Search Engine results only list links to spyware/adware

Please begin by clicking Start > Control Panel > System > Hardware > Device Manager > View > Show Hidden Devices

• Scroll down to Non-plug and Play Drivers and click the plus icon to open those drivers.
• Then search forTDSSserv.sys
• Let me know if you find this or not.
• If you do find it, right click on it, and select Disable. Do not try to uninstall it.
• Also if TDSSserv.sys is found and you disable it, then reboot.
• After reboot continue on with other cleaning instructions you may have been having problems running.

Now try running the scans. If necessary, do them in safe mode.

 

Please download ATF Cleaner by Atribune. This program does not require an installation. The executable actually runs the program.

NOTE: This program is for Windows XP and Windows 2000 only. ATF Cleaner will remove all files from the items that are checked so if you have some cookies you'd like to save. Please move them to a different directory first.

* Double-click ATF-Cleaner.exe to run the program.
* Under Main choose: Select All
* Click the Empty Selected button.

If you use Firefox browser

* Click Firefox at the top and choose: Select All
* Click the Empty Selected button.
o NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

* Click Opera at the top and choose: Select All
* Click the Empty Selected button.
o NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main ATF Cleaner menu to close the program.

Now see if you can use the manage attachment button. We need to see what ever logs you can supply. If you still can not attach the logs, you can copy and paste them into your next few replies and I will attach them.

 

everpeak

To get the Malwarebytes' Anti-Malware log:

• Open the program
• Click on the Logs tab
• Single-click the most recent log and click Open
• Copy & Paste that log into a new notepad.txt and Save that to your desktop as mbam-log-<insert date recreated here>

The MGlogs.zip is normally saved to C:\MGlogs.zip

Please attach these two logs in your next reply to this thread.

Thanks!
dr.m

 

Please attach the C:\MGlogs.zip --- we'll need to review all the logs in it.

http://i268.photobucket.com/albums/jj5/drmoriarty/Emoticons/char145.gif

 

You attached the instructions for SAS not the actual log. Plus the MGTools that you are using are way out of date --> where did you get it??

Please go to the READ & RUN ME FIRST. Malware Removal Guide and ( after removing MGTools and the related folders) download and run the latest version.

Make sure you are also using the latest versions of SAS and MBAM and that they are updated.

 

You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip

Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

You should have msconfig back.

 

Ah....sneaky little devil.

Use windows explorer to find and delete:
c:\windows\system32\0E58Feq8.exe


Now tell me why the only other admin user is disabled:

Code:

Users on this computer:
Is Admin? | Username
------------------
   Yes    | Administrator
          | Guest (Disabled)
          | HelpAssistant (Disabled)
   Yes    | Ms. Hsu (Disabled)

Did you try running the scans on this accout?

Do you have the same problem if you run in safe mode with networking?

 

Starting your computer in Safe mode

Then you need to create a new account and not be using the Aministrator account for your normal computer usage.

Tell me what happens if you attempt to start in safe mode.

 

What browser are you using...and does it happen with a different browser?

We will work on transferring your docs and files to the new account later.

 

Boot back into normal mode and lets try this:

This procedure explains how to get to the BitDefender Online Scan sites and how to setup and perform an online scan. It also explains how to obtain a log so you can attach it to a message. You must use Internet Explorer to run this scan and make sure your Sun Java version it current. Get Sun Java here: Sun Java Runtime EnvironmentBefore installing the current version, you should uninstall all previous versions first!!!!

****NOTE**** DO NOT INSTALL Bitdefender's Antivirus program. Make sure you follow the directions below and run the ONLINE SCANNER only.


To start the online scan go here: Bitdefender

• Agree to the license and then select Scan.
  
  • DO NOT CHANGE THE OPTIONS TO SHOW ALL FILES SCANNED. That will make your logs huge and we don't need to see clean files.
  
  
• Once Bitdefender completes the scan:
  
  • Click-on the Detected Problems tab. Then select Click here to export the scan report
  • When the window comes up to save the report, change the Save as type: box to Text (Tab Delimited) (*.txt)
  • And then in the File name box enter bdscan then click save. This will save a file named bdscan.txt in whatever folder you are currently in when you save the file (take notice of where you are at so you can find it later). This bdcan.txt file will actually contain HTML code that we can easily view later while reviewing your log. All we have to do is rename the file to bdscan.html. If you do not follow these step, you will have an incorrect log or worse a log summary which is useless to us.
  
  
• Post the bdscan.txt file as an ATTACHMENT. See: HOW TO: Attach Items To Your Post
• If you run BitDefender Online scan and have previously run PandaActive scan, the below false detection may be seen in BitDefender:
  
  C:\WINDOWS\system32\ActiveScan\pskahk.dll
  Infected with: Generic.Malware.SIMDWYNVdprn.D9407F4E

 

Crashing will not physically harm your hard drive. You will need to tell me exactly what the BSOD referenced.

Are you still having problems? Have you rebooted and gotten another BSOD?

 

Tell me if this helps.

 

The item refers to an intel storage matrix.....can you do a system restore again to before this happened...then check your device manager for any X's, ! or ? marks.

You may need to post in the software section as this is not malware.

 

No..that is a firewire connection. Please do me a favor and since you have restored, download the tools from the Read and Run First and let me see those logs:
SAS
MBAM
MGTools.exe --> MGLogs.zip

 

The tools have been updated...so you will need to download them again from the Read and Run First.......I just want to make sure that your restore point is clean.

 

Yes as there is a possibility that your restore points are infected. And yes download SAS, MBAM and MGTools.exe from the current Read and RUn First instructions as MGTools and SAS are both new versions since we started.