# Data execution prevention/possible malware virus



## wuanbonebilly (May 22, 2007)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:44:09 PM, on 4/8/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Windows\vVX3000.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\eAcceleration\OnAccess\onaccess.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\StopSign\PopupBlocker\sspopupblockerctrl.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\p2phost.exe
C:\Users\woodrow\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe
C:\Program Files\eAcceleration\Station\station_bk.exe
C:\Users\woodrow\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Cricket\QuickLink Mobile\QuickLink Mobile.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\MSN\Toolbar\3.0.1203.0\msntask.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vb32&d=0109&m=aspire_5515
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vb32&d=0109&m=aspire_5515
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.pagessyndication.com/google/iesearch.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 - REG:system.ini: UserInit=C:\Windows\system32\Userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: mysidesearch search enhancer - {09D69D4A-7E7B-AB23-7480-0CE51709A9A8} - C:\Windows\system32\gfoajqvrirwtjsod.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {3CA2BCE8-EC1F-44C5-A187-5CFE9A09D893} - browsertools_helper.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: (no name) - {B753C7C5-0942-4b7f-BC27-942B52BDAC66} - C:\PROGRA~1\StopSign\POPUPB~1\sspopupblocker.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll (file missing)
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Browsertools by imediacentral.com - {46BA7FF1-D32A-4369-88BF-882830A8FA67} - imediacentral_com_browsertools.dll (file missing)
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [VX3000] C:\Windows\vVX3000.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [EarthLink Installer] " /C
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [wsaecmt] "C:\Windows\wsaecmt.exe"
O4 - HKLM\..\Run: [webscan] "C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" -k
O4 - HKLM\..\Run: [SoftwareStation] "C:\Program Files\eAcceleration\Station\station.exe" /b Startup
O4 - HKLM\..\Run: [OnAccess] "C:\Program Files\eAcceleration\OnAccess\onaccess.exe" -erk
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [StopSignPopupBlocker] C:\PROGRA~1\StopSign\POPUPB~1\sspopupblockerctrl.exe /Startup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s
O4 - HKCU\..\Run: [imediacentral.com] recctrl2.exe install show
O4 - HKCU\..\Run: [googletalk] C:\Users\woodrow\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [Google Update] "C:\Users\woodrow\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P2 /q c:\users\woodrow\appdata\local\temp\HSPERF~1.SH! C:\Users\woodrow\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\JPQKHCH4\SUPERP~1.SH! C:\Users\woodrow\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\JPQKHCH4\GET_AP~1.SH! C:\Users\woodrow\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\S3CMH9ED\CHAT_1~1.SH! C:\Users\woodrow\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\S3CMH9ED\REALGU~1.SH! c:\users\woodrow\appdata\local\temp\ONENOT~1.SH! C:\Users\woodrow\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\NQM13GXY\CL6515~1.SH! C:\Users\woodrow\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\KB7A3X97\INSIDE~1.SH! C:\Users\woodrow\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\WR3QZ6ZI\CL9505~1.SH! C:\Users\woodrow\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\WR3QZ6ZI\TRACE_~2.SH! (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P2 /q c:\users\woodrow\appdata\local\temp\HSPERF~1.SH! C:\Users\woodrow\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\JPQKHCH4\SUPERP~1.SH! C:\Users\woodrow\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\JPQKHCH4\GET_AP~1.SH! C:\Users\woodrow\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\S3CMH9ED\CHAT_1~1.SH! C:\Users\woodrow\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\S3CMH9ED\REALGU~1.SH! c:\users\woodrow\appdata\local\temp\ONENOT~1.SH! C:\Users\woodrow\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\NQM13GXY\CL6515~1.SH! C:\Users\woodrow\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\KB7A3X97\INSIDE~1.SH! C:\Users\woodrow\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\WR3QZ6ZI\CL9505~1.SH! C:\Users\woodrow\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\WR3QZ6ZI\TRACE_~2.SH! (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: OneNote Table Of Contents.onetoc2
O4 - Startup: QuickLink Mobile.lnk = C:\Program Files\Cricket\QuickLink Mobile\QuickLink Mobile.exe
O4 - Startup: WKCALREM.LNK = C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
O8 - Extra context menu item: Open Document with Open IT Online - C:\Program Files\Open IT Online Lite\openitonline.html
O8 - Extra context menu item: Open Image with Open IT Online - C:\Program Files\Open IT Online Lite\openitonline.html
O9 - Extra button: (no name) - {24BE56F9-F0B6-4ac7-97F1-8CACEDA9A427} - C:\PROGRA~1\StopSign\POPUPB~1\sspopupblocker.dll
O9 - Extra 'Tools' menuitem: Block This Page - {24BE56F9-F0B6-4ac7-97F1-8CACEDA9A427} - C:\PROGRA~1\StopSign\POPUPB~1\sspopupblocker.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix: 
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/no...-4/PopularScreenSaversInitialSetup1.0.1.1.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/VistaMSNPUplden-us.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{05381AC0-1BA3-48C2-8D3A-3ACE4A38E4D4}: NameServer = 172.28.221.53 172.28.221.54
O17 - HKLM\System\CS1\Services\Tcpip\..\{05381AC0-1BA3-48C2-8D3A-3ACE4A38E4D4}: NameServer = 172.28.221.53 172.28.221.54
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: eAcceleration Notification Service (eac_notifysvc) - eAcceleration Corp - C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_svc.exe
O23 - Service: eAcceleration Product Manager Service (eac_productsvc) - eAcceleration Corp - C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_productsvc.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: FWService - eAcceleration Corp - C:\Program Files\eAcceleration\Firewall\FWService.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: StopSign Firewall Security Center Provider (ssfwmonsvc) - eAcceleration Corp - C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_svc.exe
O23 - Service: StopSign Antivirus Security Center Provider (sstsmonsvc) - eAcceleration Corp - C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_svc.exe
O23 - Service: StopSign Update Manager - eAcceleration - C:\Program Files\Common Files\eAcceleration\eacsvc.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 15974 bytes
ok here is my problem.....everytime i go to internet browser or internet explorer...mu computer shuts down the internet with the following message......"internet explorer has stopped working a problem caused the program to stop working correctly." windows will close the program and notify you if a solution is available'......then a islso get this message data excecution prevention has closed the prigram to keep it fromm injury and/or harm... and it sends me to this.........What is Data Execution Prevention?

Data Execution Prevention (DEP) is a security feature that can help prevent damage to your computer from viruses and other security threats. Harmful programs can try to attack Windows by attempting to run (also known as execute) code from system memory locations reserved for Windows and other authorized programs. These types of attacks can harm your programs and files.

DEP can help protect your computer by monitoring your programs to make sure that they use system memory safely. If DEP notices a program on your computer using memory incorrectly, it closes the program and notifies you.

See also
Data Execution Prevention: frequently asked questions 
Change Data Execution Prevention settings 
i have stop sign virus protection and it has not notified me of a virus......i have 32 bit vista basic home on an acer computer......if u need anything else please let me know


----------



## wuanbonebilly (May 22, 2007)

you are quite welcome...it works from time to time and i can get by until the calvary arrives..thanks guys...i will try again to donate..i have to find that problem out too...


----------



## wuanbonebilly (May 22, 2007)

calvary


----------



## JSntgRvr (Jul 1, 2003)

Hi, *wuanbonebilly* 

Welcome.








Please download Malwarebytes' Anti-Malware from *Here* or *Here*

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to *Update Malwarebytes' Anti-Malware* and *Launch Malwarebytes' Anti-Malware*, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "*Perform Quick Scan*", then click *Scan*.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that *everything is checked*, and click *Remove Selected*.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:

*If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.*

=====================================================================​
Please download ComboFix from *Here* or *Here* to your Desktop.

***Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop***

Please, never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------​
*Very Important!* Temporarily *disable* your *anti-virus*, *script blocking* and any *anti-malware* real-time protection _*before*_ performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause _"unpredictable results"_.
_Click on *this link* to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask._
-----------------------------------------------------------​

Close any open browsers. 
*WARNING: Combofix will disconnect your machine from the Internet as soon as it starts*
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
-----------------------------------------------------------​
Double click on *combofix.exe* & follow the prompts.
If you receive a message that Combofix has detected the presence of rootkit activity and needs to reboot, kindly write down on paper the list of files present in the message before continuing, and post it in your next reply.
Install the *Recovery Console* upon request.
When finished, it will produce a report for you. 
Please post the *"C:\ComboFix.txt" *along with a *new HijackThis log* for further review.
***Note: Do not mouseclick combofix's window while it's running. That may cause it to stall***


----------



## wuanbonebilly (May 22, 2007)

how do i disable my anti virus program.......and....how do i disable the script writing ...u got a awful lot of faith in me ...not anywhere close to knowledge in a pc...if i mess upo can i correct my mistakes and do no futher damage than there already is...


