BleepingComputer.com: Virus clean up please.

Hello All!! And Thank you for sharing your vast knowledge! I think I am in way over my head with this computer stuff. I am a Hot Rodder at heart and am used to making old cars and trucks look good and go fast. I am looking to do the same with my computer, however I dont know where to begin, except for starting right here. My wife who just recieved a new lap top from our son for Christmas has abandoned this pc to me. It is loaded with trojans and other viruses. Here is what Ive done so far:

1: Saved everything to an external hard drive. (including a couple of files I think are viruses and cant delete.)
2: Restarted computer to factory original settings last week sometime.
3: Installed Ad-Aware and the Seek and Desrtoy programs from somewhere on this site.
4: Checked out/Deleted a bunch of start up programs that had trojans attached to them. (I ran them in the Start up data base from this site.)
5: Went through my Task Manager Processes and found a ton more trojans that I cant get rid of.
6: Begged you guys for help.

I know very little about computers, and how they run, so please keep it simple. Thank You...Kevin

Hello and welcome. Lets see what we can do here. First I am moving this ftom Vista to Am I Infected.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:

• Flush DNS
  
• Report IE Proxy Settings
  
• Reset IE Proxy Settings
  
• Report FF Proxy Settings
  
• Reset FF Proxy Settings
  
• List content of Hosts
  
• List IP configuration
  
• List Winsock Entries
  
• List last 10 Event Viewer log
  
• List Installed Programs
  
• List Devices
  
• List Users, Partitions and Memory size.
  
• List Minidump Files

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



You will need to scan the external also.

Start with a Full MBAM scan . if you connect the external it will scan that too.

Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware and save it to your desktop.

Download Link 1 <<<== Use this one first.

Download Link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

• Make sure you are connected to the Internet.
  
• Double-click on mbam-setup.exe to install the application.
  For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  
• When the installation begins, follow the prompts and do not make any changes to default settings.
  
• When installation has finished, make sure you leave both of these checked:
  • Update Malwarebytes' Anti-Malware
    
  • Launch Malwarebytes' Anti-Malware
  
  
• Then click Finish.

MBAM will automatically start and you will be asked to update the program before performing a scan.

• If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  
• If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.

On the Scanner tab:

• Make sure the "Perform FULL Scan" option is selected.
  
• Then click on the Scan button.
  
• If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  
• The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  
• When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  
• Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen:

• Click on the Show Results button to see a list of any malware that was found.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When removal is completed, a log report will open in Notepad.
  
• The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  
• Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  
• Exit MBAM when done.

Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Troubleshoot Malwarebytes' Anti-Malware

MiniToolBox by Farbar Version: 18-01-2012
Ran by Dad (administrator) on 29-01-2012 at 20:34:45
Microsoft® Windows Vista™ Home Premium (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek RTL8101 Family PCI-E Fast Ethernet NIC (NDIS 6.0) = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set interface luid=loopback_0 forwarding=disabled advertise=disabled mtu=0 metric=0 metric=0 nud=disabled basereachabletime=0 retransmittime=0 routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled
set interface luid=ethernet_1 forwarding=disabled advertise=disabled mtu=0 metric=0 metric=0 nud=disabled basereachabletime=0 retransmittime=0 routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled
set interface luid=ethernet_2 forwarding=disabled advertise=disabled mtu=0 metric=0 metric=0 nud=disabled basereachabletime=0 retransmittime=0 routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled
set interface luid=ethernet_4 forwarding=disabled advertise=disabled mtu=0 metric=0 metric=0 nud=disabled basereachabletime=0 retransmittime=0 routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Dad-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : stny.rr.com

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : stny.rr.com
Description . . . . . . . . . . . : Realtek RTL8101 Family PCI-E Fast Ethernet NIC (NDIS 6.0)
Physical Address. . . . . . . . . : 00-1D-60-64-A0-4C
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::a5df:2423:c3ba:dd4a%8(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.101(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, January 29, 2012 5:42:46 PM
Lease Expires . . . . . . . . . . : Monday, January 30, 2012 5:42:46 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 201334112
DNS Servers . . . . . . . . . . . : 209.18.47.61
209.18.47.62
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:2c8a:2797:3f57:fe9a(Preferred)
Link-local IPv6 Address . . . . . : fe80::2c8a:2797:3f57:fe9a%10(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 7:

Connection-specific DNS Suffix . : stny.rr.com
Description . . . . . . . . . . . : isatap.stny.rr.com
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::5efe:192.168.1.101%9(Preferred)
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 209.18.47.61
209.18.47.62
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61:53

Name: google.com
Addresses: 74.125.113.103, 74.125.113.104, 74.125.113.105, 74.125.113.106
74.125.113.147, 74.125.113.99



Pinging google.com [74.125.113.104] with 32 bytes of data:



Reply from 74.125.113.104: bytes=32 time=54ms TTL=48

Reply from 74.125.113.104: bytes=32 time=53ms TTL=48



Ping statistics for 74.125.113.104:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 53ms, Maximum = 54ms, Average = 53ms

Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61:53

Name: yahoo.com
Addresses: 98.139.180.149, 209.191.122.70, 72.30.2.43, 98.137.149.56



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:



Reply from 209.191.122.70: bytes=32 time=50ms TTL=51

Reply from 209.191.122.70: bytes=32 time=51ms TTL=51



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 50ms, Maximum = 51ms, Average = 50ms

Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61:53

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
8 ...00 1d 60 64 a0 4c ...... Realtek RTL8101 Family PCI-E Fast Ethernet NIC (NDIS 6.0)
1 ........................... Software Loopback Interface 1
10 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
9 ...00 00 00 00 00 00 00 e0 isatap.stny.rr.com
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.101 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.101 276
192.168.1.101 255.255.255.255 On-link 192.168.1.101 276
192.168.1.255 255.255.255.255 On-link 192.168.1.101 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.101 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.101 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
10 18 ::/0 On-link
1 306 ::1/128 On-link
10 18 2001::/32 On-link
10 266 2001:0:4137:9e76:2c8a:2797:3f57:fe9a/128
On-link
8 276 fe80::/64 On-link
10 266 fe80::/64 On-link
9 281 fe80::5efe:192.168.1.101/128
On-link
10 266 fe80::2c8a:2797:3f57:fe9a/128
On-link
8 276 fe80::a5df:2423:c3ba:dd4a/128
On-link
1 306 ff00::/8 On-link
10 266 ff00::/8 On-link
8 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\mswsock.dll [227328] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 06 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/29/2012 06:42:45 PM) (Source: WerSvc) (User: )
Description: The target file for the Windows Feedback Platform (a DLL file containing the list of problems on this computer that require additional data collection for diagnosis) could not be parsed. The error code was 8014FFF9.

Error: (01/28/2012 10:25:11 PM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 7.0.6000.16982 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 1fe4
Start Time: 01ccde33d17033a5
Termination Time: 62

Error: (01/28/2012 08:18:28 PM) (Source: WerSvc) (User: )
Description: The target file for the Windows Feedback Platform (a DLL file containing the list of problems on this computer that require additional data collection for diagnosis) could not be parsed. The error code was 8014FFF9.

Error: (01/28/2012 06:15:17 PM) (Source: WerSvc) (User: )
Description: The target file for the Windows Feedback Platform (a DLL file containing the list of problems on this computer that require additional data collection for diagnosis) could not be parsed. The error code was 8014FFF9.

Error: (01/28/2012 04:59:32 PM) (Source: WerSvc) (User: )
Description: The target file for the Windows Feedback Platform (a DLL file containing the list of problems on this computer that require additional data collection for diagnosis) could not be parsed. The error code was 8014FFF9.

Error: (01/28/2012 04:56:07 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 7.0.6000.16982, time stamp 0x4b2b56f5, faulting module mshtml.dll, version 7.0.6000.16982, time stamp 0x4b2b7af4, exception code 0xc0000005, fault offset 0x00092ed3,
process id 0xf40, application start time 0xiexplore.exe0.

Error: (01/28/2012 03:47:43 PM) (Source: WerSvc) (User: )
Description: The target file for the Windows Feedback Platform (a DLL file containing the list of problems on this computer that require additional data collection for diagnosis) could not be parsed. The error code was 8014FFF9.

Error: (01/28/2012 08:04:03 AM) (Source: WerSvc) (User: )
Description: The target file for the Windows Feedback Platform (a DLL file containing the list of problems on this computer that require additional data collection for diagnosis) could not be parsed. The error code was 8014FFF9.

Error: (01/27/2012 09:36:14 PM) (Source: WerSvc) (User: )
Description: The target file for the Windows Feedback Platform (a DLL file containing the list of problems on this computer that require additional data collection for diagnosis) could not be parsed. The error code was 8014FFF9.

Error: (01/24/2012 07:25:45 PM) (Source: WerSvc) (User: )
Description: The target file for the Windows Feedback Platform (a DLL file containing the list of problems on this computer that require additional data collection for diagnosis) could not be parsed. The error code was 8014FFF9.


System errors:
=============
Error: (01/28/2012 07:18:25 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 7:16:50 PM on 1/28/2012 was unexpected.

Error: (01/24/2012 03:30:19 AM) (Source: Microsoft-Windows-Servicing) (User: SYSTEM)
Description: Windows Servicing failed to complete the process of setting package KB937287 (Update) into Staging(Staging) state

Error: (01/24/2012 03:30:19 AM) (Source: Microsoft-Windows-Servicing) (User: SYSTEM)
Description: Windows Servicing failed to complete the process of setting package KB937287 (Update) into Staging(Staging) state

Error: (01/24/2012 03:30:19 AM) (Source: Microsoft-Windows-Servicing) (User: SYSTEM)
Description: Windows Servicing failed to complete the process of setting package KB937287 (Update) into Staging(Staging) state

Error: (01/24/2012 03:30:19 AM) (Source: Microsoft-Windows-Servicing) (User: SYSTEM)
Description: Windows Servicing failed to complete the process of setting package KB937287 (Update) into Staging(Staging) state

Error: (01/24/2012 03:30:19 AM) (Source: Microsoft-Windows-Servicing) (User: SYSTEM)
Description: Windows Servicing failed to complete the process of changing update 937287-1_neutral_GDR from package KB937287(Update) into Staging(Staging) state

Error: (01/24/2012 03:30:19 AM) (Source: Microsoft-Windows-Servicing) (User: SYSTEM)
Description: Windows Servicing failed to complete the process of changing update 937287-2_neutral_PACKAGE from package KB937287(Update) into Staging(Staging) state

Error: (01/24/2012 03:30:19 AM) (Source: Microsoft-Windows-Servicing) (User: SYSTEM)
Description: Windows Servicing failed to complete the process of changing update 937287-3_neutral_PACKAGE from package KB937287(Update) into Staging(Staging) state

Error: (01/24/2012 03:30:19 AM) (Source: Microsoft-Windows-Servicing) (User: SYSTEM)
Description: Windows Servicing failed to complete the process of changing update 937287-4_neutral_PACKAGE from package KB937287(Update) into Staging(Staging) state

Error: (01/23/2012 06:10:45 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: SYSTEM)
Description: 0x80242016Security Update for Windows Vista (KB950974){64A82FB2-DCAF-4068-98D2-55709C3E1462}102


Microsoft Office Sessions:
=========================
Error: (01/29/2012 06:42:45 PM) (Source: WerSvc)(User: )
Description: 8014FFF9

Error: (01/28/2012 10:25:11 PM) (Source: Application Hang)(User: )
Description: iexplore.exe7.0.6000.169821fe401ccde33d17033a562

Error: (01/28/2012 08:18:28 PM) (Source: WerSvc)(User: )
Description: 8014FFF9

Error: (01/28/2012 06:15:17 PM) (Source: WerSvc)(User: )
Description: 8014FFF9

Error: (01/28/2012 04:59:32 PM) (Source: WerSvc)(User: )
Description: 8014FFF9

Error: (01/28/2012 04:56:07 PM) (Source: Application Error)(User: )
Description: iexplore.exe7.0.6000.169824b2b56f5mshtml.dll7.0.6000.169824b2b7af4c000000500092ed3f4001ccde064599225a

Error: (01/28/2012 03:47:43 PM) (Source: WerSvc)(User: )
Description: 8014FFF9

Error: (01/28/2012 08:04:03 AM) (Source: WerSvc)(User: )
Description: 8014FFF9

Error: (01/27/2012 09:36:14 PM) (Source: WerSvc)(User: )
Description: 8014FFF9

Error: (01/24/2012 07:25:45 PM) (Source: WerSvc)(User: )
Description: 8014FFF9


=========================== Installed Programs ============================

ActiveCheck component for HP Active Support Library (Version: 3.0.0.2)
Ad-Aware (Version: 9.0.7)
Ad-Aware Security Toolbar (Version: 0.9.1.20)
Adobe Flash Player 11 ActiveX (Version: 11.1.102.55)
Adobe Reader 8.1.0 (Version: 8.1.0)
AppCore (Version: 1)
AV (Version: 1)
ccCommon (Version: 106.2.0.21)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.2.2427.2330)
Google Update Helper (Version: 1.3.21.79)
Hardware Diagnostic Tools (Version: 5.00.4558.05)
HP Active Support Library (Version: 2.0.12.1)
HP Active Support Library 32 bit components (Version: 2.1.0)
HP Customer Experience Enhancements (Version: 5.2.0.2296)
HP Customer Feedback (Version: 1.0.0)
HP Easy Setup - Frontend (Version: 5.2.0.2304)
HP On-Screen Cap/Num/Scroll Lock Indicator
HP Photosmart Essential 2.01 (Version: 2.01)
HP Photosmart Essential2.01 (Version: 1.01.0000)
HP Total Care Advisor (Version: 1.2.13)
HP Update (Version: 4.000.005.007)
HPAsset component for HP Active Support Library (Version: 3.0.0.6)
Intel® Graphics Media Accelerator Driver
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 30 (Version: 6.0.300)
Java™ SE Runtime Environment 6 Update 1 (Version: 1.6.0.10)
LightScribe 1.8.15.1 (Version: 1.8.15.1)
LiveUpdate 3.2 (Symantec Corporation) (Version: 3.2.0.68)
LiveUpdate Notice (Symantec Corporation) (Version: 1.4.5)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Office Home and Student 60 day trial
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Works (Version: 08.05.0818)
MSRedist (Version: 1.0.0.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
muvee autoProducer 6.0 (Version: 6.00.050)
My HP Games (Version: HPCMPQ1804)
Norton AntiVirus (Version: 14.2.0.29)
Norton Confidential Browser Component (Version: 1.5.0.29)
Norton Confidential Web Protection Component (Version: 1.5.0.29)
Norton Internet Security (Symantec Corporation) (Version: 10.2.0.30)
Norton Internet Security (Version: 10.1.0)
Norton Internet Security (Version: 10.2.0.30)
Norton Protection Center (Version: 2007.2.0.22)
PSSWCORE (Version: 2.01.0000)
Python 2.5 (Version: 2.5.150)
Realtek High Definition Audio Driver (Version: 6.0.1.5444)
Rhapsody
Rhapsody Player Engine (Version: 1.0.604)
Roxio Activation Module (Version: 1.0)
Roxio Creator Audio (Version: 3.4.0)
Roxio Creator Basic v9 (Version: 3.4.0)
Roxio Creator Copy (Version: 3.4.0)
Roxio Creator Data (Version: 3.4.0)
Roxio Creator EasyArchive (Version: 3.4.0)
Roxio Creator Tools (Version: 3.4.0)
Roxio Express Labeler 3 (Version: 3.2.1)
Roxio MyDVD Basic v9 (Version: 9.0.572)
Soft Data Fax Modem with SmartCP (Version: 7.74.00)
SPBBC 32bit (Version: 3.2.0.21)
Spybot - Search & Destroy (Version: 1.6.2)
Symantec Real Time Storage Protection Component (Version: 10.2.2.6)
SymNet (Version: 7.2.5.8)
VideoToolkit01 (Version: 90.0.146.000)
WeatherBug Gadget (Version: 1.0.0.6)
Yahoo! Search Protection
Yahoo! Toolbar

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 89%
Total physical RAM: 1014.75 MB
Available physical RAM: 108.57 MB
Total Pagefile: 2297.89 MB
Available Pagefile: 1039.55 MB
Total Virtual: 2047.88 MB
Available Virtual: 1954.46 MB

========================= Partitions: =====================================

1 Drive c: (COMPAQ) (Fixed) (Total:224.17 GB) (Free:166.92 GB) NTFS
2 Drive d: (FACTORY_IMAGE) (Fixed) (Total:8.72 GB) (Free:1.16 GB) NTFS
3 Drive e: (RouterSetup) (CDROM) (Total:0.28 GB) (Free:0 GB) CDFS
5 Drive g: (FreeAgent Drive) (Fixed) (Total:465.76 GB) (Free:396.4 GB) NTFS

========================= Users: ========================================

User accounts for \\DAD-PC

Administrator Dad Guest

========================= Minidump Files ==================================

No minidump file found

**** End of log ****

Boopme... Thanks for the reply. How do I run the mini toolbox in my external? Thanks...Kevin

Hi, not needed there.

do the MBAM

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7622

Windows 6.0.6000
Internet Explorer 7.0.6000.16982

1/29/2012 10:30:13 PM
mbam-log-2012-01-29 (22-30-13).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|)
Objects scanned: 373972
Time elapsed: 1 hour(s), 22 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

overtimeracing, on 29 January 2012 - 08:42 PM, said:

I couldnt figure out how to run the mini toolbox in the external, but I got the mbam to work on it.

This post has been edited by overtimeracing: 29 January 2012 - 10:36 PM

We don't need the Mini run on the external,so that's OK..
But MBAM did not update.

Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal/regular mode and click Update tab, select Check for Updates,when done
click Scanner tab,select FULL scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

We'll run 2 more tools.
Please download TDSSKiller.zip and and extract it.

• Run TDSSKiller.exe.
  
• Click Start scan.
  
• When it is finished the utility outputs a list of detected objects with description.
  The utility automatically selects an action (Cure or Delete) for malicious objects.
  The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  
• Let reboot if needed and tell me if the tool needed a reboot.
  
• Click on Report and post the contents of the text file that will open.
  
  Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.

If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.


This one can be long.
I'd like us to scan your machine with ESET OnlineScan

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  ESET OnlineScan
  
• Click the button.
  
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on to download the ESET Smart Installer. Save it to your desktop.
    
  • Double click on the icon on your desktop.
  
  
• Check
  
• Click the button.
  
• Accept any security warnings from your browser.
  
• Under scan settings, check and check Remove found threats
  
• Click Advanced settings and select the following:
  • Scan potentially unwanted applications
    
  • Scan for potentially unsafe applications
    
  • Enable Anti-Stealth technology
  
  
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  
• When the scan completes, push
  
• Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  
• Push the button.
  
• Push

[color="#8B0000"]NOTE: In some instances if no malware is found there will be no log produced.

Good Morn Boopme... When I went to re-run the mbam, it had me restart the pc. It also said the Data Base is outdated by 151 days. would you like to update now? I then clicked the update tab and got error msg:

Program_error_updating (2,0,connection refused)
The system cannot find the file specified

I got this msg yesterday also, but clicked ok and the mbam ran anyways. Apparently incorrectly.

Do I continue with the http://support.kaspersky.com/downloads/utils/tdsskiller.zip

Thanks again for the help!! Kevin

This post has been edited by overtimeracing: 30 January 2012 - 03:34 AM

Got this this morn:

Automatic LiveUpdate Module stopped working and was closed.
A problem caused the application to stop working correctly.
Windows will notify you if a solution is available.

Thanks again for the help!! Kevin

OK, run the nexy steps as malware may be interfering.

Then,,,,
1. Uninstall Malwarebytes' Anti-Malware using Add/Remove programs in the control panel.
2. Restart your computer (very important).
3. Download and run this utility. Mbam clean
4. It will ask to restart your computer (please allow it to).
5. After the computer restarts, install the latest version from here. http://www.malwarebytes.org/mbam-download.php
Note: You will need to reactivate the program using the license you were sent.
Note: If using Free version, ignore the part about putting in your license key and activating.
Launch the program and set the Protection and Registration.
Then go to the UPDATE tab if not done during installation and check for updates.
Restart the computer again and verify that MBAM is in the task tray and run a Quick Scan and post that log.

Got this tonight from my email account:

Your account has been blocked
Why are you seeing this?
Someone may have used your account to send out a lot of junk messages (or something else that violates the Windows Live Terms of Service).
We're here to help you get your account back.
What do you need to do?
We'll ask you to provide us with a mobile phone number where we can send you a verification code and we'll add this phone number to your Windows Live profile for future use. After you enter the code, you can change your password and sign in.
We've cleaned your account settings
Often customers get here because someone else has access to your account and are using it without your knowledge to send spam. To protect you and your contacts, we've removed any Hotmail auto-replies or linked accounts you may have had.

I will work on your last bit of advice now. thanks again...Kevin

Boopme...Run the Aro2012 or purchase the Malware? Thx...Kevin

Run the ARO.. purchaing MBAM is a good thing ,but I don't want to sound like I am telling you to spend your $$.
They upgraded the MBAM engine yesterday from

Malwarebytes' Anti-Malware 1.51.2.1300 to 1.60.1.1000

http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe

Are you connected wired or wireless and thru a router?

This post has been edited by boopme: 31 January 2012 - 09:04 PM

connected...