Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Malware on my HP Vista Laptop!

  • Please log in to reply
No replies to this topic

#1 Kristen V.

Kristen V.

  • Members
  • 1 posts
  • Gender:Female
  • Location:Tampa, FL
  • Local time:12:10 AM

Posted 28 July 2010 - 10:43 AM

Ok well I should begin by saying that this laptop:

Posted Image

Has a cracked screen and I'm using an external Monitor for use. The laptop screen is totally damaged except the upper left corner.
This means, every time I boot it up from crashing I can still see when Windows boots up and guess what option to choose from trail and error.
Finally when lucks turn my way, the laptop begins showing signs of booting, until this pops up before I even get a chance to log-in:

Posted Image

And for some reason those login errors stopped & I've successfully logged in with no problem after trying a lot.

Except when I did login to my account, my background and the icons on my desktop all turned black:
Posted Image

I immediately ran 'CCleaner' for registry which did nothing. And keep in mind, all this while my CPU Usage is clocking at 100% almost all of the time.

So then ran the latest 'Malwarebytes' Anti-Malware' on a full scan on my hard-drive twice.

First log:
Malwarebytes' Anti-Malware 1.46www.malwarebytes.orgDatabase version: 4312Windows 6.0.6001 Service Pack 1Internet Explorer 8.0.6001.187837/26/2010 4:10:20 PMmbam-log-2010-07-26 (16-10-20).txtScan type: Full scan (C:\|)Objects scanned: 50660Time elapsed: 6 minute(s), 50 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 1Registry Values Infected: 4Registry Data Items Infected: 0Folders Infected: 0Files Infected: 1Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{twl87rvv-g10b-b4ih-50xs-p6xp281m0d62} (Generic.Bot.H) -> Quarantined and deleted successfully.Registry Values Infected:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hkcu (Trojan.Backdoor) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\policies (Trojan.Backdoor) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hklm (Trojan.Backdoor) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\policies (Trojan.Backdoor) -> Quarantined and deleted successfully.Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:C:\WINDOWS\System32\Winbooterr\Svchost.exe (Generic.Bot.H) -> Quarantined and deleted successfully.

Second log:
Malwarebytes' Anti-Malware 1.46www.malwarebytes.orgDatabase version: 4312Windows 6.0.6001 Service Pack 1Internet Explorer 8.0.6001.187837/26/2010 7:58:03 PMmbam-log-2010-07-26 (19-58-03).txtScan type: Full scan (C:\|)Objects scanned: 320366Time elapsed: 1 hour(s), 34 minute(s), 59 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 16Files Infected: 13Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Quarantined and deleted successfully.C:\ProgramData\ClickPotatoLiteSA (Adware.ClickPotato) -> Quarantined and deleted successfully.C:\Program Files\ClickPotatoLite (Adware.ClickPotato) -> Quarantined and deleted successfully.C:\Program Files\ClickPotatoLite\bin (Adware.ClickPotato) -> Quarantined and deleted successfully.C:\Program Files\ClickPotatoLite\bin\10.0.519.0 (Adware.ClickPotato) -> Quarantined and deleted successfully.C:\Program Files\ClickPotatoLite\bin\10.0.519.0\firefox (Adware.ClickPotato) -> Quarantined and deleted successfully.C:\Program Files\ClickPotatoLite\bin\10.0.519.0\firefox\extensions (Adware.ClickPotato) -> Quarantined and deleted successfully.C:\Program Files\ShopperReports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.C:\Program Files\ShopperReports3\bin (Adware.ShopperReports) -> Quarantined and deleted successfully.C:\Program Files\ShopperReports3\bin\3.0.489.0 (Adware.ShopperReports) -> Quarantined and deleted successfully.C:\Program Files\ShopperReports3\bin\3.0.489.0\firefox (Adware.ShopperReports) -> Quarantined and deleted successfully.C:\Program Files\ShopperReports3\bin\3.0.489.0\firefox\firefoxtoolbar (Adware.ShopperReports) -> Quarantined and deleted successfully.C:\Program Files\ShopperReports3\bin\3.0.489.0\firefox\firefoxtoolbar\extensions (Adware.ShopperReports) -> Quarantined and deleted successfully.C:\Program Files\ShopperReports3\bin\3.0.489.0\firefox\firefoxtoolbar\extensions\chrome (Adware.ShopperReports) -> Quarantined and deleted successfully.C:\Program Files\ShopperReports3\bin\3.0.489.0\firefox\firefoxtoolbar\extensions\components (Adware.ShopperReports) -> Quarantined and deleted successfully.C:\WINDOWS\System32\Winbooterr (Trojan.Backdoor) -> Quarantined and deleted successfully.Files Infected:C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSA.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSAAbout.mht (Adware.ClickPotato) -> Quarantined and deleted successfully.C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSAau.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSAEULA.mht (Adware.ClickPotato) -> Quarantined and deleted successfully.C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSA_hpk.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSA_kyf_update.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.C:\Program Files\ClickPotatoLite\bin\10.0.519.0\firefox\extensions\install.rdf (Adware.ClickPotato) -> Quarantined and deleted successfully.C:\Program Files\ShopperReports3\bin\3.0.489.0\firefox\firefoxtoolbar\extensions\install.rdf (Adware.ShopperReports) -> Quarantined and deleted successfully.C:\Program Files\ShopperReports3\bin\3.0.489.0\firefox\firefoxtoolbar\extensions\chrome\firefoxtoolbar.jar (Adware.ShopperReports) -> Quarantined and deleted successfully.C:\Program Files\ShopperReports3\bin\3.0.489.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.xpt (Adware.ShopperReports) -> Quarantined and deleted successfully.C:\Users\Rum\AppData\Roaming\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully.C:\Users\Rum\AppData\Local\Temp\UuU.uUu (Malware.Trace) -> Quarantined and deleted successfully.C:\Users\Rum\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> Quarantined and deleted successfully.

I then downloaded ComboFix from you guys: http://www.bleepingcomputer.com/download/anti-virus/combofix

But for some reason the times I've tried to run it, after the ComboFix progress bar is full, my screen just freezes.
And then I'm delighted with a blue 'Windows has detected a problem....crash dump' screen.

Please help
Much appreciated, and thanks in advance :thumbsup:

Edited by Budapest, 28 July 2010 - 05:45 PM.
Moved from Virus, Trojan, Spyware, and Malware Removal Logs ~BP

BC AdBot (Login to Remove)


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users