Help
This topic is locked
yeah, something is still wrong. the file for windows missing is "sqmapi.dll". just tried to update my graphics driver and during the install it crashed to blue screen. now the resolution is messed up. i'll run those two programs and post scan results.
Forum Guidelines
Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help
Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient. DO NOT RUN ComboFix unless requested to. Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
Infected computer. possible from Adobe "update" do not know how to remove it and restore
Back to top
#17
- I know the drill!
-
- Group: Malware Response Instructor
- Posts: 29,114
- Joined: 24-July 08
- Gender:Male
- Location:London, UK
Posted 11 July 2011 - 08:15 PM
Looks like file corruption, running MBAM and SAS won't hurt but I don't think malware is the main problem that's left.
If I have helped you fix your PC then please donate. Thanks
m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)
m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)
#18
- New Member
-
- Group: Members
- Posts: 13
- Joined: 22-June 11
Posted 11 July 2011 - 08:28 PM
since nothing is coming up on my music or photos, do you think i'd be able to back up those files onto an external hard drive? Sounds like i'll need to wipe everything out and reinstall everything..
#19
- New Member
-
- Group: Members
- Posts: 13
- Joined: 22-June 11
Posted 11 July 2011 - 09:48 PM
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 07/11/2011 at 09:32 PM
Application Version : 4.55.1000
Core Rules Database Version : 7397
Trace Rules Database Version: 5209
Scan type : Complete Scan
Total Scan Time : 00:31:42
Memory items scanned : 741
Memory threats detected : 0
Registry items scanned : 15048
Registry threats detected : 0
File items scanned : 40653
File threats detected : 50
Adware.Tracking Cookie
C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Cookies\brian@doubleclick[1].txt
C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Cookies\brian@2o7[2].txt
C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Cookies\brian@eaeacom.112.2o7[1].txt
secure-us.imrworldwide.com [ C:\Users\Brian\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7KAFAM ]
C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Cookies\Low\brian@ad.wsod[2].txt
C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Cookies\Low\brian@fastclick[1].txt
C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Cookies\Low\brian@advertising[2].txt
C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Cookies\Low\brian@atdmt[2].txt
C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Cookies\Low\brian@doubleclick[1].txt
C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Cookies\Low\brian@www.googleadservices[1].txt
.at.atwola.com [ C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\co50jhik.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\co50jhik.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\co50jhik.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\co50jhik.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\co50jhik.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\co50jhik.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\co50jhik.default\cookies.sqlite ]
.atdmt.com [ C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\co50jhik.default\cookies.sqlite ]
.advertising.com [ C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\co50jhik.default\cookies.sqlite ]
.atwola.com [ C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\co50jhik.default\cookies.sqlite ]
.tacoda.net [ C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\co50jhik.default\cookies.sqlite ]
.tacoda.net [ C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\co50jhik.default\cookies.sqlite ]
.tacoda.net [ C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\co50jhik.default\cookies.sqlite ]
.advertising.com [ C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\co50jhik.default\cookies.sqlite ]
.at.atwola.com [ C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\co50jhik.default\cookies.sqlite ]
statse.webtrendslive.com [ C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\co50jhik.default\cookies.sqlite ]
.apmebf.com [ C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\co50jhik.default\cookies.sqlite ]
.mediaplex.com [ C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\co50jhik.default\cookies.sqlite ]
.mediaplex.com [ C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\co50jhik.default\cookies.sqlite ]
.imrworldwide.com [ C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\co50jhik.default\cookies.sqlite ]
.imrworldwide.com [ C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\co50jhik.default\cookies.sqlite ]
.doubleclick.net [ C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\co50jhik.default\cookies.sqlite ]
twc.rotator.hadj7.adjuggler.net [ C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\co50jhik.default\cookies.sqlite ]
twc.rotator.hadj7.adjuggler.net [ C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\co50jhik.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\co50jhik.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\co50jhik.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\co50jhik.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\co50jhik.default\cookies.sqlite ]
.specificmedia.com [ C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\co50jhik.default\cookies.sqlite ]
ads2.ljworld.com [ C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\co50jhik.default\cookies.sqlite ]
.zedo.com [ C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\co50jhik.default\cookies.sqlite ]
.zedo.com [ C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\co50jhik.default\cookies.sqlite ]
.adjuggler.net [ C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\co50jhik.default\cookies.sqlite ]
.msnportal.112.2o7.net [ C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\co50jhik.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\co50jhik.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\co50jhik.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\co50jhik.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\co50jhik.default\cookies.sqlite ]
.questionmarket.com [ C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\co50jhik.default\cookies.sqlite ]
.questionmarket.com [ C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\co50jhik.default\cookies.sqlite ]
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org
Database version: 7082
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
7/11/2011 8:55:07 PM
mbam-log-2011-07-11 (20-55-07).txt
Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Objects scanned: 344629
Time elapsed: 49 minute(s), 19 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
http://www.superantispyware.com
Generated 07/11/2011 at 09:32 PM
Application Version : 4.55.1000
Core Rules Database Version : 7397
Trace Rules Database Version: 5209
Scan type : Complete Scan
Total Scan Time : 00:31:42
Memory items scanned : 741
Memory threats detected : 0
Registry items scanned : 15048
Registry threats detected : 0
File items scanned : 40653
File threats detected : 50
Adware.Tracking Cookie
C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Cookies\brian@doubleclick[1].txt
C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Cookies\brian@2o7[2].txt
C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Cookies\brian@eaeacom.112.2o7[1].txt
secure-us.imrworldwide.com [ C:\Users\Brian\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7KAFAM ]
C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Cookies\Low\brian@ad.wsod[2].txt
C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Cookies\Low\brian@fastclick[1].txt
C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Cookies\Low\brian@advertising[2].txt
C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Cookies\Low\brian@atdmt[2].txt
C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Cookies\Low\brian@doubleclick[1].txt
C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Cookies\Low\brian@www.googleadservices[1].txt
.at.atwola.com [ C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\co50jhik.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\co50jhik.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\co50jhik.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\co50jhik.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\co50jhik.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\co50jhik.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\co50jhik.default\cookies.sqlite ]
.atdmt.com [ C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\co50jhik.default\cookies.sqlite ]
.advertising.com [ C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\co50jhik.default\cookies.sqlite ]
.atwola.com [ C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\co50jhik.default\cookies.sqlite ]
.tacoda.net [ C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\co50jhik.default\cookies.sqlite ]
.tacoda.net [ C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\co50jhik.default\cookies.sqlite ]
.tacoda.net [ C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\co50jhik.default\cookies.sqlite ]
.advertising.com [ C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\co50jhik.default\cookies.sqlite ]
.at.atwola.com [ C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\co50jhik.default\cookies.sqlite ]
statse.webtrendslive.com [ C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\co50jhik.default\cookies.sqlite ]
.apmebf.com [ C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\co50jhik.default\cookies.sqlite ]
.mediaplex.com [ C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\co50jhik.default\cookies.sqlite ]
.mediaplex.com [ C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\co50jhik.default\cookies.sqlite ]
.imrworldwide.com [ C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\co50jhik.default\cookies.sqlite ]
.imrworldwide.com [ C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\co50jhik.default\cookies.sqlite ]
.doubleclick.net [ C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\co50jhik.default\cookies.sqlite ]
twc.rotator.hadj7.adjuggler.net [ C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\co50jhik.default\cookies.sqlite ]
twc.rotator.hadj7.adjuggler.net [ C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\co50jhik.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\co50jhik.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\co50jhik.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\co50jhik.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\co50jhik.default\cookies.sqlite ]
.specificmedia.com [ C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\co50jhik.default\cookies.sqlite ]
ads2.ljworld.com [ C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\co50jhik.default\cookies.sqlite ]
.zedo.com [ C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\co50jhik.default\cookies.sqlite ]
.zedo.com [ C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\co50jhik.default\cookies.sqlite ]
.adjuggler.net [ C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\co50jhik.default\cookies.sqlite ]
.msnportal.112.2o7.net [ C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\co50jhik.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\co50jhik.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\co50jhik.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\co50jhik.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\co50jhik.default\cookies.sqlite ]
.questionmarket.com [ C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\co50jhik.default\cookies.sqlite ]
.questionmarket.com [ C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\co50jhik.default\cookies.sqlite ]
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org
Database version: 7082
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
7/11/2011 8:55:07 PM
mbam-log-2011-07-11 (20-55-07).txt
Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Objects scanned: 344629
Time elapsed: 49 minute(s), 19 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
#20
- I know the drill!
-
- Group: Malware Response Instructor
- Posts: 29,114
- Joined: 24-July 08
- Gender:Male
- Location:London, UK
Posted 12 July 2011 - 04:15 PM
Back up the files you want and then run Chkdsk
1. Click the Windows Globe (bottom left)
2. Type chkdsk in the open field
3. Double click chkdsk.exe to run
When that's done we will do a second repair with sfc\ scannow
You may have corrupt critical system files. Let's see if we can fix that.
1. Click the Windows Globe (bottom left)
2. Type chkdsk in the open field
3. Double click chkdsk.exe to run
When that's done we will do a second repair with sfc\ scannow
You may have corrupt critical system files. Let's see if we can fix that.
- Select
- Select All Programs
- Select Accessories
- Right click Command Prompt and choose Run as administrator
- If you have the User Account Control (UAC) enabled you will be asked for authorization prior to the command prompt opening.
- You may simply need to press the Continue button if you are the administrator or insert the administrator password.
- Copy & paste sfc /scannow in the command window and press enter.
- Note the space between the c and the /
- Be patient because the scan may take some time.
- When that has completed then we need to create a logfile.
- Repeat the process but this time copy & paste findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >%userprofile%\Desktop\sfcdetails.txt in the command window and press Enter.
Note: This will place a sfcdetails.txt file on your desktop with the SFC scan details from the CBS.LOG. Please copy and paste that log into your next reply.
If I have helped you fix your PC then please donate. Thanks
m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)
m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)
#21
- I know the drill!
-
- Group: Malware Response Instructor
- Posts: 29,114
- Joined: 24-July 08
- Gender:Male
- Location:London, UK
Posted 16 July 2011 - 07:11 PM
Hi,
I have not had a reply from you for 5 days. Can you please tell me if you still need help with your computer as I am unable to help other members with their problems while I have your topic still open. The time taken between posts can also change the situation with your PC making it more difficult to help you.
If you like you can PM me.
Thanks,
m0le
I have not had a reply from you for 5 days. Can you please tell me if you still need help with your computer as I am unable to help other members with their problems while I have your topic still open. The time taken between posts can also change the situation with your PC making it more difficult to help you.
If you like you can PM me.
Thanks,
m0le
If I have helped you fix your PC then please donate. Thanks
m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)
m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)
#22
- I know the drill!
-
- Group: Malware Response Instructor
- Posts: 29,114
- Joined: 24-July 08
- Gender:Male
- Location:London, UK
Posted 17 July 2011 - 06:46 PM
Due to the lack of feedback, this topic is now closed.
In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
If I have helped you fix your PC then please donate. Thanks
m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)
m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)
