dan12

What year did you have the pc? Please create a BOOTLOGRestart the computer and press F8 when Windows start booting. This will bring up the startup options. Select "Enable Boot Logging" option and press enter. Windows prompts you to select a Windows Installation (even if there is only one windows installation) This boots windows normally and creates a boot log named ntbtlog.txt and saves it to C:\Windows If you're already running inside Windows you can enable it the following way. Click on START - RUN and type in MSCONFIG go to the BOOT.INI tab and place a check mark by /BOOTLOG Click on OK and you will be prompted to RESTART Windows. Please do restart now. After Windows restarts open the file C:\Windows\ntbtlog.txt with Notepad From the Edit menu choose Select All then Edit, COPY and post that back on your next reply. If the file is over about 150 lines or so then DELETE the C:\Windows\ntbtlog.txt file and restart the computer and post the NEW one it creates. Note: Vista users can type in the Search and it will show on the menu, then Right click and choose Run as Adminsitrator The tab is called BOOT on Vista. Then choose Boot log RootRepeal - Rootkit Detector Please download the following tool: RootRepeal - Rootkit DetectorDirect download link is here: RootRepeal.rar If you don't already have a program to open a .RAR compressed file you can download a trial version from here: WinRAR Extract the program file to a new folder such as C:\RootRepeal Run the program RootRepeal.exe and go to the REPORT tab and click on the Scan button Select ALL of the checkboxes and then click OK and it will start scanning your system. If you have multiple drives you only need to check the C: drive or the one Windows is installed on. When done, click on Save Report Save it to the same location where you ran it from, such as C:\RootRepeal Save it as your_name_rootrepeal.txt - where your_name is your forum name This makes it more easy to track who the log belongs to. Then open that log and select all and copy/paste it back on your next reply please. Quit the RootRepeal program. Post the logs

Leave thatstep for now I may be able to let you know when I've seen some scans. Did you have norton when you bought the pc? what year? Continue on

We can leave AOL if you use it at your parents,I was just tying up loose ends as I see you use comcast. Please note, these tools will remove all applications belonging to the relevant company. Remove Norton Please click HERE and follow the instructions to download and run the norton removal tool Optional Fix I see that Viewpoint is installed. Viewpoint, Viewpoint Manager, Viewpoint Media Player are Viewpoint components which are installed as a side effect of installing other software, most notably AOL and AOL Instant Messenger (AIM). Viewpoint Manager is responsible for managing and updating Viewpoint Media Player

Here you go Flash Disinfector by sUBs Please downloadFlash_Disinfector.exe by sUBs and save it to your desktop: * Double-click Flash_Disinfector.exe to run it. * Follow any prompts that may appear. * Wait until the program has finished scanning, then please exit the program. The tool may ask you to insert your flash drive, or other removable drives. Please do so and allow the tool to clean it up as well. Please restart your computer.

Flash Disinfector by sUBs Please downloadFlash_Disinfector.exe by sUBs and save it to your desktop: * Double-click Flash_Disinfector.exe to run it. * Follow any prompts that may appear. * Wait until the program has finished scanning, then please exit the program. The tool may ask you to insert your flash drive, or other removable drives. Please do so and allow the tool to clean it up as well. Please restart your computer. Post a HJT log when done Edit will get back to you as seems the link is missing

welcome to malwarebytes forums My name is Dan, and I will be helping you to remove any infection(s) that you may have. Please note! that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections. Please observe these rules while we work: Perform all actions in the order given. If you don't know, stop and ask! Don't keep going on. Please reply to this thread. Do not start a new topic. Stick with it till you're given the all clear. REMEMBER, ABSENCE OF SYMPTOMS DOES NOT MEAN THE INFECTION IS ALL GONE. If you can do these things, everything should go smoothly. Please note you'll need to have Administrator priviledges to perform the fixes. (XP accounts are Administrator by default)Please let me know if you are using a computer with multiple accounts, as this can affect the instructions given. Unless informed of in advance, failure to post replies within 5 days will result in this thread being closed. It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them. Installed Programs Please could you give me a list of the programs that are installed. Start HijackThis Click on the Misc Tools button Click on the Open Uninstall Manager button. You will see a list with the programs installed in your computer. Click on save list button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad into your next post. I'm seeing traces of Norton was this a previous Anti virus program you were running as I see you run Mcafee? Are you still with AOL ? I'm presently looking over your log and hope not to be too long. Will be back with you as soon as I can. Thanks dan

Your welcome

Download and Run HijackThis Download HJTInstall.exe to your Desktop. * Doubleclick HJTInstall.exe to install it. * By default it will install to C:\Program Files\Trend Micro\HijackThis . * Click on Install. * It will create a HijackThis icon on the desktop. * Once installed, it will launch Hijackthis. * Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad. * Copy/Paste the log to your next reply please. Don't use the Analyse This button, its findings are dangerous if misinterpreted. Don't have Hijackthis fix anything yet. Most of what it finds will be harmless or even required. please post new HJT log

Hi, your Antivirus is in need of updating! Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network. Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors NOW: 1) Antivir PersonalEditionClassic -Free anti-virus software for Windows. -Detects and removes more than 50,000 viruses. Free support. 2) avast! 4 Home Edition -Anti-virus program for Windows. -The home edition is freeware for noncommercial users. 3) AVG Anti-Virus Free Edition -Free edition of the AVG anti-virus program for Windows. If you decide to remove norton here is a tool to help Please note, these tools will remove all applications belonging to the relevant company. Remove Norton Please click HERE and follow the instructions to download and run the norton removal tool ----------------------------- I need some files checking out... Submit a File For Analysis We need to have the files below Scanned by Uploading them/it to Jotti Please visit Jotti Copy/paste the the following file path into the window c:\program files\Common Files\uwoxog.scr Click Submit/Send File Please post back, to let me know the results. Please do the same for the following file c:\documents and settings\Doug\Application Data\oral.reg c:\documents and settings\Doug\Application Data\syrizo.exe If Jotti is too busy please try Virustotal -------------------------------- 1. Close any open browsers. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. 3. Open notepad and copy/paste the text in the quotebox below into it: Folder::c:\program files\Azureusc:\documents and settings\Doug\Application Data\Azureusc:\program files\Napster Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe Refering to the picture above, drag CFScript into ComboFix.exe When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply. Please update malwarebytes and do a full scan for me Please post: fresh HJT log malwarbytes report combofix report

Well done! Congratulations you are clean! Now that you are clean, please follow these simple steps in order to keep your computer clean and secure: You don't need to put all of these programs on your system unlike your Antivirus and firewall of which you can only have one of each. However you can have several Antimalware programs Create a new System Restore Point This is a good time to clear your existing system restore points and establish a new clean restore point: Go to Start > All Programs > Accessories > System Tools > System Restore Select Create a restore point, and Ok it. Next, go to Start > Run and type in cleanmgr Select the More options tab Choose the option to clean up system restore and OK it. This will remove all restore points except the new one you just created. Here are some free programs I recommend that could help you improve your computer's security. Spybot Search and Destroy 1.6.2 Download it from here. Just choose a mirror and off you go. Find here the tutorial on how to use Spybot properly here Find here changes from older version 1.4 here Install Spyware Guard Download it from here Find here the tutorial on how to use Spyware Guard here Install SpyWare Blaster Download it from here Find here the tutorial on how to use Spyware Blaster here Install WinPatrol Download it from here Here you can find information about how WinPatrol works here Install FireTrust SiteHound You can find information and download it from here Install MVPS Hosts File from here The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer. Find Tutorial here : http://www.mvps.org/winhelp2002/hosts.htm Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system. You can use one of these sites to check if any updates are needed for your pc. Secunia Software Inspector F-secure Health Check Visit Microsoft often to get the latest updates for your computer. http://www.update.microsoft.com Please check out Tony Klein's article here Read some information here how to prevent Malware. Stand Up and Be Counted! Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints called Malware Complaints. Please register there first! Then follow the instructions. >> Here << you can see how you can help us. Happy safe surfing! Dan

Can see your having problems let's try this.. Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop. Link 1 Link 2 Link 3 -------------------------------------------------------------------- Double click on Combo-Fix.exe & follow the prompts. When finished, it will produce a report for you. Please post the C:\ComboFix.txt along with a HijackThis log so we can continue cleaning the system.

CLEAN UP Let's clear out the programs we've been using to clean up your computer, they are not suitable for general malware removal and could cause damage if used inappropriately. The following will implement some cleanup procedures as well as reset System Restore points: Click Start > Run and copy/paste the following bolded text into the Run box and click OK: ComboFix /u Double-click OTMoveIt3.exe. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator") Click the CleanUp! button. Select Yes when the "Begin cleanup Process?" prompt appears. If you are prompted to Reboot during the cleanup, select Yes. The tool will delete itself once it finishes, if not delete it by yourself. let me know when carried out

Well done, if you have no further Issues your good to go Congratulations you are clean! Now that you are clean, please follow these simple steps in order to keep your computer clean and secure: You don't need to put all of these programs on your system unlike your Antivirus and firewall of which you can only have one of each. However you can have several Antimalware programs Create a new System Restore Point This is a good time to clear your existing system restore points and establish a new clean restore point: Go to Start > All Programs > Accessories > System Tools > System Restore Select Create a restore point, and Ok it. Next, go to Start > Run and type in cleanmgr Select the More options tab Choose the option to clean up system restore and OK it. This will remove all restore points except the new one you just created. Here are some free programs I recommend that could help you improve your computer's security. Spybot Search and Destroy 1.6.2 Download it from here. Just choose a mirror and off you go. Find here the tutorial on how to use Spybot properly here Find here changes from older version 1.4 here Install Spyware Guard Download it from here Find here the tutorial on how to use Spyware Guard here Install SpyWare Blaster Download it from here Find here the tutorial on how to use Spyware Blaster here Install WinPatrol Download it from here Here you can find information about how WinPatrol works here Install FireTrust SiteHound You can find information and download it from here Install MVPS Hosts File from here The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer. Find Tutorial here : http://www.mvps.org/winhelp2002/hosts.htm Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system. You can use one of these sites to check if any updates are needed for your pc. Secunia Software Inspector F-secure Health Check Visit Microsoft often to get the latest updates for your computer. http://www.update.microsoft.com Please check out Tony Klein's article here Read some information here how to prevent Malware. Stand Up and Be Counted! Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints called Malware Complaints. Please register there first! Then follow the instructions. >> Here << you can see how you can help us. Happy safe surfing! Dan

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer. Azureus I'd like you to read the MRU policy for P2P Programs. Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red). ------------------ Optional Fix I see that Viewpoint is installed. Viewpoint, Viewpoint Manager, Viewpoint Media Player are Viewpoint components which are installed as a side effect of installing other software, most notably AOL and AOL Instant Messenger (AIM). Viewpoint Manager is responsible for managing and updating Viewpoint Media Player

That's good items flagged are safe and I will reset system restore soon. I will post soon, as need to look over your returned log. Just in from work

welcome to malwarebytes forums My name is Dan, and I will be helping you to remove any infection(s) that you may have. Please note! that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections. Please observe these rules while we work: Perform all actions in the order given. If you don't know, stop and ask! Don't keep going on. Please reply to this thread. Do not start a new topic. Stick with it till you're given the all clear. REMEMBER, ABSENCE OF SYMPTOMS DOES NOT MEAN THE INFECTION IS ALL GONE. If you can do these things, everything should go smoothly. Please note you'll need to have Administrator priviledges to perform the fixes. (XP accounts are Administrator by default)Please let me know if you are using a computer with multiple accounts, as this can affect the instructions given. Unless informed of in advance, failure to post replies within 5 days will result in this thread being closed. It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them. Installed Programs Please could you give me a list of the programs that are installed. Start HijackThis Click on the Misc Tools button Click on the Open Uninstall Manager button. You will see a list with the programs installed in your computer. Click on save list button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad into your next post. I'm presently looking over your log and hope not to be too long. Will be back with you as soon as I can. Thanks dan

You need to address the running of two Antivirus programs as advised at the begining! please carry out and send me a fresh HJT log Optional Fix I see that Viewpoint is installed. Viewpoint, Viewpoint Manager, Viewpoint Media Player are Viewpoint components which are installed as a side effect of installing other software, most notably AOL and AOL Instant Messenger (AIM). Viewpoint Manager is responsible for managing and updating Viewpoint Media Player

When you run malwarebytes you have to click on fix items otherwise you need to run it again,hence no action taken Will look into the update issue.

Sorry for delay I've been working. What you need to do is go through your mails to delete those you don't recognize, those with attachments and have a cleanup. It might be worth scanning with your own Norton to see if it will do an email scan to try and locate the bad infected mails.

Looking a lot better, how things that end? Empty the quarantined folder in Norton. Download and Run OTMoveIt3 Download OTMoveIt3 by Old Timer and save it to your Desktop. Double-click OTMoveIt3.exe. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator") Copy the lines in the codebox below. :filesc:\windows\rfdyy.dat C:\Documents and Settings\Oksana\Desktop\CORSAIR\BitAccelerator.exe :reg[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0] Return to OTMoveIt3, right click in the Paste Instructions for Items to be Moved window (under the yellow bar) and choose Paste. Click the red Moveit! button. Copy everything in the Results window (under the green bar), and paste it in your next reply. Close OTMoveIt3 We need to reveal system folders Close all programs so that you are at your desktop. Double-click on the My Computer icon. Select the Tools menu and click Folder Options After the new window appears select the View tab. Place a checkmark in the checkbox labeled Display the contents of system folders Under the Hidden files and folders section select the radio button labeled Show hidden files and folders Remove the checkmark from the checkbox labeled Hide file extensions for known file types Remove the checkmark from the checkbox labeled Hide protected operating system files Press the Apply and then the ok button and shut down my computer Now your computer is configured to show all hidden files. For you and the tools to be able to see appropriate files we need to Show Hidden Files Can you tell me if you have a lot of mails in... C:\Documents and Settings\Yuri Naumtchik\Local Settings\Application Data\Microsoft\Outlook\mailbox.pst << This folder, compact and empty recycle bin post otmoveit report.

1. Close any open browsers. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. 3. Open notepad and copy/paste the text in the quotebox below into it: File::c:\windows\system32\XDva219.sysc:\windows\system32\XDva202.sysDirlook:c:\documents and settings\All Users\Application Data\SecTaskManc:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}Registry::[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6af40419-a4c5-11dc-b72f-0011f5953405}]Driver::XDva219XDva202 Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe Refering to the picture above, drag CFScript into ComboFix.exe When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply. Please go to Kaspersky website and perform an online antivirus scan. Read through the requirements and privacy statement and click on Accept button. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run. When the downloads have finished, click on Settings. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs Archives Mail databases [*]Click on My Computer under Scan. [*]Once the scan is complete, it will display the results. Click on View Scan Report. [*]You will see a list of infected items there. Click on Save Report As.... [*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. [*]Please post this log in your next reply. Post combo report and kaspersky report. Let me see a fresh HJT log.

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer. eMule,Napster I'd like you to read the MRU policy for P2P Programs. Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red). Submit a File For Analysis We need to have the files below Scanned by Uploading them/it to Jotti Please visit Jotti Copy/paste the the following file path into the window c:\windows\rfdyy.dat Click Submit/Send File Please post back, to let me know the results. If Jotti is too busy please try Virustotal Download and Run OTMoveIt3 Download OTMoveIt3 by Old Timer and save it to your Desktop. Double-click OTMoveIt3.exe. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator") Copy the lines in the codebox below. :files c:\windows\Tasks\A6582E289187ADB0.jobc:\progra~1\sitere~1:reg[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{20ca60ca-bd2c-11db-a201-00c0a8817475}][-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e1fe88d2-df67-11da-a06e-00c0a8817475}]:Commands[emptytemp][start explorer] Return to OTMoveIt3, right click in the Paste Instructions for Items to be Moved window (under the yellow bar) and choose Paste. Click the red Moveit! button. Copy everything in the Results window (under the green bar), and paste it in your next reply. Close OTMoveIt3 : Malwarebytes' Anti-Malware : Please download Malwarebytes' Anti-Malware to your desktop. Double-click mbam-setup.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware [*] then click Finish. [*]If an update is found, it will download and install the latest version. [*]Once the program has loaded, select Perform full scan, then click Scan. [*]When the scan is complete, click OK, then Show Results to view the results. [*]Be sure that everything is checked, and click Remove Selected. [*]When completed, a log will open in Notepad. please copy and paste the log into your next reply If you accidently close it, the log file is saved here and will be named like this: C:\\Documents and Settings\\Username\\Application Data\\Malwarebytes\\Malwarebytes' Anti-Malware\\Logs\\mbam-log-date (time).txt Please go to Kaspersky website and perform an online antivirus scan. Read through the requirements and privacy statement and click on Accept button. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run. When the downloads have finished, click on Settings. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs Archives Mail databases [*]Click on My Computer under Scan. [*]Once the scan is complete, it will display the results. Click on View Scan Report. [*]You will see a list of infected items there. Click on Save Report As.... [*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. [*]Please post this log in your next reply. Post jotti's report malwarebytes report kaspersky scan fresh HJT log

Thanks for returned logs, I'm presently working so will be back with you later in the day. I don't have access to my pc at the moment. Yes, we can disinfect the stick. Catch you soon.

This is a powerful tool, only to be used with instruction, it will deal with what I want it to deal with and also produce a log. If for some reason it doesn't run get back to me. Dan

Flamekiller. Please don't post in other people's threads, make one of your own and wait for a helper to assist you. My apology mobbish. Regards dan