Starbuck

Hi Matt I'd also like to add my thanks for your reply. It's so much nicer when a vendor representative takes the time to reply to our members and gives advice. Thanks.

Hi nathan Thanks for letting us know. http://fc07.deviantart.com/images3/i/2004/146/9/1/Two_thumbs_up.gif

Thanks for letting us know that you resolved the issue. http://fc07.deviantart.com/images3/i/2004/146/9/1/Two_thumbs_up.gif

Hi Wayne and welcome. I'm sure we can sort out your problems.

Hi kristain and welcome. http://fc07.deviantart.com/images3/i/2004/146/9/1/Two_thumbs_up.gif

BitDefender 2010 appears to have released a set of bad definitions. Unfortunately, these bad virus definitions appear to detect core DLL files and even parts of BitDefender. We heavily recommend that you disable auto-update of the definitions until corrected ones are released. There is quite a thread discussing this issue on the BitDefender Forums. BitDefender 2010 Update Problem Update from BitDefender:

It's already on your system. This is from your add/remove list: Click start >>> Programs >>> Malwarebytes Anti malware.

:( Ok you said earlier that: Let me have the MBAM report and the SAS report. There maybe something in there as to a clue. MBAM: Start MBAM >>> Logs tab >>> last log ( date stamped) SAS: Start SAS >>> Preferences >>> Statistics/Logs >>> last log (date stamped) Double click on the logs to open them and then copy and paste the reports into your next reply. Thanks

Hi bobby and welcome. It's good to see you here. http://fc07.deviantart.com/images3/i/2004/146/9/1/Two_thumbs_up.gif

It's like the CNET link says............. Facebook has over 350 million members. imagine if only 1 million clicked this bad link!!!!!!!!!!! That's a lot of work for the malware removal guys!

Hi igrek001 Malwarebytes Anti Malware: Please update MBAM and run another scan: Start MBAM Click on the Update tab >> click Search for Updates If it says that MBAM needs to close to update it... let it close and then restart it. On restart >> click the Scan button. Don't forget: Please let me have the scan report in your next reply. Thanks

Hi nuley Really sorry about that, it went clean out of my head. My apologies. Step 1 Double click on OTL.exe to run it. Copy the lines in the codebox below. (make sure that :Otl is on the first line ) :Otl O15 - HKCU\..Trusted Domains: ([]msn in My Computer) O16 - DPF: {0000000A-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/wmsp9dmo.cab (Reg Error: Key error.) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} http://www.trueswitch.com/hotmail-uk/TrueInstallHotmailUK.exe (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) [2009/07/20 09:03:17 | 000,000,040 | ---- | M] ()(C:\WINDOWS\System32\????????????????????????????????????g) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥噜物楧牂慯扤湡層䍐畧牡層慓敦潃湮捥屴潃普杩塜楖睥挮湯楦g [2009/07/20 09:03:17 | 000,000,040 | ---- | C] ()(C:\WINDOWS\System32\????????????????????????????????????g) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥噜物楧牂慯扤湡層䍐畧牡層慓敦潃湮捥屴潃普杩塜楖睥挮湯楦g :commands [emptytemp] [purity] [EMPTYFLASH] Return to OTL, right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste. http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png Click the red Run Fix button. http://img.photobucket.com/albums/v708/starbuck50/runfixbutton.png OTL will reboot your system once the fix has completed. After the reboot, you may need to double click OTL to launch the program and retrieve the log. Copy and paste the contents of the OTL log that comes up after the fix in your next reply. if you lose the report, there will be a copy here: C:\_OTL\MovedFiles Step 2 Malwarebytes Anti Malware: Please update MBAM and run another scan: Start MBAM Click on the Update tab >> click Search for Updates If it says that MBAM needs to close to update it... let it close and then restart it. On restart >> click the Scan button. Don't forget: In your next reply, please submit: Fix report from OTL MBAM scan report Thanks.

Beware the new Facebook password reset scam If you get an e-mail that appears to be from Facebook saying the company reset your password and urging you to open an attachment, it is a scam. Repeat, it is a scam. http://img.photobucket.com/albums/v708/starbuck50/facebook.png The attachment contains a password stealer that can potentially access any username and password combination used on the computer, not just the login credentials for Facebook. There are obvious clues that this is a phishing scam. For one, Facebook doesn't send e-mails like this. It may send an e-mail with a link where the user can reset the password, but not an e-mail with an attachment. Secondly, the e-mail has poor grammar and awkward phrases. For instance, Facebook is not capitalized in the salutation. Beware the new Facebook password reset scam | InSecurity Complex - CNET News

Did you install 'No Script'? If you did, it sounds like you need to allow some scripts on those pages. Look for the 'No Script' icon at the bottom right on Firefox. ( an 'S' in a circle) Click on this and 'allow scripts' either temporary or permanently for that page. Then try again. Don't select 'allow scripts globally' that's like turning off No Script.

Hi Thomas, It's good to see you here. http://fc07.deviantart.com/images3/i/2004/146/9/1/Two_thumbs_up.gif

Hi Judy, If you mean the guidelines in the 'cleanup speech' ... yes that's fine for anyone to follow or use.

Hi ewood100 Things should be running a lot better now. Let's get an online scan done and have a check for any leftovers; I'd like you to do an ESET OnlineScan Hold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScan Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps) Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop. Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop. [*]Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png [*]Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button. [*]Accept any security warnings from your browser. [*]Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png [*]Click the Start button. [*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. [*]When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png [*]Click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. [*]Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button. [*]Click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt I'd still like to see the OTL report that was produced after the fix..... i need to be sure that the whole fix worked. There should be a copy here: C:\_OTL\MovedFiles if you open the 'MovedFiles' folder you should see a text document that will probably start: 03162010..... Click on it to open it and copy and paste the report in your next reply along with the eset scan report. Thanks

Hi Net_Surfer It's always good to see you. http://fc05.deviantart.com/fs38/f/2009/001/9/d/Welcome_by_Artush.gif

Hi ewood100 Ok, now we know what we are dealing with: P2P Warning Please note that as long as you're using any form of Peer-to-Peer networking (Morpheus, Ares, Limewire, UTorrent etc.) and downloading files from non-documented sources, you can expect infestations of malware to occur. Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programmes form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P programme is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured programme. Many of the programmes come bundled with other unwanted programmes, but even the ones free of any bundled software are not safe to use. When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections. You may decide to continue P2P sharing, but keep in mind that this practice may be the source of future malware infestation. If we clean your computer of infection, and you return to us a short time later with an infection contracted by the use of P2P programmes, we may refuse to help you. Step 1 Double click on OTL.exe to run it. Copy the lines in the codebox below. (make sure that :Otl is on the first line ) :Otl IE - HKCU\..\URLSearchHook: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll File not found IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll (Vendio Services, Inc.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll File not found O2 - BHO: (SearchSettings Class) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll (Vendio Services, Inc.) O3 - HKLM\..\Toolbar: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll File not found O4 - HKLM..\Run: [Cmaudio] File not found O4 - HKLM..\Run: [searchSettings] C:\Program Files\Search Settings\SearchSettings.exe (Vendio Services, Inc.) O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe File not found O4 - HKCU..\Run: [uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe File not found [2010/03/02 20:05:52 | 000,011,264 | ---- | M] () -- C:\Documents and Settings\Evan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/02/24 17:50:50 | 000,196,608 | -HS- | M] () -- C:\Documents and Settings\Evan\Local Settings\Application Data\av.exe [2009/04/12 19:01:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Evan\Application Data\Search Settings :commands [emptytemp] [purity] [EMPTYFLASH] Return to OTL, right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste. http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png Click the red Run Fix button. http://img.photobucket.com/albums/v708/starbuck50/runfixbutton.png OTL will reboot your system once the fix has completed. After the reboot, you may need to double click OTL to launch the program and retrieve the log. Copy and paste the contents of the OTL log that comes up after the fix in your next reply. Step 2 Please download Malwarebytes Anti-Malware and save it to your desktop. Make sure you are connected to the Internet. Double-click on Download_mbam-setup.exe to install the application. When the installation begins, follow the prompts and do not make any changes to default settings. When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-Malware Launch Malwarebytes' Anti-Malware [*]Then click Finish. [*]MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. [*]On the Scanner tab: Make sure the "Perform Full Scan" option is selected. Then click on the Scan button. [*]If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. [*]The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient. [*]When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found". [*]Click OK to close the message box and continue with the removal process. [*]Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found. [*]Make sure that everything is checked, and click Remove Selected. [*]When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below) [*]The log is automatically saved and can be viewed by clicking the Logs tab in MBAM. [*]Copy and paste the contents of that report in your next reply and exit MBAM. Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware. In your next reply, please submit: Report that comes up after the OTL fix MBAM scan report Thanks.

http://fc07.deviantart.com/images3/i/2004/146/9/1/Two_thumbs_up.gif ok.

Hi ewood100 Thanks for posting the 'Extras.txt'. Can you also let me have the 'Main.txt'.... there should be a copy on your desktop. Thanks

Welcome dustybin I'm sure someone here will be able to assist you with your problem.

Hi ewood100 Just try clicking on the OTL desktop icon and follow the instructions to run OTL as previously posted. Don't worry about running OTH this time. We'll see if OTL will run on it's own.

@Goku Cheers, thanks for that. http://fc07.deviantart.com/images3/i/2004/146/9/1/Two_thumbs_up.gif --------------- Hi ewood100 It's become a common thing now for malware to block .exe programs from running or being downloaded, let's see if this is the case and if we can trick it. Please note these programs must be downloaded to the Desktop. Downloads Download OTL to your desktop. if you have problems, try this download link: OTL right click on the link and select 'Save Link/Target As'. Download OTH to your desktop. right click on the link and select 'Save Link/Traget As'. Open Notepad - it must be Notepad, not Wordpad. Copy the text below in the code box by highlighting all the text and pressing Ctrl+C netsvcs msconfig %SYSTEMDRIVE%\*.exe /md5start eventlog.dll scecli.dll netlogon.dll cngaudit.dll sceclt.dll ntelogon.dll logevent.dll iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys nvrd32.sys symmpi.sys adp3132.sys /md5stop %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %systemroot%\system32\drivers\*.sys /lockedfiles Go to the Notepad window and click Edit >> Paste Then click File >> Save Name the file Scan Make sure that the Save as Type is set to Text Documents and save to the Desktop. Run Programs Click on the OTH icon to run the program. http://img.photobucket.com/albums/v708/starbuck50/othelper.png Click on the http://img.photobucket.com/albums/v708/starbuck50/killall.png button. Your Desktop will go blank. Now click on the http://img.photobucket.com/albums/v708/starbuck50/startotl.png button. http://img.photobucket.com/albums/v708/starbuck50/new/newOtl2.png When the window appears, underneath Output at the top change it to Minimal Output. Check the boxes beside LOP Check and Purity Check. Double click in the Custom Scans/Fixes window (under the blue bar) A message box will popup asking if you want to load a custom scan from a file Select the file you saved earlier (Scan.txt) Now click on the http://img.photobucket.com/albums/v708/starbuck50/runscan.png button. When the scan has completed, click on the http://img.photobucket.com/albums/v708/starbuck50/IE.png button. This will load your browser so that you can copy/paste the OTL.txt and Extra.txt reports in your next reply. Once posted: Click on the http://img.photobucket.com/albums/v708/starbuck50/reboot.png button to restart your computer. The scans may be quite big, so feel free to add them as attachments. Note: if you can't download these 2 programs using 'Normal mode' ..... try downloading them in 'Safe Mode with Networking'. Then boot into normal mode to run them. To reboot your computer in Safe Mode with Networking do the following : * Restart your computer * After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; * Instead of Windows loading as normal, a menu with options should appear; You will need to use the 'keyboard arrow keys' to navigate on this menu. * Select the option, to run Windows in Safe Mode with Networking, then press "Enter". * Then choose your usual account.

Hi Judy, If you do decide to go with the advanced Vista Firewall, here's what you need to do: When you get to the Windows Firewall with Advanced Security management interface. Click on 'Windows Firewall Properties': http://img.photobucket.com/albums/v708/starbuck50/wf1.png On the Domain Profile, use the drop down arrow to change the Firewall State to 'ON': http://img.photobucket.com/albums/v708/starbuck50/wf2.png http://img.photobucket.com/albums/v708/starbuck50/wf3.png Now click on the 'Private Profile tab and the Public Profile tab and do the same: http://img.photobucket.com/albums/v708/starbuck50/wf4.png When finished, click on 'Apply: http://img.photobucket.com/albums/v708/starbuck50/wf5.png Then click 'OK' to exit. Just to add something that RandyL stated: The problem facing a lot of people with malware problems, is that a lot of malware will actually turn off your System Restore or corrupt it. You won't know about this until you try to use it. Plus System Restore won't backup the whole registry. It all depends on how 'safe' you feel you want to be.