How To Fix Windows Errors

Adware.Win32.look2me.ab infection

How do I remove this pop-up? Please follow our pre-posting process outlined here:

After running through all the steps, you shall have a proper set of logs. Very frightening and Bad!!!!!

There's a sticky at the top of this forum, and a

Having problems with spyware and pop-ups? We want all our members to perform the steps outlined in the link given below, before posting for assistance. If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.
First Steps

link at the top of each page.

Please post them in a new topic, as this one shall be closed.

Please help...laptop crash to blue screen

Anyone knows what is going on? I was told to create a registry of a file ?exefile? which I did and ran it and then I ran my malware. When I ran the program, my laptop crash to a blue screen (I have little time reading what was on the blue screen before it restarts) and then restarted. After the first restart, I then notice that I can not get a connection to the internet (I know my internet was work because my iphone was able to us Wi-Fi and my desktop has connection) and every time I ran the Malware, the laptop crash to the blue screen.

I now a little about computer, but not a whole lot, so I will apologize for any confusing I am cause. The problem - last night I was on the internet and ?Vista Guardian? pop up on my laptop so I went on the internet and follow the step to remove it. also, I can not connect to the internet on my laptop (using the desktop to post here) to download the DDS and Gmer, any solution I could do to connect to download DDS? I use Malwarebytes Anti Malware.

Help Computer Virus/Rootkit problems

The program will begin to run, and perform an initial scan. If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click No. Forgot to say when doing scan the only boxes available for me to check/uncheck were "Services,Registry, files and ADS"
Yes I do have the boot reinstalation discs.

It will be a randomly named executable.Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. It showed icon so reinstalled in and has been showing various viruses through my anivirus software some mentioned rootkits hidden etc. "userinit.exe tried to remove through normal search and destroy etc but now on shut down and start up it takes approx 5-10 mins before booting up? Do not use your computer for anything else during the scan. Hope you can help.

Double click the exe file. Could not do a back up or restore point it says my back up drive full? In any case, after the initial scan is complete, click on the Save button, and save the log file somewhere you can easily find it, such as your desktop, and attach it in your reply.

If not please try this:

Download GMER Rootkit Scanner from here to your desktop.

Trojan: stub.exe

Click No. Do not use your computer for anything else during the scan. Also, my symnatec endpoint protection became disabled today and the option to enable it is not there when I right click on the icon, though it used to be. Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files (x86)\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo!

When I took a look at the processes running on my computer, I found stub.exe, which I'm told is a "particularly well-designed trojan". If not, please follow these instructions:

Download GMER Rootkit Scanner from here to your desktop. Here is the thread on which I was previously assisted with a virus:

DDS (Ver_10-03-17.01) - NTFSX64
Run by Amanda at 14:45:48.21 on Wed 03/17/2010
Internet Explorer: 8.0.6001.18882
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.4092.1948 [GMT -4:00]

AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
SP: Symantec Endpoint Protection *enabled* (Updated) {6C85A515-B91D-4D2B-AF18-40984A4A8493}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FW: Symantec Endpoint Protection *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

============== Running Processes ===============

C:\Windows\system32\svchost.exe -k DcomLaunch

Virus causing system hangs and false starts

I also received help here before. Please continue to respond to my instructions until I confirm that your logs are clean. You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply. Once running the system will periodically freeze.

Please include the log C:\ComboFix.txt in your next reply for further review.
Also please copy and paste logs into the thread, rather than add them as attachments. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-2-7 35272]
R3 mfesmfk;McAfee Inc. My 13 yr old has inherited the machine that was fixed in the past and is now suffering from very similar symptoms.

Please ensure that you follow the instructions in the order I have them listed. Please do not install or uninstall any programmes, or run any other scanners or software, unless I specifically ask you to do so. It stops processing after the splash screen and the disk activity indicator goes dark.

It will apparently stay in this state for ever. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-2-7 34248]
S3 SQTECH930B;USB 2.0 Motor Tracking Camera;c:\windows\system32\drivers\capt930b.sys --> c:\windows\system32\drivers\Capt930b.sys [?]
S4 0118301266530591mcinstcleanup;McAfee Application Installer Cleanup (0118301266530591);c:\windows\temp\011830~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\windows\temp\011830~1.exe c:\progra~1\comm...

My Computer is very sluggish and keeps

Here are the logs:

DDS (Ver_10-03-17.01) - NTFSx86
Run by Karen at 22:31:59.35 on Fri 03/19/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.313 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AGI\common\win32\PythonService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe

I need some help with an infected computer please

Whatever is in there can't harm you unless you choose to perform a manual restore. I've uninstalled that macaffee, and added Avira, and soon Zone alarm for her firewall. Please let me know what you think and where I should go next. Consequently the computer went home with me where ran Malwarebyes, ad-aware, and even combo fix (yes I did save logs), and ccw.

I do have the disk that came with the computer. Some of the files belong to ComboFix, and the items located in C:\System Volume Information\, which is where System Restore's cache is stored. My client reported a very slow computer, also trouble and long pauses with boot ups and shut down.

I ran syobot s&d and, sure as the sun rises in the East, problems began to show. She was supposedly using McCaffe, however inspection showed that it wasn't running properly and that the firewall was down as well. I reran ad-aware last night/this AM and there were still eleven items popping up. I am also going to past the ad-aware scan from this morning to the bottom of this post in case you need to see it.

Kindly post the ComboFix.txt.
Usually I can handle just about anything that comes my way. I also ran smithfraudfix after finding that on her computer as well. If so, they are of no real concern.

I have attached the items you requested in your directions. S&D picked up over 140 issues alone. This computer, however, is giving me quite the challenge. I am working on an old Dell Dimension 2400. <...

Laptop acting funny, DDoS ap2p attack

Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

End of file - 10697 bytes

Forgot to say, i checked the ip of the DDoS ap2p and it was APNIC?
Running processes:
C:\Program Files\Norton Internet Security\Engine\\ccSvcHst.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

Email-sending virus >_>

Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: StumbleUponUpdateService - - C:\Program Files\StumbleUpon\StumbleUponUpdateService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

End of file - 8149 bytes

Ahh, meant Avast! My old PC running Windows XP recently contracted a virus or two. I then ran BitDefender and was able to scan and delete everything problematic I found. I thought it was fixed, until at 6:30 this morning my friends called me complaining about being sent a virus from my email...!!

I'm not sure what I missed or what to do next. One of...

Virus and SQL and SPTD and admin blocking

No issues yet. I am currently running GMER and will post the log once it's complete. I'm running windows XP Home 2002 on a 1.4Ghz Processor and have attached the DDS and attach logs.

I downloaded SQLEXPR.exe (SQL Server 2005), because a piece of software I wanted to use needed it as a pre-requisit.

I downloaded a pirated: sightmax-live-chat-7.0.exe (a customer chat software that I wanted to add to my site)
It asked me to reboot my system and that was the end of it. I am currently working in safe mode, but I can only load safe mode only if I stop the SPTD.sys from running (from Daemon tools)

Initally I targeted the SQL as the problem, but being a novice I probably only made my probelms worse as I Disabled everything in SQL in a panic

I have run spybot, Mcafee and Malwarebytes. I have not looked recently, but I should have all the Windows and systems disks. I could simply do a system restore, but from what I've read, a lot of viruses are attaching themselves to the restore files and the problem remains.

I see that you have also posted this question in other forums:

No wise to get and follow advice from more than one help forum at a time. I have attempted to install HijackThis - But my computer rejects the installation stating that the system admin has set policies to blocked the installation. All come up with minor issues, none of them fixing my pr...

System unstable after Trojan removal

i recently removed multiple trojans (vundu & aviwsglade) USING IObit and CA antivirus. To do this click Thread Tools, then click Subscribe to this Thread. when this happens, the mouse moves, but everything is unresponsive. I will be back with a fix for your problem as soon as possible.

Please be patient with me during this time.
Additionally, my system sporadically reboots, and my sytem restore does not work. initial problem of system slowdown and redirects seems to be fixed, but now my pc freezes. I am currently reviewing your log.

Make sure it is set to Instant Notification, then click Subscribe. Please subscribe to this thread to get immediate notification of replies as soon as they are posted.

Suspected Mal/adware infection.

A virus my ex-fiance had on her pc when we lived together so I'm somewhat famaliar with. What WAS on the list, however, was Vundo. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-3-11 40552]
R3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2.sys [2008-9-30 453120]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [2009-12-7 61328]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe [2010-3-8 25832]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\netgear\wn111v2\jswpsapi.exe [2008-2-27 360547]
S3 mferkdk;McAfee Inc. As I can't remember the name of said malicious program I will try to relay the info I learned about it to help you properly label it.

The very first symptom I experienced was just during typical web browsing (Youtube, hotmail, gaming sites, forums, etc.) and I got a popup window that looked strikingly like a normal Windows warning. However, since I'm unsure if this is all related to one main root issue, I will say here that I definitely noticed a longer time loading games, opening IE, etc once I installed the live version of Battlefield: Bad Company 2. So, I guess I'll move on to the requested info. Please visit this webpage for download links, and instructions for running the tool:

Please read all the information carefully!


fuEFue.exe file error

Please download rsit.exe and save it to your desktop.Double click on RSIT.exe to run it. DDS (Ver_09-12-01.01) - NTFSx86
Run by admin at 10:35:29.25 on Thu 03/04/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.240 [GMT -8:00]

AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
FW: PC Tools Firewall Plus *enabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.e...

Blank Desktop after Login, "Ctrl Alt Del" does not bring up Task Manager

Updated Windows
4. Normally if it is, it is usually an "Explorer.exe" problem that can normally be resolved by by pressing "Ctrl Alt Del" to bring up the "Task Manager" then running a new task like "Explorer.exe" or "Regedit" that eventually enables me to resolve the problem. As previously mentioned for previous versions of this virus pressing "Ctrl-Alt-Del" on startup usually brings up the Task Manager allowing a way into the file system...but this particular strain of the virus disables "Ctrl-Alt-Del" making life very difficult.

I have also tried to boot "ERD Commander" off a CD but it gives me the "Blue Screen of Death". Any help to help me slove this puzzle would be much appreciated. I managed to find out what this problem was... In this particular case, when I press "Ctrl Alt Del" it just brings up another version of the Windows Login Screen, not the Task Manager.

In the 1st instance, I gave the Laptop to HP and they told me the DVD error was caused by an incorrect setting in the Bios, but they didn't tell me what setting they changed ... Re-Installed the previously saved backup files from the WD Passport Drive to C:\

I determined this strain of the "Blank Screen" Virus could not be repaired. Re-Installed Office
3. Error Number: *** STOP: )0000007B (0xF789E640, 0xC0000034, 0x00000000, 0x00000000).

FYI, I also had HP replace the DVD...

Possible Infection, Please Help

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. When completed, a log will open in Notepad. Please do not install or uninstall any programmes, or run any other scanners or software, unless I specifically ask you to do so. Recently my IT manager said that my computer is infected and is sending emails all over the world.

You can also access the log by doing the following:

-> Click on the Malwarebytes' Anti-Malware icon to launch the program.
-> Click on the Logs tab.
-> Click on the log at the bottom of those listed to highlight it.
-> Click Open. Copy & Paste the entire report in your next reply.
Please continue to respond to my instructions until I confirm that your logs are clean. You should not have any open browsers or live internet connections when you are following the procedures below.

My name is Iain and I will be helping you clean your system. When the scan is complete, click OK, then Show Results to view the results. You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply. I have no noticeable symptoms.

I don't know if he is correct or not, but that is what he told me. Be sure that everything is checked, and click Remove Selected. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-8-1 214664]
R2 lxdn_device;lxdn_device;c:\windows\system32\lxdnco...

Freezing[moved from xp]

Test the RAM with a MemTest86 boot CD (freeware).
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:24:03 AM, on 3/14/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Program Files\Tall Emu\Online Armor\OAcat.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\Program Files\Tall Emu\Online Armor\a2\AVGate.exe
C:\Program Files\AGI\core\3.1\AGCoreService.exe
C:\Program Files\Google\Update\\GoogleCrashHandler.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\W...

Vista Internet Security 2010 malware x64 Vista

I knew as long as I kept the computer on, the malware couldn't do anything but I am asking really for help since it Friday and I don't have a backup plan if I need to wait three more days into the weekend.
Since I didn't get help yet I decided to let my Mcafee do its weekly scan. When I did the Gmer.exe I tried to follow the instructions but when to scan the section was already checked and the rest were grayed out. At the moment I don't have a boot disk but I am still able to use this laptop with the infection.

I also no longer see the fake vista logo my start up and the popups are gone. I fell asleep and left the wireless on I think but the windows update decided to update and restart my computer, now I have lost my task manager saying it is not there. Now something has happened and I don't know what it is.

I'm either saying no to "fix the problem" or closing the pop ups when they occur. Here's my stuff:

DDS (Ver_09-12-01.01) - NTFSX64
Run by Arlene at 7:47:03.44 on Tue 03/09/2010
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_15
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.1914.919 [GMT -5:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss

Virus Problem XP PRO SP3

So my PC is useless for me cause all main components I use are messed up. So now i will tell you all problems I have....thx for your time in advance ;)
Task Manager, regedit, control panel, display properties, device manager, antivirus, installing some programs, drivers, rundll32 errors etc. I will try anything that I didnt already do so any advice or suggestion is acceptable :D

Here is attachment(log)
Already posted this, but some dude told me to post same topic here, so i cant attach same thing, so heres just link ;)

Safe mode started working but its same as normal mode.

I tried copying from my Original Windows XP CD didnt work, I enable task manager with registry code but after minute its disabled again(now can't do that, cause win cant find regedit), i tried with malwarebytes anti malware, hijack this, RRT, AVG, Kaspersky, AVIRA, NOD nothing helped.....Please I am desperate, I just wonna fix my damn pc. This is just short list of thing that I can't get to work. When I try to open Task Manager nothing happens, regedit can't be found, when I open Control Panel my pc opens MY Documents, and others can't be found or i get rundll32.exe error.

Malware/Trojan/Virus infection - Paranoia. What do I do?

Several infections and I found several .dat and .bat files, for example one bat file faajaigajg.bat which code inside was to remove iexplorer.exe

But I am still very paranoid that my PC is still infected. I run Gmer and rootkitreveral to make sure there are no rootkits. (Although Gmer made my PC freeze, but rootkitreveral showed nothing). I ran Hijackthis etc. I removed and fixed everything supicious.

Does it have to do with comodo firewall or is something stopping the firewall from starting? Malwarebytes removes Security tool, but only by removing it's executbles. Or maybe the sandbox analyzer was messed up. THOUGH for some reason NOD32 won't start now - It cant communicate with kernel.

I am really in need of help.
I have never been like this, I do not know why I am like this know. Does it not fix all the damage it does to? Usually I just removed things and I were happy, but now I keep thinking - after knowing little about winesm32.exe - maybe it dropped some executable something that is runing and none of the tools I am using is showing it?

Should I do a full reformat and be happy or do you guys recon I am safe? I quickly boot into safe mode and turn off everything suspicious for autorun and get on my normal windows. Although later today when it all was finished - I installed Comodo firewall and restarted, but it kept giving bluescreens after getting through "Windows XP" loaded. It is also worth mentioning my AVAST log somehow did n...

Hotmail account spammed address book

The situation felt terribly familiar to what I had done last year with an infected pop up disguised to look like Microsoft Security Center. Your help and attention to this is much appreciated! Since they were removed, all MSE scans come back clean. This time, MSE detected and removed 4 programs (they were also listed as quarantined items - which have since been removed through the MSE control panel).

At that time, the security software I was using (Windows Live One Care, I think) kept detecting & removing the infection - which would just have returned (and sometimes with some friends) by the next scan. For security, I already changed my email password but don't think that was the only problem. These are the 4 programs that MSE found and removed:








containerfile:C:\Users\sq\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Conte...

Security Tool attack - cont'd from previous thread

Please stay with me until given the 'all clear' even if symptoms seemingly abate. Please re-enable your antivirus before posting the ComboFix.txt log.

Delete the file, the executable file and the shortcut
8. I suggest uninstalling Norton.


Please visit this webpage for download links, and instructions for running ComboFix:

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Afterward, go back into the System Configuration using the same method as before, go back into the "Startup" tab, and select "Enable All". The computer should then say it has to restart to complete the configuration. Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted.

I was on the internet and got attacked by a malware called Security Tool which poses as an internet security and virus protection software.

Restart your computer.
7. The virus is defeated. In this, under the view tab, select 'show hidden files and folders' and uncheck 'Hide Protected Operating Systems'. So, rename the folder, messing up the target.

to an external drive or USB stick if you have one and uninstall any programs that are never or hardly ever used.


Web browsers won't run / Certain programs won't run

I think I have access to the install disk, its probable in the pile of disks I have sitting around me. Because Gmer does not run. Why? I get the following error.

Not in safemode, not in normal mode.

Hey all,

For the past 24 hours I'm unable to access the internet on this computer outside of using Safe Mode w/ Networking. I run Windows Vista 32bit Ultimate. Any time I try to connect to the internet using any web browser (IE, FF, Chrome) I get a page that tells me that the progam can not connect to the internet.

Other programs that connect to the internet but without a webpage, like Trillian, GSC or GW, work perfectly fine. Did the basic checks early in (IP and DNS flush and renews, power reseting modem and router, ran anti-virus / anti-spyware) and even after getting it all finished, still have issues. Problem signature:
Problem Event Name: APPCRASH
Application Name: gmer.exe
Application Version:
Application Timestamp: 4b2763f0
Fault Module Name: gmer.exe
Fault Module Version:
Fault Module Timestamp: 4b2763f0
Exception Code: c0000005
Exception Offset: 0000c4b1
OS Version: 6.0.6002.
Locale ID: 1033
Additional Information 1: 4254
Additional Information 2: fe2c75f8e1cb8e4ac132f386ef457bf0
Additional Information 3: 6df0
Additional Information 4: f628bc6735385105d3aae4f7bcb1c86e

Read our privacy statement:

more .exe troubles

When attempting to open files, I am given a command prompt asking me which program I would like to use to open the file, and the file is always listed as .exe, no matter what type of file it is.

Sorry if this is redundant or in the wrong section, but I'm having serious trouble trying to open files on my computer. I know that it is a virus or other malware, but I cannot access my anti-malware programs to get rid of it.

I have already read previous threads on this topic, yet none of the solutions worked for my problem. I've tried downloading the fix from here:

but I could not extract the files, because again, I'm asked what program I would like to use to open the file. I am using an administrator account by the way. I also tried editing the registry, but it says that I don't have permission.

Please Check my PC . I want to boost it up . thank you.!

Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.4.1.27.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\\GenericAskToolbar.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: &Yahoo!

DDS (Ver_09-12-01.01) - NTFSx86
Run by ungoy at 15:10:12.98 on Mon 03/08/2010
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.767.381 [GMT 8:00]

AV: ESET Smart Security 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\System32\svchost.exe -k netsvcs

Browsers fail on all pages with passwords...

IE and Firefox and Opera all fail on any page that has a password that must be entered. This is the strangest thing I have seen ever.... Any attempt to go to the MS update site simply makes the browser hang up. Beyond that, IE8 will not go to

I can log into that account just fine on another PC. the problem remains....

I've never seen anything like this.... I am now doing a scan with SOPHOS Anti-Rootkit scanner....

I have run "sfc /scannow" to check for all core file changes and found nothing amiss. I have scanned the XP Pro SP3 machine affected with Prevx, Malwarebytes, NOD32 and Panda Cloud Antivirus and none of them find anything (after the initial cleanup done by malwarebytes). Anybody got a clue?

And, any other page that has a password field also fails. For example, if I try and login to my hotmail account, I always get a "Password required" error. Sophos didn't find anything.... UPDATE: Trend Micro's Housecall found 4 rootkit files (PSUNShell.D~, PSNCIPC.dll, PSNCGP.dll, PxSecure.dll) and removed them, but the problem remains.

I am using a linksys router - could it be infected (as I read about linksys routers getting infected a a few days ago).

AV.ECE cleaned up but executables don't function

Any suggestion is appreciated. i am noticing for example mspaint can' be started from icon or thru run command box but I can r/c a file and 'open with' paint fine..

I had the same experience as this thread user..

however I can open an application thru exsiting data file and use an application.
but noticing my executables dont' function anymore.. Generally having issues with almost all executables..

cleaned up using superantispyware software..

my memory isn't tied up or anything either. even mspaint, excel etc..can't run them from run prompt. at this point.

Help with infected computer?

Choosing the option will not show them and the registry value for it is set to zero and will simply reset back to zero if you try to change it. In the process of trouble shooting I have found the following:

1. It fails regardless of which restore point is chosen

2. I get an error stating that the drive I am trying to copy it to is either full or right protected, regardless of the drive space and the fact that I am running it as an administrator


uStart Page = hxxp://
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
- - - - ORPHANS REMOVED - - - -

BHO-{7F23592B-8F2C-4C08-83A8-BBE01BF9CC64} - c:\windows\system32\ieban0.dll
HKCU-Run-cybansos - c:\windows\system32\cyban.exe


catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2010-02-26 13:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... scanning hidden autostart entries ... System restore will not work. I have attached the requested data.

Completion time: 2010-02-26 13:50:33 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-26 21:50

Pre-Run: 47,760,670,720 bytes free
Post-Run: 48,337,113,088 bytes free


Bad Deal Fake xp security and worse

Now, when I try to access anything on my computer, it gives me a window 'cannot find path etc. or may not have permissions yada yada. Thank You. I will wait until I can get assistance.

I had already removed my malwarbytes software and just recently my AVG software, but now i cannot get into almost anything without that window prompt. I was able to get into safe mode and access some programs. Found that nasty little fake xp security. I feel I like I have step on a land mind and can't remove my foot.

it appeared as "av.exe" in my task manager. Any way i can get around this. i tried to download and use the HJT and microtrend as well - it does the same thing 'this drive path cannot be found, or you don't have permissions..."

Help, I am in big trouble here. Security updates where: spy bot, avg and tried update malware bytes, but my little trojan wouldn't let me (xp security warning would pop up when tried to use it, even after downlownding from another computer with flash drive, then using it on my pc)

After Security Essentials said it removed it, it came back again.

Here is my issues. My cd drive doesn't work either. I updated all virus and downloaded Windows new Security essentials and found it, then tried to remove it.

Key logger?

I have a verizon actiontec router and I tried to block it from there but im not sure how

oops double post

I have a guy that is key logging me and I have the port he is running on and ip address. How do i block it?

[SOLVED] Antivirus XP 2010 Problems

Infected files that were always reappearing in the processes;


In the prefetch and av.exe file kept appearing
Also alot of files kept replicating into the %temp% folder, immediatly after i deleted them. But now I am having problems opening certain programs that the virus had blocked while I had the worst of the virus and any websites that relate to fixing the virus are still redirected / blocked. I have Toshiba Equium / Satellite M50-192 laptop, running Windows XP Service Pack 3. I ran a VBscript to re-enable regedit before going into safe mode and running the applications

MalwareBytes, does not open, load or show a process in task manager
SuperAntiSpyware shows an error message
Windows Defender does not load
Websites are blocked

Other problems noticed;
- Windows prompts me when i load up the computer that drivers for the ethernet controller are missing.
- I can't use my built in wifi connection
- In safe mode the built in speakers on the laptop can make beeping noises if you hold down the keys etc, but i cannot play music or sounds in safe or normal mode
- When i entered safe mode
- When in safe mode, and at the user accounts / log in screen it displays another user "Administrator" that has no password
- On starting Spyware Doctor in safe mode the message "Spyware Doctor was previously disabled, would you like to enable it?" was displayed.

I was unable to run the GMER.exe application in normal mode, so ...

Unable to delete 11 viruses... PLZ HELP!


DDS (Ver_09-12-01.01) - NTFSx86
Run by kara at 11:00:29.89 on 11/03/2010
Internet Explorer: 8.0.6001.18882
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.44.1033.18.984.194 [GMT 0:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Spare Messaging\MessagingApp.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\OEM\OSD_1.2\osd.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe

============== Pseudo HJT Report ===============

mStart Page = hxxp://
mDefault_Page_URL = hxxp://

System infected with "Vista Antivirus 2010" malware

It seems possible it's just an energy saving thing and it just got stuck that way somehow (no amount of charging has made it leave that screen, and it refuses to turn off/reset) but since it happened at the same time, I figure I may as well ask around. DDS (Ver_09-12-01.01) - NTFSx86
Run by Owner at 10:51:35.94 on Sun 03/07/2010
Internet Explorer: 7.0.6000.16890 BrowserJavaVersion: 1.6.0_16
Microsoft? Windows Vista? Home Premium 6.0.6000.0.1252.1.1033.18.1918.414 [GMT -8:00]

AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
SP: Spyware Doctor *disabled* (Updated) {1C3EDD79-273E-46ac-99F8-EFA9E7CBC301}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Norton Internet Security *enabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService

can anyone help me remove this?

iv got something on my add and remove programs called ron tool netupbanner and i cant remove it, i know its a virus or something but nothing picks it up
iv tried spybot and malwarebytes but nothing
can anyone tell me how to remove it or wot it is? any help would be more than appreciated!!
iv tried going in to safemode to remove it,and iv also tried removing it in add and remove programs (i get a black screen that says 'this program cant be run in DOS mode) but nothing work
anyone able to help me with this its driving me nuts!!

iv got this ron tool thing stuck in my pc and cant remove it, iv tried malware, spybot and another 1 i think was called combifix and none of them get rid of it.

Virus/Spyware? REPOST

It is a public computer and i thought I had it set up so that the public account could not download software onto it, but I guess not. It says something about Avira Antivirus. This is an open invitation for infection. To do this click Thread Tools, then click Subscribe to this Thread.

Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted.

I keep having this warning pop up saying that my laptop has a virus/spyware/adware.

Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - No File
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin...

Strange Problems

I ran a scan with MalwareBytes, but didn't find anything. I assume they're all related:
-The computer does not shut down properly. Everything else I've tried seems to be running normally.

If it still blue screens, please try to run it from Safe Mode.
GMER blue-screened when I tried to run it.

Today, I encountered a number of strange problems with my computer (running 32-bit Vista home basic) that I've never encounter before. Make sure you disable your onboard Anti Virus/Firewall programs and try to run gmer again.

Fortunately, I backed everything up recently. I ran a scan with DDS, but it only created one file. If you launch the tool and click on the Logs tab, you should find it listed there. It stays in the "Logging Off" screen forever.
-I can't open Firefox.
-When I open Ad-Aware, it gets stuck in the loading screen.
-When I open the Task Manager, it does not appear, but its icon does appear in the lower right-hand side of the taskbar.

I did encounter Antivirus Vista 2010 a few weeks ago, but MalwareBytes seemed to have removed it. The icon is not interactive. I can't think of anything risky I've done in the last few days, and in fact did not have an internet connection until a few days ago.

TSF SIde Blocking

The blocking can occur at any time, e.g., when entering the url in the location window of a browser, when clicking on a search link, when responding to a thread in this forum, even when submitting a new thread (this happened twice today already).

I opened a thread about 10 days ago about a site blocking problem. Since the problem appears to be only with TSF, I would suspect that it's related to the server problems that TSF is experiencing at the moment.

The error screen is shown in the attachment. Everything has been running fine for the past week EXCEPT that the TSF site is still blocked frequently (only site with this problem). I personally have been unable to login to the forum several times today.

HiJackThis notepad, help with virus

We want all our members to perform the steps outlined in the link given below, as far as they possibly can, before posting for assistance. I have scanned my PC with different programs that showed me nothing, so please help me with this.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:10:33, on 2010-03-07
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Dell\MediaDirect\PCMService.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\Net iD\iid.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HK...

BIG Computer Problem Never Done this before!

I am hoping you guys can help me with this I am hurting badly my computer is slowly dieing infront of me can you please help... It all happened when i installed a program called Remove Wat 2.2 I don't know why it is crashing can you please help me?

I don't know what I am doing.

We cannot assist you until you purchase and install a legitimate copy of your operating system.
My Computer keep restarting and crashing alot this has never happened. DDS (Ver_09-12-01.01) - NTFSX64
Run by micah at 14:27:32.36 on Sun 03/07/2010
Internet Explorer: 8.0.7100.0
Microsoft Windows 7 Ultimate 6.1.7100.0.1252.1.1033.18.3583.2046 [GMT -5:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k NetworkService
C:\Program Files (x86)\Common Files\Appl...

Xp guardian is ruining my life!!! Help!!

Please post them in a new topic, as this one shall be closed. If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.
When I do this I get an error message saying "The system file is not suitable for running MS-DOS and Microsoft Windows applications.

I googled on another computer what I can do to remove this and it seemed simple.

My computer is infected with a lovely virus called XP Guardian and is not allowing me to use the internet. There's a sticky at the top of this forum, and a

Having problems with spyware and pop-ups? Choose close to terminate the application" even when hitting IGNORE it terminates anyways.....What do I do????

Please follow our pre-posting process outlined here:

After running through all the steps, you shall have a proper set of logs. The instructions are Start>Run and then enter Command and hit enter. We want all our members to perform the steps outlined in the link given below, before posting for assistance. First Steps

link at the top of each page.

[SOLVED] Hotmail account spammed address book

Nothing was changed in Hotmail to my knowledge, i.e. I did click on the link, but backed out & shut down through the task manager before completely downloading. I checked my 'Send' folder an see no such emails being sent. Today, everyone in my hotmail address book received an email from my account with only a link to a hazardous google site.

I do have a second, clean computer available. I'm afraid it was too late, though. For security, I already changed my email password but don't think that was the only problem. I deleted the contents myself and left only a second email I use to see if more messages get sent out.

Here is the DDS scan and the Attach and GMER files are attached. I cannot locate my recovery disks. Thank you,
Thank you again,

Running: Windows Vista SP 2 - 32 bit OS
IE 8
Microsoft Security Essentials
Windows Firewall
Windows Defender

DDS (Ver_09-12-01.01) - NTFSx86
Run by sq at 18:46:14.18 on Sat 03/06/2010
Internet Explorer: 8.0.6001.18882
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.2037.970 [GMT -8:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\System32\svchost.exe -k Loc...

Rootkit won't DIE.

I use avast! Mail Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-7-5 352920]
R3 mpfilt;mpfilt;c:\windows\system32\drivers\mpfilt.sys [2005-11-1 10588]
R3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr73.sys [2007-9-12 351232]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2009-5-28 108032]
S3 AcuWVSSchedulerv6;Acunetix WVS Scheduler v6;c:\program files\acunetix\web vulnerability scanner 6\WVSScheduler.exe [2009-8-13 671368]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\drivers\Gt51Ip.sys [2009-3-11 95744]
S3 GT72UBUS;GT 72 U BUS;c:\windows\system32\drivers\gt72ubus.sys [2009-3-11 51968]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-14 34448]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\system32\drivers\PCAMp50.sys [2009-3-11 28224]

=============== Created Last 30 ================

2010-03-07 11:19:09 0 d--h--w- c:\windows\PIF
2010-03-07 08:18:23 0 d-----w- c:\program files\TrendMicro
2010-03-06 23:40:08 0 d-----w- c:\programdata\WindowsSearch
2010-03-06 21:20:30 140 ----a-w- c:\windows\system32\ptl5.dat.{B03B289B-C438-4D0F-B3B0-52F9FE7B661D}
2010-03-06 18:49:12 0 d-sh--w- c:\windows\system32\lowsec
2010-03-06 18:29:26 0 d-----w- c:\program files\Acunetix
2010-03-06 17:45:5...

Windows XP slow menus and random freezes

Please continue to respond to my instructions until I confirm that your logs are clean. You MUST disable your AntiVirus and AntiSpyware applications - please read this thread as a guide. You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply. Please do not install or uninstall any programmes, or run any other scanners or software, unless I specifically ask you to do so.

DDS (Ver_09-12-01.01) - NTFSx86
Run by Chris at 0:46:51.65 on Thu 03/04/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2047.1625 [GMT -5:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

system32/rundll32.exe Error. Cannot Uninstall Programs.

Make sure it is set to Instant Notification, then click Add Subscription.

** Note: Please stick with me until I declare that your system is free from malware. Please subscribe to this thread so that you are notified when you receive a reply. If you still require assistance and are not seeking help elsewhere, then please carry out my instructions. To do this click Thread Tools, then click Subscribe to this Thread.

We cleared them out but it hasn't been running the same since.)

I do not have the Windows XP discs.

I had a WoW patch go corrupt on me and now I am having the same error message over and over whenever I try to change anything within Windows.

- Cannot access any user accounts to make changes
- Cannot access desktop clock
- Can Install programs but cannot Uninstall anything
- No access to Control Panel
- PC is running very, very slow
(My room mate downloaded a virus and a ton of spyware a month after I purchased this PC. This was a display PC when I purchased it.

DDS (Ver_09-12-01.01) - NTFSx86
Run by HP_Administrator at 8:25:05.00 on Sun 01/24/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2927 [GMT -6:00]

AV: Webroot AntiVirus with AntiSpyware *On-access scanning enabled* (Updated) {77E10C7F-2CCA-4187-9394-BDBC267AD597}

============== Running Processes ===============

C:\Program F...

Antivirus 2010 XP after effects and problems

When I click on the icon, nothing happens. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-2-22 79816]
R3 mfebopk;McAfee Inc. The result was a series of messages saying that access was not authorized. Some such as Firefox respond to a left click by asking what program should be used to open the file.

I am unable to remove or de-activate McAfee. I tried to run GMER under this and another name. A right button click followed by a click on "start" produces the message "c:\program files\java\jre6\lib\deploy\jqs\ff\..\..\..\..\bin\jqsnotify.exe Application not found." Another click to close the message and Firefox runs. Please offer any guidance you can.

mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-2-22 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-2-22 40552]
R3 scsiscan;SCSI Scanner Driver;c:\windows\system32\drivers\scsiscan.sys [2007-11-12 11520]
S2 gupdate1c98c8d52a95038;Google Update Service (gupdate1c98c8d52a95038);c:\program files\google\update\GoogleUpdate.exe [2009-2-11 133104]
S3 mferkdk;McAfee Inc. Finally the main window appears with most of the options dimmed in gray. Although Windows Defender, Spyware Doctor, and Error Nuker did not solve the problems, McAfee full scan did isolate a problem and the virus messages stopped.

mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-2-22 214664]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\progra...

"Post" Vista Anti-Virus Issues

After the restart required for the Malywarebytes installation (may have just been me restarting my computer for whatever reason) I came back to a black screen with the only thing to interact with is the "anti"-virus crap. I did my research and figured out what it was. I followed steps online to remove it. I knew from the amount of spam I was getting it couldn't be legit.

Also my audio control icon has an X over it. "The audio service is not running"...Now having Malwarebytes installed I proceeded to remove the anti-virus. I had a wall of text going and I am going to try to make this short and sweet. Any sort of help will be much appreciated.

I had the vista "anti"-virus thing. I was interupted by my power going out. My "theme" or whatever was changed back to the old school windows 98 look or whatever. This brought me back to my desktop.

Also getting the Application was not found Rundll32.exe...... It seems as if I have gotten rid of the anti-virus. When I start up my pc I don't get anymore pop-ups etc.

This is my second time typing this.

I ctrl+alt+del, and ended the process. error or whatever. I am not the best with computers but I will do my best to respond and/or follow directions given. Also when trying to open up a program it will ask me to choose from a list of programs to open it with.

I downloaded Malwarebytes. I also noticed my internet was not working. "The service to dete...

PC no network service

Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! On checking there are no extended services running and very view in standard when trying to start them i get errors. SASDIFSV;SASDIFSV
S? PCTCore;PCTools KDS

sdAuxService;PC Tools Auxiliary Service
S? Any help appreciated as I would like to salvage this install


DDS (Ver_09-12-01.01) - NTFSx86
Run by Gary at 16:17:43.75 on 25/02/2010
Internet Explorer: 7.0.5730.11

============== Running Processes ===============

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://
mStart Page = hxxp://

Help removing Trojan Horse Backdoor.generic 12 AIHO, please

Anything you can do to help would be MOST APPRECIATED! I re-scanned my computer but it did not find it again, however, I noticed quite a few of my files were marked "Locked/Not Tested", which I have never seen before (or since). uDefault_Page_URL = hxxp://
mStart Page = hxxp://
mDefault_Page_URL = hxxp://
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

"Windows cannot windows the specified device...." ad nauseum!

This is a screen I have never seen before today. Always in the past, I have seen a blue screen with a message in white letters, "Windows is shutting down...Saving your settings..." etc.
7) The default Win XP Pro screen saver is now turned on. My bad. Bill Coley


But rather than wait hours for those to finish, I post this preliminary description in case you all have suggestions for other actions. Though each of these processes found something to alert me to, none of them improved the health of the PC. you may not have appropriate permissions."
5) The more I attempt to navigate around Windows, the slower the machine becomes.
6) If I click Restart Windows, a small rectangular "Windows XP Professional" splash screen appears during the shut down process, reporting the steps in the shut down process. Actions taken so far:
1) AVG Antivirus, complete scan, in Safe Mode
2) Malwarebytes, complete scan, in Safe Mode
3) Bitdefender online scan, in Safe Mode
4) Avira Rescue process ISO image burned to CD, complete scan, in Safe Mode.

I think it's a virus or malware, but I can't find it, and I really need full access to this PC on Friday, if at all possible, to make final preparations for our Sunday worship. The screen saver while in Safe Mode is in fact the default XP Pro screen saver; it is not the blank screen I reported in the original post. We have never used that screen saver (instead, had screen go to black).
8) B...

Problem with ie browser

looking at the back button history, this appears to be some thing called 'adclicks' and the only way around it is to use the dropdown to go to the correct page, or rapidly double click the back button. Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2008-7-9 352920]
S3 ACRUSBTM;ACRUSBTM;c:\windows\system32\drivers\ACRUSBTM.SYS [2009-10-4 28672]
S3 AdWatchDrv;AW Realtime Driver;\??\c:\windows\system32\drivers\awrtpd.sys --> c:\windows\system32\drivers\AWRTPD.sys [?]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2009-10-14 36608]
S3 STV673;STV0673 Camera;c:\windows\system32\drivers\STV673.SYS [2000-9-16 122256]

=============== Created Last 30 ================

2010-02-06 23:21:18 0 d-----w- c:\program files\MSECache

==================== Find3M ====================

2010-02-03 18:54:00 78056 ----a-w- c:\docume~1\martin~1\applic~1\GDIPFONTCACHEV1.DAT
2010-01-14 11:12:06 181120 ------w- c:\windows\system32\MpSigStub.exe
2009-12-31 16:50:03 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14:05 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-17 19:21:05 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:27:51 2189184 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43:50 2066048 ------w- c:\windows\system32\ntkrnlpa.exe
2009-11-27 17:11:44 179...

Broken hyperlinks takes me www. anrdoezrs. net etc

I am very frustrated with this. This link appears to be broken. My computer is behaving for last 1 year. Please be patience with me during this time.

anrdoezrs. net
Search for click 12 6029 1 10 4281 84
Search on Google:

Go to tkqlhce. Suggestions:
Go to www. Make sure it is set to Instant Notification, then click Subscribe.

anrdoezrs. For example today I clicked on some laptop deal link in and I got the following results

Oops! You may wish to subscribe to this thread to get immediate notification of replies as soon as they are posted.

Please see attached logs. I am not able to run gmer.exe, as I am getting blue warning screen from Microsoft. net" like many other websites. Please help me.

I am currently reviewing your log. com
Search for click 12 6029 1 1069 3102
Search on Google:

Each time it take me to different websites. To do this click Thread Tools, then click Subscribe to this Thread. DDS (Ver_09-12-01.01) - NTFSx86
Run by Siri at 10:43:40.03 on Thu 02/25/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2550.1774 [GMT -5:00]

AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\System32\svchost.exe -k netsvcs ...

Recommended Solution Links:

(1) Download Windows Errors repair utility.

Note: The manual fix of Windows error is Only recommended for advanced computer users.Download the automatic repair tool instead.