Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Malware.MyWebSearch and more

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Malware.MyWebSearch and more

Unread postby bulock » September 1st, 2011, 3:33 pm

I have been battling a mystery concoction of viruses on my father's laptop and am looking for a little assistance in the removal process.

Notes:
    There is a partition he claims to not have created. Its name is 'HP_TOOLS' and is 1.00 GB in total size with 64 MB free space remaining. Of course nothing (hidden or otherwise) shows up on file explorer.
    I am unable to run HiJackThis! under any conditions. The process is terminated immediately after beginning any sort of scan
    Privileges have been removed from certain user accounts.

There are other symptoms of course, but these are just a few things I have encountered. Hopefully some of them ring a bell.

Below is the results of DDS (dds.txt):

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Run by Rick.Monteith at 14:18:29 on 2011-09-01
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1976.1183 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
c:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\WINDOWS\3203397148:3809022017.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\msdtc.exe
c:\Program Files\ActivIdentity\ActivClient\accoca.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\Allume\StuffIt\MXTask.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Allume\StuffIt\mxtask.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Common Files\AOL\1272647181\ee\AOLSoftware.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
C:\WINDOWS\system32\dumprep.exe
C:\Program Files\Adware Professional\Adware Professional.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\MySoftware\NewsFlsh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uLocal Page = \blank.htm
uStart Page = hxxp://www.google.com/
uWindow Title = Internet Explorer, optimized for Bing and MSN
uInternet Settings,ProxyServer = http=127.0.0.1:58667
uInternet Settings,ProxyOverride = *.local;192.168.*.*
uURLSearchHooks: H - No File
uURLSearchHooks: N/A: {a24f3f59-1021-4e02-856c-99d9b4a03d83} - c:\program files\soccerinferno\bar\1.bin\j2SrcAs.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Toolbar BHO: {285028f8-201e-4f8f-827b-7381fc181c3e} - c:\progra~1\soccer~2\bar\1.bin\j2bar.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Search Assistant BHO: {73b8e1fd-331f-4c17-8613-8a3034d3b0ca} - c:\program files\soccerinferno\bar\1.bin\j2SrcAs.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: SoccerInferno: {c5a318c1-d1d9-41f0-85fe-41cc9fb25e75} - c:\program files\soccerinferno\bar\1.bin\j2bar.dll
TB: {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [YouSendIt.exe] c:\program files\yousendit\express\YouSendIt.exe -ui none
uRun: [HLBackupScheduler] c:\program files\verizon v cast media manager\V CAST Backup Scheduler.exe
uRun: [Security Protection] c:\documents and settings\all users\application data\defender.exe
uRun: [Adware Professional] c:\program files\adware professional\Adware Professional.exe
mRun: [MsmqIntCert] regsvr32 /s mqrt.dll
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [accrdsub] "c:\program files\actividentity\activclient\accrdsub.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [Cpqset] c:\program files\hewlett-packard\default settings\cpqset.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [HostManager] c:\program files\common files\aol\1272647181\ee\AOLSoftware.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Boingo Wi-Fi] "c:\program files\boingo\boingo wi-fi\Boingo.lnk"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mysoft~1.lnk - c:\program files\common files\mysoftware\NewsFlsh.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{d25122bc-a60e-4663-b602-b01718f12044}\Icon3E5562ED7.ico
IE: &Search - http://tbedits.soccerinferno.com/one-to ... 2011071317
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: mswsock.dll
Trusted Zone: google.com\www
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{68552A95-B7B8-4297-B806-A4F4C5605FCD} : DhcpNameServer = 192.168.1.1
Notify: ackpbsc - c:\windows\system32\ackpbsc.dll
Notify: acunlock - c:\program files\actividentity\activclient\acunlock.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\615\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\rick.monteith\application data\mozilla\firefox\profiles\qk34k2bb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aolTB50CL-chromesbox-en-us
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4e540e33 ... g=en-US&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 58667
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\rick.monteith\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\soccerinferno\bar\1.bin\NPj2Stub.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [2008-3-28 24064]
R2 accoca;ActivClient Middleware Service;c:\program files\actividentity\activclient\accoca.exe [2007-5-15 182576]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-9-1 366640]
R2 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2011-4-26 223088]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2008-5-13 475520]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-7-8 193840]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2007-4-4 41216]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-9-1 22712]
S2 0078841314824761mcinstcleanup;McAfee Application Installer Cleanup (0078841314824761);c:\docume~1\rick~1.mon\locals~1\temp\007884~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\rick~1.mon\locals~1\temp\007884~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-6 136176]
S2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-8-31 271480]
S2 SoccerInfernoService;SoccerInfernoService;c:\progra~1\soccer~2\bar\1.bin\j2barsvc.exe [2011-7-13 42504]
S2 tmevtmgr;tmevtmgr;\??\c:\windows\system32\drivers\tmevtmgr.sys --> c:\windows\system32\drivers\tmevtmgr.sys [?]
S2 TmFilter;Trend Micro Filter;\??\c:\program files\trend micro\officescan client\tmxpflt.sys --> c:\program files\trend micro\officescan client\TmXPFlt.sys [?]
S2 TmPreFilter;Trend Micro PreFilter;\??\c:\program files\trend micro\officescan client\tmpreflt.sys --> c:\program files\trend micro\officescan client\TmPreFlt.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-6-6 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\mcafee security scan\2.0.181\mcchsvc.exe" --> c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [?]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2009-5-25 32408]
S3 TmProxy;OfficeScan NT Proxy Service;"c:\program files\trend micro\officescan client\tmproxy.exe" --> c:\program files\trend micro\officescan client\TmProxy.exe [?]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-09-01 16:45:15 -------- d-----w- c:\program files\Adware Professional
2011-09-01 16:13:21 -------- d-----w- c:\windows\system32\appmgmt
2011-09-01 16:12:52 -------- d-----w- c:\program files\common files\Software Update Utility
2011-09-01 15:33:53 -------- d-----w- c:\documents and settings\rick.monteith\application data\Malwarebytes
2011-09-01 15:33:45 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-09-01 15:33:45 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-09-01 15:33:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-01 15:33:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-31 22:52:27 33588 ----a-r- c:\windows\system32\drivers\wanatw4.sys
2011-08-31 21:05:17 -------- d-----w- c:\program files\common files\Mcafee
2011-08-31 21:05:13 -------- d-----w- c:\program files\McAfee.com
2011-08-31 21:04:55 -------- d-----w- c:\program files\McAfee
2011-08-31 18:32:57 43408 --sha-w- c:\windows\system32\c_47915.nl_
2011-08-31 16:29:04 88736 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2011-08-31 16:17:54 89872 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2011-08-31 15:41:34 -------- d-----w- c:\documents and settings\all users\application data\Citrix
2011-08-31 15:35:18 -------- d-----w- c:\documents and settings\rick.monteith\local settings\application data\Citrix
2011-08-31 15:35:09 103784 ----a-w- c:\documents and settings\rick.monteith\GoToAssistDownloadHelper.exe
2011-08-31 15:25:58 -------- d-----w- c:\program files\AOL Desktop 9.6a
2011-08-30 23:15:21 4194304 ----a-w- c:\windows\system32\nqrupmok.dll
2011-08-30 23:15:14 838656 ----a-w- c:\documents and settings\all users\application data\defender.exe
2011-08-23 20:33:39 -------- d-----w- c:\documents and settings\rick.monteith\application data\AVG10
2011-08-23 20:31:58 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2011-08-23 20:30:11 -------- d-----w- c:\windows\system32\drivers\AVG
2011-08-23 20:30:11 -------- d-----w- c:\documents and settings\all users\application data\AVG10
2011-08-23 20:29:44 -------- d-----w- c:\program files\AVG
2011-08-23 20:19:55 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2011-08-22 16:55:48 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-08-22 16:55:48 -------- d-----w- c:\windows\system32\wbem\Repository
2011-08-20 19:44:57 -------- d-----w- c:\documents and settings\all users\application data\Verizon
2011-08-20 19:44:54 -------- d-----w- c:\documents and settings\rick.monteith\local settings\application data\V CAST Media Manager
2011-08-20 19:44:34 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2011-08-20 19:44:34 57344 ----a-w- c:\windows\system32\ff_vfw.dll
2011-08-20 19:43:39 -------- d-----w- c:\program files\Verizon V CAST Media Manager
2011-08-20 19:31:21 -------- d-----w- c:\program files\common files\Motorola Shared
2011-08-20 19:31:18 -------- d-----w- c:\program files\Motorola
2011-08-18 18:29:05 -------- d-----w- c:\windows\pss
.
==================== Find3M ====================
.
2011-08-31 19:01:14 14848 ----a-w- c:\windows\system32\agrsmsvc.exe
2011-08-31 15:18:34 58696 ----a-w- c:\windows\system32\AOLParconLink.exe
2011-07-20 14:56:51 72080 ------w- c:\documents and settings\rick.monteith\g2mdlhlpx.exe
2011-07-06 13:21:54 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-09 22:17:57 102400 ----a-w- c:\windows\RegBootClean.exe
.
============= FINISH: 14:19:27.70 ===============


Thanks in advance. Hopefully this is enough detail for at least a shove in the right direction.
bulock
Active Member
 
Posts: 2
Joined: September 1st, 2011, 3:23 pm
Advertisement
Register to Remove

Re: Malware.MyWebSearch and more

Unread postby deltalima » September 1st, 2011, 4:06 pm

Hi bulock,

Your fathers computer looks like a computer used for business, please confirm.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Malware.MyWebSearch and more

Unread postby bulock » September 1st, 2011, 4:09 pm

It is, however their IT department has relinquished any responsibility over it. They asked him to take it to any local tech support company.
bulock
Active Member
 
Posts: 2
Joined: September 1st, 2011, 3:23 pm

Re: Malware.MyWebSearch and more

Unread postby deltalima » September 1st, 2011, 4:11 pm

I see you are posting for help for a "Business" computer.

May I draw your attention to THIS topic, which you should have read before posting for help.

The section Posting for help for business machines explains why we do not offer help for such computers.

This topic is now closed
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 45 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware