Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Possible Malware on my computer


  • This topic is locked This topic is locked

#1
Zakkmabrey

Zakkmabrey

    New Member

  • Member
  • Pip
  • 2 posts
It almost seems like this is a daily problem for me. I get on the computer and it reads that there is a problem. I use Advanced SystemCare as my computer's security and scanner, and when I run the daily scan, it seems that there are always problems found. Also, whenever I get on the internet I encounter a lot of pop ups. Even though I have a pop up blocker. I am afraid that it might be Malware, Spyware, Adware, or some other type of virus. Another thing I noticed is the amount of processes running on my computer. When I go into the task manager, and look at my running processes, it has 41 when I don't have any programs or applications up and running. I feel like that is a lot, but I am not sure.

-Zakk

Platform: Windows XP (WinNT 5.1)
MSIE: Internet Explorer v8.0 (8.0.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Dan & Nikki Turner\Application Data\dwm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Documents and Settings\Dan & Nikki Turner\Local Settings\Application Data\puf.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\DOCUME~1\DAN&NI~1\LOCALS~1\Temp\csrss.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Gamesbar\SearchEngineProtection.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\dllhost.exe
C:\Documents and Settings\Dan & Nikki Turner\Application Data\Microsoft\conhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\svchost.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: SWEETIE - {45A4902E-4479-4EAE-A186-8D0F7E4C78DE} - (no file)
O2 - BHO: SWEETIE - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SWEETIE - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: BHO Project - {66D8FBA6-D90F-40A9-AC55-84896F79CA69} - BHO Project
O2 - BHO: (no name) - {A6ACAE64-F798-4930-AD86-BD3FB32038DB} - (no file)
O2 - BHO: (no name) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O2 - BHO: (no name) - {CB0D163C-E9F4-4236-9496-0597E24B23A5} - C:\Program Files\GamesBar\2.0.1.53\oberontb.dll
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: JQSIEStartDetectorImpl - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: Protection Bar - {84938242-5C5B-4A55-B6B9-A1507543B418} -
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: (no name) - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - (no file)
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there Advanced windows care is not an antivirus - hence you are fairly badly infected. I will need a deeper look at your system prior to cleaning. Once I have the majority clear we will look at some Antivirus programmes for you


Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image

THEN

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#3
Zakkmabrey

Zakkmabrey

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-06-08 10:27:59
-----------------------------
10:27:59.406 OS Version: Windows 5.1.2600 Service Pack 3
10:27:59.406 Number of processors: 2 586 0x404
10:27:59.406 ComputerName: COMPUTER UserName:
10:28:00.390 Initialize success
10:28:04.718 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
10:28:04.718 Disk 0 Vendor: WDC_WD80 10.0 Size: 76293MB BusType: 3
10:28:04.718 Disk 0 MBR read successfully
10:28:04.718 Disk 0 MBR scan
10:28:04.718 Disk 0 [email protected] code has been found
10:28:04.718 Disk 0 MBR hidden
10:28:04.734 Disk 0 MBR [TDL4] **ROOTKIT**
10:28:04.734 Disk 0 trace - called modules:
10:28:04.734 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8aa0e4d0]<<
10:28:04.734 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b374ab8]
10:28:04.734 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> [0x8b387630]
10:28:04.734 \Driver\iastor[0x8b37e6f8] -> IRP_MJ_CREATE -> 0x8aa0e4d0
10:28:04.734 Scan finished successfully
10:29:18.187 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Dan & Nikki Turner\Desktop\MBR.dat"
10:29:18.218 The log file has been saved successfully to "C:\Documents and Settings\Dan & Nikki Turner\Desktop\aswMBR.txt"
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Are you running OTL now ?
  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP