Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't run spyware removal of any kind, internet crashes, and search engine redirects


  • Please log in to reply
22 replies to this topic

#1 VirusSuck

VirusSuck

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 27 October 2009 - 11:29 AM

Hey I'm new to the site but I found it through google and read through some of the different problems and I found it to be very reliable.
First of my laptop (my poor baby) was infected with something and I have no clue what it is and it's a really big pain. I was reading manga on a site my friend recommended (which after I told her my problem she was all to happy to say oh yeah that happened to my uncles' computer making me an unhappy camper) when all these random pops started downloading themselves to my computer. It was really hard to convince my mother I had no idea why porn icon were on my computer although those were easy to delete. However the problem still remains. Right after I deleted the icons i tried running my anti malware after about 4 second it goes away and when I tried to bring it back up it say error you don't have the proper permission for this file. So I tried my alternate anti malware finding the same error. I panicked and tried searching for different fixes online but everytime I came to one the page was redirected to random websites and the only way to view the page was to use cached, in doing so the download didn't work thus really annoying my that something had gone so far as to disable my ability to download anti maleware spybots search and destroy as well as hijackthis. Also another error pops up that says window had to shut down to prevent damage to prevent damage to your computer.
-Problem-
1.Anti malware, spybots etc won't run or download
2. Search engine redirects
3. installation of random icons
4. Annoying pop ups
5. "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item
6. And every time I start up my laptop a pop up is up saying error file path C:/vetahadu/system32 unable to locate

I think I also went a little crazy to try and remove the problem and might have made it worse or agitate them further.
Please help me when you can ,thank you!! Almost forgot i use windoxs XP just incase you needed that information

Edited by VirusSuck, 27 October 2009 - 11:35 AM.


BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:23 PM

Posted 27 October 2009 - 11:39 PM

Download this file and save it to your desktop:

http://download.bleepingcomputer.com/grinler/rkill.scr

Double-click the file to run it. A command window will open briefly. Then run a quick scan with Malwarebytes. Post the Malwarebytes log.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 VirusSuck

VirusSuck
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 28 October 2009 - 10:23 AM

Tried to run the download but it said C:\Documents and Settings\Cobra commander\My Documents\downloads\rkill.scr is not a valid win32 application. Retried and the malwarebytes stopped working it said Windows cannot access the specified device, path, or file. You may not have the appropriate permission to access the item.

Edited by VirusSuck, 28 October 2009 - 10:34 AM.


#4 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:23 PM

Posted 28 October 2009 - 03:49 PM

Try this scan:

http://live.sunbeltsoftware.com/
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#5 VirusSuck

VirusSuck
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 29 October 2009 - 09:04 AM

Thank you so much that worked! But it still has stuff.
C:\WINDOWS\system32\snmpapi.dll
C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.
788\wups.dll
C:\WINDOWS\system32\sol.exe
C:\WINDOWS\system32\sort.exe
C:\WINDOWS\system32\spider.exe
C:\WINDOWS\system32\spool\drivers\w32x86
C:\WINDOWS\system32\sprio800.dll
C:\WINDOWS\system32\sqlunirl.dll
C:\WINDOWS\system32\srvsvc.dll
C:\WINDOWS\system32\ssdpsrv.dll
C:\WINDOWS\system32\ssmypics.scr
C:\WINDOWS\system32\sstext3d.scr
C:\WINDOWS\system32\stimon.exe
C:\WINDOWS\system32\strmdll.dll
C:\WINDOWS\system32\swprv.dll
C:\WINDOWS\system32\sysdm.cpl
C:\WINDOWS\system32\syskey.exe
C:\WINDOWS\system32\sysocmgr.exe
C:\WINDOWS\system32\systray.exe
C:\WINDOWS\system32\t1p0_170520345326.b1k
C:\WINDOWS\system32\t1p0_560519851033.b1k
C:\WINDOWS\system32\t1p0_567241711489.b1k
C:\WINDOWS\system32\t2embed.dll
C:\WINDOWS\system32\tapiperf.dll
C:\WINDOWS\system32\tcpmonui.dll
C:\WINDOWS\system32\telephon.cpl
C:\WINDOWS\system32\termmgr.dll
C:\WINDOWS\system32\timedate.cpl
C:\WINDOWS\system32\tracert6.exe
C:\WINDOWS\system32\tscfgwmi.dll
C:\WINDOWS\system32\tskill.exe
C:\WINDOWS\system32\twext.dll
C:\WINDOWS\system32\tzchange.exe
C:\WINDOWS\system32\udhisapi.dll
C:\WINDOWS\system32\umpnpmgr.dll
C:\WINDOWS\system32\uniime.dll
C:\WINDOWS\system32\upnphost.dll
C:\WINDOWS\system32\URTTemp
C:\WINDOWS\system32\URTTemp\mscorwks.dll
C:\WINDOWS\system32\user.exe
C:\WINDOWS\system32\usmt\guitrn.dll
C:\WINDOWS\system32\usmt\migism.dll
C:\WINDOWS\system32\usmt\migload.exe
C:\WINDOWS\system32\usmt\migwiz.exe
C:\WINDOWS\system32\usmt\migwiza.exe
C:\WINDOWS\system32\usmt\sysmod.dll
C:\WINDOWS\system32\usrcoina.dll
C:\WINDOWS\system32\usrlbva.dll
C:\WINDOWS\system32\usrsdpia.dll
C:\WINDOWS\system32\usrvoica.dll
C:\WINDOWS\system32\utilman.exe
C:\WINDOWS\system32\vbisurf.ax
C:\WINDOWS\system32\ver.dll
C:\WINDOWS\system32\verifier.dll
C:\WINDOWS\system32\vfpodbc.dll
C:\WINDOWS\system32\vjoy.dll
C:\WINDOWS\system32\vssvc.exe
C:\WINDOWS\system32\w32tm.exe
C:\WINDOWS\system32\wbcache.enu
C:\WINDOWS\system32\wbdbase.fra
C:\WINDOWS\system32\wbdbase.sve
C:\WINDOWS\system32\wbem\AutoRecover\1E97A05DE566CF6EEAE29D0634E27392.mof
C:\WINDOWS\system32\wbem\AutoRecover\2AA23BB86A5EBD8BC2D820944E55B233.mof
C:\WINDOWS\system32\wbem\AutoRecover\42355E8E232EF8CADD187D531DEC55DD.mof
C:\WINDOWS\system32\wbem\AutoRecover\72F867EF62976CE9F70993FF3E68A4EB.mof
C:\WINDOWS\system32\wbem\AutoRecover\903E49C444C46FEF5F2C3A189C9CEF71.mof
C:\WINDOWS\system32\wbem\AutoRecover\BE81B2C0741907C1FC1C42B6223E59AD.mof
C:\WINDOWS\system32\wbem\AutoRecover\CFC35B349D24A8495FD2CEAB15C32D88.mof
C:\WINDOWS\system32\wbem\AutoRecover\EDBF963FB003D0670AA9C2219BD091FB.mof
C:\WINDOWS\system32\wbem\cimwin32.mof
C:\WINDOWS\system32\wbem\esscli.dll
C:\WINDOWS\system32\wbem\framedyn.dll
C:\WINDOWS\system32\wbem\licwmi.mfl
C:\WINDOWS\system32\wbem\Logs\wbemess.log
C:\WINDOWS\system32\wbem\Logs\wbemprox.lo_
C:\WINDOWS\system32\wbem\Logs\wmiprov.log
C:\WINDOWS\system32\wbem\mofd.dll
C:\WINDOWS\system32\wbem\msiprov.dll
C:\WINDOWS\system32\wbem\Performance\WmiApRpl.h
C:\WINDOWS\system32\wbem\repdrvfs.dll
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP
C:\WINDOWS\system32\wbem\scrcons.exe
C:\WINDOWS\system32\wbem\smtpcons.dll
C:\WINDOWS\system32\wbem\tmplprov.dll
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wbemads.dll
C:\WINDOWS\system32\wbem\wbemcore.dll
C:\WINDOWS\system32\wbem\wbemtest.exe
C:\WINDOWS\system32\wbem\wmi.mof
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\wmipcima.mof
C:\WINDOWS\system32\wbem\wmipicmp.mof
C:\WINDOWS\system32\wbem\wmipjobj.mof
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiutils.dll
C:\WINDOWS\system32\webclnt.dll
C:\WINDOWS\system32\wextract.exe
C:\WINDOWS\system32\wiaacmgr.exe
C:\WINDOWS\system32\wiashext.dll
C:\WINDOWS\system32\win.com
C:\WINDOWS\system32\winchat.exe
C:\WINDOWS\system32\winfax.dll
C:\WINDOWS\system32\winipsec.dll
C:\WINDOWS\system32\winmsd.exe
C:\WINDOWS\system32\winrnr.dll
C:\WINDOWS\system32\winstrm.dll
C:\WINDOWS\system32\wlnotify.dll
C:\WINDOWS\system32\wmdmlog.dll
C:\WINDOWS\system32\wmdtc.exe
C:\WINDOWS\system32\wmi.dll
C:\WINDOWS\system32\wmp.dll
C:\WINDOWS\system32\wmpcore.dll
C:\WINDOWS\system32\wmpshell.dll
C:\WINDOWS\system32\wmspdmod.dll
C:\WINDOWS\system32\WMVCore.dll
C:\WINDOWS\system32\wmvdmod.dll
C:\WINDOWS\system32\wow32.dll
C:\WINDOWS\system32\write.exe
C:\WINDOWS\system32\wshatm.dll
C:\WINDOWS\system32\wshnetbs.dll
C:\WINDOWS\system32\wstdecod.dll
C:\WINDOWS\system32\wuauclt1.exe
C:\WINDOWS\system32\wupdmgr.exe
C:\WINDOWS\system32\xactsrv.dll
C:\WINDOWS\system32\xenroll.dll
C:\WINDOWS\system32\xolehlp.dll
C:\WINDOWS\system32\xpsp1res.dll
C:\WINDOWS\system32\xpsp3res.dll
C:\WINDOWS\TASKMAN.EXE
C:\WINDOWS\Temp\dd_ATL80SP1_KB973923MSI70A3.txt
C:\WINDOWS\Temp\GoogleToolbarInstaller2.log
C:\WINDOWS\Temp\MpSigStub.log
C:\WINDOWS\Temp\mta13187.dll
C:\WINDOWS\Temp\NDP1.1sp1-KB953297-X86\NDP1.1sp1-KB953297-X86-wrapper.log
C:\WINDOWS\Temp\Perflib_Perfdata_ca8.dat
C:\WINDOWS\Temp\WLXPL_DX\DSETUP.dll
C:\WINDOWS\Temp\WLXPL_DX\dxdllreg_x86.cab
C:\WINDOWS\Temp\x1c25037.dll
C:\WINDOWS\Temp\x1c48936.dll
C:\WINDOWS\Temp\x1c86602.dll
C:\WINDOWS\twain.dll
C:\WINDOWS\twunk_32.exe
C:\WINDOWS\vmmreg32.dll
C:\WINDOWS\Web\printers\images\ipp_0012.gif
C:\WINDOWS\Web\printers\ipp_0005.asp
C:\WINDOWS\Web\printers\ipp_0013.asp
C:\WINDOWS\Web\safemode.htt
C:\WINDOWS\Web\Wallpaper\Autumn.jpg
C:\WINDOWS\Web\Wallpaper\Follow.jpg
C:\WINDOWS\Web\Wallpaper\Vortec space.jpg
C:\WINDOWS\winhelp.exe
C:\WINDOWS\winhlp32.exe
C:\WINDOWS\WinSxS
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.16
3_x-ww_681e29fb.cat
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42
_x-ww_dec6ddd2.cat
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf
1df_7.0.0.0_x-ww_2726e76a.Manifest
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Networking.RtcDll_6595b64144cc
f1df_5.2.2.3_x-ww_d6bd8b95.Manifest
C:\WINDOWS\WinSxS\Policies\x86_policy.5.1.Microsoft.Windows.SystemCompatible_659
5b64144ccf1df_x-ww_a0111510\5.1.2600.2000.cat
C:\WINDOWS\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_x-
ww_5f0bbcff\8.0.50727.42.cat
C:\WINDOWS\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b
_x-ww_caeee150
C:\WINDOWS\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b
_x-ww_7d81c9f9\8.0.50727.762.cat
C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b641
44ccf1df_6.0.0.0_x-ww_ff9986d7\mfc42.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b641
44ccf1df_6.0.0.0_x-ww_ff9986d7\mfc42u.dll
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_47
3666fd\ATL80.dll
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681
e29fb\msvcm80.dll
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681
e29fb\msvcp80.dll
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de0
6acd\msvcm80.dll
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de0
6acd\msvcp80.dll
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b1
28700\msvcm80.dll
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3
415f6d0\mfc80ESP.dll
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_
91481303\mfc80DEU.dll
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_
91481303\mfc80KOR.dll
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6
ddd2\mfc80.dll
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6
ddd2\mfc80u.dll
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf
8fa05\mfcm80.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0
_x-ww_1382d70a\comctl32.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.26
00.5512_x-ww_3fd60d63\msvcirt.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5512_x
-ww_dfb54e0c
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x
-ww_dfbc4fc4\GdiPlus.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2
.3_x-ww_d6bd8b95\rtcdll.dll
C:\WINDOWS\WMSysPr9.prx
D:\RECYCLER\S-1-5-21-2300177166-4205750228-2754154869-1003
D:\System Volume Information\_restore{BADCEA4B-5DE3-46B6-9665-CAD8946A7B16}\RP36

