chiaz

Some of the crack programs and pirated applications you have on your PC are detected as malware. You may want to get rid of them accordingly. Let me know if you need additional information or help on this. NExt, Download The Avenger by Swandog46 from here. Unzip/extract it to a folder on your desktop. Double click on avenger.exe to run The Avenger. Click OK. Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it. Copy all of the text in the below textbox to the clibpboard by highlighting it and then pressing Ctrl+C. Files to delete: c:\winxp\remlive.exe c:\winxp\system32\svers.dll c:\winxp\svers.dll c:\program files\webserver\svrproxy.exe c:\windows\system32\aspro\imscan.dll Registry values to delete: hkey_current_user\software\microsoft\windows\currentversion\ext\stats\{886dde35-e585-11d0-a707-000000521958} In the avenger window, click the Paste script from Clipboard, http://i72.servimg.com/u/f72/11/72/65/32/pastet11.png button. Click the Execute button. You will be asked Are you sure you want to execute the current script?. Click Yes. You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?. Click Yes. Your PC will now be rebooted. Note: If the above script contains Drivers to delete: or Drivers to disable:, then The Avenger will require two reboots to complete its operation. If that is the case, it will force a BSOD on the first reboot. This is normal & expected behaviour. After your PC has completed the necessary reboots, a log should automatically open. If it does not automatically open, then the log can be found at %systemdrive%\avenger.txt (typically C:\avenger.txt). Please post this log in your reply.

Sorry for the late reply. Not everything's malicious, don't worry. :) I would like a deeper look into some particular files before giving any definite instructions. Please go to http://virusscan.jotti.org , click on Browse, and upload the following files for analysis: c:\winxp\system32\svers.dll c:\winxp\svers.dll c:\program files\webserver\svrproxy.exe c:\windows\system32\aspro\imscan.dll Then click Submit. Allow the files to be scanned individually, and then please Copy/Paste the respective result links here for me to see. If Jotti is busy, please go to http://www.virustotal.com.

OK, looks like that did its job. Run Panda ActiveScan and post the concomitant log here. :)

Please run OTL again. Under the Custom Scans/Fixes box at the bottom, paste in the following (Starting from :OTL): :OTL O3 - HKLM\..\Toolbar: (OCDB) - {23BE4004-AC07-45FE-B87F-1782D25C90E5} - Reg Error: Value error. File not found O3 - HKCU\..\Toolbar\WebBrowser: (OCDB) - {23BE4004-AC07-45FE-B87F-1782D25C90E5} - Reg Error: Value error. File not found O4 - HKLM..\Run: [] File not found O9 - Extra Button: WH USD Casino - {096CADBA-B4F6-4899-AC65-5BE9C3803037} - C:\Documents and Settings\Moe\Desktop\WH USD Casino.lnk File not found O9 - Extra 'Tools' menuitem : WH USD Casino - {096CADBA-B4F6-4899-AC65-5BE9C3803037} - C:\Documents and Settings\Moe\Desktop\WH USD Casino.lnk File not found O9 - Extra Button: WH GBP Casino - {37236812-C1A2-4529-A9CE-CFE04E3DF08A} - C:\Documents and Settings\Moe\Desktop\WH GBP Casino.lnk File not found O9 - Extra 'Tools' menuitem : WH GBP Casino - {37236812-C1A2-4529-A9CE-CFE04E3DF08A} - C:\Documents and Settings\Moe\Desktop\WH GBP Casino.lnk File not found O9 - Extra Button: Europa Casino - {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - C:\Program Files\Europa Casino\casino.exe File not found O9 - Extra 'Tools' menuitem : Europa Casino - {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - C:\Program Files\Europa Casino\casino.exe File not found O9 - Extra Button: Purple Lounge Poker - {701FD202-200A-4bd1-9380-BC8A722B43A5} - C:\Program Files\PurpleloungeMPP\MPPoker.exe File not found O9 - Extra Button: InterCasino $$$ - {909AAEB6-C2CB-4AB5-A7BB-C33B72AB4BFB} - C:\Documents and Settings\Moe\Desktop\InterCasino $$$.lnk File not found O9 - Extra 'Tools' menuitem : InterCasino $$$ - {909AAEB6-C2CB-4AB5-A7BB-C33B72AB4BFB} - C:\Documents and Settings\Moe\Desktop\InterCasino $$$.lnk File not found O9 - Extra Button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunApp.exe File not found O9 - Extra 'Tools' menuitem : PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunApp.exe File not found O9 - Extra Button: 7Sultans Online Casino - {D6058E3E-5DBF-413b-9106-C26ED8DE3566} - C:\Program Files\7sultans\casinogame.exe File not found O16 - DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} http://download.microsoft.com/download/0/f/b/0fb0fab9-7f09-4bb6-86d8-8e791ba99ac5/VirtualEarth3D.cab (Reg Error: Value error.) O16 - DPF: {15589FA1-C456-11CE-BF01-000000000000} http://www.errornuker.com/products/errn2004/installers/default/ErrorNukerInstaller.exe (Reg Error: Value error.) O16 - DPF: {3253534D-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/3/4/F345356C-453F-439C-8977-81149FBF0980/wms9dmo.cab (Reg Error: Value error.) O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Value error.) O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab (Reg Error: Value error.) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Value error.) O16 - DPF: {A104EEFF-DADB-45DC-8A69-26E862666021} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Reg Error: Value error.) :commands [reboot] Then click the Run Fix button at the top Let the program run unhindered, reboot the PC when it is done. Post the log resulting from it.

Please run OTL.exe. Download the attached file in this post named 'fixforshawn.txt'. Copy the commands by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy). Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste. Click the red Run Fix button. A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply later. Close OTL.exe If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. ======================================== I will wait for that Panda ActiveScan logfile. :) fixforshawn.txt

If you are still encountering problems with your system, or if you just want another check, you could run a new scan with OTL and post the log here. Otherwise, I think you are good to go.

Hi shawnh, Welcome! A few things before we start.... 1. Please Read All Instructions Carefully. 2. If you don't understand something, stop and ask! Don't keep going on. 3. Please do not run any other tools or scans whilst I am helping you. 4. If you have to go away for an extended period of time, let me know. 5. Please continue to respond until I give you the "All Clear". (Just because you can't see a problem doesn't mean it isn't there) Download TFC by OldTimer to your desktop Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator). It will close all programs when run, so make sure you have saved all your work before you begin. Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion. Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean. ======================= Next download OTL.exe by OldTimer to your Desktop. Close all windows and double click OTL.exe. Click Run Scan and let the program run uninterrupted. It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread. You may need to use two posts to get it all. ============ Meanwhile (while waiting for my reply), you may wish to additionally run Panda ActiveScan online scan. Click the big green Scan now button If it wants to install an ActiveX component allow it It will start downloading the files it requires for the scan (Note: It may take a couple of minutes) The scan may take some time. Once the scan is completed, please hit the notepad icon next to the text Export to: Save it to a convenient location such as your Desktop. Post the contents of the ActiveScan.txt in your next reply.

OK let me know again, and we'll take it from there.

Hi bubbasnickey, Did you click “Remove Selected” in MalwareBytes?

Hi giannaschwartz, Please download the current version of HijackThis from HERE Double click and run the installer. It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe After installing, you should get the user agreement, press accept and Hijack This will run. Select Do a system scan and save a log file. This will open a notepad file of everything HijackThis found, copy and paste it back here.

Late to the party, but a VERY HAPPY BIRTHDAY Isaiah!!! Hope you had a wonderful time. :D

Hi JLVentre, Welcome! A few things before we start.... 1. Please Read All Instructions Carefully. 2. If you don't understand something, stop and ask! Don't keep going on. 3. Please do not run any other tools or scans whilst I am helping you. 4. If you have to go away for an extended period of time, let me know. 5. Please continue to respond until I give you the "All Clear". (Just because you can't see a problem doesn't mean it isn't there) ================================ First, please run HijackThis and place a checkmark by the following entries: R3 - URLSearchHook: (no name) - *{0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - (no file) O4 - HKLM\..\Run: [boshocim] C:\Documents and Settings\private user\Local Settings\Application Data\oeiorbcas\fboqfaitssd.exe O4 - HKCU\..\Run: [boshocim] C:\Documents and Settings\private user\Local Settings\Application Data\oeiorbcas\fboqfaitssd.exe Close all other windows except HijackThis and press "Fix Checked". Then close HijackThis and reboot the PC. ================================ Now download Malwarebytes' Anti-Malware by clicking the link below: Malwarebytes Anti-Malware - Reviews and free Malwarebytes Anti-Malware downloads at Download.com Double Click mbam-setup.exe to install the application. * Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select "Perform Quick Scan", then click Scan. * The scan may take some time to finish,so please be patient. * When the scan is complete, click OK, then Show Results to view the results. * Make sure that everything is checked, and click Remove Selected. * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) * The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. * You'll be required to post the contents of this log later. Please Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately. ============================= Finally, let's have you download ComboFix. Please visit this webpage for downloading and instructions for running the tool: Go here ======> A guide and tutorial on using ComboFix <====== Go here Please ensure you read this guide carefully and install the Recovery Console first.This applies to XP Pro and XP Home users only.If you have XP SP3 installed you will need to use the download meant for SP2. The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time. Once installed, you should get a prompt that says: The Recovery Console was successfully installed. Please continue as follows: (1) Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. (2) Click Yes to allow ComboFix to continue scanning for malware. When the tool is finished, it will produce a report for you. Please include the MBAM log, C:\ComboFix.txt as well as a new HijackThis log for further review, so that we may continue cleansing the system. Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Misuse can cause serious computer problems.

This guide should help you: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Read my reply here: http://extremetechsupport.com/forum/malware-infection-removal/8981-virus-pc.html#post64148 Thanks.

This account hijacking issue is due to malware.

Welcome deweyduck. :)

It's likely to be leftovers from something that you previously tried to install. Let's have you download ComboFix.exe now. Please visit this webpage for downloading and instructions for running the tool: Go here ======> A guide and tutorial on using ComboFix <====== Go here Please ensure you read this guide carefully and install the Recovery Console first.This applies to XP Pro and XP Home users only.If you have SP3 installed you will need to use the download meant for SP2. The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time. Once installed, you should get a prompt that says: The Recovery Console was successfully installed. Please continue as follows: (1) Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. (2) Click Yes to allow ComboFix to continue scanning for malware. When the tool is finished, it will produce a report for you. Please include C:\ComboFix.txt for further review, so that we may continue cleansing the system. Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Misuse can cause serious computer problems.

You're welcome Nuley. All the best in 2010, and hope I don't see you in this section any soon. :)

Don't worry, the rest are harmless. I think our work is done here - your PC should be clean now. It's time to remove ComboFix. Go to to Start > Run Type in box combofix /uninstall Note: the space between the X and the /u Press Enter. This command will: Delete the following: ComboFix and its associated files and folders. VundoFix backups, if present The C:\Deckard folder, if present The C:_OtMoveIt folder, if present Reset the clock settings. Hide file extensions, if required. Hide System/Hidden files, if required. Reset System Restore. Let me know if you are experiencing any other issues.

Please navigate to and delete the following files: c:\apps\homepage\homepgui.exe c:\windows\installer\3795e.msi As well as the following folder: c:\windows\system32\sbutils Once done, restart your PC. Then run a fresh scan with Panda ActiveScan again and post the generated log in your reply. (This is probably the last scanner we're going to run)

Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions. It's IMPORTANT to carry out the instructions in the sequence listed below. 1. Close any open browsers. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Open *notepad* and copy/paste the text in the quotebox below into it: Driver:: iMSPQMn File:: c:\documents and settings\Fred\Local Settings\Temp\iMSPQMn.sys Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop. http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif Refering to the picture above, drag CFScript.txt into ComboFix.exe When finished, it shall produce a log for you at C:\ComboFix.txt Please copy and paste the ComboFix.txt in your new reply. *Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall. Altering this script in any way could damage your computer.*

Hi straggler, A few things before we start.... 1. Please Read All Instructions Carefully. 2. If you don't understand something, stop and ask! Don't keep going on. 3. Please do not run any other tools or scans whilst I am helping you. 4. If you have to go away for an extended period of time, let me know. 5. Please continue to respond until I give you the "All Clear". (Just because you can't see a problem doesn't mean it isn't there) Please download Malwarebytes' Anti-Malware by clicking the link below: Malwarebytes Anti-Malware - Reviews and free Malwarebytes Anti-Malware downloads at Download.com Double Click mbam-setup.exe to install the application. * Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select "Perform Quick Scan", then click Scan. * The scan may take some time to finish,so please be patient. * When the scan is complete, click OK, then Show Results to view the results. * Make sure that everything is checked, and click Remove Selected. * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) * The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. * You'll be required to post the contents of this log later. Please Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately. Next let's have you download ComboFix.exe. Please visit this webpage for downloading and instructions for running the tool: Go here ======> A guide and tutorial on using ComboFix <====== Go here Please ensure you read this guide carefully and install the Recovery Console first.This applies to XP Pro and XP Home users only.If you have SP3 installed you will need to use the download meant for SP2. The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time. Once installed, you should get a prompt that says: The Recovery Console was successfully installed. Please continue as follows: (1) Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. (2) Click Yes to allow ComboFix to continue scanning for malware. When the tool is finished, it will produce a report for you. Please include the MBAM log along with C:\ComboFix.txt for further review, so that we may continue cleansing the system. Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Misuse can cause serious computer problems.

Hi El Stevo, Sorry for the late reply. A few things before we start.... 1. Please Read All Instructions Carefully. 2. If you don't understand something, stop and ask! Don't keep going on. 3. Please do not run any other tools or scans whilst I am helping you. 4. If you have to go away for an extended period of time, let me know. 5. Please continue to respond until I give you the "All Clear". (Just because you can't see a problem doesn't mean it isn't there) ================== Please update, and run a full scan with MBAM. Please Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately. Next let's have you download ComboFix.exe. Please visit this webpage for downloading and instructions for running the tool: Go here ======> A guide and tutorial on using ComboFix <====== Go here Please ensure you read this guide carefully and install the Recovery Console first.This applies to XP Pro and XP Home users only.If you have SP3 installed you will need to use the download meant for SP2. The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time. Once installed, you should get a prompt that says: The Recovery Console was successfully installed. Please continue as follows: (1) Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. (2) Click Yes to allow ComboFix to continue scanning for malware. When the tool is finished, it will produce a report for you. Please copy/paste C:\ComboFix.txt as well as a new HijackThis log for further review, so that we may continue cleansing the system. Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Misuse can cause serious computer problems.

OK....let's have you go HERE to run Panda ActiveScan 2.0 Click the big green Scan now button If it wants to install an ActiveX component allow it It will start downloading the files it requires for the scan (Note: It may take a couple of minutes) Once the scan is completed, please hit the notepad icon next to the text Export to: Save it to a convenient location such as your Desktop Post the contents of the ActiveScan.txt in your next reply.

Happy New Year Nuley. :) Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions. It's IMPORTANT to carry out the instructions in the sequence listed below. 1. Close any open browsers. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Open *notepad* and copy/paste the red text in the quotebox below into it: [color="Red"]FCopy:: c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys|c:\windows\system32\drivers\tcpip.sys Folder:: c:\windows\system32\lowsec File:: C:\WINDOWS\Temp\F.tmp c:\windows\system32\drivers\qseuqxkm.sys c:\windows\system32\msuiyr32.exe c:\windows\system32\sdra64.exe Registry:: [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Userinit"=-[/color] Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop. http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif Refering to the picture above, drag CFScript.txt into ComboFix.exe When finished, it shall produce a log for you at C:\ComboFix.txt Please copy and paste the ComboFix.txt in your new reply. *Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall. Altering this script in any way could damage your computer.*