chiaz

Some of the crack programs and pirated applications you have on your PC are detected as malware. You may want to get rid of them accordingly. Let me know if you need additional information or help on this. NExt, Download The Avenger by Swandog46 from here. Unzip/extract it to a folder on your desktop. Double click on avenger.exe to run The Avenger. Click OK. Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it. Copy all of the text in the below textbox to the clibpboard by highlighting it and then pressing Ctrl+C. Files to delete: c:\winxp\remlive.exe c:\winxp\system32\svers.dll c:\winxp\svers.dll c:\program files\webserver\svrproxy.exe c:\windows\system32\aspro\imscan.dll Registry values to delete: hkey_current_user\software\microsoft\windows\currentversion\ext\stats\{886dde35-e585-11d0-a707-000000521958} In the avenger window, click the Paste script from Clipboard, http://i72.servimg.com/u/f72/11/72/65/32/pastet11.png button. Click the Execute button. You will be asked Are you sure you want to execute the current script?. Click Yes. You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?. Click Yes. Your PC will now be rebooted. Note: If the above script contains Drivers to delete: or Drivers to disable:, then The Avenger will require two reboots to complete its operation. If that is the case, it will force a BSOD on the first reboot. This is normal & expected behaviour. After your PC has completed the necessary reboots, a log should automatically open. If it does not automatically open, then the log can be found at %systemdrive%\avenger.txt (typically C:\avenger.txt). Please post this log in your reply.

Sorry for the late reply. Not everything's malicious, don't worry. :) I would like a deeper look into some particular files before giving any definite instructions. Please go to http://virusscan.jotti.org , click on Browse, and upload the following files for analysis: c:\winxp\system32\svers.dll c:\winxp\svers.dll c:\program files\webserver\svrproxy.exe c:\windows\system32\aspro\imscan.dll Then click Submit. Allow the files to be scanned individually, and then please Copy/Paste the respective result links here for me to see. If Jotti is busy, please go to http://www.virustotal.com.

OK, looks like that did its job. Run Panda ActiveScan and post the concomitant log here. :)

Please run OTL again. Under the Custom Scans/Fixes box at the bottom, paste in the following (Starting from :OTL): :OTL O3 - HKLM\..\Toolbar: (OCDB) - {23BE4004-AC07-45FE-B87F-1782D25C90E5} - Reg Error: Value error. File not found O3 - HKCU\..\Toolbar\WebBrowser: (OCDB) - {23BE4004-AC07-45FE-B87F-1782D25C90E5} - Reg Error: Value error. File not found O4 - HKLM..\Run: [] File not found O9 - Extra Button: WH USD Casino - {096CADBA-B4F6-4899-AC65-5BE9C3803037} - C:\Documents and Settings\Moe\Desktop\WH USD Casino.lnk File not found O9 - Extra 'Tools' menuitem : WH USD Casino - {096CADBA-B4F6-4899-AC65-5BE9C3803037} - C:\Documents and Settings\Moe\Desktop\WH USD Casino.lnk File not found O9 - Extra Button: WH GBP Casino - {37236812-C1A2-4529-A9CE-CFE04E3DF08A} - C:\Documents and Settings\Moe\Desktop\WH GBP Casino.lnk File not found O9 - Extra 'Tools' menuitem : WH GBP Casino - {37236812-C1A2-4529-A9CE-CFE04E3DF08A} - C:\Documents and Settings\Moe\Desktop\WH GBP Casino.lnk File not found O9 - Extra Button: Europa Casino - {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - C:\Program Files\Europa Casino\casino.exe File not found O9 - Extra 'Tools' menuitem : Europa Casino - {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - C:\Program Files\Europa Casino\casino.exe File not found O9 - Extra Button: Purple Lounge Poker - {701FD202-200A-4bd1-9380-BC8A722B43A5} - C:\Program Files\PurpleloungeMPP\MPPoker.exe File not found O9 - Extra Button: InterCasino $$$ - {909AAEB6-C2CB-4AB5-A7BB-C33B72AB4BFB} - C:\Documents and Settings\Moe\Desktop\InterCasino $$$.lnk File not found O9 - Extra 'Tools' menuitem : InterCasino $$$ - {909AAEB6-C2CB-4AB5-A7BB-C33B72AB4BFB} - C:\Documents and Settings\Moe\Desktop\InterCasino $$$.lnk File not found O9 - Extra Button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunApp.exe File not found O9 - Extra 'Tools' menuitem : PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunApp.exe File not found O9 - Extra Button: 7Sultans Online Casino - {D6058E3E-5DBF-413b-9106-C26ED8DE3566} - C:\Program Files\7sultans\casinogame.exe File not found O16 - DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} http://download.microsoft.com/download/0/f/b/0fb0fab9-7f09-4bb6-86d8-8e791ba99ac5/VirtualEarth3D.cab (Reg Error: Value error.) O16 - DPF: {15589FA1-C456-11CE-BF01-000000000000} http://www.errornuker.com/products/errn2004/installers/default/ErrorNukerInstaller.exe (Reg Error: Value error.) O16 - DPF: {3253534D-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/3/4/F345356C-453F-439C-8977-81149FBF0980/wms9dmo.cab (Reg Error: Value error.) O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Value error.) O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab (Reg Error: Value error.) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Value error.) O16 - DPF: {A104EEFF-DADB-45DC-8A69-26E862666021} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Reg Error: Value error.) :commands [reboot] Then click the Run Fix button at the top Let the program run unhindered, reboot the PC when it is done. Post the log resulting from it.

Please run OTL.exe. Download the attached file in this post named 'fixforshawn.txt'. Copy the commands by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy). Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste. Click the red Run Fix button. A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply later. Close OTL.exe If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. ======================================== I will wait for that Panda ActiveScan logfile. :) fixforshawn.txt

If you are still encountering problems with your system, or if you just want another check, you could run a new scan with OTL and post the log here. Otherwise, I think you are good to go.

Hi shawnh, Welcome! A few things before we start.... 1. Please Read All Instructions Carefully. 2. If you don't understand something, stop and ask! Don't keep going on. 3. Please do not run any other tools or scans whilst I am helping you. 4. If you have to go away for an extended period of time, let me know. 5. Please continue to respond until I give you the "All Clear". (Just because you can't see a problem doesn't mean it isn't there) Download TFC by OldTimer to your desktop Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator). It will close all programs when run, so make sure you have saved all your work before you begin. Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion. Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean. ======================= Next download OTL.exe by OldTimer to your Desktop. Close all windows and double click OTL.exe. Click Run Scan and let the program run uninterrupted. It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread. You may need to use two posts to get it all. ============ Meanwhile (while waiting for my reply), you may wish to additionally run Panda ActiveScan online scan. Click the big green Scan now button If it wants to install an ActiveX component allow it It will start downloading the files it requires for the scan (Note: It may take a couple of minutes) The scan may take some time. Once the scan is completed, please hit the notepad icon next to the text Export to: Save it to a convenient location such as your Desktop. Post the contents of the ActiveScan.txt in your next reply.

OK let me know again, and we'll take it from there.

Hi bubbasnickey, Did you click “Remove Selected” in MalwareBytes?

Hi giannaschwartz, Please download the current version of HijackThis from HERE Double click and run the installer. It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe After installing, you should get the user agreement, press accept and Hijack This will run. Select Do a system scan and save a log file. This will open a notepad file of everything HijackThis found, copy and paste it back here.

Late to the party, but a VERY HAPPY BIRTHDAY Isaiah!!! Hope you had a wonderful time. :D

Hi JLVentre, Welcome! A few things before we start.... 1. Please Read All Instructions Carefully. 2. If you don't understand something, stop and ask! Don't keep going on. 3. Please do not run any other tools or scans whilst I am helping you. 4. If you have to go away for an extended period of time, let me know. 5. Please continue to respond until I give you the "All Clear". (Just because you can't see a problem doesn't mean it isn't there) ================================ First, please run HijackThis and place a checkmark by the following entries: R3 - URLSearchHook: (no name) - *{0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - (no file) O4 - HKLM\..\Run: [boshocim] C:\Documents and Settings\private user\Local Settings\Application Data\oeiorbcas\fboqfaitssd.exe O4 - HKCU\..\Run: [boshocim] C:\Documents and Settings\private user\Local Settings\Application Data\oeiorbcas\fboqfaitssd.exe Close all other windows except HijackThis and press "Fix Checked". Then close HijackThis and reboot the PC. ================================ Now download Malwarebytes' Anti-Malware by clicking the link below: Malwarebytes Anti-Malware - Reviews and free Malwarebytes Anti-Malware downloads at Download.com Double Click mbam-setup.exe to install the application. * Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select "Perform Quick Scan", then click Scan. * The scan may take some time to finish,so please be patient. * When the scan is complete, click OK, then Show Results to view the results. * Make sure that everything is checked, and click Remove Selected. * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) * The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. * You'll be required to post the contents of this log later. Please Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately. ============================= Finally, let's have you download ComboFix. Please visit this webpage for downloading and instructions for running the tool: Go here ======> A guide and tutorial on using ComboFix <====== Go here Please ensure you read this guide carefully and install the Recovery Console first.This applies to XP Pro and XP Home users only.If you have XP SP3 installed you will need to use the download meant for SP2. The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time. Once installed, you should get a prompt that says: The Recovery Console was successfully installed. Please continue as follows: (1) Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. (2) Click Yes to allow ComboFix to continue scanning for malware. When the tool is finished, it will produce a report for you. Please include the MBAM log, C:\ComboFix.txt as well as a new HijackThis log for further review, so that we may continue cleansing the system. Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Misuse can cause serious computer problems.

This guide should help you: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Read my reply here: http://extremetechsupport.com/forum/malware-infection-removal/8981-virus-pc.html#post64148 Thanks.

This account hijacking issue is due to malware.