Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please Help!: Non-Stop Malware on my laptop! Tenths of infections!


  • Please log in to reply
10 replies to this topic

#1 Megan S.

Megan S.

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Clearwater, FL
  • Local time:01:43 PM

Posted 08 August 2010 - 05:15 PM

I should begin with saying, that my laptop:

Posted Image

Is physically cracked everywhere other than the top left of my screen and am using an external monitor with wireless mouse and keyboard. I mention this because that's the only way I can boot up.

When the computer says "Windows has shut off unexpect..." And thats all I can read. So through trial and error, I go 'UP' 3 times on the arrow keys, then press 'Enter'. This usually boots it up.

BUT for some reason when I hear it boot up all of the sudden it turns off. Like right before it goes into the Windows log in screen.

SO again, thorugh trial and error, I found that disconnecting all of the USB plugs along with the DVI monitor plug, THEN boot it up, it works.

After that when I see it in the login screen through the part of the laptop screen thats not cracked;
To use the mouse, speakers, keyboard and monitor, I have to put the laptop to sleep, THEN plug all of the external connections, So when I boot the laptop from sleep it FINALLY brings my to my desktop.
______________________________________________________________

Now that we got the "How I boot my laptop" portion of the problem out of the way:

I immediately went and purchased "Malwarebytes' Anti-Malware" from their official site. After running a quick scan...

Malwarebytes' Anti-Malware 1.46 beta

[url=http://www.malwarebytes.org]www.malwarebytes.org[/url]

Database version: 4040

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18783

8/7/2010 12:02:38 PM
mbam-log-2010-08-07 (12-02-38).txt

Scan type: Quick scan
Objects scanned: 133965
Time elapsed: 18 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


THEN a bit after, a Flash Scan:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18783

8/7/2010 9:23:51 PM
mbam-log-2010-08-07 (21-23-51).txt

Scan type: Flash scan
Objects scanned: 100593
Time elapsed: 2 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



NOTHING AGAIN!

Which is impossible, since I'm getting redirected constantly, and my computer shuts off out of no where with battery full. All this while the CPU is clocking at around 80%-100% all of the time!

SO, I purchased a lifetime "SUPERAnti-Spyware Professional" subscription.
And with that, MAN did it find SOO much infections.

SUPERAntiSpyware Scan Log
[url=http://www.superantispyware.com/?rid=3324]http://www.superantispyware.com[/url]

Generated 08/07/2010 at 05:58 PM

Application Version : 4.40.1002

Core Rules Database Version : 5134
Trace Rules Database Version: 2946

Scan type	   : Quick Scan
Total Scan Time : 00:12:16

Memory items scanned	  : 544
Memory threats detected   : 0
Registry items scanned	: 2433
Registry threats detected : 0
File items scanned		: 1972
File threats detected	 : 45

Adware.Flash Tracking Cookie
	C:..Users..Magnus..AppData..Roaming..MACROMEDIA..FLASH PLAYER..#SHAREDOBJECTS..76XXEBLE..IA.MEDIA-IMDB.COM
	C:..Users..Magnus..AppData..Roaming..MACROMEDIA..FLASH PLAYER..#SHAREDOBJECTS..76XXEBLE..SECURE-US.IMRWORLDWIDE.COM

Adware.Tracking Cookie
	.adbrite.com [ C:..Users..Magnus..AppData..Local..Google..Chrome..User Data..Default..Cookies ]
	.adbrite.com [ C:..Users..Magnus..AppData..Local..Google..Chrome..User Data..Default..Cookies ]
	.adbrite.com [ C:..Users..Magnus..AppData..Local..Google..Chrome..User Data..Default..Cookies ]
	.adbrite.com [ C:..Users..Magnus..AppData..Local..Google..Chrome..User Data..Default..Cookies ]
	.adbrite.com [ C:..Users..Magnus..AppData..Local..Google..Chrome..User Data..Default..Cookies ]
	.content.yieldmanager.com [ C:..Users..Magnus..AppData..Local..Google..Chrome..User Data..Default..Cookies ]
	.imrworldwide.com [ C:..Users..Magnus..AppData..Local..Google..Chrome..User Data..Default..Cookies ]
	.imrworldwide.com [ C:..Users..Magnus..AppData..Local..Google..Chrome..User Data..Default..Cookies ]
	.doubleclick.net [ C:..Users..Magnus..AppData..Local..Google..Chrome..User Data..Default..Cookies ]
	cdn4.specificclick.net [ C:..Users..Magnus..AppData..Roaming..Macromedia..Flash Player..#SharedObjects..76XXEBLE ]
	ia.media-imdb.com [ C:..Users..Magnus..AppData..Roaming..Macromedia..Flash Player..#SharedObjects..76XXEBLE ]
	media.scanscout.com [ C:..Users..Magnus..AppData..Roaming..Macromedia..Flash Player..#SharedObjects..76XXEBLE ]
	secure-us.imrworldwide.com [ C:..Users..Magnus..AppData..Roaming..Macromedia..Flash Player..#SharedObjects..76XXEBLE ]
	.revsci.net [ C:..Users..Magnus..AppData..Roaming..Mozilla..Firefox..Profiles..dgvmjkb6.default..cookies.sqlite ]
	.revsci.net [ C:..Users..Magnus..AppData..Roaming..Mozilla..Firefox..Profiles..dgvmjkb6.default..cookies.sqlite ]
	.revsci.net [ C:..Users..Magnus..AppData..Roaming..Mozilla..Firefox..Profiles..dgvmjkb6.default..cookies.sqlite ]
	.revsci.net [ C:..Users..Magnus..AppData..Roaming..Mozilla..Firefox..Profiles..dgvmjkb6.default..cookies.sqlite ]
	.revsci.net [ C:..Users..Magnus..AppData..Roaming..Mozilla..Firefox..Profiles..dgvmjkb6.default..cookies.sqlite ]
	.doubleclick.net [ C:..Users..Magnus..AppData..Roaming..Mozilla..Firefox..Profiles..dgvmjkb6.default..cookies.sqlite ]
	.apmebf.com [ C:..Users..Magnus..AppData..Roaming..Mozilla..Firefox..Profiles..dgvmjkb6.default..cookies.sqlite ]
	.mediaplex.com [ C:..Users..Magnus..AppData..Roaming..Mozilla..Firefox..Profiles..dgvmjkb6.default..cookies.sqlite ]
	.kontera.com [ C:..Users..Magnus..AppData..Roaming..Mozilla..Firefox..Profiles..dgvmjkb6.default..cookies.sqlite ]
	.statcounter.com [ C:..Users..Magnus..AppData..Roaming..Mozilla..Firefox..Profiles..dgvmjkb6.default..cookies.sqlite ]
	.kontera.com [ C:..Users..Magnus..AppData..Roaming..Mozilla..Firefox..Profiles..dgvmjkb6.default..cookies.sqlite ]
	.kontera.com [ C:..Users..Magnus..AppData..Roaming..Mozilla..Firefox..Profiles..dgvmjkb6.default..cookies.sqlite ]
	.invitemedia.com [ C:..Users..Magnus..AppData..Roaming..Mozilla..Firefox..Profiles..dgvmjkb6.default..cookies.sqlite ]
	.invitemedia.com [ C:..Users..Magnus..AppData..Roaming..Mozilla..Firefox..Profiles..dgvmjkb6.default..cookies.sqlite ]
	pixel.invitemedia.com [ C:..Users..Magnus..AppData..Roaming..Mozilla..Firefox..Profiles..dgvmjkb6.default..cookies.sqlite ]
	.invitemedia.com [ C:..Users..Magnus..AppData..Roaming..Mozilla..Firefox..Profiles..dgvmjkb6.default..cookies.sqlite ]
	.invitemedia.com [ C:..Users..Magnus..AppData..Roaming..Mozilla..Firefox..Profiles..dgvmjkb6.default..cookies.sqlite ]
	.invitemedia.com [ C:..Users..Magnus..AppData..Roaming..Mozilla..Firefox..Profiles..dgvmjkb6.default..cookies.sqlite ]
	.invitemedia.com [ C:..Users..Magnus..AppData..Roaming..Mozilla..Firefox..Profiles..dgvmjkb6.default..cookies.sqlite ]
	.tacoda.net [ C:..Users..Magnus..AppData..Roaming..Mozilla..Firefox..Profiles..dgvmjkb6.default..cookies.sqlite ]
	.tacoda.net [ C:..Users..Magnus..AppData..Roaming..Mozilla..Firefox..Profiles..dgvmjkb6.default..cookies.sqlite ]
	.tacoda.net [ C:..Users..Magnus..AppData..Roaming..Mozilla..Firefox..Profiles..dgvmjkb6.default..cookies.sqlite ]
	.tacoda.net [ C:..Users..Magnus..AppData..Roaming..Mozilla..Firefox..Profiles..dgvmjkb6.default..cookies.sqlite ]
	.tacoda.net [ C:..Users..Magnus..AppData..Roaming..Mozilla..Firefox..Profiles..dgvmjkb6.default..cookies.sqlite ]
	.tacoda.net [ C:..Users..Magnus..AppData..Roaming..Mozilla..Firefox..Profiles..dgvmjkb6.default..cookies.sqlite ]
	.at.atwola.com [ C:..Users..Magnus..AppData..Roaming..Mozilla..Firefox..Profiles..dgvmjkb6.default..cookies.sqlite ]
	.at.atwola.com [ C:..Users..Magnus..AppData..Roaming..Mozilla..Firefox..Profiles..dgvmjkb6.default..cookies.sqlite ]
	.advertising.com [ C:..Users..Magnus..AppData..Roaming..Mozilla..Firefox..Profiles..dgvmjkb6.default..cookies.sqlite ]
	.advertising.com [ C:..Users..Magnus..AppData..Roaming..Mozilla..Firefox..Profiles..dgvmjkb6.default..cookies.sqlite ]


AND ANOTHER QUICK SCAN (Remember I quartine and remove them, but they KEEP showing up! :huh: )

SUPERAntiSpyware Scan Log

[url=http://www.superantispyware.com/?rid=3324]http://www.superantispyware.com[/url]

Generated 08/07/2010 at 07:11 PM

Application Version : 4.40.1002

Core Rules Database Version : 5134
Trace Rules Database Version: 2946

Scan type	   : Quick Scan
Total Scan Time : 00:22:58

Memory items scanned	  : 516
Memory threats detected   : 0
Registry items scanned	: 2433
Registry threats detected : 0
File items scanned		: 9334
File threats detected	 : 7

Adware.Tracking Cookie
	.collective-media.net [ C:..Users..Magnus..AppData..Local..Google..Chrome..User Data..Default..Cookies ]
	.collective-media.net [ C:..Users..Magnus..AppData..Local..Google..Chrome..User Data..Default..Cookies ]
	1.d.j.cltomedia.info [ C:..Users..Rum..AppData..Local..Google..Chrome..User Data..Default..Cookies ]
	C:..Users..Rum..AppData..Roaming..Microsoft..Windows..Cookies..rum@ad.yieldmanager[2].txt
	C:..Users..Rum..AppData..Roaming..Microsoft..Windows..Cookies..rum@adinterax[2].txt
	C:..Users..Rum..AppData..Roaming..Microsoft..Windows..Cookies..rum@content.yieldmanager[1].txt
	C:..Users..Rum..AppData..Roaming..Microsoft..Windows..Cookies..rum@yieldmanager[1].txt