D:\System Volume Information\_restore{BADCEA4B-5DE3-46B6-9665-CAD8946A7B16}\RP54
\change.log.2
D:\System Volume Information\_restore{BADCEA4B-5DE3-46B6-9665-CAD8946A7B16}\RP59
\RestorePointSize
Scanning registry...
HKEY_USERS\S-1-5-19_Classes\
[THREAT] Item: HKEY_LOCAL_MACHINE\Software\Classes\IEHlprObj.IEHlprObj.1 1, ID:
4175318, Name: Trojan-GameThief.Win32.Magania.bdqv, Category: Trojan
[THREAT] Item: HKEY_LOCAL_MACHINE\Software\Classes\IEHlprObj.IEHlprObj.1\CLSID 1
, ID: 4175318, Name: Trojan-GameThief.Win32.Magania.bdqv, Category: Trojan
[THREAT] Item: HKEY_LOCAL_MACHINE\Software\Classes\IEHlprObj.IEHlprObj.1\CLSID -
1, ID: 4175318, Name: Trojan-GameThief.Win32.Magania.bdqv, Category: Trojan
[THREAT] Item: HKEY_LOCAL_MACHINE\Software\Classes\IEHlprObj.IEHlprObj.1 -1, ID:
4175318, Name: Trojan-GameThief.Win32.Magania.bdqv, Category: Trojan
HKEY_LOCAL_MACHINE\Software\Classes\ImagingServices.EnumEffect\
HKEY_LOCAL_MACHINE\Software\Classes\SystemFileAssociations\
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{6038EF75-ABFC-4e59-AB6F-12D397F6568D}
\
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{D3E34B21-9D75-101A-8C3D-00AA001A1652}
\
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{1E13E9EC-6B33-4D4A-B5EB-8A92F029F
356}\
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{5C861803-B3F1-4956-9BC2-7737BA72C
606}\
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{B45BBD7E-A977-3F56-A626-7A693E5DB
BC5}\
[THREAT] Item: HKEY_LOCAL_MACHINE\Software\Classes\Interface\{DABA6477-80C0-440B
-9A45-0A7FA4B60562} 1, ID: 4139237, Name: Anti-Virus Number-1, Category: Rogue S
ecurity Program
[THREAT] Item: HKEY_LOCAL_MACHINE\Software\Classes\Interface\{DABA6477-80C0-440B
-9A45-0A7FA4B60562}\ProxyStubClsid 1, ID: 4139237, Name: Anti-Virus Number-1, Ca
tegory: Rogue Security Program
[THREAT] Item: HKEY_LOCAL_MACHINE\Software\Classes\Interface\{DABA6477-80C0-440B
-9A45-0A7FA4B60562}\ProxyStubClsid -1, ID: 4139237, Name: Anti-Virus Number-1, C
ategory: Rogue Security Program
[THREAT] Item: HKEY_LOCAL_MACHINE\Software\Classes\Interface\{DABA6477-80C0-440B
-9A45-0A7FA4B60562}\ProxyStubClsid32 1, ID: 4139237, Name: Anti-Virus Number-1,
Category: Rogue Security Program
[THREAT] Item: HKEY_LOCAL_MACHINE\Software\Classes\Interface\{DABA6477-80C0-440B
-9A45-0A7FA4B60562}\ProxyStubClsid32 -1, ID: 4139237, Name: Anti-Virus Number-1,
Category: Rogue Security Program
[THREAT] Item: HKEY_LOCAL_MACHINE\Software\Classes\Interface\{DABA6477-80C0-440B
-9A45-0A7FA4B60562}\TypeLib 1, ID: 4139237, Name: Anti-Virus Number-1, Category:
Rogue Security Program
[THREAT] Item: HKEY_LOCAL_MACHINE\Software\Classes\Interface\{DABA6477-80C0-440B
-9A45-0A7FA4B60562}\TypeLib\Version 1, ID: 4139237, Name: Anti-Virus Number-1, C
ategory: Rogue Security Program
[THREAT] Item: HKEY_LOCAL_MACHINE\Software\Classes\Interface\{DABA6477-80C0-440B
-9A45-0A7FA4B60562}\TypeLib -1, ID: 4139237, Name: Anti-Virus Number-1, Category
: Rogue Security Program
[THREAT] Item: HKEY_LOCAL_MACHINE\Software\Classes\Interface\{DABA6477-80C0-440B
-9A45-0A7FA4B60562} -1, ID: 4139237, Name: Anti-Virus Number-1, Category: Rogue
Security Program
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{EC80D064-102E-435F-AAFB-D37E2A4EF
654}\
HKEY_USERS\S-1-5-21-1901055612-1570913670-3603506707-1006\software\microsoft\int
ernet explorer\main\Default Feeds\
HKEY_USERS\.DEFAULT\software\microsoft\internet explorer\explorer bars\
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\abp480n5\Parameters\
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AvgTdiX\Security\
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dmload\Enum\
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Starte
r\
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\mraid35x\
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Ftdisk\Enum\
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\isapnp\
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Mup\
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCI\
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rdbss\Security\
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SENS\
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\swmidi\
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbvideo\
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\xmlprov\Parameters\
Scan completed.
Scan time: 00:45:50
Rootkits: 4462 scanned, 22 found
Processes: 40 scanned, 1 found
Modules: 1818 scanned, 12 found
Folders: 3492 scanned, 0 found
Files: 49070 scanned, 7 found
Registry: 16979 scanned, 13 found
Total: 75861 scanned, 55 found
55 threat traces were detected.
Starting clean.
Quarantine {93A9FF1F-419A-43DE-B497-FBCE8C7DA0EF} completed.
Quarantine {3E611BE2-938F-4D7F-910A-4B9E4AAA46A6} completed.

