0

Hi,

I recently got a virus which will not let me run any of my programs. I read the sticky thread about what to do before you post, but I cannot access the internet. I do however, have a USB which I can transfer over the programs requested, however, I will not be able to run any of those. My computer will not even let me use Ctrl+Alt+Del to view the processes. I have another laptop handy to download any files and transfer the via USB to my laptop. I have no idea what to do and would greatly appriciate some help. Everytime I try to access anyprogram (I have been trying to run Malwarebytes) a pop up appears and says something is broken and to go to this site and download an antivirus (which is obviously a scam). I cannot access the internet from the infected computer anyother way. Please advise. Thanks!

5
Contributors
118
Replies
121
Views
6 Years
Discussion Span
Last Post by jholland1964
0

I recently got a virus which will not let me run any of my programs.

-- What rogue product are you asked to install?

-- What is your OS on infected compy?

-- Are you able to boot to Safe Mode? (tap F8 at startup)
-- If so, do you have the option for Safe Mode with Networking?

-- Are you able to get a command prompt (START > RUN > Type cmd ENTER)
-- If that is blocked, try (START > RUN > Type command.com ENTER)

Let us know and we'll have a whack at this.

Cheers :)
PP

0

I also have a problem like this....i can see my desktop and transfer my files (except outlook) over to my flashdrive, so i got my files...for the most part...saved. Whenever I try and click on ANY program, it says "Application cannot be exeduted. The file (insert file name here).exe is infected. Do you want to activate your antivirus software now?" No matter what I hit yes or no, the same thing pops up and the my (or so it like like my) antivirus "ATTENTION! SPYWARE ALERT...Vulnerailites found"

Any suggestions??

Thanks in advance :)
e

0

I also have a problem like this....i can see my desktop and transfer my files (except outlook) over to my flashdrive, so i got my files...for the most part...saved. Whenever I try and click on ANY program, it says "Application cannot be exeduted. The file (insert file name here).exe is infected. Do you want to activate your antivirus software now?" No matter what I hit yes or no, the same thing pops up and the my (or so it like like my) antivirus "ATTENTION! SPYWARE ALERT...Vulnerailites found"

Any suggestions??

Thanks in advance :)
e

Oh and I have no idea what you are talking about doing with the first 2 things you suggested. Once I boot in safe mode (if I can) what do I do from there?

0

I would love to be able to do any of that, but I cant do anything on my laptop. I am on my work laptop right now. I can't get to anything to download anything and my work computer will not allow me to download, so I can't transfer anything from my flashdrive to my 'bad' laptop.

0

even when i reboot in safe mode with networking, it still does not let me on the internet.. "The proxy server is refusing connections"

0

Unless you have access to another computer that can get online to get these needed tools then there isn't much that can be done.

ARE you actually using a proxy server? If not these may have been changed by the infection.
Check these settings on the infected computer, go to Control Panel, Internet Options, Connection Tab, LAN button. Make sure there is NO check mark in Use Proxy Server. Then try to get online.

I also have some advice concerning that flash drive you have used to move items from the infected computer, there would be a very good chance that you have also moved infected files to that flash drive so don't insert it into any other computer without fully scanning it or else you could likely infect another computer.

0

OH NO!! I didnt even think about my flash drive!!!!! IF I can get back on my computer (it is running a virus scan now) and do the provided steps, will it just walk me through what I need to do? OR if I can get to a computer and go to the provided steps, what do I do? Just dowload it on my flash and then when I get back to my infected computer insert the flash and then what?

Sorry to be so unknowledgeable when it comes to this stuff....I am just WAY out of my element!!!

0

Calm down, the steps are easy to do. They are all very simple as long as you take your time and read everything. Be sure to scan that flash drive before using it again. OR get another clean one to use for the removal programs and worry about the infected one later. Just don't use it until you are 100% certain that it is completely free of any infected files, chances are that it is NOT clean.

The tools, steps and how to do each are listing in full on the sticky. The programs themselves do no walk you through the steps, they are on the sticky so print it out if needed.Or read it from another computer as you do the steps on the infected one.

http://www.daniweb.com/forums/thread134865.html

You download the tools and save them to the flash drive. Then insert the flash drive into the infected computer. Open the flash drive and move the tools from the flash drive to the computer. Install and run each tool. Save each log. Post back here with the logs.

With MBA-M it will need to be updated if possible. Then when you run the scan run a Full Scan. When it's finished it will show you in a box every bad file found in red. Make sure there are check marks next to each and then click the Clean/Quarantine box. Reboot the computer, that is very important.

Then go to the MBA-M program, click the Logs tab and open that bottom log. Copy/Paste it back here along with all the other logs.

Edited by jholland1964: n/a

0

shewww! okay, that sounds easy enough. I will try to get on my internet after the scan finishes...which btw it is at 95% and still has not found anything. I have McAfee and I did the "run through every file" option. But I will say that the entire time, the same boxes keep popping up saying that "Application cannot be executed. The file werfault.exe is infected. Do you want to activate your antivirus software now?" I click no and there is the box behind it saying "ATTENTION! SPYWARE ALERT" and then 2 options at the bottom saying "Activate your spwyare software now" and "Stay unprotected". I have had to click the "stay unprotected" a few times to see if my scan was still running and where it was.

Thanks again JHolland :)

0

werfault.exe is the Windows Error Reporting. Allow this scan to finish and then try the other steps. There may be one additional file you will need but try the steps I gave first about the flash drive and see if you can do them. If you can't let me know.

0

okay, it is in the process right now...as soon as it finishes, I will let you know :)

0

oh and i didn't do anything with the first step...maybe i should have asked about this first before continuing on. But i have no idea with a peer 2 peer program is....what is a p2p or how can i find if i have them?

0

P2P are file sharing programs like Limewire, iTorrent, BitTorrent, Frostwire. Anything like those, there are many of them, too many to list here. They are used to usually download music illegally instead of paying for it from a legitimate site like iTunes. With P2P programs you get these types of things from a person you don't know and those very often contain infections.
If you have downloaded music from anywhere without paying for it, these would be current songs, then delete the songs.

Edited by jholland1964: n/a

0

it's doing the step 5 right now....Microsoft® Windows® Malicious Software Removal Tool

0

okay it wouldnt let me do the GMER rootkit scanner...my screen went blue and shut down. I continued on to the MBA and it is working on it, so far 2 files found.

I have my DDS and the attach files, they are so huge, do i need to put them both on here?

0

Don't worry about the GMER problem. Many people have difficulties with it. Just continue on.
Add this to your list to do after the MBA-M scan is complete and you have it remove all and reboot:

IF you can get online with the infected computer. If not then that's fine.
Run the ESET Online Scanner

http://www.eset.com/onlinescan/scanner.php?i_agree=14
* You will need to allow an Active X to be installed in order to run it so be sure to do that.
* You will need to temporarily Disable your current Anti-virus program.
* Be sure the option to Remove found threats is checked and the option to Scan unwanted applications is Checked.
* When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt.
Once that is finished then post back here with all the logs.

0

YAY!!! I think everything has worked so far :) After I rebooted from the last step, my computer started up just fine and got on the internet and everything!!!!!!!!!!!!!! I am running the ESET download now. With everything working correctly do I need to still post all the files or can I just leave you alone now ;)

I do have a question about my flash drive though...do I need to just chunk it? Although I might have a file that I need on one of them...how do I get this off without infecting my computer again? I know you have said to run a scan before, but how do I do that if it doesn't give me that option when I insert it?

jholland...thank you so much! I wish I had your address so I could send you a thank you card and cookies :)

0

oh wait...with the ESET it says "Cannot get update. Is proxy configured". What now?

0

Oh yes, we do need to see ALL of those logs. Just because the computer is running right now and apparently running fine that doesn't mean that everything is gone, it could just be somewhat "crippled" and can "heal" itself and fire up again. So we need to take a look to be sure other steps aren't required. Hopefully they won't be but it is much better to assure that all is clean rather than have the same thing come up only worse the next time.

0

Just curious....is there anything in these logs that can have personal information attached to it? It says at the top of one, not to post this log, if i have to to zip it up and then attach it...

0

Nothing personal is in the logs. No, don't zip it we want you to copy/paste the logs. Know that one piece of instruction from the creator says to zip it but our instructions say;
Copy&Paste both the DDS.txt and the DDS Attach.txt into your post for assistance.

0

DDS (Ver_10-12-12.02) - NTFSx86 NETWORK
Run by Emily at 13:28:11.18 on Sat 12/18/2010
Internet Explorer: 8.0.6001.18999
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3453.2876 [GMT -6:00]

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Users\Emily\Downloads\ATF-Cleaner(2).exe
C:\Users\Emily\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:59274
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20101106141813.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - No File
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uRun: [TOSCDSPD] TOSCDSPD.EXE
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\users\emily\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [wbaivyds] c:\users\emily\appdata\local\temp\ygfhorlma\pnjrtcjaffm.exe
mRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe"
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [HWSetup] \HWSetup.exe hwSetUP
mRun: [SVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [Skytel] Skytel.exe
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Monitor] "c:\users\emily\desktop\leapfrog connect\Monitor.exe"
mRun: [Conime] %windir%\system32\conime.exe
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [Google Updater] "c:\program files\google\google updater\GoogleUpdater.exe" -check_deprecation
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HPUsageTracking] "c:\program files\hp\hp ut\bin\hppusg.exe" "c:\program files\hp\hp ut\"
StartupFolder: c:\users\emily\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL ifext.dll cfgprov.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\emily\appdata\roaming\mozilla\firefox\profiles\0573qo55.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - component: c:\users\emily\appdata\roaming\mozilla\firefox\profiles\0573qo55.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\users\emily\appdata\roaming\mozilla\firefox\profiles\0573qo55.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google updater\2.4.1970.7372\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\users\emily\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\emily\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\emily\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\mcafee\SiteAdvisor
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-7-8 386840]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-7-28 64304]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-7-28 164840]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-7-28 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-7-28 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-7-28 141792]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-7-28 313288]
S1 MOBKFilter;MOBKFilter;c:\windows\system32\drivers\MOBK.sys [2010-7-28 54776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-29 135664]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\ekdiscovery.exe [2009-8-5 284016]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-7-28 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-7-28 271480]
S2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-7-28 271480]
S2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-7-28 171168]
S2 MOBKbackup;McAfee Online Backup;c:\program files\mcafee online backup\MOBKbackup.exe [2010-4-13 229688]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-7-28 55840]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-7-28 152960]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-7-28 52104]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-7-28 84264]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2009-5-25 32408]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2010-12-18 05:10:03 -------- d-----w- c:\users\emily\appdata\local\Yahoo
2010-12-15 19:58:47 66048 ----a-w- c:\program files\windows mail\wabmig.exe
2010-12-15 19:58:47 515584 ----a-w- c:\program files\windows mail\wab.exe
2010-12-15 19:58:47 33280 ----a-w- c:\program files\windows mail\wabfind.dll
2010-12-15 19:58:43 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-12-15 19:58:35 603648 ----a-w- c:\windows\system32\schedsvc.dll
2010-12-15 19:58:35 357376 ----a-w- c:\windows\system32\taskschd.dll
2010-12-15 19:58:35 345088 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-12-15 19:58:35 171520 ----a-w- c:\windows\system32\taskeng.exe
2010-12-15 19:58:34 270336 ----a-w- c:\windows\system32\taskcomp.dll
2010-12-15 19:57:54 81920 ----a-w- c:\windows\system32\consent.exe
2010-12-15 19:57:49 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-12-15 19:57:49 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-12-15 19:57:48 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-12-15 19:57:27 2048 ----a-w- c:\windows\system32\tzres.dll
2010-12-15 19:56:35 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2010-12-14 15:40:51 9451 ------w- c:\windows\system32\hppfaxprintermonui5.dll
2010-12-14 15:40:51 13385 ------w- c:\windows\system32\hppfaxprintermon5.dll
2010-12-14 15:40:50 608 --sha-w- c:\windows\system32\winzvprt5.sys
2010-12-14 15:39:18 -------- d-----w- c:\program files\common files\HP
2010-12-14 15:38:53 -------- d-----w- c:\program files\common files\Hewlett-Packard
2010-12-14 15:35:28 241664 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpzpp5k4.DLL
2010-12-14 15:35:25 59928 ----a-w- c:\windows\system32\fxcompchannel.dll
2010-12-14 15:31:46 770048 ----a-w- c:\windows\system32\hpptsp05.dll
2010-12-14 15:31:46 729088 ----a-w- c:\windows\system32\hpxp2320.dll
2010-12-14 15:31:46 450560 ----a-w- c:\windows\system32\hppasc12.dll
2010-12-14 15:30:26 -------- d-----w- c:\program files\HP
2010-12-12 17:15:35 477696 --sha-w- c:\windows\system32\prnprf.dll
2010-12-12 17:15:30 477696 --sh--w- c:\windows\system32\ifext.dll
2010-12-12 17:15:25 63488 --sha-w- c:\windows\system32\syswiz20.dll
2010-12-12 17:15:22 63488 --sh--w- c:\windows\system32\cfgprov.dll
2010-12-09 18:17:33 749832 ----a-w- c:\progra~2\microsoft\ehome\packages\mcespotlight\mcespotlight\SpotlightResources.dll
2010-12-05 20:34:41 -------- d-----w- c:\program files\ASL Deluxe
2010-12-02 05:01:01 -------- d-----w- c:\program files\common files\Symantec Shared
2010-12-01 02:25:22 -------- d-----w- c:\users\emily\appdata\roaming\tidysongs16
2010-12-01 02:25:16 -------- d-----w- c:\program files\TidySongs
2010-12-01 00:37:09 -------- d-----w- c:\program files\iPod
2010-12-01 00:37:06 -------- d-----w- c:\program files\iTunes
2010-12-01 00:37:06 -------- d-----w- c:\progra~2\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-12-01 00:26:15 -------- d-----w- c:\program files\Bonjour
2010-11-29 03:51:59 -------- d-----w- c:\progra~2\WEngineLite
2010-11-29 03:51:58 -------- d-----w- c:\progra~2\Verizon Wireless
2010-11-29 03:51:57 -------- d-----w- c:\program files\Verizon Wireless
2010-11-29 03:44:29 -------- d-----w- c:\program files\LG Electronics
2010-11-25 16:26:52 -------- d-----w- c:\progra~2\kds_kodak
2010-11-25 16:26:27 -------- d-----w- c:\progra~2\Eastman Kodak Company
2010-11-24 04:45:26 -------- d-----w- c:\users\emily\appdata\local\Eastman_Kodak_Company
2010-11-24 04:42:56 192512 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\EKIJ5000PPR.dll
2010-11-24 04:38:54 -------- d-----w- c:\users\emily\appdata\local\KODAK
2010-11-24 04:38:05 -------- d-----w- c:\users\emily\appdata\local\Eastman Kodak Company
2010-11-24 04:36:39 -------- d-----w- c:\windows\system32\kodak
2010-11-24 04:32:55 -------- d-----w- c:\program files\Kodak
2010-11-24 04:30:45 -------- d-----w- c:\progra~2\Kodak
2010-11-24 04:29:00 -------- d-----w- c:\users\emily\appdata\roaming\Temp
2010-11-23 20:33:39 7680 ----a-w- c:\program files\internet explorer\iecompat.dll
2010-11-21 23:44:44 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2010-11-21 23:41:56 -------- d-----w- c:\program files\LeapFrog
2010-11-21 23:41:56 -------- d-----w- c:\progra~2\Leapfrog

==================== Find3M ====================

2010-11-02 06:01:54 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-02 05:57:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-02 05:57:27 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-02 05:57:11 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-11-02 05:57:11 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-11-02 05:01:31 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 04:26:10 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-11-02 04:24:44 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-10-07 18:23:02 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-10-07 18:23:02 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-10-07 18:23:02 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-09-28 21:44:52 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-09-20 09:25:01 231936 ----a-w- c:\windows\system32\msshsq.dll

============= FINISH: 13:32:49.59 ===============

0

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 7/9/2009 11:24:03 PM
System Uptime: 12/18/2010 1:21:52 PM (0 hours ago)

Motherboard: TOSHIBA | | IALAA
Processor: AMD Turion(tm) 64 X2 Mobile Technology TL-56 | Socket M2/S1G1 | 1795/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 231 GiB total, 118.559 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================


==== Installed Programs ======================

32 Bit HP BiDi Channel Components Installer
Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Linguistics CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader 8.1.6
Adobe Reader 8.2.0
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
aiofw
aioprnt
aioscnnr
ALPS Touch Pad Driver
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASL Deluxe
Atheros Driver Installation Program
ATI Catalyst Install Manager
ATI Uninstaller
BlackBerry Desktop Software 4.5
Bluetooth Stack for Windows by Toshiba
Bonjour
BufferChm
Camera Assistant Software for Toshiba
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CD/DVD Drive Acoustic Silencer
center
Connect
CorelDRAW Graphics Suite X4
CorelDRAW Graphics Suite X4 - Capture
CorelDRAW Graphics Suite X4 - Content
CorelDRAW Graphics Suite X4 - Draw
CorelDRAW Graphics Suite X4 - Extra Content
CorelDRAW Graphics Suite X4 - Filters
CorelDRAW Graphics Suite X4 - FontNav
CorelDRAW Graphics SUite X4 - ICA
CorelDRAW Graphics Suite X4 - IPM
CorelDRAW Graphics Suite X4 - Lang BR
CorelDRAW Graphics Suite X4 - Lang EN
CorelDRAW Graphics Suite X4 - Lang ES
CorelDRAW Graphics Suite X4 - Lang FR
CorelDRAW Graphics Suite X4 - PP
CorelDRAW Graphics Suite X4 - VBA
CorelDRAW(R) Graphics Suite X4
CorelDRAW(R) Graphics Suite X4 - Extra Content
CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
Coupon Printer for Windows
CustomerResearchQFolder
Desktop Dialer
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DivX Setup
DVD MovieFactory for TOSHIBA
ffdshow [rev 2527] [2008-12-19]
Google Chrome
Google Desktop
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Haali Media Splitter
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Color LaserJet CM2320 MFP Series 3.0
HP Customer Participation Program 10.0
HP Imaging Device Functions 10.0
hppCLJCM2320
hppFaxDrvCM2320
hppFaxUtilityCM2320
hppFonts
hppManualsCM2320
hppQFolderCM2320
hppscanCM2320
hppScanToCM2320
hppSendFaxCM2320
hppusgCM2320
IrfanView (remove only)
iTunes
Java(TM) SE Runtime Environment 6
KODAK AiO Home Center
ksDIP
kuler
LeapFrog Connect
LeapFrog Crammer Plugin
LG USB Modem driver
MarketResearch
McAfee Online Backup
McAfee Security Scan Plus
McAfee Total Protection
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft IntelliPoint 6.2
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Works
Microsoft XML Parser
MobileMe Control Panel
Mozilla Firefox (3.6.12)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton Security Scan
oggcodecs 0.71.0946
PDF Settings CS4
Pdf995
Penguins!
Photoshop Camera Raw
Polar Bowler
Polar Golfer
PreReq
Quicken 2010
QuickTime
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
Roxio Media Manager
Safari
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Skins
Skype Toolbars
Skype™ 4.2
Suite Shared Configuration CS4
Texas Instruments PCIxx21/x515/xx12 drivers.
TidySongs
TIPCI
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Flash Cards Support Utility
TOSHIBA Game Console
TOSHIBA Hardware Setup
TOSHIBA Media Center Game Console
TOSHIBA Music
Toshiba Registration
TOSHIBA SD Memory Utilities
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TrayApp
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Office 2007 (KB934528)
Update for Office System 2007 Setup (KB929722)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Crammer Plugin)
Utility Common Driver
VC80CRTRedist - 8.0.50727.4053
VistaPrint Electronic Business Card
Visual Basic for Applications (R) Core
Visual Basic for Applications (R) Core - English
Vivitar Experience Image Manager
VZAccess Manager
WebReg
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
Windows Media Encoder 9 Series
Yahoo! Music Jukebox
Yahoo! Toolbar

==== End Of File ===========================

0

Need to see the log from MBA-M also. The full log can be found in the program itself under the Logs Tab. It would be the last log there. Open it, Go to Edit, Select All, Copy. Come back here and paste it into a reply. Can't give you any other instructions or make any determinations until all the logs are posted.

0

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5351

Windows 6.0.6001 Service Pack 1 (Safe Mode)
Internet Explorer 8.0.6001.18999

12/18/2010 5:16:10 PM
mbam-log-2010-12-18 (17-16-10).txt

Scan type: Full scan (C:\|)
Objects scanned: 340987
Time elapsed: 57 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wbaivyds (Trojan.FakeAV.Gen) -> Value: wbaivyds -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Emily\AppData\Local\Temp\ygfhorlma\pnjrtcjaffm.exe (Trojan.FakeAV.Gen) -> Quarantined and deleted successfully.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.