Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

help needed

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

help needed

Unread postby farcon » June 13th, 2012, 8:50 am

hi

attached are my dds and attach txt results and my problem is when i use firefox there comes a pop up window with this url `http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=800x440&section=2922708&pub_url=${PUB_URL` and i think that s because of clicking ads to download from sharecash and the downloaded programs over sharecash......

DDS Results

.
DDS (Ver_11-05-19.01) - NTFSx86 MINIMAL
Internet Explorer: 8.0.7600.16385
Run by aycan at 15:21:29 on 2012-06-12
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1024.567 [GMT -7:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\DllHost.exe
C:\Users\aycan\Downloads\dds.scr
C:\Windows\system32\WSCRIPT.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
uRun: [NokiaOviSuite2] c:\program files\nokia\nokia ovi suite\NokiaOviSuite.exe -tray
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
uRun: [SandboxieControl] "c:\program files\sandboxie\SbieCtrl.exe"
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles startup
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [RecSche] "c:\tvr\RecSche.exe"
mRun: [Smapp] c:\program files\analog devices\soundmax\SMTray.exe
mRun: [DrvLsnr] c:\program files\analog devices\soundmax\DrvLsnr.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
TCP: {561EBBF7-4242-4418-8200-15621F7A6661} = 212.65.129.2 212.65.140.142
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\aycan\appdata\roaming\mozilla\firefox\profiles\upheee7n.default\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
.
============= SERVICES / DRIVERS ===============
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-4-3 63928]
S2 BT848;CxVCap, WDM Video Capture;c:\windows\system32\drivers\cxvcap.sys [2012-5-7 68991]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 CXTUNER;CxTuner, WDM TvTuner;c:\windows\system32\drivers\cxtuner.sys [2012-5-7 30337]
S2 CXXBAR;CxXBar, WDM Crossbar;c:\windows\system32\drivers\cxxbar.sys [2012-5-7 9439]
S2 hshld;Hotspot Shield Service;c:\program files\hotspot shield\bin\openvpnas.exe [2012-1-17 331608]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe -product hss --> c:\program files\hotspot shield\bin\hsswd.exe -product HSS [?]
S2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2012-5-3 96056]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-15 257696]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-7-26 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-7-26 8576]
S3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2012-4-10 135440]
S3 SrvHsfPCI;SrvHsfPCI;c:\windows\system32\drivers\VSTBS23.SYS [2009-7-13 266752]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
.
=============== Created Last 30 ================
.
2012-06-11 17:45:22 -------- d-----w- c:\program files\VideoLAN
2012-06-10 21:43:49 -------- d-----w- c:\program files\CardRecovery
2012-06-10 20:08:10 -------- d-----w- c:\programdata\Nokia
2012-06-03 21:11:31 -------- d-----w- c:\programdata\PC Tools
2012-06-03 21:11:30 -------- d-----w- c:\users\aycan\appdata\roaming\TestApp
2012-06-03 16:43:36 -------- d-----w- c:\users\aycan\appdata\roaming\PCTools
2012-06-03 15:59:03 -------- d-----w- c:\program files\PC Tools
2012-06-03 11:24:55 203088 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-06-03 11:24:55 -------- d-----w- c:\program files\common files\PC Tools
2012-05-29 19:28:20 388096 ----a-r- c:\users\aycan\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-05-29 19:28:20 -------- d-----w- c:\program files\Trend Micro
2012-05-29 19:08:35 -------- d-sh--w- C:\$RECYCLE.BIN
2012-05-29 19:08:30 -------- d-----w- c:\users\aycan\appdata\local\temp
2012-05-29 18:50:06 98816 ----a-w- c:\windows\sed.exe
2012-05-29 18:50:06 518144 ----a-w- c:\windows\SWREG.exe
2012-05-29 18:50:06 256000 ----a-w- c:\windows\PEV.exe
2012-05-29 18:50:06 208896 ----a-w- c:\windows\MBR.exe
2012-05-25 07:41:21 -------- d-----w- c:\users\aycan\appdata\local\Mozilla
2012-05-25 06:56:31 -------- d-----r- C:\Sandbox
2012-05-25 06:54:57 -------- d-----w- c:\program files\Sandboxie
2012-05-25 06:49:41 -------- d-----w- c:\users\aycan\appdata\roaming\IDM
2012-05-25 06:49:41 -------- d-----w- c:\users\aycan\appdata\roaming\DMCache
2012-05-25 06:49:35 -------- d-----w- c:\program files\Internet Download Manager
2012-05-16 06:44:14 -------- d-----w- C:\Hotspot Shield
2012-05-16 06:42:11 -------- d-----w- c:\program files\Hotspot Shield
2012-05-16 06:02:48 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-16 06:02:48 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-16 05:08:22 6734704 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{05c320d4-5049-4ae5-906f-7c0fca58220b}\mpengine.dll
2012-05-16 05:08:20 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-16 04:39:54 -------- d-----w- C:\TVR
2012-05-16 01:18:43 -------- d-----w- c:\users\aycan\appdata\local\NokiaAccount
2012-05-16 01:07:11 -------- d-----w- c:\users\aycan\appdata\local\Nokia
2012-05-16 01:04:25 -------- d-----w- c:\program files\common files\Nokia
2012-05-16 01:03:52 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2012-05-16 01:03:42 -------- d-----w- c:\program files\PC Connectivity Solution
2012-05-16 01:02:57 75264 ----a-w- c:\windows\system32\nmwcdcls.dll
2012-05-16 01:02:01 -------- d-sh--w- c:\windows\Installer
2012-05-16 01:01:44 -------- d-----w- c:\programdata\NokiaInstallerCache
2012-05-16 01:01:44 -------- d-----w- c:\program files\Nokia
2012-05-16 01:00:18 -------- d-----w- c:\windows\system32\wbem\Performance
2012-05-16 00:56:30 356352 ----a-w- c:\windows\system32\NVUNINST.EXE
2012-05-16 00:56:27 729088 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iKernel.dll
2012-05-16 00:56:27 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\ctor.dll
2012-05-16 00:56:27 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\DotNetInstaller.exe
2012-05-16 00:56:27 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll
2012-05-16 00:56:27 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iscript.dll
2012-05-16 00:56:27 192512 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iuser.dll
2012-05-16 00:56:22 188548 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iGdi.dll
2012-05-16 00:56:21 311428 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\setup.dll
2012-05-16 00:56:16 -------- d-----w- C:\NVIDIA
2012-05-16 00:38:54 -------- d-----w- c:\users\aycan\appdata\local\ElevatedDiagnostics
2012-05-15 23:34:23 -------- d-----w- c:\windows\Panther
.
==================== Find3M ====================
.
2012-04-23 11:26:26 96056 ----a-w- c:\windows\system32\drivers\idmwfp.sys
.
============= FINISH: 15:22:12.85 ===============



ATTACH TXT

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-05-19.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 5/15/2012 3:42:23 PM
System Uptime: 6/12/2012 3:19:50 PM (0 hours ago)
.
Motherboard: Compaq | | 07E8h
Processor: Intel(R) Pentium(R) 4 CPU 2.00GHz | | 1994/769mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 10 GiB total, 0.141 GiB free.
D: is FIXED (NTFS) - 49 GiB total, 25.797 GiB free.
E: is FIXED (FAT32) - 49 GiB total, 4.626 GiB free.
F: is FIXED (NTFS) - 41 GiB total, 4.066 GiB free.
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
==== System Restore Points ===================
.
RP9: 5/29/2012 12:27:46 PM - Installed HiJackThis
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
CardRecovery 5.30
HiJackThis
Hotspot Shield 2.25
Internet Download Manager
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Mozilla Firefox 7.0.1 (x86 en-US)
MSVC80_x86_v2
MSVC90_x86
Nokia Connectivity Cable Driver
Nokia Ovi Suite
Nokia Ovi Suite Software Updater
NVIDIA Drivers
Ovi Desktop Sync Engine
OviMPlatform
PC Connectivity Solution
Sandboxie 3.68 (32-bit)
SoundMAX
VLC media player 1.1.11
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
WinRAR 4.20 beta 1 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
6/12/2012 3:21:17 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
6/12/2012 3:21:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
6/12/2012 3:21:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
6/12/2012 3:21:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
6/12/2012 3:21:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
6/12/2012 3:21:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/12/2012 3:20:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
6/12/2012 3:20:36 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000019 (0x00000003, 0x846a7668, 0x052f7b0a, 0x82832ee0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 061212-43703-01.
6/12/2012 3:20:20 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf ws2ifsl
6/12/2012 3:20:14 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
6/12/2012 3:20:14 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
6/12/2012 3:20:14 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
6/12/2012 3:20:14 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
6/12/2012 3:20:14 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
6/12/2012 3:20:14 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
6/12/2012 3:20:14 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
6/12/2012 3:20:14 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
6/12/2012 3:20:14 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
6/12/2012 3:20:14 PM, Error: Service Control Manager [7001] - The Hotspot Shield Service service depends on the DHCP Client service which failed to start because of the following error: The dependency service or group failed to start.
6/12/2012 3:20:14 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/12/2012 3:20:14 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
6/10/2012 9:24:48 PM, Error: Service Control Manager [7023] -
6/10/2012 9:21:55 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
.
==== End Of File ===========================
farcon
Active Member
 
Posts: 3
Joined: June 13th, 2012, 4:12 am
Advertisement
Register to Remove

Re: help needed

Unread postby askey127 » June 16th, 2012, 8:17 am

Hi farcon,
Firefox popups are the least of the problems on this machine.
Your hard drive is set up so that the C: drive is only 10Gb in size, and there are three other partitions (D, E, and F) which are roughly 50 Gb each.
This kind of setup is possible for a very old system like Windows 98, but impossible for Windows 7. It's amazing that anything functions at all.
Attempting to "Fix" any thing on this machine won't work because you don't have enough room to install the minimum Windows 7, Windows Updates, and an antivirus program.

What needs to be done is roughly this:
  • All critical data from drives D, E and F needs to be backed up onto CDs, DVDs, or USB drives.
  • Windows 7 needs to be re-installed, this time deleting all the old partitions, and in the simplest case, reformatting the entire 160 Gb drive into a single partition.
    You also could choose to install Windows in one of the 50Gb partitons, like in D:
    This would erase everything presently in the D: Drive.
  • As soon as the installation finishes, validate the copy of Windows 7
  • Go to Microsoft updates, get all the updates and Service pack 1.
  • Install an Antivirus (Microsoft Security Essentials or Avast Free will work).
Sorry we won't be able to help in the manner you envisioned.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: help needed

Unread postby askey127 » June 18th, 2012, 8:19 am

Since this issue needs to be addressed with a repartition, reformat, and reinstallation of Windows, this thread will be closed.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 52 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware