[Resolved] 9 trojans, a worm, and corrupt antivirus! Help!

Welcome! Register for a free account (or login) > How does it work?

Quickly register. It will only take 60 seconds.
Start a new topic. Ask your question. Wait for an email reply.
Is your system infected? Begin reading the malware removal guide.

What the Tech > Spyware / Malware / Virus Removal > Infections Removal

[Resolved] 9 trojans, a worm, and corrupt antivirus! Help!

Options

StormyHaze View Member Profile	Nov 4 2009, 12:55 AM Post #1
Authentic Member Group: Authentic Member Posts: 50 Joined: 3-November 09 From: Virginia Member No.: 88,660 Operating System: XP	Hello! Okay, I'll try this again. I had a long message typed out and was attaching the DDS reports and I got the blue screen. So long story short, this is my kids computer so I have no idea what happened or how long it has been going on but I got curious a few days ago when I realized none of my kids had been on the computer for a long time. I get on and it is chaos. Fake antivirus messages popping up everywhere, error messages, it was impossible to function. My real antivirus (McAfee) was rendered useless so. Apparently the virus got to that too. I got on safe mode and downloaded MalwareBytes. It found 99 issues including worm.koobface and the following trojans: .Vundo.H, .Hiloti, .BHO, .Ertfor, .Agent, .Zbot, .Dropper, .FakeAlert, and .Banker. I quarantined everything and deleted it all. I thought my problem was fixed but when I restarted it was worse than before. I tried running MalwareBytes again but it is not working correctly now. I uninstalled it, ran mbam clean, and reinstalled it and it still wont work. During this process I thought maybe my McAfee antivirus was causing the problem so I uninstalled it, it wasn't working anyway. I tried downloading MANY other antivirus programs when I realized I wasnt going to get mbam to work. NONE of them will run. I tried doing an online virus scan, that won't work properly either. Even RootRepeal wont work properly so I don't have that report. When I try to run it the box comes up that says it is initializing for a while then I get the Windows blue screen. Heres the reports I did get. Any help will be very appreciated! Thanks bunches! Jen PS It wont let me upload the attach file. Let me know if you need it, I'll try to do it from my laptop. DDS: DDS (Ver_09-06-26.01) - NTFSx86 NETWORK Run by Wenninger at 23:45:41.12 on Tue 11/03/2009 Internet Explorer: 8.0.6001.18702 ============== Running Processes =============== ============== Pseudo HJT Report =============== uStart Page = hxxp://www.aol.com/ uDefault_Page_URL = hxxp://www.dellnet.com uDefault_Search_URL = hxxp://search.msn.com uWindow Title = Windows Internet Explorer provided by Yahoo! uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/http://www.yahoo.com/ext/search/search.html uInternet Settings,ProxyOverride = .local;<local> uInternet Settings,ProxyServer = http=localhost:7171 uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/http://www.yahoo.com uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - uURLSearchHooks: FCToolbarURLSearchHook Class: {19a0f032-27d7-4227-bbb5-51aa9e5904f5} - uURLSearchHooks: H - No File BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - No File BHO: This BHO has been enabled by BHODemon. - No File TB: Dogpile Toolbar: {c53fe659-316a-4f56-a194-a5be491be866} - EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [AOL Fast Start] "c:\program files\aol 9.1\AOL.EXE" -b uRun: [rundll32.exe] uRun: [WAB] c:\documents and settings\wenninger\application data\macromedia\common\ec0fe01c19.exe uRun: [SYSDLL] SYSDLL uRun: [svchost] c:\documents and settings\wenninger\application data\svcst.exe uRun: [mserv] c:\documents and settings\wenninger\application data\svcst.exe uRunOnce: [<NO NAME>] "c:\program files\internet explorer\iexplore.exe" http://www.symantec.com/techsupp/servlet/P...000028.000000D8 uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~3.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; IEMB3; .NET CLR 1.0.3705; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; NET_mmhpset)" -"http://www.cartoonnetwork.com/games/tj/cheesechase/index.html" mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [nwiz] nwiz.exe /install mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup mRun: [New.net Startup] rundll32 c:\progra~1\newdot~1\NEWDOT~2.DLL,NewDotNetStartup mRun: [MyWebSearch Plugin] rundll32 c:\progra~1\mywebs~1\bar\2.bin\M3PLUGIN.DLL,UPF mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [HostManager] c:\program files\common files\aol\1157574114\ee\AOLSoftware.exe mRun: [DwlClient] "c:\program files\common files\dell\eusw\Support.exe" mRun: [DVDSentry] c:\windows\system32\DSentry.exe mRun: [AdaptecDirectCD] "c:\program files\roxio\easy cd creator 5\directcd\DirectCD.exe" mRun: [WildTangent CDA] RUNDLL32.exe "c:\program files\wildtangent\apps\cda\cdaEngine0400.dll",cdaEngineMain mRun: [UpdReg] c:\windows\UpdReg.EXE mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC mRun: [Microsoft Works Update Detection] "c:\program files\common files\microsoft shared\works shared\WkUFind.exe" mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mRun: [LimeShop] wjview /cp:p "c:\program files\limeshop\system\code" main lp: "c:\program files\LimeShop" mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 mRun: [diagent] "c:\program files\creative\sblive\diagnostics\diagent.exe" startup mRun: [Detect Kbd Daemon] SK2000DM.EXE mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe mRun: [AOL Spyware Protection] "c:\progra~1\common~1\aol\aolspy~1\AOLSP Scheduler.exe" mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent dRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NVMCTRAY.DLL,NvTaskbarInit dRunOnce: [RunNarrator] Narrator.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc1~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpohmr08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe uPolicies-explorer: ForceActiveDesktopOn = 0 (0x0) uPolicies-system: NoDispAppearancePage = 0 (0x0) uPolicies-system: NoColorChoice = 0 (0x0) uPolicies-system: NoSizeChoice = 0 (0x0) uPolicies-system: NoVisualStyleChoice = 0 (0x0) uPolicies-system: NoDispSettingsPage = 0 (0x0) uPolicies-system: EnableProfileQuota = 1 (0x1) mPolicies-explorer: <NO NAME> = IE: IE: &AIM Search - c:\program files\aim toolbar\AIMBar.dll/aimsearch.htm IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {DD6687B5-CB43-4211-BFC9-2942CCBDCB3E} - c:\program files\microsoft money\system\mnyside.dll Trusted Zone: microsoft.com\.windowsupdate Trusted Zone: microsoft.com\v5.windowsupdate Trusted Zone: windowsupdate.com DPF: Aces Up! by pogo - hxxp://game1.pogo.com/v/8.1.1.1/applet/aces/aces-en_US.cab DPF: Backgammon by pogo - hxxp://game1.pogo.com/applet-8.0.9.41/backgammon/backgammon-en_US.cab DPF: Bingo Luau by pogo - hxxp://game1.pogo.com/v/8.1.7.44/applet/freebingo/freebingo-en_US.cab DPF: Blackjack by pogo - hxxp://game3.pogo.com/v/8.1.7.44/applet/blackjack/blackjack-en_US.cab DPF: Blackjack Carnival by pogo - hxxp://game1.pogo.com/v/8.1.1.1/applet/vbjack2/vbjack2-en_US.cab DPF: Blooop by pogo - hxxp://game1.pogo.com/v/8.1.0.23/applet/cascade/cascade-en_US.cab DPF: Canasta by pogo - hxxp://game1.pogo.com/v/8.1.1.13/applet/canasta/canasta-en_US.cab DPF: Checkers by pogo - hxxp://game1.pogo.com/applet-8.0.9.41/checkers2/checkers-en_US.cab DPF: Chess by pogo - hxxp://game1.pogo.com/v/8.1.1.13/applet/chess2/chess2-en_US.cab DPF: Dice City Roller by pogo - hxxp://game3.pogo.com/v/8.1.9.1/applet/ytz/ytz-en_US.cab DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab DPF: Dominoes by pogo - hxxp://game1.pogo.com/v/8.1.0.23/applet/domino/domino-en_US.cab DPF: Double Deuce Poker by pogo - hxxp://game1.pogo.com/v/8.1.1.1/applet/videopoker2/doubledeuce-en_US.cab DPF: Fortune Bingo by pogo - hxxp://game1.pogo.com/applet-8.0.9.41/superbingo/superbingo-en_US.cab DPF: Hangman Hijinks by pogo - hxxp://game3.pogo.com/v/8.1.8.10/applet/hangman/hangman-en_US.cab DPF: Hearts by pogo - hxxp://game3.pogo.com/v/8.1.7.44/applet/hearts/hearts-en_US.cab DPF: High Stakes Poker by pogo - hxxp://game1.pogo.com/applet-8.0.9.41/drawpoker/drawpoker-en_US.cab DPF: High Stakes Pool by pogo - hxxp://game1.pogo.com/v/8.1.0.23/applet/pool2/pool-en_US.cab DPF: Hog Heaven Slots by pogo - hxxp://game1.pogo.com/v/8.1.7.44/applet/fancy/fancy-en_US.cab DPF: Jungle Gin by pogo - hxxp://game1.pogo.com/v/8.1.1.13/applet/gin2/gin2-en_US.cab DPF: Lost Temple Poker by pogo - hxxp://game1.pogo.com/v/8.1.0.23/applet/mhpoker/mhpoker-en_US.cab DPF: Lottso by pogo - hxxp://game3.pogo.com/v/8.1.9.1/applet/lottso/lottso-en_US.cab DPF: Makeover Madness by pogo - hxxp://game3.pogo.com/v/8.1.7.44/applet/shoes/shoes-en_US.cab DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: NASCAR Web Racing by pogo - hxxp://game1.pogo.com/v/8.1.1.1/applet/nascar/nascar-en_US.cab DPF: No-Limit Texas Hold'em by pogo - hxxp://game1.pogo.com/v/8.1.1.21/applet/allin/allin-en_US.cab DPF: Pai Gow by pogo - hxxp://game1.pogo.com/v/8.1.1.1/applet/paigow/paigow-en_US.cab DPF: Payday Freecell Solitaire by pogo - hxxp://game1.pogo.com/v/8.1.1.1/applet/freecell2/freecell2-en_US.cab DPF: Perfect Pair Solitaire by pogo - hxxp://game1.pogo.com/v/8.1.7.44/applet/waterwheel/waterwheel-en_US.cab DPF: Phlinx by pogo - hxxp://game1.pogo.com/v/8.1.1.1/applet/flinger/flinger-en_US.cab DPF: Poppit by pogo - hxxp://game1.pogo.com/v/8.1.0.23/applet/poppit2/poppit2-en_US.cab DPF: Quick Quack by pogo - hxxp://game1.pogo.com/v/8.1.7.44/applet/hotstreak/hotstreak-en_US.cab DPF: QWERTY by pogo - hxxp://game1.pogo.com/v/8.1.1.13/applet/squares/squares-en_US.cab DPF: Ride The Tide by pogo - hxxp://game1.pogo.com/v/8.1.0.23/applet/ride/ride-en_US.cab DPF: Showbiz Slots by pogo - hxxp://game1.pogo.com/v/8.1.0.24/applet/slots/showbiz-en_US.cab DPF: Spooky Slots - hxxp://game1.pogo.com/v/8.1.1.35/applet/spooky/spooky-en_US.cab DPF: Squelchies by pogo - hxxp://game1.pogo.com/v/8.1.1.1/applet/squelchies/squelchies-en_US.cab DPF: Stax by pogo - hxxp://game1.pogo.com/v/8.1.1.1/applet/stax/stax-en_US.cab DPF: Sweet Tooth TM by pogo - hxxp://game1.pogo.com/v/8.1.1.13/applet/sweettooth/sweettooth-en_US.cab DPF: Thousand Island Solitaire by pogo - hxxp://game3.pogo.com/v/8.1.9.1/applet/millbrae/millbrae-en_US.cab DPF: Turbo 21 v2 by pogo - hxxp://game1.pogo.com/v/8.1.9.7/applet/turbo22/turbo22-en_US.cab DPF: Wonderland Memories by pogo - hxxp://game1.pogo.com/v/8.1.0.23/applet/memories/memories-en_US.cab DPF: Word Search Daily by pogo - hxxp://game3.pogo.com/v/8.1.9.4/applet/wordsearch/wordsearch-en_US.cab DPF: Word Whomp by pogo - hxxp://game1.pogo.com/v/8.1.0.23/applet/wordwhomp2/whomp2-en_US.cab DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1104984549012 DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1157565582500 DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://zone.msn.com/binFramework/v10/ZIntro.cab32846.cab DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} - hxxp://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe DPF: {F55C25D3-D16A-11D3-81DF-00A0C91F5E7D} - hxxp://www.kiddonet.com/kiddonet/GtekPrt.ocx SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll LSA: Notification Packages = :\windows\system32\srrstr.dll cli scecli ============= SERVICES / DRIVERS =============== =============== Created Last 30 ================ 2009-11-03 22:57 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-11-03 22:57 19,160 a------- c:\windows\system32\drivers\mbam.sys 2009-11-03 22:57 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2009-11-03 21:38 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files 2009-11-03 01:23 <DIR> --d----- c:\docume~1\wennin~1\applic~1\AVG8 2009-11-03 00:34 <DIR> --d----- c:\windows\LastGood.Tmp 2009-11-02 14:32 <DIR> --d----- c:\program files\Panda Security 2009-11-02 05:07 18,525 a------- c:\windows\system32\wifigewor.db 2009-11-02 05:07 17,607 a------- c:\program files\common files\emytecos.bin 2009-11-02 05:07 13,103 a------- c:\windows\izotepoz.reg 2009-11-02 05:07 17,671 a------- c:\windows\ezihojekiv.exe 2009-11-02 05:07 17,495 a------- c:\windows\ixozak.ban 2009-11-02 05:07 14,396 a------- c:\windows\ajogiz.vbs 2009-11-02 05:07 13,015 a------- c:\windows\ycizuxyk._sy 2009-11-02 05:07 17,974 a------- c:\windows\system32\ubohinake.lib 2009-11-02 05:07 16,269 a------- c:\windows\system32\imukyboq.db 2009-11-02 05:07 11,462 a------- c:\windows\bevepotah.dat 2009-11-02 05:07 13,387 a------- c:\windows\linusimypo.dat 2009-11-02 02:16 <DIR> --d----- c:\docume~1\wennin~1\applic~1\Malwarebytes 2009-11-01 23:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes 2009-11-01 10:12 36 a------- c:\windows\rasqervy.dll 2009-11-01 10:12 8 a------- c:\windows\sdfinacs.dll 2009-11-01 10:12 5 a------- c:\windows\sdfixwcs.dll 2009-11-01 02:40 552 a------- c:\windows\system32\d3d8caps.dat 2009-10-31 22:56 12,211 a------- c:\windows\abipy.lib 2009-10-31 22:56 10,668 a------- c:\windows\tepavil.pif 2009-10-31 22:56 14,450 a------- c:\docume~1\wennin~1\applic~1\emosican.com 2009-10-31 22:56 19,953 a------- c:\windows\system32\wifaru.db 2009-10-31 22:56 14,266 a------- c:\program files\common files\jewicelimu.scr 2009-10-31 22:56 16,692 a------- c:\windows\ipuba.ban 2009-10-31 22:56 16,032 a------- c:\docume~1\alluse~1\applic~1\xobexoq.scr 2009-10-31 22:56 12,117 a------- c:\docume~1\wennin~1\applic~1\usewygi.dll ==================== Find3M ==================== 2009-11-02 05:07 13,365 a------- c:\program files\common files\itawiqimy._sy 2009-11-02 05:07 18,281 a------- c:\program files\common files\ijeq.dl 2009-10-31 22:56 13,578 a------- c:\program files\common files\abawogyrob.lib 2008-12-16 16:22 139,112 ac------ c:\docume~1\wennin~1\applic~1\GDIPFONTCACHEV1.DAT 2004-12-25 19:47 35,121,138 a------- c:\program files\NIS_Retail.EXE 2003-12-10 20:39 457 a------- c:\program files\INSTALL.LOG 2008-10-17 01:18 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008101720081018\index.dat ============= FINISH: 0:01:57.87 ===============

Posts in this topic

StormyHaze [Resolved] 9 trojans, a worm, and corrupt antivirus! Help! Nov 4 2009, 12:55 AM

chamber Download ComboFix from one of these locations: Li... Nov 4 2009, 06:31 AM

StormyHaze Hi there! Thank you so much for helping me... Nov 4 2009, 02:34 PM

chamber Post when ready my good man. Nov 4 2009, 03:41 PM

StormyHaze Okay ComboFix finished. It deleted a bunch of fil... Nov 4 2009, 03:54 PM

chamber Hi, is it still running? Is your antivirus runni... Nov 4 2009, 04:15 PM

StormyHaze Yes it still says the same thing, no change at all... Nov 4 2009, 04:19 PM

chamber Ok, Hit Ctrl, Alt and Delete and tell me what ru... Nov 4 2009, 04:21 PM

StormyHaze Okay, I really appreciate your help. Here they ar... Nov 4 2009, 04:31 PM

chamber Kill this CF32175.exe See if that helps Nov 4 2009, 04:44 PM

StormyHaze Okay I ended that process. It's been about 5 m... Nov 4 2009, 04:52 PM

chamber It shouldn't really run for anything longer th... Nov 4 2009, 04:58 PM

StormyHaze Okay, so this is weird....when I ended the ATTRIB.... Nov 4 2009, 05:05 PM

chamber No it wasn't fake, that was gathering informat... Nov 5 2009, 02:10 AM

StormyHaze Okay, my compute shut down last night so when I st... Nov 5 2009, 09:18 AM

StormyHaze Okay, I went ahead and started in safe mode. I fo... Nov 5 2009, 11:08 AM

chamber Ok, Lets try something else. Download OTL to y... Nov 5 2009, 04:21 PM

StormyHaze Okay, I did what you said and it ran for about 10 ... Nov 5 2009, 04:58 PM

chamber Post a fresh DDS log Nov 5 2009, 05:00 PM

StormyHaze DDS (Ver_09-06-26.01) - NTFSx86 NETWORK Run by We... Nov 5 2009, 05:11 PM

StormyHaze Can anyone help me?? Nov 5 2009, 09:51 PM

chamber QUOTE (StormyHaze @ Nov 6 2009, 03:51 AM)... Nov 6 2009, 01:58 AM

StormyHaze Oh I figured. I know you have life besides this lo... Nov 6 2009, 10:23 AM

StormyHaze ummmmmm a window popped up that says there is a ne... Nov 6 2009, 10:48 AM

StormyHaze I did some research, couldnt find ANYTHING about n... Nov 6 2009, 11:20 AM

StormyHaze Okay, it finished and rebooted the computer. It d... Nov 6 2009, 12:32 PM

StormyHaze I think it worked!!! I left and went ... Nov 6 2009, 03:53 PM

StormyHaze So is that it?? Am I done or what do I do now?? Nov 6 2009, 11:23 PM

chamber Hi, 1) CFScript 1. Close any open browsers. 2.... Nov 7 2009, 04:14 AM

StormyHaze I got as far as creating the CFScript.txt file and... Nov 7 2009, 09:32 AM

StormyHaze It is asking me to update combofix again. Should ... Nov 7 2009, 10:22 AM

chamber Yes, update it. Nov 7 2009, 10:23 AM

StormyHaze Okay ComboFix is done. Apparently there was a ser... Nov 7 2009, 01:44 PM

StormyHaze Okay, I cant run MalwareBytes. It stalls as soon ... Nov 7 2009, 02:34 PM

StormyHaze I ran mbam even though I couldnt update it. When ... Nov 8 2009, 02:01 AM

chamber Did you remove what Malwarebytes found? Post a fr... Nov 9 2009, 02:22 AM

StormyHaze No, I don't think MalwareBytes was able to rem... Nov 9 2009, 10:22 AM

chamber Ok, Boot into normal mode. Download TFC to your... Nov 9 2009, 10:27 AM

StormyHaze Okay, I ran TFC and it ran perfectly. It deleted o... Nov 9 2009, 09:06 PM

chamber Ok, We'll how another tool gets along then. ... Nov 10 2009, 01:53 AM

StormyHaze Okay...I downloaded avz4. Everytime I tried to up... Nov 10 2009, 01:59 PM

chamber Potentially, Try to run it again and lets see wh... Nov 10 2009, 02:48 PM

StormyHaze Finally! I think something worked correctly... Nov 10 2009, 03:08 PM

chamber Ok, Nothing there out of the ordinary. Hi ther... Nov 11 2009, 01:57 AM

StormyHaze Okay, I tried running OTS.. I got the same error t... Nov 11 2009, 11:00 AM

chamber Ok, as it is in a Temp folder lets try this, Ple... Nov 11 2009, 11:24 AM

StormyHaze I decided to try to update MalwareBytes rigfht aft... Nov 11 2009, 05:20 PM

StormyHaze Okay, I just ran ATF then tried to run OTS again. ... Nov 11 2009, 05:58 PM

chamber Ok, Delete the copy of ComboFix that you have an... Nov 12 2009, 02:08 AM

StormyHaze ComboFix ran without a hitch as well! :-) *... Nov 12 2009, 10:25 AM

chamber Hi, Good to know about the updates. 1. Close... Nov 12 2009, 11:00 AM

StormyHaze Another thing went right! This is getting goo... Nov 12 2009, 04:20 PM

chamber Can you try OTL for me again? Nov 13 2009, 02:25 AM

StormyHaze Tried OTL again. Same error and "Out of memo... Nov 13 2009, 10:58 AM

chamber Dang. Just to let you know I'll be away from ... Nov 13 2009, 11:03 AM

CatByte Hi, chamber has asked me to assist while he's... Nov 13 2009, 02:05 PM

StormyHaze Hi there! Thanks so much for helping! ... Nov 13 2009, 06:36 PM

CatByte Hi, Please do the following: Please open your Ma... Nov 13 2009, 06:55 PM

StormyHaze Okay, I did everything. The computer is MUCH bett... Nov 13 2009, 10:12 PM

CatByte Hi, boot it normally, with all the programs runnin... Nov 13 2009, 10:21 PM

CatByte Hi, boot it normally, with all the programs runnin... Nov 13 2009, 10:23 PM

StormyHaze Here is the DDS: DDS (Ver_09-10-26.01) - NTFSx86... Nov 13 2009, 10:44 PM

CatByte Still signs of infection there unfortunately Lets... Nov 13 2009, 10:56 PM

StormyHaze New combofix: ComboFix 09-11-14.01 - Wenninger 11... Nov 14 2009, 12:15 AM

CatByte Hi, Please do the following: Very Important... Nov 14 2009, 07:04 AM

StormyHaze Here is the combofix log. I will run the virus sc... Nov 14 2009, 11:29 AM

CatByte Hi I have uploaded a file called CFScript for you... Nov 14 2009, 12:03 PM

StormyHaze Should I let the virus scan finish before I do the... Nov 14 2009, 01:08 PM

CatByte no, let the virus scan finish, then do the ComboF... Nov 14 2009, 02:39 PM

StormyHaze No doubt! It's been running for 5 hours a... Nov 14 2009, 05:19 PM

StormyHaze Well it finished just as I was typing that lol. H... Nov 14 2009, 05:29 PM

StormyHaze ComboFix: ComboFix 09-11-15.01 - Wenninger 11/14/... Nov 14 2009, 06:36 PM

CatByte Hi, That looks better.... how is the computer ru... Nov 14 2009, 06:40 PM

StormyHaze Okay, here is the fresh DDS log. No problems that... Nov 14 2009, 07:56 PM

CatByte Hi, Please do the following: I would like to se... Nov 14 2009, 09:07 PM

StormyHaze Adobe Atmosphere Player for Acrobat and Adobe Read... Nov 14 2009, 09:28 PM

CatByte Hi, Please do the following: Visit ADOBEand down... Nov 14 2009, 09:41 PM

StormyHaze Wow! Thank you so much! All done! One... Nov 14 2009, 10:23 PM

StormyHaze Oh no, I may have another problem. I'm trying... Nov 14 2009, 10:33 PM

CatByte Hi, Try going to Start> Control Panel >prin... Nov 14 2009, 10:45 PM

CatByte Note: You may need to uninstall the related softw... Nov 14 2009, 10:51 PM

StormyHaze The printer is not there but I uninstalled the old... Nov 14 2009, 10:54 PM

StormyHaze Also, it will not play sound. It says there is no... Nov 14 2009, 11:21 PM

CatByte Hi, OK, couple of things to do: Please do the fo... Nov 14 2009, 11:42 PM

CatByte Hi, Can you please verify something you mentioned... Nov 15 2009, 12:16 AM

StormyHaze Yes, all pf device manager is completely empty. T... Nov 15 2009, 01:54 AM

CatByte Your Plug and Play service is probably turned off.... Nov 15 2009, 06:41 AM

StormyHaze You are an angel! We have sound, device manag... Nov 15 2009, 10:08 AM

CatByte Excellent!!! I'm happy that... Nov 15 2009, 12:02 PM

CatByte Since this issue appears to be resolved ... this T... Nov 17 2009, 01:36 PM

« Next Oldest · Infections Removal · Next Newest »

Topic Title	Replies	Topic Starter	Views	Last Action
Infections Removal Antivirus XP 2010 VIRUS	11	stacks	404	Today, 10:43 PM Last post by: RPMcMurphy
Infections Removal antivirus vista 2010 infection	11	tiancheng	310	Today, 07:41 PM Last post by: tiancheng
Infections Removal [Resolved] netsky	8	Nate_1274	86	Today, 04:24 PM Last post by: LDTate
Infections Removal [Resolved] Can not remove virus of .sys	18	Anewr	247	Today, 04:22 PM Last post by: LDTate