----------



## wuanbonebilly (May 22, 2007)

Malwarebytes' Anti-Malware 1.36
Database version: 1954
Windows 6.0.6001 Service Pack 1

4/8/2009 8:26:52 PM
mbam-log-2009-04-08 (20-26-52).txt

Scan type: Quick Scan
Objects scanned: 75258
Time elapsed: 3 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 23
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Program Files\Windows Live\Messenger\msimg32.dll (Adware.MyWebSearch) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b69a9db4-d0a1-4722-b56b-f20757a29cdf} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{09d69d4a-7e7b-ab23-7480-0ce51709a9a8} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{09d69d4a-7e7b-ab23-7480-0ce51709a9a8} (Adware.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Windows Live\Messenger\msimg32.dll (Adware.MyWebSearch) -> Delete on reboot.


----------



## wuanbonebilly (May 22, 2007)

Hello i need help


----------



## JSntgRvr (Jul 1, 2003)

wuanbonebilly said:


> how do i disable my anti virus program.......and....how do i disable the script writing ...u got a awful lot of faith in me ...not anywhere close to knowledge in a pc...if i mess upo can i correct my mistakes and do no futher damage than there already is...


See here:

http://www.bleepingcomputer.com/forums/topic114351.html

Run and post the Combofix report.


----------



## wuanbonebilly (May 22, 2007)

my virus protection is not on there


----------



## JSntgRvr (Jul 1, 2003)

On the lower right corner there must be an icon for the antivirus. Right click on it and disable it.


----------



## wuanbonebilly (May 22, 2007)

please tell me where to find the script blocking at..so i can disable it...please hurry this is the last thing i need to do all else is disabled and im unprotected right now


----------



## wuanbonebilly (May 22, 2007)

I HAVE TRIED 10 TIMES THE COMBOFIX will not upload ot download nowhere to my computer...now what....and please tell instead of telling me where to go how to disable the scrip block...please...and please hurry and answer im unprotected here with no virus protection or firewall because of the two things i just wrote about..if i dont hear from u soon ill put ecverything back like it was and wait.....and it will not go on desktop..and i can find it nowhere in any files or folders...


----------



## JSntgRvr (Jul 1, 2003)

Lets see if we can find the reason Combofix wont download. It could be due to the malware or part of your security protection.

In your position I would remove the eAcceleration software from the computer. You can try *AVAST*.

Download *This file*. Note its name and save it to your root folder, such as C:\.


Disconnect from the Internet and close all running programs.
Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
Click on *this link* to see a list of programs that should be disabled.
Double-click on *the downloaded file* to start the program. (If running Vista, right click on it and select "Run as an Administrator")
Allow the driver to load if asked.
You may be prompted to scan immediately if it detects rootkit activity.
If you are prompted to scan your system click "*Yes*" to begin the scan.
If not prompted, click the "*Rootkit/Malware*" tab.
On the right-side, all items to be scanned should be checked by default _except_ for "Show All". Leave that box *unchecked*.
Select all drives that are connected to your system to be scanned.
Click the *Scan* button to begin. _(Please be patient as it can take some time to complete)_
When the scan is finished, click *Save* to save the scan results to your Desktop.
Save the file as *Results.log* and copy/paste the contents in your next reply.
Exit the program and re-enable all active protection when done.


----------



## wuanbonebilly (May 22, 2007)

dude ...i know u mean well and u have the patience of a saint...but u must not have read my little note next to my name where it say dumb as hell....so i must where is the root file...bear with me...if we get this working right i'll do my part..trust me but im only 5 yrs old today so talk to me like im 4.....cause i aint got a clue as to root file and where its hid...yet..pleas hurry im non-protected again


----------



## JSntgRvr (Jul 1, 2003)

wuanbonebilly said:


> dude ...i know u mean well and u have the patience of a saint...but u must not have read my little note next to my name where it say dumb as hell....so i must where is the root file...bear with me...if we get this working right i'll do my part..trust me but im only 5 yrs old today so talk to me like im 4.....cause i aint got a clue as to root file and where its hid...yet..pleas hurry im non-protected again


Save the program in your *C:\* folder.


----------



## wuanbonebilly (May 22, 2007)

this one wont work either..i did what u said and took off my anti virus software nope didn't work it starts to download then it dissapears never to come back...tell me about script block..i never disabled that and it could what's stopping me


----------



## JSntgRvr (Jul 1, 2003)

Open Hijackthis
Click on Open the Misc Tools Section
Click "*Open Uninstall Manager*"
Click "Save List" (generates *uninstall_list.txt*)
Click Save, and attach the results in your next post.


----------



## wuanbonebilly (May 22, 2007)

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Acer Assist
Acer Empowering Technology
Acer eRecovery Management
Acer Mobility Center Plug-In
Acer Registration
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9
AVS Media Player 3.1
AVS Update Manager 1.0
AVS4YOU Software Navigator 1.3
C:\Program Files\Acer GameZone\GameConsole
CA Yahoo! Anti-Spy (remove only)
Choice Guard
Google Desktop
Google Talk Plugin
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
InterVideo WinDVD 8
Java(TM) 6 Update 13
Launch Manager
LimeWire 5.0.11
Malwarebytes' Anti-Malware
MediaBar 2.0
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft LifeCam
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MSN Toolbar
MSVCRT
MSXML 4.0 SP2 (KB954430)
NTI Backup Now 5
NTI Media Maker 8
QuickLink Mobile
RealPlayer
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek High Definition Audio Driver
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Spelling Dictionaries Support For Adobe Reader 9
StopSign Internet Security
Synaptics Pointing Device Driver
Uniblue DriverScanner 2009
Uniblue DriverScanner 2009
Unlocker 1.8.7
Update for Microsoft Office 2007 Help for Common Features (KB957244)
Update for Microsoft Office Excel 2007 Help (KB957242)
Update for Microsoft Office OneNote 2007 Help (KB957245)
Update for Microsoft Office PowerPoint 2007 Help (KB957247)
Update for Microsoft Office Word 2007 Help (KB957252)
Update for Microsoft Script Editor Help (KB957253)
Update for Office 2007 (KB946691)
UTStarcom USB Modem Software
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Live Movie Maker Beta
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Xvid 1.1.3 final uninstall
Yahoo! Install Manager
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar


----------



## wuanbonebilly (May 22, 2007)

done


----------



## wuanbonebilly (May 22, 2007)

im sorry this has been a pproblem but my pc s getting worse as the day grows long...it is getting slower and slower and noww it is freezing and say it is not responding along with the DEP nessages....i tried to download those two things u gave me they would start then disappear and u could never find them in the system or in ann file or folder...so i just put everything back together and waited on u


----------



## JSntgRvr (Jul 1, 2003)

The file I needed you to download in Post 13, download the file and save it in a place you can remember such as the Desktop. Follow the instructions therein and Run this file. Post its report


----------



## wuanbonebilly (May 22, 2007)

it will not load it starts then quits...i have tried 15 times...i t will not load....i did all u asked
i took off protection and disabled everything..it will not load


----------



## wuanbonebilly (May 22, 2007)

what is script blocking
i never disabled it...?


----------



## JSntgRvr (Jul 1, 2003)

wuanbonebilly said:


> what is script blocking
> i never disabled it...?


For the time being, please remove the following programs:

*StopSign Internet Security
Malwarebytes' Anti-Malware*

After a restart, Please download *GMER Rootkit detector* and save to your root folder, such as C:\, or to a place you can remember such as your desktop.

Disconnect from the Internet and close all running programs.
Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
Click on *this link* to see a list of programs that should be disabled.
Double-click on *gmer.exe* to start the program. (If running Vista, right click on GMER and select "Run as an Administrator")
Allow the driver to load if asked.
You may be prompted to scan immediately if GMER detects rootkit activity.
If you are prompted to scan your system click "*Yes*" to begin the scan.
If not prompted, click the "*Rootkit/Malware*" tab.
On the right-side, all items to be scanned should be checked by default _except_ for "Show All". Leave that box *unchecked*.
Select all drives that are connected to your system to be scanned.
Click the *Scan* button to begin. _(Please be patient as it can take some time to complete)_
When the scan is finished, click *Save* to save the scan results to your Desktop.
Save the file as *gmer.log* and copy/paste the contents in your next reply.
Exit GMER and re-enable all active protection when done.

Download *OTScanit2.exe *to your Desktop and double-click on it to extract the files. It will create a folder named *OTScanit2* on your desktop. *OTScanit2* can be detected as malware by your firewall and Ativirus. Chose *Ignore* on any warning alert.

Close any open browsers.
Open the *OTScanit2* folder and double-click on *OTScanit2.exe* to start the program.
Leave all settings as they appear as default, except for the following:
Under *Drivers*, select *"All"*.
Under *Rootkit Search*, select *Yes*
Under *additional Scan* select the following:
*
Reg - ControlSets
Reg - Disabled MS Config Items
Reg - File Associations
Reg - Security Center Settings
Reg - Tcpip Persistent Routes
*


Now click the *Run Scan *button on the toolbar.
The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Save that notepad file
Use the *Reply* button and attach the notepad file here *(Do not copy and paste in a reply, rather attach it to it).*


----------



## wuanbonebilly (May 22, 2007)

i did as you asked and something downloaded from yester day......the same thing you are talking about the GMER folder...i have attached it in the attachment section....i think....never did this before and its in there as woodrow file..if u see it i hope i did it right


----------



## wuanbonebilly (May 22, 2007)

i put the log in attachments did you get it..it was too big to download


----------



## JSntgRvr (Jul 1, 2003)

wuanbonebilly said:


> i put the log in attachments did you get it..it was too big to download


No they are not. When using the "Manage Attachments", make sure you click on Upload on each of the files. Cose the Attachments window and post the reply.


----------



## wuanbonebilly (May 22, 2007)

it says it s too long to go in the box...it needs to be shortened...and after i close the box i do not know how to post a reply...dude im new to all this....bear with me...explain...always not just tell...it takes too long for me to figure it out.


----------



## wuanbonebilly (May 22, 2007)

ok....i uploaded the file..woody log..i closed the box..i hope it is there..if noot im doing somethng wrong...i can not post the log it is too long,,so if im wrong please tell me what ineed to do..if all else fails i will give u remote access to my computer......to get the file yourself


----------



## JSntgRvr (Jul 1, 2003)

Upload those files for me at the *Spykiller Forum*. Follow these steps:

Please go here:
*The Spy Killer Forum*
Click on "New Topic"
Put your name, e-mail address, and this as the title: "*JSntgRvr*"
Put a link to this thread in the description box.
Then next to the file box, at the bottom, click the *browse* button, then navigate to the file to be uploaded:
Click *Open*.
Click *Post*.

If more than one file, click on the more attachments button and follow the same steps. You wont be able to see if the files were uploaded. Let me know when finished and I will check it for you.


----------



## wuanbonebilly (May 22, 2007)

done.....


----------



## JSntgRvr (Jul 1, 2003)

No record. Please try again.


----------



## wuanbonebilly (May 22, 2007)

hi i was just wondering if u received alll the stuff i put on the site u sent me to i had not heard from so i don know what to do next if anything..please contact me in rhis regard


----------



## wuanbonebilly (May 22, 2007)

i got i letter from them saying it had been moved to another part of the forum... http://thespykiller.co.uk/index.php?topic=8163.new;topicseen#new


----------



## JSntgRvr (Jul 1, 2003)

I see nothing wrong in these logs. Have you tried using another browser such as Firefox?

Were you able to run *OTScanIt2*?


----------



## wuanbonebilly (May 22, 2007)

i ran te last thing u asked about...the OTScanIt2...it says my pc is clean and no malware was found...i believe when we did the malwarebyte it cleared everything up...i thank you for ur assistance and i will be making a donation ..as i oromised


----------



## JSntgRvr (Jul 1, 2003)

wuanbonebilly said:


> i ran te last thing u asked about...the OTScanIt2...it says my pc is clean and no malware was found...i believe when we did the malwarebyte it cleared everything up...i thank you for ur assistance and i will be making a donation ..as i oromised


Thanks for the feedback.


----------

