Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

Malware issues?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

Malware issues?

Unread postby Timmy258 » January 20th, 2010, 3:40 pm

Lately i have been having alot of problems with my computer. i have seen popups for bogus programs such as registry defender and regcure. my background has been canged to say:
YOUR SYSTEM IS INFECTED!

System has been stopped due to a serious malfunction.
Spyware activity has been detected.

It is recommended to use spyware removal tool to prevent data loss.
Do not use the computer before all spyware removed

Sometimes i am not able to open some or any of my programs.

When the problems started a was running McAfee but i reinstalled the OS a few weeks ago and installed the newest version of kaspersky and everything was mint for a few days until the problems started comin back. I've been doing research trying to find a solution which lead me to DL trendmicro HJT, Malawarebytes, Ad-Aware, and CCleaner. I havent been able to run Malwarebytes or Ad-Aware tho. At the end of the install on both a window pops up that says:
unable to execute file
c:\program files...

CreateProcess failed; code2
The system cannot find the file specified.
[okay]

I was able to install and run CCleaner (good idea?) but idk how much it helped.

here is my HJT file
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:19:01 PM, on 1/20/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gateway.com/g/sidepanel.html ... B&M=MX6448
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html ... B&M=MX6448
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html ... B&M=MX6448
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html ... B&M=MX6448
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html ... B&M=MX6448
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: (no name) - {9befeb47-756b-4f14-a522-00775e50e320} - kubuyula.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [fehuwiluse] Rundll32.exe "vidohosi.dll",s
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKLM\..\Run: [siposerok] Rundll32.exe "c:\windows\system32\pasaruwe.dll",a
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - Global Startup: Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.EXE
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - AppInit_DLLs: harupeza.dll C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll c:\windows\system32\pasaruwe.dll c:\windows\system32\gekuhiri.dll
O21 - SSODL: kasalibaz - {d46b188b-00ae-4731-8c88-2d6fbd3af1ea} - c:\windows\system32\gekuhiri.dll
O21 - SSODL: mukaniyuk - {e4a1a0ef-36b1-4f18-9061-d9d5e4722edd} - c:\windows\system32\pasaruwe.dll
O22 - SharedTaskScheduler: tokatiluy - {d46b188b-00ae-4731-8c88-2d6fbd3af1ea} - c:\windows\system32\gekuhiri.dll
O22 - SharedTaskScheduler: kupuhivus - {e4a1a0ef-36b1-4f18-9061-d9d5e4722edd} - c:\windows\system32\pasaruwe.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 6425 bytes

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~










here is my uninstall list
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
Bejeweled 2 Deluxe
BitTorrent
Blasterball 2 Revolution
Broadcom 802.11 Network Adapter
Browser Address Error Redirector
CCleaner
DVD Solution
FATE
Gateway Game Console
Google Toolbar for Internet Explorer
gtw_logo
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 10 (KB910393)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
J2SE Runtime Environment 5.0 Update 2
Kaspersky Internet Security 2010
Kaspersky Internet Security 2010
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft Digital Image Starter Edition 2006
Microsoft Money 2006
Microsoft Office Standard Edition 2003
Microsoft Works
Motorola SM56 Data Fax Modem
Mozilla Firefox (3.5.7)
Napster Burn Engine
Power2Go 4.0
PowerDVD
QuickTime
RealPlayer Basic
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917537)
SigmaTel Audio
Sonic Encoders
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
Tradewinds
Update for Windows XP (KB898461)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update Rollup 2 for Windows XP Media Center Edition 2005
Viewpoint Media Player
WildTangent Web Driver
Windows Backup Utility
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows XP Hotfix - KB889673

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



any help would be greatly appreciated.
Timmy258
Active Member
 
Posts: 2
Joined: January 20th, 2010, 3:04 pm
Top
Advertisement
Register to Remove

Re: Malware issues?

Unread postby askey127 » January 26th, 2010, 7:05 am

Hi timmy258,
Sorry for the delay in answering your request.
We have had more logs than we could handle in a timely manner.
If you still need help and are not receiving it elsewhere, please proceed as follows:
-----------------------------------------------
Please Note Our Policy on the Use of P2P (Person to Person / Peer to Peer) file sharing programs
It is posted here: http://malwareremoval.com/forum/viewtopic.php?f=11&t=33112
As a condition of receiving our help, I have included the P2P program BitTorrent in the removal instructions below, so we are not wasting our time.
-----------------------------------------------------------
Remove Registry items with HighjackThis. Start HijackThis.
Click Do System Scan Only. When the Scan is complete, Check the following entries:
(Some of these lines may be missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {9befeb47-756b-4f14-a522-00775e50e320} - kubuyula.dll (file missing)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [fehuwiluse] Rundll32.exe "vidohosi.dll",s
O4 - HKLM\..\Run: [siposerok] Rundll32.exe "c:\windows\system32\pasaruwe.dll",a
O4 - Global Startup: Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.EXE
O21 - SSODL: kasalibaz - {d46b188b-00ae-4731-8c88-2d6fbd3af1ea} - c:\windows\system32\gekuhiri.dll
O21 - SSODL: mukaniyuk - {e4a1a0ef-36b1-4f18-9061-d9d5e4722edd} - c:\windows\system32\pasaruwe.dll
O22 - SharedTaskScheduler: tokatiluy - {d46b188b-00ae-4731-8c88-2d6fbd3af1ea} - c:\windows\system32\gekuhiri.dll
O22 - SharedTaskScheduler: kupuhivus - {e4a1a0ef-36b1-4f18-9061-d9d5e4722edd} - c:\windows\system32\pasaruwe.dll
Make sure Every other window except HJT is closed (No other tabs showing in the bottom tray), and Click Fix Checked
Click the "X" in the upper right corner of the HiJackThis window to close it.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine
-----------------------------------------------------------
Remove Programs Using Control Panel
From Start, Settings, Control Panel or Start, Control Panel, click Add/Remove Programs.
Highlight each Entry, as follows, one by one, if it exists, and choose Remove :

Adobe Reader 7.0
BitTorrent
Browser Address Error Redirector
J2SE Runtime Environment 5.0 Update 2
Viewpoint Media Player
WildTangent Web Driver
Take extra care in answering questions posed by any Uninstaller.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine Again
------------------------------------------------------------
Please download OTM and save to your Desktop.
  • Please double-click OTM.exe to run it.
  • Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
Code: Select all
:processes
explorer.exe

:files
c:\windows\system32\pasaruwe.dll
c:\windows\system32\gekuhiri.dll
c:\windows\system32\vidohosi.dl
c:\windows\system32\harupeza.dll

:commands
[purity]
[emptytemp]
[start explorer]
  • Return to OTM, right-click in the "Paste instructions for items to be moved" window (under the yellow bar) and choose Paste
  • Then click the red MoveIt! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of it and pressing CTRL + C (or, after highlighting, right-click and choose Copy), and paste it into your next response.
  • If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
  • Close OTM.
Note: the logs are saved in C:\_OTM\MovedFiles\ if you need to retrieve one.

So we are looking for the log from OTM, and let me know how things went.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Top

Re: Malware issues?

Unread postby NonSuch » January 29th, 2010, 6:50 pm

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Top
Topic locked
  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 431 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index