NOT only that, but since I bought Malwarebytes, I run the Real-Time protection and it's constantly blocking these weird IP addresses,
what do these people want to do with my computer?!:

10:44:24	Magnus	MESSAGE	Protection started successfully
10:44:31	Magnus	MESSAGE	IP Protection started successfully
10:51:43	Magnus	IP-BLOCK	85.159.232.52
10:51:43	Magnus	IP-BLOCK	85.159.232.52
10:51:43	Magnus	IP-BLOCK	85.159.232.53
10:51:43	Magnus	IP-BLOCK	85.159.232.53
10:51:43	Magnus	IP-BLOCK	85.159.232.54
10:51:43	Magnus	IP-BLOCK	85.159.232.54
10:51:43	Magnus	IP-BLOCK	85.159.232.51
10:51:43	Magnus	IP-BLOCK	85.159.232.51
10:51:43	Magnus	IP-BLOCK	85.159.232.52
10:51:43	Magnus	IP-BLOCK	85.159.232.53
10:51:43	Magnus	IP-BLOCK	85.159.232.54
10:51:43	Magnus	IP-BLOCK	85.159.232.51
10:51:51	Magnus	IP-BLOCK	85.159.232.52
10:51:51	Magnus	IP-BLOCK	85.159.232.52
10:51:51	Magnus	IP-BLOCK	85.159.232.53
10:51:51	Magnus	IP-BLOCK	85.159.232.53
10:51:52	Magnus	IP-BLOCK	85.159.232.54
10:51:52	Magnus	IP-BLOCK	85.159.232.54
10:51:52	Magnus	IP-BLOCK	85.159.232.51
10:51:52	Magnus	IP-BLOCK	85.159.232.51
10:51:52	Magnus	IP-BLOCK	85.159.232.52
10:51:52	Magnus	IP-BLOCK	85.159.232.53
10:51:52	Magnus	IP-BLOCK	85.159.232.54
10:51:52	Magnus	IP-BLOCK	85.159.232.51
10:52:08	Magnus	IP-BLOCK	91.213.8.133
10:52:08	Magnus	IP-BLOCK	85.159.232.52
10:52:08	Magnus	IP-BLOCK	85.159.232.53
10:52:08	Magnus	IP-BLOCK	85.159.232.54
10:52:08	Magnus	IP-BLOCK	85.159.232.51
10:52:08	Magnus	IP-BLOCK	85.159.232.52
10:52:08	Magnus	IP-BLOCK	85.159.232.53
10:52:08	Magnus	IP-BLOCK	85.159.232.54
10:52:08	Magnus	IP-BLOCK	85.159.232.51
10:53:13	Magnus	IP-BLOCK	91.213.8.133
10:54:26	Magnus	IP-BLOCK	91.213.8.133
11:37:05	Magnus	MESSAGE	Protection started successfully
11:37:10	Magnus	MESSAGE	IP Protection started successfully
12:00:42	Magnus	IP-BLOCK	64.106.198.74
12:01:22	Magnus	IP-BLOCK	93.190.141.103
12:01:22	Magnus	IP-BLOCK	93.190.141.103
12:01:22	Magnus	IP-BLOCK	93.190.141.134
12:01:22	Magnus	IP-BLOCK	93.190.141.103
12:01:22	Magnus	IP-BLOCK	93.190.141.103
12:01:22	Magnus	IP-BLOCK	93.190.141.134
12:01:22	Magnus	IP-BLOCK	93.190.141.134
12:01:22	Magnus	IP-BLOCK	93.190.141.103
12:01:22	Magnus	IP-BLOCK	93.190.141.103
12:01:46	Magnus	IP-BLOCK	93.190.141.134
12:01:47	Magnus	IP-BLOCK	93.190.141.134
12:01:47	Magnus	IP-BLOCK	93.190.141.134
12:37:27	Magnus	IP-BLOCK	85.159.232.52
12:37:27	Magnus	IP-BLOCK	85.159.232.52
12:37:27	Magnus	IP-BLOCK	85.159.232.53
12:37:27	Magnus	IP-BLOCK	85.159.232.53
12:37:27	Magnus	IP-BLOCK	85.159.232.54
12:37:27	Magnus	IP-BLOCK	85.159.232.54
12:37:27	Magnus	IP-BLOCK	85.159.232.51
12:37:27	Magnus	IP-BLOCK	85.159.232.51
12:37:27	Magnus	IP-BLOCK	85.159.232.52
12:37:27	Magnus	IP-BLOCK	85.159.232.52
12:37:27	Magnus	IP-BLOCK	85.159.232.53
12:37:27	Magnus	IP-BLOCK	85.159.232.53
12:37:27	Magnus	IP-BLOCK	85.159.232.54
12:37:27	Magnus	IP-BLOCK	85.159.232.54
12:37:27	Magnus	IP-BLOCK	85.159.232.51
12:37:27	Magnus	IP-BLOCK	85.159.232.51
12:37:35	Magnus	IP-BLOCK	85.159.232.52
12:37:35	Magnus	IP-BLOCK	85.159.232.53
12:37:35	Magnus	IP-BLOCK	85.159.232.54
12:37:35	Magnus	IP-BLOCK	85.159.232.51
12:37:35	Magnus	IP-BLOCK	85.159.232.52
12:37:35	Magnus	IP-BLOCK	85.159.232.53
12:37:35	Magnus	IP-BLOCK	85.159.232.54
12:37:35	Magnus	IP-BLOCK	85.159.232.51
12:37:35	Magnus	IP-BLOCK	85.159.232.52
12:37:35	Magnus	IP-BLOCK	85.159.232.53
12:37:35	Magnus	IP-BLOCK	85.159.232.54
12:37:35	Magnus	IP-BLOCK	85.159.232.51
14:28:50	Magnus	MESSAGE	Protection started successfully
14:28:54	Magnus	MESSAGE	IP Protection started successfully
15:35:16	Magnus	IP-BLOCK	67.228.250.38
15:35:16	Magnus	IP-BLOCK	67.228.250.38
15:35:24	Magnus	IP-BLOCK	67.228.250.38
15:35:24	Magnus	IP-BLOCK	67.228.250.38
15:35:24	Magnus	IP-BLOCK	67.228.250.38
15:35:32	Magnus	IP-BLOCK	67.228.250.38
15:35:56	Magnus	IP-BLOCK	67.228.250.38
15:44:41	Magnus	IP-BLOCK	213.174.140.64
15:44:41	Magnus	IP-BLOCK	213.174.140.64
15:44:41	Magnus	IP-BLOCK	213.174.140.64
15:44:41	Magnus	IP-BLOCK	213.174.140.64
15:44:41	Magnus	IP-BLOCK	213.174.140.64
15:44:41	Magnus	IP-BLOCK	213.174.140.64
15:44:41	Magnus	IP-BLOCK	213.174.140.64
15:44:41	Magnus	IP-BLOCK	213.174.140.64
15:44:41	Magnus	IP-BLOCK	213.174.140.64
15:44:41	Magnus	IP-BLOCK	213.174.140.64
15:44:41	Magnus	IP-BLOCK	213.174.140.64
15:44:41	Magnus	IP-BLOCK	213.174.140.64
15:44:41	Magnus	IP-BLOCK	213.174.140.64
15:44:41	Magnus	IP-BLOCK	213.174.140.64
15:44:41	Magnus	IP-BLOCK	213.174.140.64
15:44:41	Magnus	IP-BLOCK	213.174.140.64
15:44:41	Magnus	IP-BLOCK	213.174.140.64
15:44:41	Magnus	IP-BLOCK	213.174.140.64
15:44:41	Magnus	IP-BLOCK	213.174.140.64
15:44:41	Magnus	IP-BLOCK	213.174.140.64
15:44:41	Magnus	IP-BLOCK	213.174.140.64
15:44:41	Magnus	IP-BLOCK	213.174.140.64
15:44:41	Magnus	IP-BLOCK	213.174.140.64
15:44:41	Magnus	IP-BLOCK	213.174.140.64
15:44:41	Magnus	IP-BLOCK	213.174.140.64
15:44:41	Magnus	IP-BLOCK	213.174.140.64
15:44:41	Magnus	IP-BLOCK	213.174.140.64
15:44:41	Magnus	IP-BLOCK	213.174.140.64
15:44:41	Magnus	IP-BLOCK	213.174.140.64
15:44:41	Magnus	IP-BLOCK	213.174.140.64
15:44:41	Magnus	IP-BLOCK	213.174.140.64
15:44:41	Magnus	IP-BLOCK	213.174.140.64
15:44:41	Magnus	IP-BLOCK	213.174.140.64
15:44:41	Magnus	IP-BLOCK	213.174.140.64
15:44:41	Magnus	IP-BLOCK	213.174.140.64
15:44:41	Magnus	IP-BLOCK	213.174.140.64
15:44:49	Magnus	IP-BLOCK	213.174.140.64
15:44:49	Magnus	IP-BLOCK	213.174.140.64
15:44:49	Magnus	IP-BLOCK	213.174.140.64
15:44:49	Magnus	IP-BLOCK	213.174.140.64
15:44:49	Magnus	IP-BLOCK	213.174.140.64
15:44:49	Magnus	IP-BLOCK	213.174.140.64
15:44:49	Magnus	IP-BLOCK	213.174.140.64
15:44:49	Magnus	IP-BLOCK	213.174.140.64
15:44:49	Magnus	IP-BLOCK	213.174.140.64
15:44:49	Magnus	IP-BLOCK	213.174.140.64
15:44:49	Magnus	IP-BLOCK	213.174.140.64
15:44:49	Magnus	IP-BLOCK	213.174.140.64
15:44:49	Magnus	IP-BLOCK	213.174.140.64
15:44:49	Magnus	IP-BLOCK	213.174.140.64
15:44:49	Magnus	IP-BLOCK	213.174.140.64
15:44:49	Magnus	IP-BLOCK	213.174.140.64
15:44:49	Magnus	IP-BLOCK	213.174.140.64
15:44:49	Magnus	IP-BLOCK	213.174.140.64
15:44:49	Magnus	IP-BLOCK	213.174.140.64
15:44:49	Magnus	IP-BLOCK	213.174.140.64
15:44:49	Magnus	IP-BLOCK	213.174.140.64
15:44:49	Magnus	IP-BLOCK	213.174.140.64
15:44:49	Magnus	IP-BLOCK	213.174.140.64
15:44:49	Magnus	IP-BLOCK	213.174.140.64
15:44:49	Magnus	IP-BLOCK	213.174.140.64
15:44:49	Magnus	IP-BLOCK	213.174.140.64
15:44:49	Magnus	IP-BLOCK	213.174.140.64
15:44:49	Magnus	IP-BLOCK	213.174.140.64
15:44:49	Magnus	IP-BLOCK	213.174.140.64
15:44:49	Magnus	IP-BLOCK	213.174.140.64
15:44:49	Magnus	IP-BLOCK	213.174.140.64
15:44:49	Magnus	IP-BLOCK	213.174.140.64
15:44:49	Magnus	IP-BLOCK	213.174.140.64
15:44:49	Magnus	IP-BLOCK	213.174.140.64
15:44:49	Magnus	IP-BLOCK	213.174.140.64
15:44:49	Magnus	IP-BLOCK	213.174.140.64
15:44:49	Magnus	IP-BLOCK	213.174.140.64
15:44:49	Magnus	IP-BLOCK	213.174.140.64
15:44:49	Magnus	IP-BLOCK	213.174.140.64
15:44:49	Magnus	IP-BLOCK	213.174.140.64
15:44:49	Magnus	IP-BLOCK	213.174.140.64
15:45:05	Magnus	IP-BLOCK	213.174.140.64
15:45:05	Magnus	IP-BLOCK	213.174.140.64
15:45:05	Magnus	IP-BLOCK	213.174.140.64
15:45:05	Magnus	IP-BLOCK	213.174.140.64
15:45:05	Magnus	IP-BLOCK	213.174.140.64
15:45:05	Magnus	IP-BLOCK	213.174.140.64
15:45:05	Magnus	IP-BLOCK	213.174.140.64
15:45:05	Magnus	IP-BLOCK	213.174.140.64
15:45:05	Magnus	IP-BLOCK	213.174.140.64
15:45:05	Magnus	IP-BLOCK	213.174.140.64
15:45:05	Magnus	IP-BLOCK	213.174.140.64
15:45:05	Magnus	IP-BLOCK	213.174.140.64
15:45:05	Magnus	IP-BLOCK	213.174.140.64
15:45:05	Magnus	IP-BLOCK	213.174.140.64
15:45:05	Magnus	IP-BLOCK	213.174.140.64
15:45:05	Magnus	IP-BLOCK	213.174.140.64
15:45:05	Magnus	IP-BLOCK	213.174.140.64
15:45:05	Magnus	IP-BLOCK	213.174.140.64
15:45:05	Magnus	IP-BLOCK	213.174.140.64
15:45:05	Magnus	IP-BLOCK	213.174.140.64
15:45:05	Magnus	IP-BLOCK	213.174.140.64
15:45:05	Magnus	IP-BLOCK	213.174.140.64
15:45:05	Magnus	IP-BLOCK	213.174.140.64
15:45:05	Magnus	IP-BLOCK	213.174.140.64
15:45:05	Magnus	IP-BLOCK	213.174.140.64
15:45:05	Magnus	IP-BLOCK	213.174.140.64
15:45:05	Magnus	IP-BLOCK	213.174.140.64
15:45:05	Magnus	IP-BLOCK	213.174.140.64
15:45:05	Magnus	IP-BLOCK	213.174.140.64
15:45:05	Magnus	IP-BLOCK	213.174.140.64
15:45:05	Magnus	IP-BLOCK	213.174.140.64
15:45:05	Magnus	IP-BLOCK	213.174.140.64
15:45:05	Magnus	IP-BLOCK	213.174.140.64
15:45:05	Magnus	IP-BLOCK	213.174.140.64
15:45:05	Magnus	IP-BLOCK	213.174.140.64
15:45:21	Magnus	IP-BLOCK	213.174.140.64
15:45:21	Magnus	IP-BLOCK	213.174.140.64
15:45:21	Magnus	IP-BLOCK	213.174.140.64
15:45:21	Magnus	IP-BLOCK	213.174.140.64
15:45:21	Magnus	IP-BLOCK	213.174.140.64
15:45:21	Magnus	IP-BLOCK	213.174.140.64
15:45:21	Magnus	IP-BLOCK	213.174.140.64
15:45:21	Magnus	IP-BLOCK	213.174.140.64
15:45:21	Magnus	IP-BLOCK	213.174.140.64
15:45:21	Magnus	IP-BLOCK	213.174.140.64
15:45:21	Magnus	IP-BLOCK	213.174.140.64
15:45:21	Magnus	IP-BLOCK	213.174.140.64
15:45:21	Magnus	IP-BLOCK	213.174.140.64
15:45:21	Magnus	IP-BLOCK	213.174.140.64
15:45:21	Magnus	IP-BLOCK	213.174.140.64
15:45:21	Magnus	IP-BLOCK	213.174.140.64
15:45:21	Magnus	IP-BLOCK	213.174.140.64
15:45:21	Magnus	IP-BLOCK	213.174.140.64
15:45:21	Magnus	IP-BLOCK	213.174.140.64
15:45:21	Magnus	IP-BLOCK	213.174.140.64
15:45:21	Magnus	IP-BLOCK	213.174.140.64
15:45:21	Magnus	IP-BLOCK	213.174.140.64
15:45:21	Magnus	IP-BLOCK	213.174.140.64
15:45:21	Magnus	IP-BLOCK	213.174.140.64
15:45:21	Magnus	IP-BLOCK	213.174.140.64
15:45:21	Magnus	IP-BLOCK	213.174.140.64
15:45:21	Magnus	IP-BLOCK	213.174.140.64
15:45:21	Magnus	IP-BLOCK	213.174.140.64
15:45:21	Magnus	IP-BLOCK	213.174.140.64
15:45:21	Magnus	IP-BLOCK	213.174.140.64
15:45:21	Magnus	IP-BLOCK	213.174.140.64
15:45:21	Magnus	IP-BLOCK	213.174.140.64
15:45:21	Magnus	IP-BLOCK	213.174.140.64
15:45:21	Magnus	IP-BLOCK	213.174.140.64
15:45:21	Magnus	IP-BLOCK	213.174.140.64
15:57:28	Magnus	IP-BLOCK	213.174.140.64
15:57:52	Magnus	IP-BLOCK	213.174.140.64
16:11:34	Magnus	IP-BLOCK	94.96.132.76
16:15:44	Magnus	IP-BLOCK	217.23.1.180
16:15:44	Magnus	IP-BLOCK	217.23.1.180
16:16:40	Magnus	DETECTION	C:..Users..Magnus..Desktop..SUPERAntiSpyware_Professional_4.40.1002_Full..SUPERAntiSpyware Professional 4.40.1002..Patch..kg-patch.exe	Trojan.Agent.CK	ALLOW
16:16:41	Magnus	DETECTION	C:..Users..Magnus..Desktop..SUPERAntiSpyware_Professional_4.40.1002_Full..SUPERAntiSpyware Professional 4.40.1002..Patch..kg-patch.exe	Trojan.Agent.CK	ALLOW
16:27:52	Magnus	IP-BLOCK	89.149.196.249
16:27:52	Magnus	IP-BLOCK	89.149.196.249
16:27:52	Magnus	IP-BLOCK	89.149.196.249
16:37:25	Magnus	MESSAGE	Protection started successfully
16:37:36	Magnus	MESSAGE	IP Protection started successfully
16:41:06	Magnus	IP-BLOCK	188.95.49.32
16:43:31	Magnus	IP-BLOCK	188.95.49.32
16:43:55	Magnus	IP-BLOCK	188.95.49.32
16:44:11	Magnus	IP-BLOCK	213.174.149.33
16:44:11	Magnus	IP-BLOCK	213.174.149.33
16:44:11	Magnus	IP-BLOCK	213.174.149.33
16:44:11	Magnus	IP-BLOCK	213.174.149.47
16:44:11	Magnus	IP-BLOCK	213.174.149.47
16:44:11	Magnus	IP-BLOCK	213.174.149.47
16:44:11	Magnus	IP-BLOCK	213.174.149.33
16:44:11	Magnus	IP-BLOCK	213.174.149.33
16:44:11	Magnus	IP-BLOCK	213.174.149.47
16:44:11	Magnus	IP-BLOCK	213.174.149.47
16:44:11	Magnus	IP-BLOCK	213.174.149.33
16:44:11	Magnus	IP-BLOCK	213.174.149.47
16:44:11	Magnus	IP-BLOCK	213.174.149.33
16:44:11	Magnus	IP-BLOCK	213.174.149.47
16:44:11	Magnus	IP-BLOCK	213.174.149.33
16:44:12	Magnus	IP-BLOCK	213.174.149.47
16:44:12	Magnus	IP-BLOCK	213.174.149.33
16:44:12	Magnus	IP-BLOCK	213.174.149.33
16:44:12	Magnus	IP-BLOCK	213.174.149.33
16:44:12	Magnus	IP-BLOCK	213.174.149.47
16:44:12	Magnus	IP-BLOCK	213.174.149.47
16:44:12	Magnus	IP-BLOCK	213.174.149.47
16:44:12	Magnus	IP-BLOCK	213.174.149.33
16:44:12	Magnus	IP-BLOCK	213.174.149.33
16:44:12	Magnus	IP-BLOCK	213.174.149.47
16:44:12	Magnus	IP-BLOCK	213.174.149.47
16:44:20	Magnus	IP-BLOCK	213.174.149.33
16:44:20	Magnus	IP-BLOCK	213.174.149.47
16:44:20	Magnus	IP-BLOCK	213.174.149.33
16:44:20	Magnus	IP-BLOCK	213.174.149.47
16:44:20	Magnus	IP-BLOCK	213.174.149.33
16:44:20	Magnus	IP-BLOCK	213.174.149.47
16:44:20	Magnus	IP-BLOCK	213.174.149.33
16:44:20	Magnus	IP-BLOCK	213.174.149.33
16:44:20	Magnus	IP-BLOCK	213.174.149.47
16:44:20	Magnus	IP-BLOCK	213.174.149.47
16:44:20	Magnus	IP-BLOCK	213.174.149.33
16:44:20	Magnus	IP-BLOCK	213.174.149.33
16:44:20	Magnus	IP-BLOCK	213.174.149.33
16:44:20	Magnus	IP-BLOCK	213.174.149.33
16:44:20	Magnus	IP-BLOCK	213.174.149.33
16:44:20	Magnus	IP-BLOCK	213.174.149.33
16:44:20	Magnus	IP-BLOCK	213.174.149.33
16:44:20	Magnus	IP-BLOCK	213.174.149.33
16:44:20	Magnus	IP-BLOCK	213.174.149.33
16:44:20	Magnus	IP-BLOCK	213.174.149.33
16:44:20	Magnus	IP-BLOCK	213.174.149.33
16:44:20	Magnus	IP-BLOCK	213.174.149.47
16:44:20	Magnus	IP-BLOCK	213.174.149.47
16:44:20	Magnus	IP-BLOCK	213.174.149.33
16:44:20	Magnus	IP-BLOCK	213.174.149.33
16:44:20	Magnus	IP-BLOCK	213.174.149.33
16:44:20	Magnus	IP-BLOCK	213.174.149.33
16:44:20	Magnus	IP-BLOCK	213.174.149.33
16:44:20	Magnus	IP-BLOCK	213.174.149.47
16:44:20	Magnus	IP-BLOCK	213.174.149.47
16:44:20	Magnus	IP-BLOCK	213.174.149.47
16:44:20	Magnus	IP-BLOCK	213.174.149.47
16:44:20	Magnus	IP-BLOCK	213.174.149.47
16:44:20	Magnus	IP-BLOCK	213.174.149.47
16:44:20	Magnus	IP-BLOCK	213.174.149.47
16:44:20	Magnus	IP-BLOCK	213.174.149.47
16:44:20	Magnus	IP-BLOCK	213.174.149.47
16:44:20	Magnus	IP-BLOCK	213.174.149.33
16:44:20	Magnus	IP-BLOCK	213.174.149.33
16:44:20	Magnus	IP-BLOCK	213.174.149.47
16:44:21	Magnus	IP-BLOCK	213.174.149.47
16:44:21	Magnus	IP-BLOCK	213.174.149.33
16:44:21	Magnus	IP-BLOCK	213.174.149.33
16:44:21	Magnus	IP-BLOCK	213.174.149.33
16:44:21	Magnus	IP-BLOCK	213.174.149.33
16:44:21	Magnus	IP-BLOCK	213.174.149.33
16:44:21	Magnus	IP-BLOCK	213.174.149.33
16:44:21	Magnus	IP-BLOCK	213.174.149.33
16:44:21	Magnus	IP-BLOCK	213.174.149.47
16:44:21	Magnus	IP-BLOCK	213.174.149.47
16:44:21	Magnus	IP-BLOCK	213.174.149.47
16:44:21	Magnus	IP-BLOCK	213.174.149.33
16:44:21	Magnus	IP-BLOCK	213.174.149.33
16:44:21	Magnus	IP-BLOCK	213.174.149.47
16:44:21	Magnus	IP-BLOCK	213.174.149.47
16:44:21	Magnus	IP-BLOCK	213.174.149.33
16:44:21	Magnus	IP-BLOCK	213.174.149.33
16:44:21	Magnus	IP-BLOCK	213.174.149.47
16:44:21	Magnus	IP-BLOCK	213.174.149.47
16:44:21	Magnus	IP-BLOCK	213.174.149.47
16:44:21	Magnus	IP-BLOCK	213.174.149.47
16:44:21	Magnus	IP-BLOCK	213.174.149.47
16:44:21	Magnus	IP-BLOCK	213.174.149.47
16:44:21	Magnus	IP-BLOCK	213.174.149.47
16:44:21	Magnus	IP-BLOCK	213.174.149.33
16:44:21	Magnus	IP-BLOCK	213.174.149.47
16:44:21	Magnus	IP-BLOCK	213.174.149.47
16:44:21	Magnus	IP-BLOCK	213.174.149.47
16:44:21	Magnus	IP-BLOCK	213.174.149.47
16:44:21	Magnus	IP-BLOCK	213.174.149.47
16:44:21	Magnus	IP-BLOCK	213.174.149.33
16:44:21	Magnus	IP-BLOCK	213.174.149.47
16:44:21	Magnus	IP-BLOCK	213.174.149.33
16:44:21	Magnus	IP-BLOCK	213.174.149.47
16:44:29	Magnus	IP-BLOCK	213.174.149.33
16:44:29	Magnus	IP-BLOCK	213.174.149.47
16:45:10	Magnus	IP-BLOCK	188.95.49.32
16:45:34	Magnus	IP-BLOCK	188.95.49.32
16:46:54	Magnus	IP-BLOCK	188.95.49.32
16:47:35	Magnus	IP-BLOCK	188.95.49.32
16:47:35	Magnus	IP-BLOCK	188.95.49.32
16:48:31	Magnus	IP-BLOCK	188.95.49.32
16:48:39	Magnus	IP-BLOCK	188.95.49.32
16:58:12	Magnus	IP-BLOCK	85.159.232.52
16:58:12	Magnus	IP-BLOCK	85.159.232.52
16:58:12	Magnus	IP-BLOCK	85.159.232.53
16:58:12	Magnus	IP-BLOCK	85.159.232.53
16:58:12	Magnus	IP-BLOCK	85.159.232.54
16:58:12	Magnus	IP-BLOCK	85.159.232.54
16:58:12	Magnus	IP-BLOCK	85.159.232.51
16:58:12	Magnus	IP-BLOCK	85.159.232.51
16:58:12	Magnus	IP-BLOCK	85.159.232.52
16:58:12	Magnus	IP-BLOCK	85.159.232.53
16:58:12	Magnus	IP-BLOCK	85.159.232.54
16:58:12	Magnus	IP-BLOCK	85.159.232.51
17:41:24	Magnus	MESSAGE	Protection started successfully
17:41:29	Magnus	MESSAGE	IP Protection started successfully
17:42:17	Magnus	MESSAGE	IP Protection stopped
17:42:19	Magnus	MESSAGE	IP Protection started successfully
18:04:22	Magnus	MESSAGE	Protection started successfully
18:04:28	Magnus	MESSAGE	IP Protection started successfully
18:47:28	Magnus	MESSAGE	Protection started successfully
18:47:33	Magnus	MESSAGE	IP Protection started successfully
18:48:38	Magnus	MESSAGE	IP Protection stopped
18:48:40	Magnus	MESSAGE	IP Protection started successfully
18:49:10	Magnus	MESSAGE	IP Protection stopped
18:49:12	Magnus	MESSAGE	IP Protection started successfully
19:19:24	Magnus	MESSAGE	Protection started successfully
19:19:29	Magnus	MESSAGE	IP Protection started successfully
19:32:09	Magnus	MESSAGE	Protection started successfully
19:32:17	Magnus	MESSAGE	IP Protection started successfully
21:17:06	Magnus	MESSAGE	IP Protection stopped
21:17:39	Magnus	MESSAGE	Database updated successfully
21:17:45	Magnus	MESSAGE	IP Protection started successfully
21:21:04	Magnus	MESSAGE	IP Protection stopped
21:21:10	Magnus	MESSAGE	IP Protection started successfully
22:01:36	Magnus	IP-BLOCK	94.75.229.174
22:01:36	Magnus	IP-BLOCK	94.75.229.174
22:01:36	Magnus	IP-BLOCK	94.75.229.174
22:01:36	Magnus	IP-BLOCK	94.75.229.174
22:01:36	Magnus	IP-BLOCK	94.75.229.174
22:01:36	Magnus	IP-BLOCK	94.75.229.174
22:01:36	Magnus	IP-BLOCK	94.75.229.174
22:01:36	Magnus	IP-BLOCK	94.75.229.174
22:01:36	Magnus	IP-BLOCK	94.75.229.174
22:01:36	Magnus	IP-BLOCK	94.75.229.174
22:54:18	Magnus	IP-BLOCK	188.95.49.32
22:54:18	Magnus	IP-BLOCK	188.95.49.32
23:04:23	Magnus	MESSAGE	Protection started successfully
23:04:29	Magnus	MESSAGE	IP Protection started successfully
02:52:25	Magnus	ERROR	IsValidLicenseKey failed with error code 13
02:52:25	Magnus	MESSAGE	Protection stopped
03:00:46	Magnus	ERROR	IsValidLicenseKey failed with error code 13
03:00:46	Magnus	MESSAGE	Protection stopped
15:23:56	Magnus	ERROR	IsValidLicenseKey failed with error code 13
15:23:56	Magnus	MESSAGE	Protection stopped.

THEN IT SEEMED LIKE IT FINALLY KILLED THEM ALL OUT!
IT LOOKED LIKE IT WORKED!

SUPERAntiSpyware Scan Log
[url=http://www.superantispyware.com/?rid=3324]http://www.superantispyware.com[/url]

Generated 08/07/2010 at 09:12 PM

Application Version : 4.40.1002

Core Rules Database Version : 5331
Trace Rules Database Version: 3143

Scan type	   : Complete Scan
Total Scan Time : 01:05:35

Memory items scanned	  : 549
Memory threats detected   : 0
Registry items scanned	: 8167
Registry threats detected : 0
File items scanned		: 26047
File threats detected	 : 0

UNTIL I DOUBLE SCANNED TO BE SURE.....

SUPERAntiSpyware Scan Log
[url=http://www.superantispyware.com/?rid=3324]http://www.superantispyware.com[/url]

Generated 08/08/2010 at 04:01 PM

Application Version : 4.40.1002

Core Rules Database Version : 5333
Trace Rules Database Version: 3145

Scan type	   : Complete Scan
Total Scan Time : 00:38:37

Memory items scanned	  : 477
Memory threats detected   : 0
Registry items scanned	: 8155
Registry threats detected : 0
File items scanned		: 26040
File threats detected	 : 24

Adware.Tracking Cookie
	.doubleclick.net [ C:..Users..Magnus..AppData..Local..Google..Chrome..User Data..Default..Cookies ]
	.chitika.net [ C:..Users..Magnus..AppData..Local..Google..Chrome..User Data..Default..Cookies ]
	.kontera.com [ C:..Users..Magnus..AppData..Local..Google..Chrome..User Data..Default..Cookies ]
	.collective-media.net [ C:..Users..Magnus..AppData..Local..Google..Chrome..User Data..Default..Cookies ]
	.statcounter.com [ C:..Users..Magnus..AppData..Local..Google..Chrome..User Data..Default..Cookies ]
	.ru4.com [ C:..Users..Magnus..AppData..Local..Google..Chrome..User Data..Default..Cookies ]
	.ru4.com [ C:..Users..Magnus..AppData..Local..Google..Chrome..User Data..Default..Cookies ]
	.ru4.com [ C:..Users..Magnus..AppData..Local..Google..Chrome..User Data..Default..Cookies ]
	.ru4.com [ C:..Users..Magnus..AppData..Local..Google..Chrome..User Data..Default..Cookies ]
	.kontera.com [ C:..Users..Magnus..AppData..Local..Google..Chrome..User Data..Default..Cookies ]
	.kontera.com [ C:..Users..Magnus..AppData..Local..Google..Chrome..User Data..Default..Cookies ]
	.collective-media.net [ C:..Users..Magnus..AppData..Local..Google..Chrome..User Data..Default..Cookies ]
	.collective-media.net [ C:..Users..Magnus..AppData..Local..Google..Chrome..User Data..Default..Cookies ]
	.invitemedia.com [ C:..Users..Magnus..AppData..Local..Google..Chrome..User Data..Default..Cookies ]
	ad.yieldmanager.com [ C:..Users..Magnus..AppData..Local..Google..Chrome..User Data..Default..Cookies ]
	.invitemedia.com [ C:..Users..Magnus..AppData..Local..Google..Chrome..User Data..Default..Cookies ]
	.collective-media.net [ C:..Users..Magnus..AppData..Local..Google..Chrome..User Data..Default..Cookies ]
	.apmebf.com [ C:..Users..Magnus..AppData..Local..Google..Chrome..User Data..Default..Cookies ]
	.mediaplex.com [ C:..Users..Magnus..AppData..Local..Google..Chrome..User Data..Default..Cookies ]
	.tribalfusion.com [ C:..Users..Magnus..AppData..Local..Google..Chrome..User Data..Default..Cookies ]
	.invitemedia.com [ C:..Users..Magnus..AppData..Local..Google..Chrome..User Data..Default..Cookies ]
	ad.yieldmanager.com [ C:..Users..Magnus..AppData..Local..Google..Chrome..User Data..Default..Cookies ]
	.atdmt.com [ C:..Users..Magnus..AppData..Local..Google..Chrome..User Data..Default..Cookies ]
	.atdmt.com [ C:..Users..Magnus..AppData..Local..Google..Chrome..User Data..Default..Cookies ]

THEY JUST WON'T LEAVE!!! :trumpet:

___________________________________________________________________

I then heard from my tech-whiz friend that ComboFix is the answer.
So after he downloaded it to my desktop.

He shuts off all programs and windows, including turning off internet connection.

When ran the program, the ComboFix progress bar started loading.
After it was full it then disappeared.

Then we waited, and waited, then waited some more.

Finally BLACK, And the lovely 'Blue Screen Crash Dump' flashed and graced my screen.
This wasn't on just one occurrence, he and I tried ComboFix MULTIPLE times.

All with the same ending, Crash.
______________________________________________________________________

So he suggested some other program thats similar if not better in most cases:
'SDFix'

So after downloading & installing 'SDFix'.
I ran the 'RunThis.bat' from it's program folder.

It said you're supposed to run 'SDFix' in 'Safemode'
by pressing F8 and moving with the arrow keys to highlight the 'Safemode' option before boot up.

BUT if you remember previously, I can't see anything if it's not on the 1 square inch on the top left corner of my screen.

So after finding out 'SDFix' is unable to run during normal mode,
AND that I can't run 'Safemode' due to the circumstances:

I tried searching how to run 'Safemode' from 'Normalmode' when restarted.

And found out from BleepingComputer
That theres this Using the System Configuration Tool Method


BUT theres a warning:

Problems that can occur by forcing Safe Mode using the System Configuration Utility

It is possible to make your computer continuously boot up into safe mode using the System Configuration utility as described above. The program does this by changing your boot.ini file, the settings file that configures your computer's boot sequence, and adding the /safeboot argument to your operating systems startup line. An example of this can be seen below.

Original [operating systems]
multi(0)disk(0)rdisk(0)partition(2)..WINDOWS="Microsoft Windows XP Professional" /FASTDETECT /NOEXECUTE=OPTIN
After using MsConfig.exe [operating systems]
multi(0)disk(0)rdisk(0)partition(2)..WINDOWS="Microsoft Windows XP Professional" /FASTDETECT /NOEXECUTE=OPTIN /safeboot:minimal
When you are done using safe mode, you would then run the System Configuration utility again and uncheck the /Safeboot option, thus removing the /safeboot argument from the boot.ini file, and allowing your computer to boot up normally.

On a computer that is operating properly this is normally not a problem. Unfortunately, though, a new trick that some of the more recent malware are using is to delete certain Windows Registry keys so that your computer can not properly boot into safe mode. It is in these situations that using the System Configuration utility to boot into safe mode can cause the computer to become inoperable for many users.

This is because once you set the computer to boot into Safe Mode using /Safeboot, it will continuously attempt to start Safe Mode until the /safeboot argument is removed from the boot.ini. Since the malware is not allowing us to actually boot into safe mode, you have no way of getting to a point where you can run the System Configuration utility again to uncheck the /Safeboot option. Thus, you are stuck with a computer constantly attempting to get into safe mode and not being able to do so.

If a situation like this has happened to you it is possible to fix this problem by renaming your boot.ini file. The first step would be to use a boot disk to start your computer. If your computer does not have a floppy disk, then you can typically boot off the Windows CD that came with your computer in order to access the Windows Recovery Console. More information about the Windows Recovery Console can be found here. Once booted to a command prompt, you would simply rename your C:..Boot.ini file to another name like C:..Boot.ini.bak. The command to rename the file at the command prompt is:

ren C:..Boot.ini Boot.ini.bak

Once the file is renamed, you can then remove the boot disk and reboot your computer to get back to normal mode. When booting up after the rename, do not be surprised if you see an error stating that you do not have a valid Boot.ini file. When you get back to normal Windows mode, you can then rename C:..Boot.ini.bak to C:..Boot.ini and run Msconfig again to remove the /safeboot flag.

Conclusion

It is not uncommon when people are helping you troubleshoot your computer that they tell you to enter Safe Mode. With this tutorial you should now know how to enter Safe Mode when it is required.
If you have any questions please feel free to post them in our computer help forums
.



Basically saying that if you use this method to run 'Safemode' that your malware may be so advance that it will not let you boot up.
Leaving my computer constantly attempting to boot up in 'Safemode' and restarting. If that would happed, the only way to fix it is to boot it from a CD which I can't do since I need an external monitor to see. :thumbsup:

I DON'T KNOW WHAT TO DO! :flowers:
PLEASE HELP!
I'D GREATLY APPRECIATE IT. :inlove:


THANK YOU IN ADVANCE, AND FOR YOUR TIME ON THIS POST! :huh:

Edited by Megan S., 09 August 2010 - 12:31 PM.
Remove codeboxes and font coding for ease of reading. ~ OB


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:43 PM

Posted 08 August 2010 - 08:19 PM

Hi looks like we got a heap o issues.
First your last MBAM log shows Database version: 4052 it's now at 4408

Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.


SUPERAntiSypware has a built in "Repairs" feature to fix policy restrictions and certain Windows settings which are sometimes targeted by malware infection. To use this feature, launch SUPERAntiSypware.
  • Click the Repairs tab.
  • Click on (highlight) "Repair broken SafeBoot key" and then click the Repair button.
  • You may be asked to reboot your computer for the changes to take effect.

Can we do an Online scan in Normal with IE?
ESET
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the ESET Online Scanner button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Export to text file... to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Eset Smart Installer icon on your desktop.
  • Check the "YES, I accept the Terms of Use"
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push "List of found threats"
  • Push "Export to text file", and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the "<<Back" button.
  • Push Finish
In your next reply, please include the following:
  • Eset Scan Log



You will also need to eventually install Vista's service Pack 2

Let me know........
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Megan S.

Megan S.
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Clearwater, FL
  • Local time:01:43 PM

Posted 09 August 2010 - 01:33 PM

:flowers: Thanks for the quick reply boopme,
Well I've did what you said and did an 'In-Depth Scan' with ESET NOD32 Antivirus 4

Here's the log:
Scan Log
Version of virus signature database: 5352 (20100809)
Date: 8/9/2010 Time: 10:45:51 AM
Scanned disks, folders and files: Operating memory;C:\Boot sector;D:\Boot sector;C:\;D:\
C:\hiberfil.sys - error opening [4]
C:\pagefile.sys - error opening [4]
C:\HP\BIN\BlockTracker.py » MIME - is OK (internal scanning not performed)
C:\HP\HPQWare\aim_icq\triton_de_de\AIMinst.exe » NSIS - bad archive
C:\HP\HPQWare\aim_icq\triton_de_de\AIMLang.exe » NSIS - bad archive
C:\HP\HPQWare\aim_icq\triton_de_de\aimlang_de.exe » NSIS - bad archive
C:\HP\HPQWare\aim_icq\triton_de_de\alsetup.exe » NSIS - bad archive
C:\HP\HPQWare\aim_icq\triton_de_de\ocpinst.exe » NSIS - bad archive
C:\HP\HPQWare\aim_icq\triton_de_de\tbsetup.exe » NSIS - bad archive
C:\HP\HPQWare\aim_icq\triton_de_de\unagi3.exe » NSIS - bad archive
C:\HP\HPQWare\aim_icq\triton_de_de\Vwpt.exe » NSIS - unpack error
C:\HP\HPQWare\aim_icq\triton_en_gb\AIMinst.exe » NSIS - bad archive
C:\HP\HPQWare\aim_icq\triton_en_gb\AIMLang.exe » NSIS - bad archive
C:\HP\HPQWare\aim_icq\triton_en_gb\aimlang_uk.exe » NSIS - bad archive
C:\HP\HPQWare\aim_icq\triton_en_gb\alsetup.exe » NSIS - bad archive
C:\HP\HPQWare\aim_icq\triton_en_gb\ocpinst.exe » NSIS - bad archive
C:\HP\HPQWare\aim_icq\triton_en_gb\tbsetup.exe » NSIS - bad archive
C:\HP\HPQWare\aim_icq\triton_en_gb\unagi3.exe » NSIS - bad archive
C:\HP\HPQWare\aim_icq\triton_en_gb\Vwpt.exe » NSIS - unpack error
C:\HP\HPQWare\aim_icq\triton_en_us\AIMinst.exe » NSIS - bad archive
C:\HP\HPQWare\aim_icq\triton_en_us\AIMLang.exe » NSIS - bad archive
C:\HP\HPQWare\aim_icq\triton_en_us\alsetup.exe » NSIS - bad archive
C:\HP\HPQWare\aim_icq\triton_en_us\ocpinst.exe » NSIS - bad archive
C:\HP\HPQWare\aim_icq\triton_en_us\tbsetup.exe » NSIS - bad archive
C:\HP\HPQWare\aim_icq\triton_en_us\toolbar.exe » NSIS - bad archive
C:\HP\HPQWare\aim_icq\triton_en_us\unagi3.exe » NSIS - bad archive
C:\HP\HPQWare\aim_icq\triton_en_us\vwpt.exe » NSIS - unpack error
C:\HP\HPQWare\aim_icq\triton_es_es\AIMinst.exe » NSIS - bad archive
C:\HP\HPQWare\aim_icq\triton_es_es\AIMLang.exe » NSIS - bad archive
C:\HP\HPQWare\aim_icq\triton_es_es\aimlang_es-ES.exe » NSIS - bad archive
C:\HP\HPQWare\aim_icq\triton_es_es\alsetup.exe » NSIS - bad archive
C:\HP\HPQWare\aim_icq\triton_es_es\ocpinst.exe » NSIS - bad archive
C:\HP\HPQWare\aim_icq\triton_es_es\tbsetup.exe » NSIS - bad archive
C:\HP\HPQWare\aim_icq\triton_es_es\unagi3.exe » NSIS - bad archive
C:\HP\HPQWare\aim_icq\triton_es_es\Vwpt.exe » NSIS - unpack error
C:\HP\HPQWare\aim_icq\triton_fr_fr\AIMinst.exe » NSIS - bad archive
C:\HP\HPQWare\aim_icq\triton_fr_fr\AIMLang.exe » NSIS - bad archive
C:\HP\HPQWare\aim_icq\triton_fr_fr\aimlang_fr.exe » NSIS - bad archive
C:\HP\HPQWare\aim_icq\triton_fr_fr\alsetup.exe » NSIS - bad archive
C:\HP\HPQWare\aim_icq\triton_fr_fr\ocpinst.exe » NSIS - bad archive
C:\HP\HPQWare\aim_icq\triton_fr_fr\tbsetup.exe » NSIS - bad archive
C:\HP\HPQWare\aim_icq\triton_fr_fr\unagi3.exe » NSIS - bad archive
C:\HP\HPQWare\aim_icq\triton_fr_fr\Vwpt.exe » NSIS - unpack error
C:\HP\HPQWare\aim_icq\triton_it_it\AIMinst.exe » NSIS - bad archive
C:\HP\HPQWare\aim_icq\triton_it_it\AIMLang.exe » NSIS - bad archive
C:\HP\HPQWare\aim_icq\triton_it_it\aimlang_it-IT.exe » NSIS - bad archive
C:\HP\HPQWare\aim_icq\triton_it_it\alsetup.exe » NSIS - bad archive
C:\HP\HPQWare\aim_icq\triton_it_it\ocpinst.exe » NSIS - bad archive
C:\HP\HPQWare\aim_icq\triton_it_it\tbsetup.exe » NSIS - bad archive
C:\HP\HPQWare\aim_icq\triton_it_it\unagi3.exe » NSIS - bad archive
C:\HP\HPQWare\aim_icq\triton_it_it\Vwpt.exe » NSIS - unpack error
C:\HP\HPQWare\aim_icq\triton_nl_nl\AIMinst.exe » NSIS - bad archive
C:\HP\HPQWare\aim_icq\triton_nl_nl\AIMLang.exe » NSIS - bad archive
C:\HP\HPQWare\aim_icq\triton_nl_nl\aimlang_nl-NL.exe » NSIS - bad archive
C:\HP\HPQWare\aim_icq\triton_nl_nl\alsetup.exe » NSIS - bad archive
C:\HP\HPQWare\aim_icq\triton_nl_nl\ocpinst.exe » NSIS - bad archive
C:\HP\HPQWare\aim_icq\triton_nl_nl\tbsetup.exe » NSIS - bad archive
C:\HP\HPQWare\aim_icq\triton_nl_nl\unagi3.exe » NSIS - bad archive
C:\HP\HPQWare\aim_icq\triton_nl_nl\Vwpt.exe » NSIS - unpack error
C:\Program Files\Common Files\AOL\AOLDiag\tbunins.exe » NSIS - bad archive
C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll » PECompact v2.xx - unpack error
C:\Program Files\Java\jre1.6.0_05\lib\resources.jar » ZIP » com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre1.6.0_05\lib\resources.jar » ZIP » com/sun/xml/internal/fastinfoset/resources/ResourceBundle.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre1.6.0_05\lib\resources.jar » ZIP » javax/xml/bind/Messages.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre1.6.0_05\lib\deploy\ffjcext.zip » ZIP » {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}/chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre6\lib\resources.jar » ZIP » com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre6\lib\resources.jar » ZIP » com/sun/xml/internal/fastinfoset/resources/ResourceBundle.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre6\lib\resources.jar » ZIP » javax/xml/bind/Messages.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre6\lib\deploy\ffjcext.zip » ZIP » {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}/chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre6\lib\deploy\jqs\ff\chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Malwarebytes' Anti-Malware\license.txt » MIME - is OK (internal scanning not performed)
C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\Hiring Requisition - Customized.fdt » MIME - is OK (internal scanning not performed)
C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\Hiring Requisition.fdt » MIME - is OK (internal scanning not performed)
C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\POLICIES.FDT » MIME - is OK (internal scanning not performed)
C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\Process Library.fdt » MIME - is OK (internal scanning not performed)
C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\Track Issues.fdt » MIME - is OK (internal scanning not performed)
C:\Program Files\Webteh\BSplayerPro\doc\cmdline.txt » MIME - is OK (internal scanning not performed)
C:\ProgramData\Adobe\CS5\jre\lib\resources.jar » ZIP » com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages.properties » MIME - is OK (internal scanning not performed)
C:\ProgramData\Adobe\CS5\jre\lib\resources.jar » ZIP » com/sun/xml/internal/fastinfoset/resources/ResourceBundle.properties » MIME - is OK (internal scanning not performed)
C:\ProgramData\Adobe\CS5\jre\lib\resources.jar » ZIP » javax/xml/bind/Messages.properties » MIME - is OK (internal scanning not performed)
C:\ProgramData\Adobe\CS5\jre\lib\deploy\ffjcext.zip » ZIP » {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}/chrome.manifest » MIME - is OK (internal scanning not performed)
C:\ProgramData\Adobe\CS5\jre\lib\deploy\jqs\ff\chrome.manifest » MIME - is OK (internal scanning not performed)
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe » INNO » - unsupported option
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\08a97adc96007efdb2a967daa686619d_6ce0ad12-c403-4b67-9f08-016512c2b0f4 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\08b81c617caa45293cdda8d96b6e883d_6ce0ad12-c403-4b67-9f08-016512c2b0f4 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0bf97839094e7d341896260fa0c775ce_6ce0ad12-c403-4b67-9f08-016512c2b0f4 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1a6038cee8f22b9e8e4e0fa8ddfcd00e_6ce0ad12-c403-4b67-9f08-016512c2b0f4 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1d853c5566fea20c16f214e95a9f9b41_6ce0ad12-c403-4b67-9f08-016512c2b0f4 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\223acc116d11fbbc77b6c76b958f9f8d_6ce0ad12-c403-4b67-9f08-016512c2b0f4 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2c6ba8ac5a2091e1762ccf41e60270a7_6ce0ad12-c403-4b67-9f08-016512c2b0f4 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\32ca5220699f63f6c0a573b383c4eb18_6ce0ad12-c403-4b67-9f08-016512c2b0f4 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\32fa85d5e7c6a6dacb1dc380727d6e64_6ce0ad12-c403-4b67-9f08-016512c2b0f4 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\34fed2ed8e3642b395d7ff724d4bb286_6ce0ad12-c403-4b67-9f08-016512c2b0f4 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3701a0cbd624308ef1625843f4837aa8_6ce0ad12-c403-4b67-9f08-016512c2b0f4 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3afda6de0422bbdd54326c44d00d3a68_6ce0ad12-c403-4b67-9f08-016512c2b0f4 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3c9f25cf622a10f5ad2245487f528ab8_6ce0ad12-c403-4b67-9f08-016512c2b0f4 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3cd977e3fba3e0e5a8b0960d2ece2d71_6ce0ad12-c403-4b67-9f08-016512c2b0f4 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\421faabef7471435cfcfec41c2a032e7_6ce0ad12-c403-4b67-9f08-016512c2b0f4 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\449fddf42b212b1ac0d0fc1679a6df7b_6ce0ad12-c403-4b67-9f08-016512c2b0f4 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\51e1f84e98a37465aa502ee99666b171_6ce0ad12-c403-4b67-9f08-016512c2b0f4 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\531f3cdf5a8fc0867b330512ddf04f5a_6ce0ad12-c403-4b67-9f08-016512c2b0f4 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\53f6088f85f4338cf12bd66e05488e97_6ce0ad12-c403-4b67-9f08-016512c2b0f4 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\661b7db54e788476874778f705b70fac_6ce0ad12-c403-4b67-9f08-016512c2b0f4 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\667cbd13723bca96a47cef7c8be87871_6ce0ad12-c403-4b67-9f08-016512c2b0f4 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6967f57b6400d1cbcc0895d9ab869075_6ce0ad12-c403-4b67-9f08-016512c2b0f4 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6b2ac445e4e1cb5c158e272cb8e8b57d_6ce0ad12-c403-4b67-9f08-016512c2b0f4 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\706748ff1f531c7ec4570676263b20bd_6ce0ad12-c403-4b67-9f08-016512c2b0f4 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\73494280bebd7b809386c7afd9676f5b_6ce0ad12-c403-4b67-9f08-016512c2b0f4 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8ea0eae1766cbe1ad3b434bcb2da3714_6ce0ad12-c403-4b67-9f08-016512c2b0f4 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8f9a3cac970c83e9804fd76435467088_6ce0ad12-c403-4b67-9f08-016512c2b0f4 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a2ee96b2c02fe2cccc2fd6d8d1d7b2e5_6ce0ad12-c403-4b67-9f08-016512c2b0f4 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a578a1ea0388109cd590d68a761fd2d9_6ce0ad12-c403-4b67-9f08-016512c2b0f4 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a95d7b0a932e60101c98c8197476dab2_6ce0ad12-c403-4b67-9f08-016512c2b0f4 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\aef3bb9768c71c88c5f78c8c4fb593a1_6ce0ad12-c403-4b67-9f08-016512c2b0f4 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\bc7acfb58ca2160bd4ce7bc8bf34d53d_6ce0ad12-c403-4b67-9f08-016512c2b0f4 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\bf8af05d252de606e70044f0f705402f_6ce0ad12-c403-4b67-9f08-016512c2b0f4 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c2e1dd55666f5643e9c9001c1727d034_6ce0ad12-c403-4b67-9f08-016512c2b0f4 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c68436c7ad83991c92ce76d20730ae48_6ce0ad12-c403-4b67-9f08-016512c2b0f4 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c928427c8f174f40e060d9912ae15841_6ce0ad12-c403-4b67-9f08-016512c2b0f4 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\cba59193e868723f1ef14090dd1ccd02_6ce0ad12-c403-4b67-9f08-016512c2b0f4 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\cd97d0c7921a06d49ee1727e9b35b89e_6ce0ad12-c403-4b67-9f08-016512c2b0f4 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e9228bf5a8b51c2be9eb049ae24da2b2_6ce0ad12-c403-4b67-9f08-016512c2b0f4 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fb0a8ca3e0adca47d2cc7cd672392343_6ce0ad12-c403-4b67-9f08-016512c2b0f4 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fe813441cd8113333327a6c2a0dfd3f0_6ce0ad12-c403-4b67-9f08-016512c2b0f4 - error opening [4]
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log - error opening [4]
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log - error opening [4]
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb - error opening [4]
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb - error opening [4]
C:\Users\All Users\Adobe\CS5\jre\lib\resources.jar » ZIP » com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages.properties » MIME - is OK (internal scanning not performed)
C:\Users\All Users\Adobe\CS5\jre\lib\resources.jar » ZIP » com/sun/xml/internal/fastinfoset/resources/ResourceBundle.properties » MIME - is OK (internal scanning not performed)
C:\Users\All Users\Adobe\CS5\jre\lib\resources.jar » ZIP » javax/xml/bind/Messages.properties » MIME - is OK (internal scanning not performed)
C:\Users\All Users\Adobe\CS5\jre\lib\deploy\ffjcext.zip » ZIP » {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}/chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Users\All Users\Adobe\CS5\jre\lib\deploy\jqs\ff\chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe » INNO » - unsupported option
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\08a97adc96007efdb2a967daa686619d_6ce0ad12-c403-4b67-9f08-016512c2b0f4 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\08b81c617caa45293cdda8d96b6e883d_6ce0ad12-c403-4b67-9f08-016512c2b0f4 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\0bf97839094e7d341896260fa0c775ce_6ce0ad12-c403-4b67-9f08-016512c2b0f4 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\1a6038cee8f22b9e8e4e0fa8ddfcd00e_6ce0ad12-c403-4b67-9f08-016512c2b0f4 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\1d853c5566fea20c16f214e95a9f9b41_6ce0ad12-c403-4b67-9f08-016512c2b0f4 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\223acc116d11fbbc77b6c76b958f9f8d_6ce0ad12-c403-4b67-9f08-016512c2b0f4 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\2c6ba8ac5a2091e1762ccf41e60270a7_6ce0ad12-c403-4b67-9f08-016512c2b0f4 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\32ca5220699f63f6c0a573b383c4eb18_6ce0ad12-c403-4b67-9f08-016512c2b0f4 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\32fa85d5e7c6a6dacb1dc380727d6e64_6ce0ad12-c403-4b67-9f08-016512c2b0f4 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\34fed2ed8e3642b395d7ff724d4bb286_6ce0ad12-c403-4b67-9f08-016512c2b0f4 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\3701a0cbd624308ef1625843f4837aa8_6ce0ad12-c403-4b67-9f08-016512c2b0f4 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\3afda6de0422bbdd54326c44d00d3a68_6ce0ad12-c403-4b67-9f08-016512c2b0f4 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\3c9f25cf622a10f5ad2245487f528ab8_6ce0ad12-c403-4b67-9f08-016512c2b0f4 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\3cd977e3fba3e0e5a8b0960d2ece2d71_6ce0ad12-c403-4b67-9f08-016512c2b0f4 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\421faabef7471435cfcfec41c2a032e7_6ce0ad12-c403-4b67-9f08-016512c2b0f4 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\449fddf42b212b1ac0d0fc1679a6df7b_6ce0ad12-c403-4b67-9f08-016512c2b0f4 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\51e1f84e98a37465aa502ee99666b171_6ce0ad12-c403-4b67-9f08-016512c2b0f4 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\531f3cdf5a8fc0867b330512ddf04f5a_6ce0ad12-c403-4b67-9f08-016512c2b0f4 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\53f6088f85f4338cf12bd66e05488e97_6ce0ad12-c403-4b67-9f08-016512c2b0f4 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\661b7db54e788476874778f705b70fac_6ce0ad12-c403-4b67-9f08-016512c2b0f4 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\667cbd13723bca96a47cef7c8be87871_6ce0ad12-c403-4b67-9f08-016512c2b0f4 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\6967f57b6400d1cbcc0895d9ab869075_6ce0ad12-c403-4b67-9f08-016512c2b0f4 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\6b2ac445e4e1cb5c158e272cb8e8b57d_6ce0ad12-c403-4b67-9f08-016512c2b0f4 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\706748ff1f531c7ec4570676263b20bd_6ce0ad12-c403-4b67-9f08-016512c2b0f4 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\73494280bebd7b809386c7afd9676f5b_6ce0ad12-c403-4b67-9f08-016512c2b0f4 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\8ea0eae1766cbe1ad3b434bcb2da3714_6ce0ad12-c403-4b67-9f08-016512c2b0f4 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\8f9a3cac970c83e9804fd76435467088_6ce0ad12-c403-4b67-9f08-016512c2b0f4 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\a2ee96b2c02fe2cccc2fd6d8d1d7b2e5_6ce0ad12-c403-4b67-9f08-016512c2b0f4 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\a578a1ea0388109cd590d68a761fd2d9_6ce0ad12-c403-4b67-9f08-016512c2b0f4 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\a95d7b0a932e60101c98c8197476dab2_6ce0ad12-c403-4b67-9f08-016512c2b0f4 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\aef3bb9768c71c88c5f78c8c4fb593a1_6ce0ad12-c403-4b67-9f08-016512c2b0f4 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\bc7acfb58ca2160bd4ce7bc8bf34d53d_6ce0ad12-c403-4b67-9f08-016512c2b0f4 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\bf8af05d252de606e70044f0f705402f_6ce0ad12-c403-4b67-9f08-016512c2b0f4 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\c2e1dd55666f5643e9c9001c1727d034_6ce0ad12-c403-4b67-9f08-016512c2b0f4 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\c68436c7ad83991c92ce76d20730ae48_6ce0ad12-c403-4b67-9f08-016512c2b0f4 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\c928427c8f174f40e060d9912ae15841_6ce0ad12-c403-4b67-9f08-016512c2b0f4 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\cba59193e868723f1ef14090dd1ccd02_6ce0ad12-c403-4b67-9f08-016512c2b0f4 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\cd97d0c7921a06d49ee1727e9b35b89e_6ce0ad12-c403-4b67-9f08-016512c2b0f4 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\e9228bf5a8b51c2be9eb049ae24da2b2_6ce0ad12-c403-4b67-9f08-016512c2b0f4 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\fb0a8ca3e0adca47d2cc7cd672392343_6ce0ad12-c403-4b67-9f08-016512c2b0f4 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\fe813441cd8113333327a6c2a0dfd3f0_6ce0ad12-c403-4b67-9f08-016512c2b0f4 - error opening [4]
C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\MSS.log - error opening [4]
C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\MSStmp.log - error opening [4]
C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\tmp.edb - error opening [4]
C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\Windows.edb - error opening [4]
C:\Users\Magnus\NTUSER.DAT - error opening [4]
C:\Users\Magnus\ntuser.dat.LOG1 - error opening [4]
C:\Users\Magnus\ntuser.dat.LOG2 - error opening [4]
C:\Users\Magnus\AppData\Local\Google\Chrome\User Data\Default\Current Session - error opening [4]
C:\Users\Magnus\AppData\Local\Google\Chrome\User Data\Default\Current Tabs - error opening [4]
C:\Users\Magnus\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000046 » RAR » tammikinzz\tammikinzz t-1.avi - archive damaged
C:\Users\Magnus\AppData\Local\Microsoft\Windows\UsrClass.dat - error opening [4]
C:\Users\Magnus\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 - error opening [4]
C:\Users\Magnus\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 - error opening [4]
C:\Users\Magnus\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 08-07-2010 - 20-06-32.SBU » ZIP » backup.db - error - password-protected file
C:\Users\Magnus\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 08-08-2010 - 16-17-36.SBU » ZIP » backup.db - error - password-protected file
C:\Users\Magnus\Desktop\YoutubeYoga\YoutubeYoga\video.rar » RAR » video.mp4 - Incorrect file checksum (CRC); the file is probably password protected.
C:\Users\Magnus\Downloads\nicebate.zip » ZIP » nicebate.avi - error - password-protected file
C:\Users\Magnus\Downloads\pak11.rar » RAR » tammikinzz\tammikinzz t-1.avi - incorrect CRC checksum, the file may be damaged
C:\Users\Magnus\Downloads\YoutubeYoga.rar » RAR » YoutubeYoga\video.rar » RAR » video.mp4 - Incorrect file checksum (CRC); the file is probably password protected.
C:\Users\Public\mbam-setup-1.46.exe » INNO » - unsupported option
C:\WINDOWS\bthservsdp.dat - error opening [4]
C:\WINDOWS\Downloaded Program Files\unagiuninst.exe » NSIS - bad archive
C:\WINDOWS\Installer\257e2.msi » MSI » ISSetupFile.SetupFile24 » MIME - is OK (internal scanning not performed)
C:\WINDOWS\Installer\257e2.msi » MSI » ISSetupFile.SetupFile25 » MIME - is OK (internal scanning not performed)
C:\WINDOWS\Installer\cd1496.msi » MSI » bdprof.cab » CAB » chrome_FF.manifest » MIME - is OK (internal scanning not performed)
C:\WINDOWS\Installer\cd1496.msi » MSI » bdprof.cab » CAB » chrome.manifest » MIME - is OK (internal scanning not performed)
C:\WINDOWS\Installer\$PatchCache$\Managed\26DDC2EC4210AC63483DF9D4FCC5B59D\3.5.30729\Chrome_manifest.3643236F_FC70_11D3_A536_0090278A1BB8 » MIME - is OK (internal scanning not performed)
C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\chrome.manifest » MIME - is OK (internal scanning not performed)
C:\WINDOWS\ServiceProfiles\LocalService\NTUSER.DAT - error opening [4]
C:\WINDOWS\ServiceProfiles\LocalService\ntuser.dat.LOG1 - error opening [4]
C:\WINDOWS\ServiceProfiles\LocalService\ntuser.dat.LOG2 - error opening [4]
C:\WINDOWS\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - error opening [4]
C:\WINDOWS\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - error opening [4]
C:\WINDOWS\ServiceProfiles\NetworkService\NTUSER.DAT - error opening [4]
C:\WINDOWS\ServiceProfiles\NetworkService\ntuser.dat.LOG1 - error opening [4]
C:\WINDOWS\ServiceProfiles\NetworkService\ntuser.dat.LOG2 - error opening [4]
C:\WINDOWS\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 - error opening [4]
C:\WINDOWS\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 - error opening [4]
C:\WINDOWS\System32\catroot2\edb.log - error opening [4]
C:\WINDOWS\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb - error opening [4]
C:\WINDOWS\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb - error opening [4]
C:\WINDOWS\System32\config\COMPONENTS - error opening [4]
C:\WINDOWS\System32\config\COMPONENTS.LOG1 - error opening [4]
C:\WINDOWS\System32\config\COMPONENTS.LOG2 - error opening [4]
C:\WINDOWS\System32\config\DEFAULT - error opening [4]
C:\WINDOWS\System32\config\DEFAULT.LOG1 - error opening [4]
C:\WINDOWS\System32\config\DEFAULT.LOG2 - error opening [4]
C:\WINDOWS\System32\config\SAM - error opening [4]
C:\WINDOWS\System32\config\SAM.LOG1 - error opening [4]
C:\WINDOWS\System32\config\SAM.LOG2 - error opening [4]
C:\WINDOWS\System32\config\SECURITY - error opening [4]
C:\WINDOWS\System32\config\SECURITY.LOG1 - error opening [4]
C:\WINDOWS\System32\config\SECURITY.LOG2 - error opening [4]
C:\WINDOWS\System32\config\SOFTWARE - error opening [4]
C:\WINDOWS\System32\config\SOFTWARE.LOG1 - error opening [4]
C:\WINDOWS\System32\config\SOFTWARE.LOG2 - error opening [4]
C:\WINDOWS\System32\config\SYSTEM - error opening [4]
C:\WINDOWS\System32\config\SYSTEM.LOG1 - error opening [4]
C:\WINDOWS\System32\config\SYSTEM.LOG2 - error opening [4]
C:\WINDOWS\System32\config\RegBack\COMPONENTS - error opening [4]
C:\WINDOWS\System32\config\RegBack\DEFAULT - error opening [4]
C:\WINDOWS\System32\config\RegBack\SAM - error opening [4]
C:\WINDOWS\System32\config\RegBack\SECURITY - error opening [4]
C:\WINDOWS\System32\config\RegBack\SOFTWARE - error opening [4]
C:\WINDOWS\System32\config\RegBack\SYSTEM - error opening [4]
C:\WINDOWS\System32\config\systemprofile\Documents\Downloads\aftrmill (1).exe » INNO » file0006.bin » MIME - is OK (internal scanning not performed)
C:\WINDOWS\System32\config\systemprofile\Documents\Downloads\aftrmill (2).exe » INNO » file0006.bin » MIME - is OK (internal scanning not performed)
C:\WINDOWS\System32\config\systemprofile\Documents\Downloads\aftrmill.exe » INNO » file0006.bin » MIME - is OK (internal scanning not performed)
C:\WINDOWS\System32\config\systemprofile\Documents\Downloads\mcbethyt.exe » INNO » file0006.bin » MIME - is OK (internal scanning not performed)
C:\WINDOWS\System32\drivers\atapi(565).sys - Win32/Olmarik.TM trojan - error while cleaning
Number of scanned objects: 577492
Number of threats found: 1
Number of cleaned objects: 0
Time of completion: 1:18:44 PM Total scanning time: 9173 sec (02:32:53)

Notes:
[4] Object cannot be opened. It may be in use by another application or operating system.


Not only does it seem like it didn't clean this Olmarik.TM trojan, but I looks like it's locked and can't even be accessed.

__________________________________________________________________________________________________

Amazingly,
Out of all the things I've used (Malwarebytes' Anti-Malware, SUPERAntiSpyware Professional, BitDefender Qucik-Scan, etc.)

Only ESET NOD32 Antivirus 4 found this Trojan.
All others found 'Cookie Trackers' or Medium-risk 'Ad-ware'.

Only with the exception of TDSSKiller which actually found 6 infected files even after multiple 'Full Scans' from the other Malware removal programs.
Unfortunately, last night when TDSSKiller finished scanning, it didn't provide a log or any records of the scan.

__________________________________________________________________________________________________

:inlove: The good news: It seems that my computer hasn't had any abrupt Crashes or Shutdowns, since the 'TDSSKiller' & 'ESET NOD32 Antivirus 4' scans.
Everything seems to be running averagely.

:trumpet: The bad news: When the computer boots up, there's no "Window Start-Up Chimes".
And, I'm using my friends computer to write this, because another problem is that there is absolutely no YouTube audio in any of the videos. Including Metacafe, Dailymotion, or any other FLV forms of media. This isn't a speaker, codec, or outdated Flash problem since my iTunes, VLC ,and BS.Player can be heard normally.
I searched the problem and found this. But still no audio.

One other minutiae problem is that I'm unable to set any photo as my 'Desktop Background', just solid black.
And many of my Icons seems to be missing or unable to resize properly.
__________________________________________________________________________________________________

Thank you for your time, and the time of the 'BleepingComputer' community.
I really do appreciate the help.
:thumbsup:

Edited by Orange Blossom, 09 August 2010 - 10:40 PM.
Removed codebox coding for ease of reading. ~ OB


#4 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,801 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:01:43 PM

Posted 09 August 2010 - 10:42 PM

Hello,

Please do not post the logs in codeboxes; it makes them hard to read.

As boopme stated, you have a lot of issues, and you have just done one step of the process. Please await further instructions from boopme.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:43 PM

Posted 09 August 2010 - 10:59 PM

Unfortunately SDFix hasn't been updated in about 2 years and is not recommended to run on Vista. So I am not sure what it damaged.. Looks like the latest MBAM scan was database version 4052 .. that needs an update.

Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.


Now run Norman Malware Cleaner

Please download Norman Malware Cleaner and save to your desktop.
alternate download link
  • Be sure to print out the instructions provided on the same page.
  • Restart your computer in "Safe Mode".
  • Double-click on Norman_Malware_Cleaner.exe to start the program.
  • Read the End User License Agreement and click the Accept button to open the scanning window.
  • Click Start Scan to begin.
  • In some cases Norman Malware Cleaner may require that you restart the computer to completely remove an infection. If prompted, reboot and run the tool again to ensure that all infections are removed.
  • After the scan has finished, a log file with the date (i.e. NFix_2010-06-22_07-08-56.log) will be created on your desktop with the results.
Note: For usb flash drives and/or other removable drives to scan, use the Add button to browse to the drives location, click on the drive to highlight and choose Ok.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 Megan S.

Megan S.
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Clearwater, FL
  • Local time:01:43 PM

Posted 10 August 2010 - 12:58 PM

Ok, I already updated MBAM to the latest database version, and actualy did a Full-scan:

Here's that log:

____________________________________________________________________________________
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4412

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18783

8/10/2010 1:56:41 PM
mbam-log-2010-08-10 (13-56-41).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 494842
Time elapsed: 2 hour(s), 34 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

___________________________________________________________________________________

Then I ran the Norman Malware Cleaner

Here's that log:

____________________________________________________________________________________
Norman Malware Cleaner
Version 1.6.2
Copyright © 1990 - 2009, Norman ASA. Built 2010/08/09 15:42:21

Norman Scanner Engine Version: 6.05.11
Nvcbin.def Version: 6.05.00, Date: 2010/08/09 15:42:21, Variants: 6465294

Scan started: 10/08/2010 01:56:38

Running pre-scan cleanup routine:
Operating System: Microsoft Windows Vista 6.0.6001 Service Pack 1
Logged on user: Ozzy-PC\Magnus


Scanning bootsectors...

Number of sectors found: 0
Number of sectors scanned: 0
Number of sectors not scanned: 0
Number of infections found: 0
Number of infections removed: 0
Total scanning time: 0s


Scanning running processes and process memory...

Number of processes/threads found: 5736
Number of processes/threads scanned: 5736
Number of processes/threads not scanned: 0
Number of infected processes/threads terminated: 0
Total scanning time: 10m 43s


Scanning file system...

Scanning: prescan

Scanning: C:\*.*

C:\HP\HPQWare\aim_icq\triton_de_de\aoldlmgr.exe (Infected with Suspicious_Gen2.BIZVQ)
Deleted file

C:\HP\HPQWare\aim_icq\triton_de_de\postproc.exe (Infected with Suspicious_Gen2.BHNXS)
Deleted file

C:\HP\HPQWare\aim_icq\triton_en_gb\aoldlmgr.exe (Infected with Suspicious_Gen2.BIZVQ)
Deleted file

C:\HP\HPQWare\aim_icq\triton_en_gb\postproc.exe (Infected with Suspicious_Gen2.BHNXS)
Deleted file

C:\HP\HPQWare\aim_icq\triton_es_es\aoldlmgr.exe (Infected with Suspicious_Gen2.BIZVQ)
Deleted file

C:\HP\HPQWare\aim_icq\triton_es_es\postproc.exe (Infected with Suspicious_Gen2.BHNXS)
Deleted file

C:\HP\HPQWare\aim_icq\triton_fr_fr\aoldlmgr.exe (Infected with Suspicious_Gen2.BIZVQ)
Deleted file

C:\HP\HPQWare\aim_icq\triton_fr_fr\postproc.exe (Infected with Suspicious_Gen2.BHNXS)
Deleted file

C:\HP\HPQWare\aim_icq\triton_it_it\aoldlmgr.exe (Infected with Suspicious_Gen2.BIZVQ)
Deleted file

C:\HP\HPQWare\aim_icq\triton_it_it\postproc.exe (Infected with Suspicious_Gen2.BHNXS)
Deleted file

C:\HP\HPQWare\aim_icq\triton_nl_nl\aoldlmgr.exe (Infected with Suspicious_Gen2.BIZVQ)
Deleted file

C:\HP\HPQWare\aim_icq\triton_nl_nl\postproc.exe (Infected with Suspicious_Gen2.BHNXS)
Deleted file

C:\System Volume Information\{27d87bc0-a275-11df-9b92-001f1670363d}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{27d87bc6-a275-11df-9b92-001f1670363d}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{27d87bcc-a275-11df-9b92-001f1670363d}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{3692f052-a2ba-11df-8734-001f1670363d}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{5c2be559-a239-11df-b82d-001f1670363d}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{5d20058b-9ff4-11df-8078-001f1670363d}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{6071eab5-a3e6-11df-ba26-001f1670363d}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{95ad84e2-a22e-11df-a0b0-001f1670363d}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{95ad84e8-a22e-11df-a0b0-001f1670363d}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{a008ea12-a386-11df-a44c-001f1670363d}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{d768a98d-a1ef-11df-8fca-001f1670363d}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{ec30d933-a344-11df-bc64-001f1670363d}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\Users\Public\muse\Sigur Rós\With a Buzz in Our Ears We Play Endlessl\09 FljoŽtaviŽk.m4a (Error opening file: Not found)

C:\WINDOWS\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl (Error opening file: Access denied)

C:\WINDOWS\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl (Error opening file: Access denied)

C:\WINDOWS\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl (Error opening file: Access denied)

C:\WINDOWS\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl (Error opening file: Access denied)

Scanning: D:\*.*

Scanning: postscan


Running post-scan cleanup routine:
Failed to locate shared service executable: C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
Removed service: hpqcxs08
Set TCP/IP autotuning to "normal" (or it was already "normal")

Number of files found: 545611
Number of archives unpacked: 1617
Number of files scanned: 545554
Number of files not scanned: 57
Number of files skipped due to exclude list: 0
Number of infected files found: 12
Number of infected files repaired/deleted: 12
Number of infections removed: 12
Total scanning time: 3h 52m 54s

____________________________________________________________________________________

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:43 PM

Posted 10 August 2010 - 07:48 PM

OK,that was good, looks good. How are we now?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 Megan S.

Megan S.
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Clearwater, FL
  • Local time:01:43 PM

Posted 10 August 2010 - 08:17 PM

:thumbsup: No not so much since when the computer boots up, there's no "Window Start-Up Chimes".

And I have to reply on my friends computer because another problem is that there is absolutely no YouTube audio in any of the videos. Including Metacafe, Dailymotion, or any other FLV forms of media. This isn't a speaker, codec, or outdated Flash problem since my iTunes, VLC ,and BS.Player can be heard normally.

So when I really need to view a YouTube video, I have to go to KeepVid and download the video, just to actually even hear it.
I searched the problem and found this. Which I tried -But still no audio.

Another problem is that I'm unable to set any photo as my 'Desktop Background', just solid black.
And many of my Icons seems to be missing or unable to resize properly.

I mean, I really have no idea why it's still like this, even after numerous scans and restarts.
:flowers:

Edited by Megan S., 10 August 2010 - 08:21 PM.


#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:43 PM

Posted 10 August 2010 - 08:39 PM

Hi, this is no longer malware. I can only suggest a repair install now or start a new topic with your last post issues in the Vista forum and see what the techs there can suggest.

Edited by boopme, 11 August 2010 - 11:33 AM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 Megan S.

Megan S.
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Clearwater, FL
  • Local time:01:43 PM

Posted 10 August 2010 - 11:39 PM

Oh ok, I want to Thank You very much! :thumbsup:
I sincerly appreciate your help. :flowers:

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:43 PM

Posted 11 August 2010 - 11:34 AM

You're welcome. Keep smiling!
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users