1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Malware-ave.exe (suspect more)

Discussion in 'Virus & Other Malware Removal' started by anthonyg123, Apr 3, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. anthonyg123

    anthonyg123 Thread Starter

    Joined:
    Oct 18, 2007
    Messages:
    41
    Hello, i've had this problem for the last 5 days now, each day with it becoming much more severe.
    The problem is the ave.exe malware, floating about now, i got it, and done a scan with Malware-Bytes, and what i thought was the whole infection was cleared.
    On the 3rd day, it came back, so i followed the seps on this page: http://www.myantispyware.com/2010/03/19/how-to-remove-ave-exe-malware/

    Which i believe have led to a buggy computer, but hell, it worked, so i was happy about that.

    Then last night/today it has been causing absolute mayhem on my computer. Making the computer take twice as long to boot up, causing a 'This program has stopped working' error to ALL my startup programs, and has been causing borderline hysteria to me.
    I can co-operate in any way or form to get rid of this bugger from my computer, and i'm on my knees metaphorically for help.

    Thank you!


    EDIT: Forgot about the HJT log, really sorry.


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:54:23, on 03/04/2010
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18444)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
    C:\Program Files (x86)\Spyware Doctor\pctsTray.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Users\Elaine\Program Files (x86)\DNA\btdna.exe
    C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
    C:\Program Files (x86)\Spyware Doctor\pctsGui.exe
    I:\RARS\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [PWRISOVM.EXE] "C:\Program Files (x86)\PowerISO\PWRISOVM.EXE"
    O4 - HKLM\..\Run: [Ask and Record FLV Service] "C:\Program Files (x86)\Ask & Record Toolbar\FLVSrvc.exe" /run
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files (x86)\Spyware Doctor\pctsTray.exe"
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Elaine\Program Files (x86)\DNA\btdna.exe"
    O4 - HKCU\..\Run: [Steam] "c:\program files (x86)\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [ManyCam] "C:\Program Files (x86)\ManyCam 2.4\ManyCam.exe"
    O4 - HKCU\..\Run: [cleansweep.exe] C:\cleansweep.exe\cleansweep.exe
    O4 - HKCU\..\Run: [mplay32xe.exe] C:\Users\Elaine\AppData\Local\Temp\mplay32xe.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Startup: CurseClientStartup.ccip
    O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files (x86)\OpenOffice.org 2.4\program\quickstart.exe
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\OFFICE11\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
    O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\Windows\system32\libusbd-nt.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
    O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 11935 bytes
     
  2. SweetTech

    SweetTech

    Joined:
    Dec 31, 1969
    Messages:
    1,016
    Hello and welcome to the forums! My name is SweetTech, it's a pleasure to meet you. :)

    I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

    If you have already received help elsewhere please inform me so that this topic can be closed.

    If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

    • Logs from malware removal programs (DDS is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
    • Please make sure to carefully read any instruction that I give you.
      Reading too lightly will cause you to miss important steps, which could have destructive effects.
    • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
    • These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. It's important to note that these instructions are not suitable for any other computer, even if the issues are fairly similar.
    • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
    • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
    • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
    • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
    • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
      Because of this, you must reply within five days
      . I will post a reminder should you seem to fail to do this, however, if you fail to reply within two days then,
      unless I have been notified of your absence in advance, the topic shall be closed!
    • Please do not PM me directly for help. If you have any questions, post them in this topic. The only time you can and should PM me is when I have not been replying to you for several days (usually around 4 days) and you need an explanation. If that's the case, just send me a message to me on here. ;)
    • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
      Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

    ____________________________________________________


    Running OTS
    To ensure that I get all the information this log will need to be attached (instructions at the end) if it is to large to attach then upload to Mediafire and post the sharing link.

    Download OTS to your Desktop

    • Close ALL OTHER PROGRAMS.
    • Double-click on OTS.exe to start the program.
    • Check the box that says Scan All Users
    • Under Additional Scans click the "Extras" button
    • In the custom scans section copy and paste in the following

      netsvcs
      %SYSTEMDRIVE%\*.exe
      /md5start
      eventlog.dll
      scecli.dll
      netlogon.dll
      cngaudit.dll
      sceclt.dll
      ntelogon.dll
      logevent.dll
      iaStor.sys
      nvstor.sys
      atapi.sys
      IdeChnDr.sys
      viasraid.sys
      AGP440.sys
      vaxscsi.sys
      nvatabus.sys
      viamraid.sys
      nvata.sys
      nvgts.sys
      iastorv.sys
      ViPrt.sys
      eNetHook.dll
      ahcix86.sys
      KR10N.sys
      nvstor32.sys
      ahcix86s.sys
      nvrd32.sys
      symmpi.sys
      adp3132.sys
      mv61xx.sys
      nvraid.sys
      /md5stop
      %systemroot%\*. /mp /s
      CREATERESTOREPOINT
      %systemroot%\system32\*.dll /lockedfiles
      %systemroot%\Tasks\*.job /lockedfiles
      %systemroot%\system32\drivers\*.sys /lockedfiles
      %systemroot%\System32\config\*.sav
    • Now click the Run Scan button on the toolbar.
    • Let it run unhindered until it finishes.
    • When the scan is complete Notepad will open with the report file loaded in it.
    • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

    Please attach the log in your next post.

    To attach a file, do the following:
    • Click Add Reply
    • Under the reply panel is the Attachments Panel
    • Browse for the attachment file you want to upload, then click the green Upload button
    • Once it has uploaded, click the Manage Current Attachments drop down box
    • Click on [​IMG] to insert the attachment into your post


    NEXT:



    Please make sure you include the following items in your next post:
    1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
    2. The log that was produced after running the OTS scan.
    3. An update on how your computer is currently running.​
    It would be helpful if you could answer each question in the order asked, as well as numbering your answers.
     
  3. SweetTech

    SweetTech

    Joined:
    Dec 31, 1969
    Messages:
    1,016
    Do you still need help with your machine?

    If the instructions are unclear or something isn't working, please let me know before proceeding.
     
  4. anthonyg123

    anthonyg123 Thread Starter

    Joined:
    Oct 18, 2007
    Messages:
    41
    I'm terribly sorry for the late reply, been having a battle with it for days now, contemplating if it's worth smashing it up just to ease my frustration heh. Done the OST scan though
    http://www.mediafire.com/?o54qjymm33m (hoping that works)

    Updates:
    The computer has been running much slower since the initial 'infection'. Windows Explorer (the start menu/bottom bar thingy) has been freezing recently quite a bit (first time i've experienced it in 5 months) and it's quite frequently, though it's usually when my computer is under stress.
    Alot more general freezing also, but it may be due to my actual hardware.
    But these problems could be generalised to all accords, so you can disregard em.


    Thank you for the patience and support, i am DEEPLY sorry for the late reply. Had to get my uncles computer to someone switch the Hard drive to get it to a restore point, so i can atleast get some basic use from the machine.
    Again, i am deeply sorry for the late reply, and thank you so much for the support.
     
  5. SweetTech

    SweetTech

    Joined:
    Dec 31, 1969
    Messages:
    1,016
    Hello,

    Do you currently have an active subscription to Spyware Doctor? If not, then you may want to consider removing it. It can be a resource hog at times.


    Peer to Peer Program
    While reviewing your logs I noticed that you currently have Peer to Peer program(s) installed on your computer.

    You currently have the following P2P programs installed:

    • bitTorrent
    Most of the infections that we see today are through P2P file sharing. By uninstalling the programs that I mentioned above you will be doing yourself a favor. It's impossible to trust the source of what is being downloaded from them and a file may or may not be what it appears to be.

    Should you decide to keep these programs installed on your computer PLEASE do not use these programs while we are getting your P.C. cleaned up.

    How to Uninstall the P2P Programs:

    Remove Program

    For Vista Users:

    • Click on Start > Control Panel and double click on Programs and Features.
    • Locate bitTorrent and click on the Uninstall button to uninstall it.
    • Close Control Panel when done.


    PLEASE NOTE: When your uninstalling the P2P Program(s) some questions are worded in various ways to try and deceive you and keep you from uninstalling their Program.



    NEXT:



    Running OTS Fix
    Start OTS Copy/Paste the information inside the codebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

    Code:
    [Kill All Processes]
    [Unregister Dlls]
    [Registry - Safe List]
    < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    YN -> {5C255C8A-E604-49b4-9D64-90988571CECB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
    < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1405751584-2070937437-1482844215-1000\] > -> HKEY_USERS\S-1-5-21-1405751584-2070937437-1482844215-1000\Software\Microsoft\Internet Explorer\Toolbar\
    YN -> WebBrowser\\"{A057A204-BACC-4D26-9990-79A187E2698E}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
    YN -> WebBrowser\\"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
    < Run [HKEY_USERS\S-1-5-21-1405751584-2070937437-1482844215-1000\] > -> HKEY_USERS\S-1-5-21-1405751584-2070937437-1482844215-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    YY -> "mplay32xe.exe" -> C:\Users\Elaine\AppData\Local\Temp\mplay32xe.exe [C:\Users\Elaine\AppData\Local\Temp\mplay32xe.exe]
    YN -> "PlayNC Launcher" -> []
    YN -> "WMPNSCFG" -> C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe [C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe]
    < CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    YN -> \\"NoActiveDesktop" -> [1]
    < Internet Explorer Menu Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\
    YN -> Add to Windows &Live Favorites -> [http://favorites.live.com/quickadd.aspx]
    < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\
    YN -> Add to Windows &Live Favorites -> [http://favorites.live.com/quickadd.aspx]
    < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-1405751584-2070937437-1482844215-1000\] > -> HKEY_USERS\S-1-5-21-1405751584-2070937437-1482844215-1000\Software\Microsoft\Internet Explorer\MenuExt\
    YN -> Add to Windows &Live Favorites -> [http://favorites.live.com/quickadd.aspx]
    < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
    YN -> {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab [Reg Error: Key error.]
    < Vista Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications
    YN -> \List\\"C:\Program Files (x86)\Combat Arms\CombatArms.exe" -> C:\Program Files (x86)\Combat Arms\CombatArms.exe [C:\Program Files (x86)\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe]
    YN -> \List\\"C:\Program Files (x86)\Combat Arms\Engine.exe" -> C:\Program Files (x86)\Combat Arms\Engine.exe [C:\Program Files (x86)\Combat Arms\Engine.exe:*Enabled:Engine.exe]
    < Vista Active Application Exception Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules
    YN -> {200C05F9-0EDB-4EE0-8E69-1E294DA6DD0B} -> profile=public | protocol=17 | dir=in | action=allow | name=dna (udp-in) | app=c:\program files (x86)\dna\btdna.exe | 
    YN -> {957CDE66-7D3B-4E12-B71A-6B1F129E134F} -> profile=private | protocol=17 | dir=in | action=allow | name=&#956;torrent (udp-in) | app=c:\program files (x86)\utorrent\utorrent.exe | 
    YN -> {A2F5A5C5-0C22-4BDE-87FF-19C0AFA0C40C} -> profile=public | protocol=6 | dir=in | action=allow | name=dna (tcp-in) | app=c:\program files (x86)\dna\btdna.exe | 
    YN -> {DDBA50CA-2146-463F-8837-B6F762951266} -> profile=private | protocol=6 | dir=in | action=allow | name=&#956;torrent (tcp-in) | app=c:\program files (x86)\utorrent\utorrent.exe | 
    YN -> TCP Query User{45F32A17-20B8-4E34-8997-2D06DA920C5E}C:\program files (x86)\utorrent\utorrent.exe -> profile=public | protocol=6 | dir=in | action=allow | name=&#956;torrent | app=c:\program files (x86)\utorrent\utorrent.exe | 
    YN -> TCP Query User{50DD9BB2-A383-44C2-AA85-354E06782E44}C:\users\elaine\program files (x86)\dna\btdna.exe -> profile=public | protocol=6 | dir=in | action=allow | name=btdna.exe | app=c:\users\elaine\program files (x86)\dna\btdna.exe | 
    YN -> TCP Query User{70525E0E-0C37-4FF1-AA2C-0BDC93D67113}C:\program files (x86)\bittorrent\bittorrent.exe -> profile=public | protocol=6 | dir=in | action=allow | name=bittorrent | app=c:\program files (x86)\bittorrent\bittorrent.exe | 
    YN -> TCP Query User{79A17E57-7EBF-47B2-9B00-EF6078F2E609}C:\program files (x86)\bittorrent\bittorrent.exe -> profile=private | protocol=6 | dir=in | action=allow | name=bittorrent | app=c:\program files (x86)\bittorrent\bittorrent.exe | 
    YN -> TCP Query User{96261BB4-7D00-469C-A3B2-48F24FD9BE41}C:\users\elaine\program files (x86)\dna\btdna.exe -> profile=private | protocol=6 | dir=in | action=block | name=btdna.exe | app=c:\users\elaine\program files (x86)\dna\btdna.exe | 
    YN -> UDP Query User{BE62116F-3FD1-4E97-8441-260DF4FB7B9D}C:\users\elaine\program files (x86)\dna\btdna.exe -> profile=public | protocol=17 | dir=in | action=allow | name=btdna.exe | app=c:\users\elaine\program files (x86)\dna\btdna.exe | 
    YN -> UDP Query User{CF533DFD-8178-45B0-857B-1E92D4862D08}C:\program files (x86)\bittorrent\bittorrent.exe -> profile=public | protocol=17 | dir=in | action=allow | name=bittorrent | app=c:\program files (x86)\bittorrent\bittorrent.exe | 
    YN -> UDP Query User{E84F8E83-7390-4507-B5A6-8B644CA9004C}C:\program files (x86)\utorrent\utorrent.exe -> profile=public | protocol=17 | dir=in | action=allow | name=&#956;torrent | app=c:\program files (x86)\utorrent\utorrent.exe | 
    YN -> UDP Query User{F6B3AB09-63CC-48B6-A8E1-10882D372BD5}C:\program files (x86)\bittorrent\bittorrent.exe -> profile=private | protocol=17 | dir=in | action=allow | name=bittorrent | app=c:\program files (x86)\bittorrent\bittorrent.exe | 
    YN -> UDP Query User{F6D2AB80-ABA7-4E0B-A305-3F00FD5966E5}C:\users\elaine\program files (x86)\dna\btdna.exe -> profile=private | protocol=17 | dir=in | action=block | name=btdna.exe | app=c:\users\elaine\program files (x86)\dna\btdna.exe | 
    < Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
    YN -> "C:\Program Files (x86)\BitTorrent\bittorrent.exe" -> C:\Program Files (x86)\BitTorrent\bittorrent.exe [C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent]
    YN -> "C:\Program Files (x86)\Combat Arms\CombatArms.exe" -> C:\Program Files (x86)\Combat Arms\CombatArms.exe [C:\Program Files (x86)\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe]
    YN -> "C:\Program Files (x86)\Combat Arms\Engine.exe" -> C:\Program Files (x86)\Combat Arms\Engine.exe [C:\Program Files (x86)\Combat Arms\Engine.exe:*Enabled:Engine.exe]
    < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2
    YN -> \E\shell\AutoRun\command\\"" -> E:\steambackup.exe [E:\steambackup.exe]
    YN -> \I\shell\AutoRun\command\\"" -> I:\SamsungSoftware\AppInst.exe [I:\SamsungSoftware\APPInst.exe]
    YN -> \{7ab3f048-b0e7-11de-8e71-001d927c8af4}\shell\AutoRun\command\\"" -> F:\setup.exe [F:\setup.exe]
    YN -> \{a731ae90-d115-11dd-9d8c-001d927c8af4}\shell\AutoRun\command\\"" -> G:\OblivionLauncher.exe [G:\OblivionLauncher.exe]
    YN -> \{a731ae91-d115-11dd-9d8c-001d927c8af4}\shell\AutoRun\command\\"" -> H:\autorun.exe [H:\autorun.exe -auto]
    YN -> \{d4ca626b-ba5e-11dd-b246-001d927c8af4}\shell\AutoRun\command\\"" -> F:\setup.exe [F:\setup.exe]
    YN -> \{d972acce-9b9d-11dd-ba7d-806e6f6e6963}\shell\AutoRun\command\\"" -> D:\Installer.exe [D:\Installer.exe]
    [Registry - Additional Scans - Safe List]
    < 64bit-Protocol Filters [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\
    YN -> text/xml:{807553E5-5146-11D5-A672-00B0D022E945} [HKLM] -> Reg Error: Key error.[Reg Error: Key error.]
    < 64bit-Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
    YN -> livecall:{828030A1-22C1-4009-854F-8E305202313F} [HKLM] -> Reg Error: Key error.[Reg Error: Key error.]
    YN -> msdaipp: [HKLM] -> No CLSID value
    YN -> msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} [HKLM] -> Reg Error: Key error.[Reg Error: Key error.]
    YN -> msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} [HKLM] -> Reg Error: Key error.[Reg Error: Key error.]
    YN -> msnim:{828030A1-22C1-4009-854F-8E305202313F} [HKLM] -> Reg Error: Key error.[Reg Error: Key error.]
    YN -> mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} [HKLM] -> Reg Error: Key error.[Reg Error: Key error.]
    YN -> mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} [HKLM] -> Reg Error: Key error.[Reg Error: Key error.]
    YN -> skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} [HKLM] -> Reg Error: Key error.[Reg Error: Key error.]
    [Files/Folders - Created Within 30 Days]
    NY ->  1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp
    NY ->  1 C:\Windows\*.tmp files -> C:\Windows\*.tmp
    [Files/Folders - Modified Within 30 Days]
    NY ->  MSASCui.exe -> C:\Users\Elaine\AppData\Local\MSASCui.exe
    NY ->  av.exe -> C:\Users\Elaine\AppData\Local\av.exe
    NY ->  aPH03i -> C:\Users\Elaine\AppData\Local\aPH03i
    NY ->  aPH03i -> C:\ProgramData\aPH03i
    NY ->  ave.exe -> C:\Users\Elaine\AppData\Local\ave.exe
    NY ->  Wv7V1mEL4UH -> C:\Users\Elaine\AppData\Local\Wv7V1mEL4UH
    NY ->  Wv7V1mEL4UH -> C:\ProgramData\Wv7V1mEL4UH
    NY ->  1633618601.dll -> C:\Users\Elaine\AppData\Local\1633618601.dll
    NY ->  8Cq4r -> C:\Users\Elaine\AppData\Local\8Cq4r
    NY ->  8Cq4r -> C:\ProgramData\8Cq4r
    NY ->  StgDG0o88PK -> C:\Users\Elaine\AppData\Local\StgDG0o88PK
    NY ->  StgDG0o88PK -> C:\ProgramData\StgDG0o88PK
    NY ->  1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp
    NY ->  1 C:\Windows\*.tmp files -> C:\Windows\*.tmp
    [Files - No Company Name]
    NY ->  MSASCui.exe -> C:\Users\Elaine\AppData\Local\MSASCui.exe
    NY ->  av.exe -> C:\Users\Elaine\AppData\Local\av.exe
    NY ->  aPH03i -> C:\Users\Elaine\AppData\Local\aPH03i
    NY ->  aPH03i -> C:\ProgramData\aPH03i
    NY ->  ave.exe -> C:\Users\Elaine\AppData\Local\ave.exe
    NY ->  1633618601.dll -> C:\Users\Elaine\AppData\Local\1633618601.dll
    NY ->  Wv7V1mEL4UH -> C:\Users\Elaine\AppData\Local\Wv7V1mEL4UH
    NY ->  Wv7V1mEL4UH -> C:\ProgramData\Wv7V1mEL4UH
    NY ->  8Cq4r -> C:\Users\Elaine\AppData\Local\8Cq4r
    NY ->  8Cq4r -> C:\ProgramData\8Cq4r
    NY ->  StgDG0o88PK -> C:\Users\Elaine\AppData\Local\StgDG0o88PK
    NY ->  StgDG0o88PK -> C:\ProgramData\StgDG0o88PK
    [Custom Scans]
    NY ->  1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp
    [Alternate Data Streams]
    NY -> @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
    NY -> @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:05EE1EEF
    NY -> @Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:DFC5A2B2
    [Empty Temp Folders]
    [Reboot]
    The fix should only take a very short time. When the fix is completed a message box will popup either telling you that it is finished, or that a reboot is needed to complete the fix. If the fix is complete, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that log back here in your next reply.

    If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTS will finish moving any files that could not be moved during the fix and NotePad will open with the final results at that time. Post that log back here in your next reply.


    NEXT:



    Malwarebytes' Anti-Malware

    I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:


    • Open Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Check for Updates
    • After the update have been completed, Select the Scanner tab.
    • Select Perform quick scan, then click on Scan
    • Leave the default options as it is and click on Start Scan
    • When done, you will be prompted. Click OK, then click on Show Results
    • Checked (ticked) all items and click on Remove Selected
    • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest

    Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



    NEXT:



    Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

    1. Click Accept, when prompted to download and install the program files and database of malware definitions.

    2. To optimize scanning time and produce a more sensible report for review:

    • Close any open programs
    • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.

    3. Click Run at the Security prompt.

    The program will then begin downloading and installing and will also update the database.
    Please be patient as this can take quite a long time to download.

    • Once the update is complete, click on Settings.
    • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

      • [*]Spyware, adware, dialers, and other riskware
        [*]Archives
        [*]E-mail databases
    • Click on My Computer under the green Scan bar to the left to start the scan.
    • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
    • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
    • Click View report... at the bottom.
    • Click the Save report... button.

      [​IMG]
    • Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply



    NEXT:



    Please make sure you include the following items in your next post:
    1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
    2. An answer to the questions posed to you above.
    3. The log that was produced after running the OTS fix.
    4. The log that was produced after running the MalwareBytes' Anti-Malware scan.
    5. The log that was produced after running the Kaspersky Online Scanner.
    6. An update on how your computer is currently running.​
    It would be helpful if you could answer each question in the order asked, as well as numbering your answers.
     
  6. SweetTech

    SweetTech

    Joined:
    Dec 31, 1969
    Messages:
    1,016
    Do you still need help with your machine?

    If the instructions are unclear or something isn't working, please let me know before proceeding.
     
  7. SweetTech

    SweetTech

    Joined:
    Dec 31, 1969
    Messages:
    1,016
    It has been 5 or more days since I've last had a response from you. This thread will now be removed from my Subscribed Topics list.

    SweetTech.
     
  8. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/914481

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice