Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

WMSNCS BUG ALL OVER PROCESSES, AND START MENU

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

WMSNCS BUG ALL OVER PROCESSES, AND START MENU

Unread postby devdevl » February 24th, 2009, 3:47 pm

I HAVE WMSNCS VIRUS INVADING MY START MENU AND PROCESSES....I AM CURRENTLY USING WIN PATROL AND ASHAMPOO ANTI-VIRUS TO PREVENT IT FROM CONNECTING TO THE NET, BUT IT TRIES HUNDREDS OF TIMES TO CONNECT...SO IT REALLY SLOWS DOWN THE PROCESSOR....BELOW IS MY HIJACK THIS LOG...THANKS

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:16:44 PM, on 2/24/2009
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Fonts\wmsncs.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINNT\explorer.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\NetZero\qsacc\x1exec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\FRANK\Desktop\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.mc520.mail.yahoo.com/mc/welco ... u8k68s4e6f
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:7900
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 64.136.44.66;64.136.52.66;64.136.52.70;searchap.untd.com;127.0.0.1;localhost;*microsoft.com;*windowsupdate.com;*wustat.windows.com;*.pogo.com;*test-speed.com;liveupdate.symantecliveupdate.com;*symantec.com;*.nai.com;*.networkassociates.com;*.dir.untd.com;cf.netzero.net;qs.netzero.net;*.aolcdn.com;*.quicken.com;<local>
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NetZero\SearchEnh1.dll
F2 - REG:system.ini: Shell=explorer.exe "C:\WINNT\Fonts\wmsncs.exe"
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-up Blocker - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\x1IEBHO.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [NvidMediaCenter] C:\Program Files\Common Files\System\wmsncs.exe
O4 - HKLM\..\Run: [Wins Service] C:\WINNT\system32\wins\wmsncs.exe
O4 - HKLM\..\Run: [Wmsncs Service] C:\WINNT\Fonts\wmsncs.exe
O4 - HKLM\..\Run: [Spool Driver Service] C:\WINNT\system32\spool\drivers\wmsncs.exe
O4 - HKLM\..\Run: [Ashampoo FireWall] "C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe" -TRAY
O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKUS\.DEFAULT\..\Run: [Wmsncs Service] C:\WINNT\Fonts\wmsncs.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [NvidMediaCenter] C:\Program Files\Common Files\System\wmsncs.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Spool Driver Service] C:\WINNT\system32\spool\drivers\wmsncs.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Wins Service] C:\WINNT\system32\wins\wmsncs.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: wmsncs.exe
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - https://us.dl1.yimg.com/download.yahoo. ... 040510.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 5376232356
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{38FE8843-7EE6-4C64-8052-C393009AFF47}: NameServer = 64.136.52.73 64.136.44.73
O17 - HKLM\System\CS1\Services\Tcpip\..\{38FE8843-7EE6-4C64-8052-C393009AFF47}: NameServer = 64.136.52.73 64.136.44.73
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 5858 bytes
devdevl
Active Member
 
Posts: 6
Joined: February 24th, 2009, 3:16 pm
Advertisement
Register to Remove

Re: WMSNCS BUG ALL OVER PROCESSES, AND START MENU

Unread postby Bio-Hazard » February 28th, 2009, 9:53 am

Hello and Welcome to forums!

My name is Bio-Hazard and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:

  • I will be working on your Malware issues this may or may not solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • I f you don't know or understand something please don't hesitate to ask.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • It is important that you reply to this thread. Do not start a new topic.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Absence of symptoms does not mean that everything is clear.

No Reply Within 5 Days Will Result In Your Topic Being Closed!!
User avatar
Bio-Hazard
MRU Master Emeritus
 
Posts: 4078
Joined: May 10th, 2007, 8:28 am
Location: Cornwall, UK

Re: WMSNCS BUG ALL OVER PROCESSES, AND START MENU

Unread postby Bio-Hazard » February 28th, 2009, 10:10 am

Hello!

In the forums writing in capitals is considered yelling, so no need to write with capitals.


SDFix
If you already have SDFix, delete it & download it again as it's being updated regularly.
Download SDFix by AndyManchesta and save it to your desktop.
  • Double click on SDFix.exe. By default, it will install to C:\
  • Click on Install
  • Don't run it yet
Print out or save this set of instructions as you will not have internet access during the fix.
Restart the computer in Safe Mode
:!: Let me know if you can't boot into Safe Mode. Do not continue with the fixes.
  • When you see the BIOS screen, start pressing F8 repeatedly
  • A boot menu will appear
  • Using the up down arrows, select Safe Mode and press the Enter key
  • Windows will now load
  • Log in to your usual account
  • Navigate to C:\SDfix (if you installed it to the default location, otherwise, locate where you installed it)
  • Double click on RunThis.bat
  • Type Y to begin the cleanup process
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot
  • When the PC restarts the tool will run again and complete the removal process then display Finished
  • Press any key to end the script and load your desktop icons
  • Once the desktop icons load, the SDFix report will open on screen. You can also find the report in SDFix folder, named Report.txt
  • Copy & paste the contents of the log in your next reply


Antivirus

Looking over your log it seems you don't have any evidence of an anti-virus software.

Anti-virus software are programs that detect cleans and erase harmful virus files on a computer
Web server or network.
Unchecked virus files can unintentionally be forwarded to others including trading partners and thereby spreading infection. Because new viruses regularly emerge anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present and will clean delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors NOW:


It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer then only one of them should be active in memory at a time.

Please run a full scan with the Antivirus program you have installed. Post that log for me to see.

Logs/Information to Post in Next Reply

Please post the following logs/Information in your reply:
  • SDFIX report
  • Antivirus log, if possible
  • A fresh HijackThis Log ( after all the above has been done)
  • A description of how your computer is behaving
User avatar
Bio-Hazard
MRU Master Emeritus
 
Posts: 4078
Joined: May 10th, 2007, 8:28 am
Location: Cornwall, UK

Re: WMSNCS BUG ALL OVER PROCESSES, AND START MENU

Unread postby devdevl » February 28th, 2009, 6:34 pm

here is my sdfix log

SDFix: Version 1.240
Run by FRANK on Sat 02/28/2009 at 2:57p

Microsoft Windows 2000 [Version 5.00.2195]
Running From: C:\SDFix

Checking Services :

Name :
NET Runtime Optimization Service v2.1.41329_X86

Path :
"C:\WINNT\Fonts\wmsncs.exe"

NET Runtime Optimization Service v2.1.41329_X86 - Deleted



Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\wmsncs.exe - Deleted
C:\Program Files\Common Files\System\wmsncs.exe - Deleted
C:\WINNT\Fonts\wmsncs.exe - Deleted
C:\WINNT\system32\i - Deleted
C:\WINNT\System32\spool\drivers\wmsncs.exe - Deleted
C:\WINNT\system32\wins\wmsncs.exe - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-28 15:12:19
Windows 5.0.2195 Service Pack 4 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :



Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Fri 27 Feb 2009 145,920 ..SHR --- "C:\Program Files\BillP Studios\WinPatrol\Setup.exe"

Finished!
devdevl
Active Member
 
Posts: 6
Joined: February 24th, 2009, 3:16 pm

Re: WMSNCS BUG ALL OVER PROCESSES, AND START MENU

Unread postby devdevl » February 28th, 2009, 6:39 pm

the antivirus program I downloaded was corupt...it was 20.4 meg, and I have dial-up, so I'll just use my free norton later, and win patrol...below is my hijack this log after running sdfix....thanks
devdevl
Active Member
 
Posts: 6
Joined: February 24th, 2009, 3:16 pm

Re: WMSNCS BUG ALL OVER PROCESSES, AND START MENU

Unread postby devdevl » February 28th, 2009, 6:40 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:33:43 PM, on 2/28/2009
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\NetZero\qsacc\x1exec.exe
C:\WINNT\explorer.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\FRANK\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.mc520.mail.yahoo.com/mc/welco ... u8k68s4e6f
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:7900
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 64.136.44.66;64.136.52.66;64.136.52.70;searchap.untd.com;127.0.0.1;localhost;*microsoft.com;*windowsupdate.com;*wustat.windows.com;*.pogo.com;*test-speed.com;liveupdate.symantecliveupdate.com;*symantec.com;*.nai.com;*.networkassociates.com;*.dir.untd.com;cf.netzero.net;qs.netzero.net;*.aolcdn.com;*.quicken.com;<local>
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NetZero\SearchEnh1.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-up Blocker - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\x1IEBHO.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Ashampoo FireWall] "C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe" -TRAY
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [MSConfig] C:\Documents and Settings\FRANK\Desktop\msconfig.exe /auto
O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - https://us.dl1.yimg.com/download.yahoo. ... 040510.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 5376232356
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{38FE8843-7EE6-4C64-8052-C393009AFF47}: NameServer = 64.136.44.74 64.136.52.74
O17 - HKLM\System\CS1\Services\Tcpip\..\{38FE8843-7EE6-4C64-8052-C393009AFF47}: NameServer = 64.136.44.74 64.136.52.74
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 5139 bytes
devdevl
Active Member
 
Posts: 6
Joined: February 24th, 2009, 3:16 pm

Re: WMSNCS BUG ALL OVER PROCESSES, AND START MENU

Unread postby Bio-Hazard » March 1st, 2009, 5:12 am

Hello!

You need to install a Antivirus program as soon as possible.


Move HijackThis
You currently are running HijackThis from here: C:\Documents and Settings\FRANK\Desktop\HijackThis.exe

Please make a folder here: c:\HJT and place HijackThis in that folder.

DO NOT follow the steps below until you have moved HijackThis.



Remove HijackThis entries

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm


  • Close all open windows and browsers/email etc...
  • Click on the Fix Checked button
  • When completed close the application.


Uninstall list

Make an uninstall list using HijackThis. To access the Uninstall Manager you would do the following:

  • Start HijackThis
  • Click on the Config button
  • Click on the Misc Tools button
  • Click on the Open Uninstall Manager button.
  • Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.


Malwarebytes' Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.

  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the Perform Full Scan option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and Scan in progress will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say The scan completed successfully. Click 'Show Results' to display all objects found.
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Logs/Information to Post in Next Reply

Please post the following logs/Information in your reply:
  • Malwarebytes Antimalware log
  • Hijackthis Uninstall list
  • A fresh HijackThis Log ( after all the above has been done)
  • A description of how your computer is behaving
User avatar
Bio-Hazard
MRU Master Emeritus
 
Posts: 4078
Joined: May 10th, 2007, 8:28 am
Location: Cornwall, UK

Re: WMSNCS BUG ALL OVER PROCESSES, AND START MENU

Unread postby devdevl » March 1st, 2009, 9:05 pm

HERE IS HIJACK THIS UNINSTALL FILE AND MALWAREBYTES RESULT

Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0
Ashampoo FireWall 1.20
Avery DesignPro
Click'N Design 3D
DriveImage XML
DriverAgent by eSupport.com
EASEUS Partition Manager 3.0 Home Edition
Easy CD & DVD Creator 6
HijackThis 2.0.2
HP Print Diagnostic Utility
HP PSC & OfficeJet 3.5
K-Lite Codec Pack 4.5.3 (Basic)
Malwarebytes' Anti-Malware
Mozilla Firefox (2.0.0.20)
Nero 7 Essentials
neroxml
NetZero HiSpeed (remove only)
NetZero Internet
Norton AntiVirus SCSSDist MSI
OXD Software Movie Organizer
PageBreeze Free HTML Editor
Roxio DVDMAX Player
Speeditup Free 4.75
Spyware Begone Free V8.15
TDK Launcher
Windows 2000 Service Pack 4
Windows Installer 3.0 (KB884016)
WinPatrol 2008
XXClone ver 0.58.0
Yahoo! Internet Mail
Yahoo! Mail Advisor
Yahoo! Software Update
Yahoo! Toolbar

Malwarebytes' Anti-Malware 1.34
Database version: 1766
Windows 5.0.2195 Service Pack 4

3/1/2009 5:56:48 PM
mbam-log-2009-03-01 (17-56-48).txt

Scan type: Full Scan
Objects scanned: 53822
Time elapsed: 5 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINNT\system32\internat.exe (Trojan.Agent) -> Quarantined and deleted successfully.
devdevl
Active Member
 
Posts: 6
Joined: February 24th, 2009, 3:16 pm

Re: WMSNCS BUG ALL OVER PROCESSES, AND START MENU

Unread postby Bio-Hazard » March 2nd, 2009, 8:17 am

Hello!

I still need this information:
A fresh HijackThis Log ( after all the above has been done)
A description of how your computer is behaving



Delisted Rogue Antispyware Program

You have a program called Spyware Begone Free V8.15 installed on your computer. This program was until recently classified as a Rogue antispyware program. Typically, rogue programs do not provide any security benefits, and use false positives to goad users into purchasing a full version of the program. Due to it's tainted history, and the availability of more reputable programs for free. I strongly suggest you remove it- to do so:

  • Click Start
  • Go to Control Panel
  • Go to Add/Remove Programs
  • Find and click Remove for the following (if present):

    Spyware Begone Free V8.15

NOTE: Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.
User avatar
Bio-Hazard
MRU Master Emeritus
 
Posts: 4078
Joined: May 10th, 2007, 8:28 am
Location: Cornwall, UK

Re: WMSNCS BUG ALL OVER PROCESSES, AND START MENU

Unread postby NonSuch » March 7th, 2009, 5:28 am

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27300
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 60 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware