[Zakkmabrey]

It almost seems like this is a daily problem for me. I get on the computer and it reads that there is a problem. I use Advanced SystemCare as my computer's security and scanner, and when I run the daily scan, it seems that there are always problems found. Also, whenever I get on the internet I encounter a lot of pop ups. Even though I have a pop up blocker. I am afraid that it might be Malware, Spyware, Adware, or some other type of virus. Another thing I noticed is the amount of processes running on my computer. When I go into the task manager, and look at my running processes, it has 41 when I don't have any programs or applications up and running. I feel like that is a lot, but I am not sure.

-Zakk

Platform: Windows XP (WinNT 5.1)
MSIE: Internet Explorer v8.0 (8.0.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Dan & Nikki Turner\Application Data\dwm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Documents and Settings\Dan & Nikki Turner\Local Settings\Application Data\puf.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\DOCUME~1\DAN&NI~1\LOCALS~1\Temp\csrss.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Gamesbar\SearchEngineProtection.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\dllhost.exe
C:\Documents and Settings\Dan & Nikki Turner\Application Data\Microsoft\conhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\svchost.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: SWEETIE - {45A4902E-4479-4EAE-A186-8D0F7E4C78DE} - (no file)
O2 - BHO: SWEETIE - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SWEETIE - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: BHO Project - {66D8FBA6-D90F-40A9-AC55-84896F79CA69} - BHO Project
O2 - BHO: (no name) - {A6ACAE64-F798-4930-AD86-BD3FB32038DB} - (no file)
O2 - BHO: (no name) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O2 - BHO: (no name) - {CB0D163C-E9F4-4236-9496-0597E24B23A5} - C:\Program Files\GamesBar\2.0.1.53\oberontb.dll
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: JQSIEStartDetectorImpl - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: Protection Bar - {84938242-5C5B-4A55-B6B9-A1507543B418} -
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: (no name) - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - (no file)
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

[Advertisements]

Hi there Advanced windows care is not an antivirus - hence you are fairly badly infected. I will need a deeper look at your system prior to cleaning. Once I have the majority clear we will look at some Antivirus programmes for you


Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan


On completion of the scan click save log, save it to your desktop and post in your next reply


THEN

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Select All Users
• Under the Custom Scan box paste this in
  
  netsvcs
  %SYSTEMDRIVE%\*.exe
  /md5start
  explorer.exe
  winlogon.exe
  Userinit.exe
  svchost.exe
  /md5stop
  %systemroot%\*. /mp /s
  hklm\software\clients\startmenuinternet|command /rs
  CREATERESTOREPOINT
  
  
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Post both logs

[Essexboy]

Hi there Advanced windows care is not an antivirus - hence you are fairly badly infected. I will need a deeper look at your system prior to cleaning. Once I have the majority clear we will look at some Antivirus programmes for you


Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan


On completion of the scan click save log, save it to your desktop and post in your next reply


THEN

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Select All Users
• Under the Custom Scan box paste this in
  
  netsvcs
  %SYSTEMDRIVE%\*.exe
  /md5start
  explorer.exe
  winlogon.exe
  Userinit.exe
  svchost.exe
  /md5stop
  %systemroot%\*. /mp /s
  hklm\software\clients\startmenuinternet|command /rs
  CREATERESTOREPOINT
  
  
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Post both logs

[Zakkmabrey]

aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-06-08 10:27:59
-----------------------------
10:27:59.406 OS Version: Windows 5.1.2600 Service Pack 3
10:27:59.406 Number of processors: 2 586 0x404
10:27:59.406 ComputerName: COMPUTER UserName:
10:28:00.390 Initialize success
10:28:04.718 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
10:28:04.718 Disk 0 Vendor: WDC_WD80 10.0 Size: 76293MB BusType: 3
10:28:04.718 Disk 0 MBR read successfully
10:28:04.718 Disk 0 MBR scan
10:28:04.718 Disk 0 TDL4@MBR code has been found
10:28:04.718 Disk 0 MBR hidden
10:28:04.734 Disk 0 MBR [TDL4] **ROOTKIT**
10:28:04.734 Disk 0 trace - called modules:
10:28:04.734 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8aa0e4d0]<<
10:28:04.734 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b374ab8]
10:28:04.734 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> [0x8b387630]
10:28:04.734 \Driver\iastor[0x8b37e6f8] -> IRP_MJ_CREATE -> 0x8aa0e4d0
10:28:04.734 Scan finished successfully
10:29:18.187 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Dan & Nikki Turner\Desktop\MBR.dat"
10:29:18.218 The log file has been saved successfully to "C:\Documents and Settings\Dan & Nikki Turner\Desktop\aswMBR.txt"

[Essexboy]

Are you running OTL now ?

[Essexboy]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.