Posts by PhilliePhan

So have you tried another keyboard as suggested by PP?

I definitely think we can rule out malware. I am very much leaning toward a hardware problem, probably with the keyboard. Obviously, this is something that will stick with a machine after multiple formats.

Definitely try a different keyboard.

-- Also, what happens when you press Ctrl + N?

PP :)

Thanks so much for your help...calling it a night myself once this scan is done.

You're welcome! Happy to help :)

Keeping my fingers crossed that things go well.

PP :)

nevermind...dumb question, figured it out...running now

Great! Well done! :)

You should be good to go, assuming MBA-M is up to date with build and definitions.

I am going to cut out - will check back Sunday evening. Please post the MBA-M log and I'm sure Judy or kaninelupus will be happy to assist you further.

Cheers :)
PP

Yes..I can access task manager in normal mode.

Cool!
Use Task Manager to kill windows Police Pro.exe & svchasts.exe (note the spelling).

Now, you ought to be able to run some programs. I suggest you start with MBA-M and post the log for us.

Best Luck :)
PP

Here is log....and yes, "Last Know Good Config" option is there when I go into Safe Mode....

Cool - We'll keep that in mind in case we need it.

-- Are you able to access Task Manager?
Obviously, there is a process we want to kill listed there ;)
Also, I think there are a couple less obvious ones. Once we kill them, you ought to be able to run MBA-M.....

Go ahead and answer my Task Manager question while I have a look at that list.....

PP :)

Ok, that worked...I have a command prompt

Ok, great.

Type tasklist >> %systemdrive%\TSKLST.txt ENTER
Type notepad %systemdrive%\TSKLST.txt ENTER

See if the log pops up now and post it for us.

Also, see my edited post above RE Last Known Good

PP :)

No - screen blanks for a second and then just goes back to desktop with all the Windows Police Pro windows....won't open command prompt box

Try Start > Run > command.com

Can you get a command prompt in Normal Windows Boot?
Start > Run > cmd

-- Also, when booting to Safe Mode, do you have option for "Last Known Good Configuration?"

Thanks for the responses all. OS is Windows XP. I am able to boot up into Safe Mode with Networking and get online (posting from the problem computer now) - however I can't run Hijack This or Anti Malware...nothing happening when I try to run them.

Let's try this:
-- Download the attached file to the desktop and re-name it TSKLST.bat
Boot to normal windows and doubleclick on TSKLST.bat to run it. A log should pop up - Copy and paste that for us, if possible...

Best Luck :)
PP

I guess we'll see where we are once Kevin posts back.

Here, Judy:
http://remove-malware.net/sofware/

They seem to be pimping PCTools, even if they spelled software wrong... LOL!

Registration Service Provided By: RESELLERCLUB
Contact: +1.4152361970

Domain Name: REMOVE-MALWARE.NET

Registrant:
Private Person
Bryan Stenberg ()
4 Trubek Farm Rd
Annandale
New Jersey,08801
US
Tel. +001.9087350422

Creation Date: 17-Oct-2008
Expiration Date: 17-Oct-2009

Hey . . . He's not in the Ukraine! LOL ;)

Cheers :)
PP

Could be, but all the other links I found with same instructions, word for word by the way, do not include the link called Windows Police Pro Automatic Remover. Why don't they call it Spyware Doctor?

Ok, you know more than me PP so I bow to you and take back my comment.

You're being too kind, Judy :)

That's a good question about SD - I did not bother to download the whole package, but if the site is affiliated with PCTools, then I would think it would be legit.
Even "legit" affiliates have been known to use scare tactics.....

BTW - OP cannot run any programs. I'd like to see what can be done in safe mode.

PP :)

@PhilliePhan - how good are you at guiding someone through a reg-fix? Looking more and more at this one, that may well be required here.

No worries on that front :) Have done hundreds - literally.

What worries me here is possible rootkit/stealth components in the mix. Have you heard or seen anything pointing in that direction?
I've been away from the battle for too long to be up to date on many details.

I do think MBA-M will get this baddie . . . If it can be run.

PP :)

EDIT: @Judy - Interestingly enough, the removal tool for download at the site KL linked looks like PCTools Spyware Doctor, a legitimate and well-respected product, last I heard. Maybe WOT is a bit off?
PP :)

Actually, let's try something else - if we can....

-- Copy and paste the text in the box to Notepad and save it to your Desktop as Tasklist.bat
-- DoubleClick on it to run it. A log should pop up. Copy and paste that here for us.

@ECHO OFF

IF EXIST %systemdrive%\TSKLST.txt del %systemdrive%\TSKLST.txt
tasklist >> %systemdrive%\TSKLST.txt
notepad %systemdrive%\TSKLST.txt
del /q %systemdrive%\TSKLST.txt

Cheers :)
PP

I'm totally locked up - I can't do anything. I'm posting this from another computer.

-- What OS?
-- Can you get into Safe Mode by tapping F8 at boot ?(do not use msconfig)
-- Safe Mode with Networking to DL and run HJT and MBA-M?

Let us know what you are able to do via Safe Mode and we'll go from there.

PP :)

@top10ufo:
I don't mean to demean your knowledge in any way shape or form - If I did, I apologize.

This is just not good advice, simply saying:

Try using ComboFix if you haven't already.

When you posted that, I kinda figured you were just here to spam your site. Maybe I was a bit harsh and, again, I apologize.
-- BTW, I like your website. Stuff like that interests me.

Still, I am going to stick by everything I said in this thread as being accurate.
As necrolin has noted, post#1 tends to lead away from a malware issue. The logs support that. Not sure why the OP is uninstalling AVG or running Combofix again.

All told, I think we made a pretty good mess of this thread....:-/

Cheers :)

What you saw in the combofix files - can you tell if that is the remnants of the virus i mentioned or is it a different one?

I'd like to know that as well - I didn't see anything.

@top10ufo:
I am not sure what you have the poster doing now or why you are doing it, so I will be happy to stay out of your way.

Unfortunately, some companies and advisors advocate disabling system restore *before* attempting a cleanup. This is dangerous advice. First, things can and do go wrong when attempting to remove malware. Second, the Restore Points may not be infected anyway. Third, any malware that may be in a Restore Point is harmless unless and until System Restore is used to restore a system to an earlier state, and that won't happen without direct user intervention.

Since you disdain Googling for knowledge, try this:

http://msmvps.com/blogs/spywaresucks/archive/2005/09/17/66724.aspx

Cheers :)

You obviously have no idea what you are talking about and are a typical "Google Tech" meaning you can fix it because you were able to find it on Google.

Wrong again - I'm sensing a theme.

When to Disable System Restore (as well as not forcing Safe Mode) has been discussed ad nauseum in all of the reputable security forums and frankly I have no interest in re-hashing it with you when so many examples already exist.
And yes, I used to tell people to disable system restore just as you do before I was taught that an infected point is better than none at all - if the cleaning process doesn't go well, you then have a "fall-back position" from which to try again.
Why do you think ComboFix and other repair tools set a restore point before running?

I am still waiting for you to show me that malware in the ComboFix log that I missed - What? Oh, you can't?
I thought not.

Cheers :)

Most malware will just copy itself back into the registry and the file location from system restore (the system volume folder) when deleted. Therefore, not disabling System Restore beforehand makes about as much sense as pissing in the wind. Antivrus manufacturers such as Symantec will tell you this a well.

Gawd that is wrong in multiple ways - plus not applicable here after multiple formats.....

Google this: An infected restore point is better than none at all.

We flush System Restore AFTER cleaning a machine.

The problem IS malware (you would know this by looking at the ComboFix log if you knew what you were talking about!)

Still waiting for you to show me the malware in the Combofix log. Either that or an apology would be nice.

Cheers :)

It's behaving itself at the moment (for the last 10 minutes - first time Ive been able to do anything in a year! Is this any help - I ran an Avast cleaner and it was unable to look at these files C:\window\system32\catroot2\edb:log and same main name with \tmp.edb and temp\zlt00d58.tmp. Probably did wrong but tried to delete and said it was in use by another program or user.

No worries there - Don't try to delete those.

Honestly, I do not think this is malware. Unless it is something you reinstalled after re-formatting.
I do not see anything in the logs you provided - will wait for top10ufo to show me what I missed, if indeed that is the case.

--Did you say that the problem happens with Both browsers?
--Did you try the keyboard shortcut I mentioned - see if sticking?

Gotta run - I imagine one of the other regular posters will weigh in soon.

Best Luck :)
PP

Unless you feel you have more experience than I do, please keep your advise to yourself.

Then don't give bad advice regarding System Restore and ComboFix.
BTW:
ComboFix 09-08-29.01 - KristinG 29/08/2009 21:58.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.353.1033.18.446.184 [GMT 1:00]
Running from: E:\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

The problem IS malware (you would know this by looking at the ComboFix log if you knew what you were talking about!)

Show me.

and just installing Firefox is not a problem solver if Windows security updates are not applied and up to date.

Didn't say it was a "solution." Just a part of the diagnostic process - to see if problem still occurs, and if it doesn't, at least the poster will have a working browser with which to carry out further steps.

Did you read the first post before immediately having the poster run ComboFix improperly?

I have had people look at re-formatted the harddrive several times and nothing. Have tries God knows how many spyware/malware remover, anyi virus etc.

Not a lot of malware survives multiple re-formats . . . LOL!

You might try a bootable option similar to RecoveryConsole to gain access. Check these out:

Trinity Rescue Kit

Avira Rescue System

The Trinity Kit should give you a number of cleaning options.

Best Luck :)
PP

Before running ComboFix you should have turned of System Restore

NO! Bad advice! Do not disable System Restore until told to do so by someone who knows what they are doing.

Frankly, running combofix at this stage (and improperly at that) is not called for.

However, in this case I doubt it matters.
It doesn't look like malware to me - Perhaps even a keyboard issue causing IE to open? After all, it is not opening to ads, but to home page.
Have you tried different Keyboard?

Also, try installing Firefox and seeing if the problem continues.

Cheers :)
PP

EDIT: Try banging on Ctrl + N ( the IE shortcut to open new window) to make sure they are not sticking......

but i found this log that discribes the error when i shut down i think
does this help?

Your machine should have a boatload of those logs - That looks like an old BITS update from a few years back.

I do not think there is malware involved - at least nothing that jumps out at me from your logs, although you may have stopped it from running via msconfig.

I am going to agree with Rik, though - Try to run MBA-M. We would be well advised to rule out malware before proceeding further.
-- Did you clean any malware before posting here?

Cheers :)
PP

This could be an issue with IE8. Maybe uninstall it and try 6 or 7?
Better yet, Opera or Firefox.... Try installing one of those and see if problem persists.

also whenever i shut down my computer it restarts
the only way for me to turn my comp off is manually shutting it off (holding the button for 5 seconds)

This sounds to me like a driver issue - I've seen this in the past with new HP machines. Can you give more info as to computer: what kind / how old, when the problems started and what were you doing when issues began - for instance, did you add or update any software?

PP :)

Unless anyone has any other suggestions, I would say that that is your best bet, although you may want to wait for PhilliePhan to return

I've got limited computer time this week - doubt I can offer timely assistance. Plus, we are just getting in each other's way. You know me - I like to do my own thing and take my own approach to a problem.... ;)

This would be my next step:
I think at this point we would need to get into the registry and have a look if possible - but first, try clicking START > RUN and type command.com and hit ENTER and tell us what happens - does command prompt open?

PP :)

Point gladly taken.
@PhilliePhan - sincerest apologies. . . .

No worries! :)

I agree that a lot of assumptions are being made - funny that none of us bothered to ask the OP what virus they had. Many times they will have a good idea what they were dealing with or be able to point you in the right direction. But just because they say malware does not always make it the case.
I once had a thread where the poster said they got a virus that turned their cursor into a dinosaur...... Can you guess how that was solved?

-- The OP said he/she was getting the same error message when trying to run the requested programs. That is why I took the approach that I did.

This is my reasoning - Just wanted to take a quick shot at it while I had some free time on my hands:
1) Safe Mode - Yeah, probably not going to help, but wanted to see if something running on startup was borking WOW. Got to cover that base.

2) Move on to replacing wowexec.exe and ntvdm.exe on the chance that they were borked, possibly by malware. No harm, no foul.

3) Try System Restore in the event that malware has made some registry modifications that are responsible for the errors - hopefully the OP will have a viable restore point from well before issues started and then we can …

EDIT: Thanks, crunchie - I didn't see you there.

PP :)

note also sys-restore option never gained any support either... and looking at recently described behaviour of this infection, can see why.

Good grief. We are obviously on two different wavelengths here.

-- Did you even bother to read post #1 in this thread? How do you know that there is even an infection at play here? There is no “described behavior of the infection.” That is merely an assumption that you (and the rest of us) are making. Experience has taught me, however, not to discount other possible issues involved....

Has long been well seen where malware of many variants (including some run-of-the-mill types) infect the sys-restore shadow copies. But looking here, it seems a higher-class of Malware is at play. Crunchie's advice on renaming both MBA-M and HJT would normally allow both apps to subvert attempts to block DL and running them. Given that, am really not sure Sys-Restore offers all that much of a chance... if even milder malware variants can play havoc with Sys-Restore, not really sure what the OP's restore images may contain.

NONE OF THAT MATTERS as long as the original poster is able to get the tools to run.
I do not know what your problem is with System Restore . . . So, we restore an infected compy. So what? Then we clean it. That is what this Forum does. Good Grief.

BTW – I did not …

Correct me if I'm wrong, but isn't "WOWEXEC" a x64 file, ant thus useless advice if user is NOT using Windows x64??

I am happy to correct you since you ARE wrong. :)

I am guilty of assumption, however I assumed 32-bit, not 64. I think you got your argument ass-backwards.....

WOWEXEC.exe is required by windows and is used to run 16-Bit programs from within a 32-bit version of the operating system. It's started by the NTVDM when you run a 16 bit application and when it fails it produces errors just like those noted by the original poster.

Also, Sys-Restore option already dis-advised by those who know better!

Not true!
I stand by that advice in the order given. I made no mention of disabling System Restore.
Just out of curiosity, what is wrong with trying System Restore as an effort to get things back to a state where MBA-M and other tools can be run? I'd like to hear an answer......

BTW - you sure pimp AdAware a lot. Lavasoft should put you on the payroll. Good grief......

For your edification: http://support.microsoft.com/kb/196453

PP :)

I really appreciate all this help, I couldn't find help in any other site.
Anyways, the virus still doesn't let me run the program regardless of the name. I have a feeling starting from scratch might be my only option.

My $.02:

Sallybarrett makes two good suggestions - System Restore and Safe Mode . . . Here is what I would suggest in exact order:

1) Boot to Safe Mode and see if problem persists. If so, then
2) go into your I386 Folder and Copy NTVDM.exe and WOWEXEC.exe and place them in your System32 Folder. If you get a message saying that they already exist in the System32 Folder and do you want to replace the existing files, click YES. Now see if the problem persists. If so, then
3) try using System Restore to return to a point before the issues began. See if the problem persists.
Hopefully you'll regain some control/functionality. Sure, you might be infected, but at least then you will be able to attack the problem at hand....

Best Luck :)
PP

I could do the scan, I didnt find a report so here are the results:
ilename: Sys.exe

-- You should delete C:\Sys.exe
I'm surprised nothing caught that......

-- It looks like you had a couple serious infections and possibly in the removal of the Conficker variant, your connection was borked....

* Be advised, though, you have an infected USB/External drive somewhere that could be reinfecting any number of machines!

-- Try running Kaspersky's stand alone tool as per the linky below and let us know the results:
http://support.kaspersky.com/faq/?qid=208279973

-- Also, taksman.exe has been known to to bork DNS server settings. Maybe you guys should run ipconfig and flush DNS?
Perhaps a reset of router or Wireless connection as well?

Best Luck :)
PP

Also, can you upload the following to Jotti and post the results?
It is probably malware and knowing what you were infected by might help with the current connection issue....

2009-07-21 20:16 . 2009-07-22 18:36 1218776 --sh--w- C:\Sys.exe

http://virusscan.jotti.org/en

PP :)

I did the online scan and after booting, the connection was gone.

I didn't see if crunchie already asked this, but do you have a logfile of what was removed by Kaspersky?
Do you have any old scanlogs from before you posted to this forum?
If so, please post them!

PP :)

...have faced infections where, have run BOTH MWB and Ad-Aware in full boot (with Admin), they claim they have detected and pulled out everything, reboot in safe mode, run them again, and guess what... they both pick up extra pieces. ....

I do not think we are talking about the same types of malware.

I think I might have misunderstood you - At the very least, we are operating with different ideas of what the malware cleaning process entails.

Merely running multiple scanners, whether in Safe Mode or not, is insufficient to clean many infected machines. Granted, MBA-M is the best scanner/remover to come along in a long time (the last one I liked was EWIDO - it was waaaay better than AdAware and Spybot at the time) , but I would venture that if you had a heavily infected machine and used your scanners, there would still be malware on board. If you then ran ComboFix, I bet it would find and remove additional baddies and still miss some, though it is likely they would show up in the log and could then be dealt with via a script for ComboFix.

Before MBA-M, it was rare for tools such as AdAware and Spybot, etc... to be able to keep up with baddies such as the ones crunchie and I discussed. Very specified tools (smitfraudFix, for example) were needed. AdAware and SpyBotSD were useless. I really have no confidence in AdAware - especially since their white-listing …

I absolutely hated L2M infections. If the poster rebooted or had a bsod before you got all the files, they just re-populated :). I had some fixes going for weeks :(.

Yes - I remember that well. Another of the tricky "multi-step" fixes that could go on for a week, even with Atri's L2Mfix....
Do you have a "favorite" malware? LOL!
I remember the early Vundo when it was delivered as drive-by StopGuard downloads. I managed to work out a nice fix procedure for those well before any of the tools were developed - That was fun because we actually had to do so much by hand that you really felt as though you were accomplishing something as opposed to having somebody run an "all-encompassing" tool such as MBA-M or ComboFix which do all the work for you, for the most part....

PP :)

LOL! It looks like we have hijacked this thread and turned it into a nice little discussion. Not that that is a bad thing – too often these discussions take place behind the scenes in the admin threads of various forums. Maybe crunchie can break this off into a new thread?

It's ok PhilliePhan, some ppl think they know better than the manufacturers

That’s too true!
However, to play the devil’s advocate for a minute, many of us who are “self-taught” often used to prefer operating in Safe Mode (I imagine this holds true for you as well). And many of the scanners we used to use were more effective in Safe Mode. But, the times and the tools and the malware have changed.

No, sometimes it just helps to think beyond their scope at times (not always, but at times). . . .

You are absolutely right – Thinking outside the box is always good. “Back in the day” –LOL- we needed to do that a lot. One of the reasons I have stopped volunteering as much in forums is that the process has become boring:

Run MBA-M.
Run ComboFix.
Clean stragglers.
Rinse and repeat.

Boring for helpers, but absolutely great in simplicity for people with malware on their compys.

In the days before ComboFix/VundoFix/SmitfraudFix/LooktoMeFix and all the others, we ripped the baddies out manually kicking and screaming. There were a few baddies that took months to find a cure …

I have to agree with Judy regarding MBA-M and Safe mode. She is correct in stating that if at all possible it should be run in Normal Windows boot.

Of course, working in Safe Mode does offer advantages for other tools as well as for manual removal.....

Sorry, but experience has shown me otherwise. Personally in most serious cases, tend to run both in normal Admin boot, then re-run in safe mode to finish off.

I believe you have that backwards ;) In serious cases it is often necessary to start in Safe Mode first.

And yes some malware tries to disable Safe Mode, but there are usually ways to get around it (setting boot in safe mode from MSConfig for starters often still available if the usual F8 option disabled).

This is bad advice, period. Please see CJ's comments about forcing Safe Mode and why it is a bad idea to do so:

http://www.dslreports.com/forum/r18150258-Dont-Force-Safe-Mode-on-Infected-PC

BTW: I do not mean to come off as a hectoring know-it-all ;)
A lot is "lost in translation" in a forum setting. It's just that I've been doing this for a lot of years and have seen a lot of bad advice in "open" forums such as here at Daniweb.

Heck, I've given my share of bad advice in the past - I used to tell people to disable System Restore before beginning the malware cleaning process. Thankfully, my friend Blender at SpywareWarrior was able …

I suggest you use ATF-Cleaner by Atribune

Cheers :)
PP

If I scan someones IP address with a port scanner and find an open port (Lets say they opened the port so it's not restricted by any protocol rules), are you then able to access their computer's command prompt? Can you upload or download files to / from their computer? If so, how do you do these things?

LOL! You're kidding, right? You're going to ask that in this forum?

I doubt you'll get much help with that here....

Cheers :)
PP

I really want to get free removal tool to rid of that flashy virus.

Have you tried removing it via MBA-M? I suggest you try the steps outlined in the linky below and then post the requested scanlogs. Hopefully one of the more regular volunteers will be able to assist you further.

Be sure to have MBA-M Remove the infections that it finds....

http://www.daniweb.com/forums/thread134865.html

Best Luck :)
PP

im sorry for the delay to post back, i was on vaction... what type of disk would i use for that i have never made a bootable...

A CD should suffice.

If you need a tool to burn the ISO, I swear by:
http://www.imgburn.com/

Best Luck :)
PP

... any ideas??

Yes, but it involves a little work ;)

One option is to burn a bootable Recovery Console CD. Here is a link to the ISO:

http://www.thecomputerparamedic.com/files/rc.iso

You'll then be able to poke around a bit for malware and run some commands such as CHKDSK etc....
See Also:
http://support.microsoft.com/kb/314058/

Frankly, I think you'll have better luck cleaning the HD with Trinity Rescue Kit
Again, you'll need to burn the bootable CD to use on the ill computer.
This will put many more options at your fingertips - Virus scans, pulling data off the drive and more. This would probably be the route I'd go. I'm not sure if there is any way to access System Restore via TRK, but that might be worth looking into. You'll probably need to explore the TRK site for usage options.

Let us know how you fare.

Best Luck :)
PP

I can run a MBAM scan and did do that before i posted, but is there anyway i can set my HJT to a path so it scans the E: drive and not C: ??

Oops! I am so used to writing that sentence in various forums that I didn't even think about that!
HJT would have to be installed on the infected drive. Also, there are a few other tools at our disposal if need be.

Can you post the MBA-M Log so we can see what has been detected/removed?

I'll be away for most of the weekend, but I imagine one of the other volunteers will be able to assist you further.

Cheers :)
PP

Are you able to scan the drive with MBA-M and HJT as per the linky below?
http://www.daniweb.com/forums/thread134865.html

Give that a go, if possible. Post the logs and I'm sure someone will be happy to assist you further - bear in mind the holiday weekend here in the States......

--- It may be that a reformat would be the easiest option. Perhaps you could carefully save any important data on his HD beforehand - Of course this is risky.....

Best Luck :)
PP

Well, it's happened to me. My uncle was messing with the registry for about 14 hours tweaking it back to normal, later McAffee said it was a bug and they were sorry and we got a refund. That was it, horrible company, stay very far away from them. I personally use Norton, it is good but it slows down your computer.

I am sorry you had a bad experience with McAfee - Thanks for elaborating!

In my experience, most complaints I have heard about an AV product concern Norton and how it is a resource hog and a real pain to fully uninstall. If you want to talk about an AV that really leaves a huge footprint on your compy, it's Norton....

That said, Norton is still an effective product - It does its job and does it well.
I would still choose Kaspersky or Nod32 if I were to spend the same amount of cash for a license, though . . . ;)

Cheers :)
PP

I want to ask about ESET Nod32 antivirus and its efficiency. I have just got its reseller who is selling it at $37/ 3 users license.
Should I buy it or I should prefer AVG or McAfee.

In my experience I would say that, dollar for dollar, Nod32 and Kaspersky would be the best choices if someone were to spend the cash.
AntiVir / AVG / AVAST! are some decent FREE options.

Please don't use McAfee . . . . it's the only AV which actually messes with your computer.

Can you clarify that? It's a bit vague and not really helpful to say something like that without giving more information.

Cheers :)
PP

You do have some malware showing in that HJT Log.

--- Please update your MBA-M and run it again ( FULL SCAN). Have it remove what it finds. Then, submit the MBA-M scanlog along with a fresh HJT.

I am not around much, but I am sure one of the other volunteers will be happy to assist you further.

Best Luck :)
PP

need to go to best buy to be cleaned pronto

What is the point of this post? Not helpful at all.

Is there any way to run the Anti-Malware, and have it check my F: drive? It seems that it just wants to check C:\.

Hi Jim,
-- Did you re-connect your WD My Book? (Sorry, had to ask ;) )
-- Are you able to scan with MBA-M in Normal Windows Boot?
-- When you run MBA-M Full Scan, it ought to automatically detect your F: drive and give you the option to scan it. Does MBA-M fail to recognize drive in Normal Windows boot?

PP :)

Looks like you submitted the same MBA-M log as before.

You need to post the new run as Judy directed.

Cheers :)
PP

Can i get help pl , error loading c:\PROGRA~1\MYWEBSz1\bar\1.bin\M3PLUGIN.DLL New to all this and thx

Hi andy\sr,

The easiest thing to do would be to go into Add/Remove programs and Uninstall MyWebSearch.

I would also suggest running MBA-M as directed in the linky below and posting the resulting scanlog:

http://www.daniweb.com/forums/thread134865.html

I am sure one of the regular volunteers will be happy to assist you further as time permits.

Best Luck :)
PP

thanks anyways for all your help guys, I really do appreciate it.

You're welcome, Matt.

Sorry we couldn't be much help, but glad you could recover your data before nuking the drive..

PP :)