yieldmanager (spyware)

* System (Disinfected)

#10 User is offline   farbar 

  • Just Curious
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Instructor
  • Posts: 16,842
  • Joined: 08-December 07
  • Gender:Male
  • Location:The Netherlands

Posted 29 June 2009 - 12:43 PM

F-Secure found just a couple tracking cookies.

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java SE Runtime Environment (JRE)" JRE 6 Update 14.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u13-windows-i586-p.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.

Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.


Please tell me how is your computer running.
Posted Image

This is a voluntary free service. However, if you would like to donate to my account click on Posted Image

#11 User is offline   sunnybo 

  • Forum Regular
  • PipPipPip
  • Find Topics
  • Group: Members
  • Posts: 313
  • Joined: 03-October 06

Posted 29 June 2009 - 06:02 PM

hello thanks. I downloaded java the one you wanted me to the updated one and unistalled the old ones. But i downloaded the java from java.com website because it wouldnt work from the site you gave me thanks. whats the next steps i should take my computer is still shutting off and i did everything you said in beginning and when my computer shuts down on its own its still restarting without giving me a error messege. i dont know what to do. what else can make a desktop computer do this thanks

#12 User is offline   farbar 

  • Just Curious
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Instructor
  • Posts: 16,842
  • Joined: 08-December 07
  • Gender:Male
  • Location:The Netherlands

Posted 30 June 2009 - 12:22 AM

We are going to dig deeper. We run ComboFix, please make sure you run it just once as I need to see the log of the first run.

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Information on A/V control HERE)
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.


  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please copy and paste the C:\ComboFix.txt in your next reply.
Posted Image

This is a voluntary free service. However, if you would like to donate to my account click on Posted Image

#13 User is offline   sunnybo 

  • Forum Regular
  • PipPipPip
  • Find Topics
  • Group: Members
  • Posts: 313
  • Joined: 03-October 06

Posted 01 July 2009 - 12:30 AM

hi i am being attacked by spyware and viruses so bad it messed my computer up, putting nasty pics on my desktop i didnt put there and i delete them but they return. , pop ups saying i have this virus and this and this and that, and it stops my interent pages from working, i have to keep restarting just to send this to you. I tried combo fix its not working. i had to do a recovery on my computer before this messege and before combo fix. because my computer shut down with an error and wouldnt start and when did was so messed up. what can i do to get internet protection and which is the best to get i dotn have any protection. please help. what can i do to rid all these backdoors and trojans it says i have now .

#14 User is offline   farbar 

  • Just Curious
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Instructor
  • Posts: 16,842
  • Joined: 08-December 07
  • Gender:Male
  • Location:The Netherlands

Posted 01 July 2009 - 05:29 AM

Those pop ups are from rouge programs to fool people to pay for a fake antivirus.

Please update and run Malwarebytes again. If it didn't run in normal mode do the following:

First use F8 key to get to "Safe Mode with Networking".
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
  • Use the arrow keys to select the "Safe Mode with Networking" menu item.
  • Press the Enter key.
  • Log to your usual account.

Using Windows Explorer (right-click start > Explorer) navigate to the following folder:C"\Program Files\Malwarebyte' Anti-Malware
  • Locate the file mbam.exe and rename it to clear.exe then double-click to run it.
  • Wait until it opens up.
  • Update it (under Update tab press Check for Updates).You will get the message that it is updated successfully.
  • Run a quick scan. Let it remove what it finds by checking all the find items, let reboot if needed and copy/paste the log to your reply.

Note: The logs are saved by default under the Logs tab. If the log did not automatically open after reboot you can obtain the latest log from there.
Posted Image

This is a voluntary free service. However, if you would like to donate to my account click on Posted Image

#15 User is offline   sunnybo 

  • Forum Regular
  • PipPipPip
  • Find Topics
  • Group: Members
  • Posts: 313
  • Joined: 03-October 06

Posted 01 July 2009 - 06:00 PM

yes ill try it out but i cant go online for some reason, but my internet service is working proper but computer wont go online pages. Ill try because i havent been able to run that program or any other. im at my sisters right now so that i could go on here to see what you said. when i get home i will put it in safe mode and see what happens, yeah im not buying any program but i do need protection on my computer to if you know of any of that i could use to help to. thanks

Share this topic:


  • 3 Pages +
  • 1
  • 2
  • 3
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users