C:\VIPRERESCUE>

Edited by VirusSuck, 29 October 2009 - 04:04 PM.


#6 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:23 PM

Posted 29 October 2009 - 04:05 PM

Are you now able to scan with Malwarebytes?
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#7 VirusSuck

VirusSuck
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 29 October 2009 - 04:34 PM

No it goes for about a minute now then turns off.

#8 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:23 PM

Posted 29 October 2009 - 04:45 PM

Run the latest version of rkill:

http://download.bleepingcomputer.com/grinler/rkill.scr

And then try Malwarebytes again.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#9 VirusSuck

VirusSuck
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 29 October 2009 - 06:04 PM

That doesn't have a virusor something attatched doesd itcause the log from the viper thing had the other one listed as a trojan. Or did the trojan just infect the last one?

#10 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:23 PM

Posted 29 October 2009 - 06:17 PM

rkill is okay to use. Some scanners will pick it up - but that is just a false positive.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#11 VirusSuck

VirusSuck
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 29 October 2009 - 09:38 PM

okay so download that run it then right after run malewarebytes. Do I need to redownload another copy of malewarebytes or should the other one be fine? Sorry I am a little slow on the computer stuff and thank you so much for helping me.

#12 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:23 PM

Posted 29 October 2009 - 10:02 PM

Yes that is correct. Run rkill and then immediately run Malwarebytes. If Malwarebytes won't run try downloading and installing it again.

You can also try this to trick the virus:

-- Some types of malware will disable Malwarebytes Anti-Malware and other security tools to keep them from running properly. Others may delete the main mbam.exe executable file during installation or when attempting to perform a scan which results in various errors.

One way to resolve this is to download and install Malwarebytes Anti-Malware on a non-infected computer.

  • After installation, open Windows Explorer and navigate to the C:\Program Files\Malwarebytes' Anti-Malware\ folder where mbam.exe is located.
  • Copy the mbam.exe file to the Desktop and rename it to wuauclt.exe or explorer.exe.
  • Save the renamed file to a usb flash drive or CD, then transfer to the infected computer.
    • Another option is to upload the file somewhere so you can download it later to the infected computer.
    • If you do not have access to another computer, ask a friend to email or upload a renamed mbam.exe for you and provide a link to download it.
  • Place the renamed mbam.exe in the C:\Program Files\Malwarebytes' Anti-Malware folder on the infected computer, then double-click on it to launch the program.
  • Check for database definition updates through the program's interface.
  • Then perform a Quick Scan, check all items found for removal and reboot afterwards.
  • Failure to reboot will prevent MBAM from removing all the malware.
  • When done, click the Logs tab and copy/paste the contents of the report in your next reply.


The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#13 VirusSuck

VirusSuck
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 30 October 2009 - 04:07 PM

After doing that it still shuts down and then when I click on it a pop up comes up saying. Windos cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item. Like I can click around on the tabs and it will stay up but as soon as I run the scan thats when it starts. it happens to all of the maleware I've tried even after renaming it. I know there are rootkits on my laptop have to use something to get rid of those first?

Edited by VirusSuck, 30 October 2009 - 04:19 PM.


#14 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:23 PM

Posted 31 October 2009 - 02:57 AM

Please download ATF Cleaner by Atribune & save it to your desktop. alternate download link DO NOT use yet.
Please download and install SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here and unzip into the program's folder.)
  • Under the "Configuration and Preferences", click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#15 VirusSuck

VirusSuck
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 31 October 2009 - 12:20 PM

Atf installed but when trying to install superantispyware and error popped up. Error 1321. Windows installer has insufficient privleges to modify the file:C:\Program Files\SuperAntispyware.exe




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users