Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Suspected malware after regular unexpected shutdowns.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Suspected malware after regular unexpected shutdowns.

Unread postby Equaliser » November 17th, 2010, 11:20 pm

Hello

I am having some unusual issues with my windows 7 32b PC.

I am having unexpected shutdowns. When I restart I am met with an error message stating windows has recovered from an unexpected error. i have ran windows 7 built in memory test and it found no errors. I also ran
sfc /scannow in command prompt. this also found no file integrity problems. I use Ccleaner and AFT to clean my system of junk regularly and i also regularly defrag my HDD.
I am also having a high CPU usage.
I also make sure I have up to date drivers for my pc.

I am also having system lock ups and my system slows down to a crawl.
I keep my Norton is 2011 full updated. I also keep windows7 fully updated at all times.
I am also very careful about my on line activities and my email viewing.

I use World of Warcraft a lot i have been playing fro a few years now. so I do browse various third party wow support sites and forums. I am very concerned I might have picked something up from one of those web sites. and that someone is trying to steal my passwords.

i have used various anti spyware and anti virus scanners. and nothing has been found. but.
i am sure there is some sort of hidden malware on my system.

can somebody please help me to fix my system and make sure there is no malware present.

I appreciate any help. Thanks in advance.
Equaliser
Active Member
 
Posts: 10
Joined: March 27th, 2010, 12:19 pm
Advertisement
Register to Remove

Re: Suspected malware after regular unexpected shutdowns.

Unread postby Equaliser » November 17th, 2010, 11:21 pm

Here is my HJT scan log file :

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 03:07:02, on 18/11/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Program Files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\user\AppData\Local\Apps\2.0\BYLK0ZEV.RJW\R9NJZBPD.GW5\curs..tion_eee711038731a406_0004.0000_1829574f2226d088\CurseClient.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Users\user\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Users\user\Desktop\MALWAR~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\IPSBHO.DLL
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\coIEPlg.dll
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - Startup: CurseClientStartup.ccip
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Users\user\Desktop\MALWAR~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Users\user\Desktop\MALWAR~1\SPYBOT~1\SDHelper.dll
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Users\user\Desktop\Malware Removal Tools\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

--
End of file - 3630 bytes
Equaliser
Active Member
 
Posts: 10
Joined: March 27th, 2010, 12:19 pm

Re: Suspected malware after regular unexpected shutdowns.

Unread postby Equaliser » November 17th, 2010, 11:22 pm

Here is my HJT uninstall list :

Adobe Flash Player 10 Plugin
Advanced SystemCare 3
Auslogics BoostSpeed Special Edition
Catalyst Control Center - Branding
CCleaner
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Dell Touchpad
Dell Wireless WLAN Card Utility
EULAlyzer 2.0
IObit Security 360
Malwarebytes' Anti-Malware
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft Office Word Viewer 2003
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.6.12)
Mozilla Thunderbird (3.1.6)
MRU-Blaster v1.5 (Database 3/28/2004)
Norton Internet Security
Rapport
Registry First Aid
Revo Uninstaller 1.90
RICOH Media Driver ver.2.07.01.04
Secunia PSI
Smart Defrag
Spybot - Search & Destroy
SUPERAntiSpyware
Ventrilo Client
World of Warcraft
Equaliser
Active Member
 
Posts: 10
Joined: March 27th, 2010, 12:19 pm

Re: Suspected malware after regular unexpected shutdowns.

Unread postby Wingman » November 21st, 2010, 6:27 pm

May I draw your attention to the Forum Posting Rules - Please Read, specifically this, which should have been read, before posting for help.

We're sorry, but it is necessary to close your topic because you have replied to it prior to receiving a response from a helper.

Due to adding on to your topic with your second and third posts, it is highly unlikely that you would have received a response. Our helpers are looking for topics with zero responses. When you post replies to your own topic, it no longer has zero responses, and so it appears that you have received help when in fact, you have not.

If you still require help, please open a new thread in the Malware Removal forum and wait for assistance. Please do not run additional programs and/or post additional logs. Just your HijackThis log and Uninstall List to start with is adequate. Your helper will ask for additional logs as needed. DO NOT reply to your own topic until you have received a response from a helper. Be patient. There are others who have been waiting longer than you, so do not expect an immediate reply.
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14347
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 331 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware