[Resolved] Several Problems w/hjt and others

Welcome to your place for tech questions! ( Log In or Join today ) Get answers from experts today. (it's 100% free) Virus removal forum

What the Tech > Spyware / Malware / Virus Removal > Virus, Spyware & Malware Removal

3 Pages

1 2 3 >

[Resolved] Several Problems w/hjt and others, Unknown Infection

Options

Bryan A View Member Profile	Jun 3 2010, 03:39 PM Post #1
Authentic Member Group: Authentic Member Posts: 133 Joined: 23-May 08 From: Stockton CA Member No.: 79,234 Operating System: Win7 64 Home	When I ran the latest Mbam scan it stops at this point: c:windows\system32\NOISE.CHT and then everything locks up and I have to manually force a shut down. I've run it under administrator and regular user. When I ran it under safe mode w/networking the scan completed and found nothing, I rebooted and ran it again and got the NOISE.CHT result again. I ran a HJT scan and it stopped first and displayed this : HJT-Denied write access to hosts file. I am running Online Armor++ beta v4.00.050 for Win7 64x. I just installed this new version last night but it seemed to be working ok then. When I first logged on this morning OA++ asked for permission to allow C:\windows\system32\OEM\NowintoDT.vbs. When I googled it it came up in Dutch and translated to unknown file. I scanned nowintoDT.vbs with mbam and mse and both came up clean. This is all the info I can recall about the problem here is the hjt log. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 9:48:11 AM, on 5/16/2010 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe C:\Program Files (x86)\Tall Emu\Online Armor\oaui.exe C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files (x86)\Innovative Solutions\DriverMax\devices.exe C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe c:\Windows\System32\oem\SetEvent.exe C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe C:\Program Files (x86)\Tall Emu\Online Armor\OAhlp.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Users\Bryan\PSI\psi.exe C:\Windows\SysWOW64\NOTEPAD.EXE C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Trend Micro\HijackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&a...28v1j5w45j1t539 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&a...28v1j5w45j1t539 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&a...28v1j5w45j1t539 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Partner BHO Class - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (file missing) O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k O4 - HKLM\..\Run: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [OpenDNS Updater] "C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe" /autostart O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [DriverMax] "C:\Program Files (x86)\Innovative Solutions\DriverMax\devices.exe" -agent O4 - HKCU\..\Run: [DriverMax_RESTART] "C:\Program Files (x86)\Innovative Solutions\DriverMax\devices.exe" -RESTART O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_93C8148BBB233F43.dll/cmsidewiki.html O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://oas.support.microsoft.com/ActiveX/MSDcode.cab O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://content.systemrequirementslab.com.s...ri_4.1.71.0.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{473F86ED-FB55-42E5-8A1F-9FC700C929D6}: NameServer = 208.67.222.222,208.67.220.220 O17 - HKLM\System\CS1\Services\Tcpip\..\{473F86ED-FB55-42E5-8A1F-9FC700C929D6}: NameServer = 208.67.222.222,208.67.220.220 O17 - HKLM\System\CS2\Services\Tcpip\..\{473F86ED-FB55-42E5-8A1F-9FC700C929D6}: NameServer = 208.67.222.222,208.67.220.220 O20 - AppInit_DLLs: C:\PROGRA~2\Google\GOOGLE~3\GO36F4~1.DLL O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Encrypting File System (EFS) (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: Online Armor Helper Service (OAcat) - Unknown owner - C:\Program Files (x86)\Tall Emu\Online Armor\OAcat.exe O23 - Service: Partner Service - Google Inc. - C:\ProgramData\Partner\Partner.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Online Armor (SvcOnlineArmor) - Unknown owner - C:\Program Files (x86)\Tall Emu\Online Armor\oasrv.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Updater Service - Acer - C:\Program Files\Acer\Acer Updater\UpdaterService.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 12752 bytes I'm using the OA++ for firewall and mse for malware and antivirus. the OA++ antivirus is compatable with mse and offers no conflicts. I have other scanners I use for on demand only. Since getting this new computer I have been struggling to learn the Win7 home premium and the 64x systems so please bear with me. Thanks much Also, my mail in the hotmail account is now being opened before I open them, does anyone know anything about this type of problem? It has me very worried that my system is severely compromised. This post has been edited by Bryan A: Jun 3 2010, 04:32 PM

SweetTech View Member Profile	Jun 3 2010, 04:37 PM Post #2
SuperMember Group: Visiting Staff Posts: 3,364 Joined: 15-March 09 From: Antarctica Member No.: 84,696 Operating System: Vista	Hello and welcome to the forums! My name is SweetTech, it's a pleasure to meet you. If you have already received help elsewhere please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below: Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please make sure to carefully read any instruction that I give you. Reading too lightly will cause you to miss important steps, which could have destructive effects. If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask! These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. It's important to note that these instructions are not suitable for any other computer, even if the issues are fairly similar. Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date! If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly. *In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!* Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post. I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together Because of this, you must reply within three days failure to reply will result in the topic being closed! Please do not PM me directly for help. If you have any questions, post them in this topic. The only time you can and should PM me is when I have not been replying to you for several days (usually around 4 days) and you need an explanation. If that's the case, just send me a message on here. Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system. Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available. ____________________________________________________ Running OTS Download OTS to your Desktop Close ALL OTHER PROGRAMS. Double-click on OTS.exe to start the program. Check the box that says Scan All Users Under Additional Scans click the "Extras" button In the custom scans section copy and paste in the following netsvcs drivers32 %SYSTEMDRIVE%\. %systemroot%\. /mp /s CREATERESTOREPOINT %systemroot%\system32\.dll /lockedfiles %systemroot%\Tasks\.job /lockedfiles %systemroot%\System32\config\.sav %systemroot%\system32\drivers\.sys /180 Now click the Run Scan* button on the toolbar. Let it run unhindered until it finishes. When the scan is complete Notepad will open with the report file loaded in it. Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it. Please post the contents of the log in your next post. NEXT: Please make sure you include the following items in your next post: 1. Any comments or questions you may have that you'd like for me to answer in my next post to you. 2. The log that was produced after running the OTS scan. 3. An update on how your computer is currently running. It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Bryan A View Member Profile	Jun 4 2010, 12:19 AM Post #3
Authentic Member Group: Authentic Member Posts: 133 Joined: 23-May 08 From: Stockton CA Member No.: 79,234 Operating System: Win7 64 Home	It isn't good news. The OTS scan also stopped in mid scan at this point: C:\Windows\system32\ntdll.dll in the scan and would go no further. I double checked that everything you asked for me to do was done in the order you asked. At this point I can only say that the computer is not working properly because of the halt in the scan. My questions are self evident, whats wrong? And how did it get to this point? I leave all up to you to decide what you need me to do next. I've never had this problem before, before I sent the original post to you I had disabled OA++ and had to manually enable the windows firewall, that has also never happened before, it has always come on automatically. Sorry for forgetting to mention in in my original post. With OA++ disabled the mbam scan still froze at the same spot, leading me to think that perhaps it was not related to the beta OA++.I re-enabled OA and still had the same problem, it was at that time that I asked for help from your site.

SweetTech View Member Profile	Jun 4 2010, 07:18 AM Post #4
SuperMember Group: Visiting Staff Posts: 3,364 Joined: 15-March 09 From: Antarctica Member No.: 84,696 Operating System: Vista	Try running the OTS scan in Safe Mode. Entering Safe Mode Restart your computer. As the computer starts to boot-up, Tap the F8 KEY repeatedly, This will bring up a menu. Use the Up and Down Arrow Keys to scroll to Safe Mode Then press the Enter Key on your Keyboard Go into your usual account

SweetTech View Member Profile	Jun 4 2010, 10:37 AM Post #6
SuperMember Group: Visiting Staff Posts: 3,364 Joined: 15-March 09 From: Antarctica Member No.: 84,696 Operating System: Vista	Hello, Running OTS Fix Start OTS Copy/Paste the information inside the codebox below into the panel where it says "Paste fix here" and then click the Run Fix button. CODE [Kill All Processes] [Unregister Dlls] [Registry - Safe List] < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ YN -> {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] < CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer YN -> \\"NoActiveDesktop" -> [1] YN -> \\"NoActiveDesktopChanges" -> [1] < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ YN -> {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab [Reg Error: Key error.] < 64bit-SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad YN -> "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] < SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad YN -> "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] [Registry - Additional Scans - Safe List] < 64bit-Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ YN -> belarc:{6318E0AB-2E93-11D1-B8ED-00608CC9A71F} [HKLM] -> Reg Error: Key error.[Reg Error: Key error.] YN -> livecall:{828030A1-22C1-4009-854F-8E305202313F} [HKLM] -> Reg Error: Key error.[Reg Error: Key error.] YN -> ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} [HKLM] -> Reg Error: Key error.[Reg Error: Key error.] YN -> ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} [HKLM] -> Reg Error: Key error.[Reg Error: Key error.] YN -> msnim:{828030A1-22C1-4009-854F-8E305202313F} [HKLM] -> Reg Error: Key error.[Reg Error: Key error.] YN -> wlmailhtml:{03C514A3-1EFB-4856-9F99-10D7BE1653C0} [HKLM] -> Reg Error: Key error.[Reg Error: Key error.] YN -> wot:{C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} [HKLM] -> Reg Error: Key error.[Reg Error: Key error.] [Files/Folders - Created Within 30 Days] NY -> 2 C:\Windows\SysNative\.tmp files -> C:\Windows\SysNative\.tmp [Files/Folders - Modified Within 30 Days] NY -> 34 C:\Users\Bryan\AppData\Local\Temp\.tmp files -> C:\Users\Bryan\AppData\Local\Temp\.tmp NY -> 2 C:\Windows\SysNative\.tmp files -> C:\Windows\SysNative\.tmp NY -> 1 C:\Users\Bryan\AppData\Local\Temp\HouseCall\.tmp files -> C:\Users\Bryan\AppData\Local\Temp\HouseCall\.tmp [Empty Temp Folders] [Reboot] The fix should only take a very short time. When the fix is completed a message box will popup either telling you that it is finished, or that a reboot is needed to complete the fix. If the fix is complete, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that log back here in your next reply. If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTS will finish moving any files that could not be moved during the fix and NotePad will open with the final results at that time. Post that log back here in your next reply. NEXT: Malwarebytes' Anti-Malware I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings: Open Malwarebytes' Anti-Malware Select the Update tab Click Check for Updates After the update have been completed, Select the Scanner tab. Select Perform quick scan, then click on Scan Leave the default options as it is and click on Start Scan When done, you will be prompted. Click OK, then click on Show Results Checked (ticked) all items and click on Remove Selected After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. NEXT: ESET Online Scanner I'd like us to scan your machine with ESET Online Scan Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time. Please don't go surfing while your resident protection is disabled! Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs. Hold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScan Click the button. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps) Click on to download the ESET Smart Installer. Save it to your desktop. Double click on the icon on your desktop. Check Click the button. Accept any security warnings from your browser. Check Make sure that the option "Remove found threats" is Unchecked Push the Start button. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. When the scan completes, push Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. Push the button. Push NEXT: Running OTS Download OTS to your Desktop Close ALL OTHER PROGRAMS. Double-click on OTS.exe to start the program. Check the box that says Scan All Users Under Additional Scans click the "Extras" button In the custom scans section copy and paste in the following netsvcs drivers32 %SYSTEMDRIVE%\. %systemroot%\. /mp /s CREATERESTOREPOINT %systemroot%\system32\.dll /lockedfiles %systemroot%\Tasks\.job /lockedfiles %systemroot%\System32\config\.sav %systemroot%\system32\drivers\.sys /180 Now click the Run Scan* button on the toolbar. Let it run unhindered until it finishes. When the scan is complete Notepad will open with the report file loaded in it. Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it. Please post the log in your next post. NEXT: Security Check Download Security Check by screen317 from here or here. Save it to your Desktop. Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document. NEXT: Please make sure you include the following items in your next post: 1. Any comments or questions you may have that you'd like for me to answer in my next post to you. 2. The log that was produced after running the OTS fix. 3. The log that was produced after running the updated MalwareBytes' Anti-Malware scan. 4. The log that was produced after running the ESET Online Virus Scanner. 5. The log that was produced after running the OTS scan. 6. The log that was produced after running the Security Check scan. 7. An update on how your computer is currently running. It would be helpful if you could answer each question in the order asked, as well as numbering your answers. Cheers, SweetTech.

Bryan A View Member Profile	Jun 4 2010, 12:25 PM Post #7
Authentic Member Group: Authentic Member Posts: 133 Joined: 23-May 08 From: Stockton CA Member No.: 79,234 Operating System: Win7 64 Home	First should I run the fix under safe mode? Or am I to attempt doing everything in normal settings first to see what happens? Sorry for all the questions.

SweetTech View Member Profile	Jun 4 2010, 12:30 PM Post #8
SuperMember Group: Visiting Staff Posts: 3,364 Joined: 15-March 09 From: Antarctica Member No.: 84,696 Operating System: Vista	Go ahead and run the OTS fix in safe mode and then when your computer reboots let it reboot normally.

Bryan A View Member Profile	Jun 4 2010, 01:16 PM Post #9
Authentic Member Group: Authentic Member Posts: 133 Joined: 23-May 08 From: Stockton CA Member No.: 79,234 Operating System: Win7 64 Home	Sorry Sweetech, but once again Mbam started the scan and then stopped and froze completely at the same point C:\Windows\system32\NOISE.cht I had to manually shut down and reboot. Do you want me to run all the instructions under safe mode? Or what else should I do at this time?

SweetTech View Member Profile	Jun 4 2010, 01:21 PM Post #10
SuperMember Group: Visiting Staff Posts: 3,364 Joined: 15-March 09 From: Antarctica Member No.: 84,696 Operating System: Vista	Did you first update the MBAM database to the latest version? Try running MBAM in Safe Mode.

Bryan A View Member Profile	Jun 4 2010, 01:39 PM Post #11
Authentic Member Group: Authentic Member Posts: 133 Joined: 23-May 08 From: Stockton CA Member No.: 79,234 Operating System: Win7 64 Home	Here is the log of Mbam run in safe mode. I watched as the scan progressed to see if anything happened when it got to the file NOISE.cht file, it just went right on through as if nothing was wrong. After I send this I will reboot back to normal mode and pick up on your instructions from there. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4169 Windows 6.1.7600 (Safe Mode) Internet Explorer 8.0.7600.16385 6/4/2010 12:33:59 PM mbam-log-2010-06-04 (12-33-59).txt Scan type: Quick scan Objects scanned: 154798 Time elapsed: 2 minute(s), 39 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

SweetTech View Member Profile	Jun 4 2010, 01:45 PM Post #12
SuperMember Group: Visiting Staff Posts: 3,364 Joined: 15-March 09 From: Antarctica Member No.: 84,696 Operating System: Vista

SweetTech View Member Profile	Jun 4 2010, 04:27 PM Post #14
SuperMember Group: Visiting Staff Posts: 3,364 Joined: 15-March 09 From: Antarctica Member No.: 84,696 Operating System: Vista	AVP Tool by Kaspersky IMPORTANT: Save these instructions so you can have access to them while in Safe Mode. Download the AVP Tool by Kaspersky from Here & save it to your desktop. Be aware that this is a large file.... approximately 60mb. Reboot your computer into Safe Mode You can do this by restarting your computer and continually tapping the F8 key until a menu appears Use your up arrow key to highlight Safe Mode then press Enter Double click the setup file to run it Click Next to continue Accept the License agreement then click Next It will by default install to your desktop folder. Click Next Once installed it will open a box. Click the Automatic scan tab Under Automatic scan make sure the following are checked: Hidden Startup Objects System Memory Disk Boot Sectors My Computer Also any other drives (Removable that you may have) Leave the rest of the settings as they appear Click on Scan at the top right hand corner It will automatically neutralize any objects found If some objects are left un-neutralized, click on Neutralize all If you receive a message that an item cannot be neutralized then choose the Delete option when prompted Once finished click the Reports button at the bottom Name the file Kas & save it somewhere convenient like your desktop Copy/paste only the detected Virus\malware from the report. It will be at the very top under Detected & post those results in your next reply *Note: This program will self uninstall when you close it so save the log before closing it*

Bryan A View Member Profile	Jun 4 2010, 06:13 PM Post #15
Authentic Member Group: Authentic Member Posts: 133 Joined: 23-May 08 From: Stockton CA Member No.: 79,234 Operating System: Win7 64 Home	Sweetech I don't know what the heck is going on. After the Kaspersky scan finished I hit report and it generated a screen that gave options to see what was found. It said 2 critical events but would not show what they are. I had options to view all or important or critical events, and then everything froze again when I asked for the critical events to be shown so I could copy and send them to you. I am getting so very frustrated now, i've never had these type of problems before just your every day run of the mill infections. I know you're also frustrated, just don't desert me now. lol

« Next Oldest · Virus, Spyware & Malware Removal · Next Newest »

3 Pages

1 2 3 >

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies	Topic Starter	Views	Last Action
Virus, Spyware & Malware Removal Problems	6	PARRU	2,611	19th March 2005 - 07:02 AM Last post by: MrCharlie
Virus, Spyware & Malware Removal Popup And Spybot Problems	6	HHSDad	1,907	2nd April 2005 - 07:32 AM Last post by: LDTate
Virus, Spyware & Malware Removal Finally Rid Of Problems - Thank You!	8	butterfly	2,574	4th April 2004 - 05:16 AM Last post by: Daemon
Virus, Spyware & Malware Removal Pop-up Problems	7	sims2j	2,098	21st April 2004 - 01:13 PM Last post by: Daemon
Virus, Spyware & Malware Removal Start Page Problems.	12	magna	3,196	7th June 2004 - 12:27 AM Last post by: Daemon