im trying to turn on my automatic updates and the services.msc is not
working. it displays error 1058 everytime. i think i have the malware vundo
cuz im getting these pop up ads. how do i get rid of this?
--
hmph.....
im trying to turn on my automatic updates and the services.msc is not
working. it displays error 1058 everytime. i think i have the malware vundo
cuz im getting these pop up ads. how do i get rid of this?
--
hmph.....
You cannot manually start the Automatic Updates service and you receive an
"Error 1058" error message on a computer that is running Windows XP or
Windows XP Tablet PC Edition 2005:
<http://support.microsoft.com/kb/896224>
Please let us know if the problem remains
- -- ---
"dirtydboi" wrote:
> im trying to turn on my automatic updates and the services.msc is not
> working. it displays error 1058 everytime. i think i have the malware vundo
> cuz im getting these pop up ads. how do i get rid of this?
> --
> hmph.....
Hello,
Insure that your system is malware-free /first/ before getting windows updates.
Thoroughly scan the system with your updated anti-virus and anti-malware program.
Document the results so you can have them for posting on an anti-malware forum ---- not here.
Use Windows' Disk Cleanup to delete all temporary files.
Download & save Malwarebytes Anti-Malware
Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform FULL Scan, then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy & Paste the entire report in a new reply as soon as it has finished.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.
MBAM is an excellent first-line program to use and keep.
Run a /thorough/ check for malware, including posting your HijackThis log to an appropriate forum.
Checking for/Help with Hijackware
Maurice N You are the man!!!!!
A log like this:
Malwarebytes' Anti-Malware 1.30
Database version: 1416
Windows 5.1.2600 Service Pack 2
11/22/2008 4:09:06 PM
mbam-log-2008-11-22 (16-09-06).txt
Scan type: Full Scan (C:\|D:\|K:\|)
Objects scanned: 181228
Time elapsed: 58 minute(s), 5 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 4
Registry Keys Infected: 23
Registry Values Infected: 4
Registry Data Items Infected: 3
Folders Infected: 2
Files Infected: 22
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS\system32\fccyAssQ.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\xkjkbrtp.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\qoMcyApQ.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\aoketd.dll (Trojan.Vundo) -> Delete on reboot.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects\{ba410704-aff3-46df-9184-11c396259301} (Trojan.Vundo.H) ->
Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ba410704-aff3-46df-9184-11c396259301}
(Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects\{d9eec67f-e979-4394-af25-98dbc5ea7bbb} (Trojan.Vundo.H) ->
Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon\Notify\qomcyapq (Trojan.Vundo.H) -> Delete on
reboot.
HKEY_CLASSES_ROOT\CLSID\{d9eec67f-e979-4394-af25-98dbc5ea7bbb}
(Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects\{f3ab47d7-ddde-45d2-a22d-1a7bb41090ba} (Trojan.Vundo.H) ->
Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{f3ab47d7-ddde-45d2-a22d-1a7bb41090ba}
(Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d9eec67f-e979-4394-af25-98dbc5ea7bbb}
(Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ba410704-aff3-46df-9184-11c396259301}
(Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f3ab47d7-ddde-45d2-a22d-1a7bb41090ba}
(Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bd5258af-20ae-4bd3-b748-b2851aca7335}
(Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{87255c51-cd7d-4506-b9ad-97606daf53f3}
(Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{4a40e8fc-c7e4-4f57-9fa4-85dd77402897}
(Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution
Units\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> Quarantined
and deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/cpbrkpie.ocx (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\RegistrySmart (Rogue.RegistrySmart) ->
Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\RegistrySmart (Rogue.RegistrySmart) ->
Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined
and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined
and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) ->
Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and
deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined
and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined
and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\49bdd6ca
(Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{d9eec67f-e979-4394-af25-98dbc5ea7bbb}
(Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet
Explorer\Toolbar\ShellBrowser\{07aa283a-43d7-4cbe-a064-32a21112d94d}
(Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\cpbrkpie.ocx (Adware.Coupons) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification
Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\fccyassq ->
Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication
Packages (Trojan.Vundo) -> Data: c:\windows\system32\fccyassq -> Delete on
reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs
(Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted
successfully.
Folders Infected:
C:\Documents and Settings\HP_Administrator\Application Data\RegistrySmart
(Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application
Data\RegistrySmart\Log (Rogue.RegistrySmart) -> Quarantined and deleted
successfully.
Files Infected:
C:\WINDOWS\system32\aoketd.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\qoMcyApQ.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\fccyAssQ.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\QssAyccf.ini (Trojan.Vundo.H) -> Quarantined and deleted
successfully.
C:\WINDOWS\system32\QssAyccf.ini2 (Trojan.Vundo.H) -> Quarantined and
deleted successfully.
C:\WINDOWS\system32\nkcbusuh.dll (Trojan.Vundo.H) -> Quarantined and deleted
successfully.
C:\WINDOWS\system32\husubckn.ini (Trojan.Vundo.H) -> Quarantined and deleted
successfully.
C:\WINDOWS\system32\xkjkbrtp.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ptrbkjkx.ini (Trojan.Vundo.H) -> Quarantined and deleted
successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet
Files\Content.IE5\4D6VC5YV\kb600179[1] (Trojan.Vundo) -> Quarantined and
deleted successfully.
C:\System Volume
Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP950\A0087684.dll
(Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume
Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP951\A0087705.dll
(Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume
Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP951\A0087714.dll
(Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume
Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP951\A0088727.dll
(Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume
Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP956\A0088919.dll
(Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume
Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP957\A0089105.dll
(Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume
Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP958\A0089181.dll
(Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\cpbrkpie.ocx (Adware.Coupons) -> Quarantined and deleted
successfully.
C:\WINDOWS\system32\cekkeikx.dll (Trojan.Vundo) -> Quarantined and deleted
successfully.
C:\WINDOWS\system32\qoMdbCrr.dll (Trojan.Vundo) -> Quarantined and deleted
successfully.
C:\Documents and Settings\HP_Administrator\Application
Data\RegistrySmart\Log\2008 Mar 09 - 09_35_29 AM_343.log
(Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application
Data\RegistrySmart\Log\2008 Mar 09 - 09_35_32 AM_406.log
(Rogue.RegistrySmart) -> Quarantined and deleted successfully.
"Maurice N ~ MVP" wrote:
> Hello,
>
> Insure that your system is malware-free /first/ before getting windows updates.
> Thoroughly scan the system with your updated anti-virus and anti-malware program.
> Document the results so you can have them for posting on an anti-malware forum ---- not here.
>
> Use Windows' Disk Cleanup to delete all temporary files.
>
> Download & save Malwarebytes Anti-Malware from
> http://www.besttechie.net/tools/mbam-setup.exe or
> http://www.majorgeeks.com/Malwarebyt...are_d5756.html
> Double Click mbam-setup.exe to install the application.
> Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
> If an update is found, it will download and install the latest version.
> Once the program has loaded, select Perform FULL Scan, then click Scan.
> The scan may take some time to finish,so please be patient.
> When the scan is complete, click OK, then Show Results to view the results.
> Make sure that everything is checked, and click Remove Selected.
> When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
> The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
> Copy & Paste the entire report in a new reply as soon as it has finished.
> Extra Note:
> If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
> click OK to either and let MBAM proceed with the disinfection process.
> If asked to restart the computer, please do so immediately.
>
> MBAM is an excellent first-line program to use and keep.
>
> Run a /thorough/ check for malware, including posting your HijackThis log to an appropriate forum.
>
> Checking for/Help with Hijackware
> http://aumha.org/a/parasite.htm
> http://aumha.org/a/quickfix.htm
> http://aumha.net/viewtopic.php?t=5878
> http://wiki.castlecops.com/Malware_R...:_Introduction
> http://mvps.org/winhelp2002/unwanted.htm
> http://inetexplorer.mvps.org/data/prevention.htm
> http://inetexplorer.mvps.org/tshoot.html
> http://www.mvps.org/sramesh2k/Malware_Defence.htm
> http://defendingyourmachine.blogspot.com/
> http://www.elephantboycomputers.com/...moving_Malware
>
> When all else fails, HijackThis v2.0.2
> (http://aumha.org/downloads/hijackthis.zip) is the preferred tool to use.
> It will help you to both identify and remove any hijackware/spyware with
> assistance from an expert. ** Post your log to one (and only one) of the following
> http://aumha.net/viewforum.php?f=30,
> http://www.bleepingcomputer.com/forums/forum22.html,
> http://castlecops.com/forum67.html,
> http://forum.malwareremoval.com/viewforum.php?f=11
> http://forums.spywareinfo.com/index.php?showforum=18
> http://www.spywarewarrior.com/viewfo...0ca7ab9210f7ae,
> http://forums.subratam.org/index.php?showforum=7,
> http://forums.spybot.info/forumdisplay.php?f=22
> or other appropriate forums for expert analysis, not here.**
>
> Make very sure you read and follow the very topmost instructions at the forum you have selected.
>
> --
> Maurice N
> MS-MVP (Windows Client) , Aumha.net VSOP , DTS-L
> -----
>
> "dirtydboi" <dirtydboi@discussions.microsoft.com> wrote in message news:5A50927B-861A-40F7-B572-34C6B1BF32C3@microsoft.com...
> > im trying to turn on my automatic updates and the services.msc is not
> > working. it displays error 1058 everytime. i think i have the malware vundo
> > cuz im getting these pop up ads. how do i get rid of this?
> > --
> > hmph.....
>
1. Always begin a new thread about *your* problems.
2. We do not interpret MBAM or HijackThis logs in the public newsgroups.
3. Repost:
>> When all else fails, HijackThis v2.0.2
>> (http://aumha.org/downloads/hijackthis.zip) is the preferred tool to
>> use.
>> It will help you to both identify and remove any hijackware/spyware with
>> assistance from an expert. ** Post your log to one (and only one) of
>> the
>> following http://aumha.net/viewforum.php?f=30,
>> http://www.bleepingcomputer.com/forums/forum22.html,
>> http://castlecops.com/forum67.html,
>> http://forum.malwareremoval.com/viewforum.php?f=11
>> http://forums.spywareinfo.com/index.php?showforum=18
>>
>> http://www.spywarewarrior.com/viewfo...0ca7ab9210f7ae,
>> http://forums.subratam.org/index.php?showforum=7,
>> http://forums.spybot.info/forumdisplay.php?f=22
>> or other appropriate forums for expert analysis, not here.**
PS: You've got a *lot* more work to do!
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
AumHa VSOP & Admin http://aumha.net
DTS-L http://dts-l.net/
Paul wrote:
> A log like this:
> Malwarebytes' Anti-Malware 1.30
> Database version: 1416
> Windows 5.1.2600 Service Pack 2
>
> 11/22/2008 4:09:06 PM
> mbam-log-2008-11-22 (16-09-06).txt
>
> Scan type: Full Scan (C:\|D:\|K:\|)
> Objects scanned: 181228
> Time elapsed: 58 minute(s), 5 second(s)
>
> Memory Processes Infected: 0
> Memory Modules Infected: 4
> Registry Keys Infected: 23
> Registry Values Infected: 4
> Registry Data Items Infected: 3
> Folders Infected: 2
> Files Infected: 22
>
> Memory Processes Infected:
> (No malicious items detected)
>
> Memory Modules Infected:
> C:\WINDOWS\system32\fccyAssQ.dll (Trojan.Vundo.H) -> Delete on reboot.
> C:\WINDOWS\system32\xkjkbrtp.dll (Trojan.Vundo.H) -> Delete on reboot.
> C:\WINDOWS\system32\qoMcyApQ.dll (Trojan.Vundo) -> Delete on reboot.
> C:\WINDOWS\system32\aoketd.dll (Trojan.Vundo) -> Delete on reboot.
>
> Registry Keys Infected:
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
> Helper Objects\{ba410704-aff3-46df-9184-11c396259301} (Trojan.Vundo.H) ->
> Quarantined and deleted successfully.
> HKEY_CLASSES_ROOT\CLSID\{ba410704-aff3-46df-9184-11c396259301}
> (Trojan.Vundo.H) -> Quarantined and deleted successfully.
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
> Helper Objects\{d9eec67f-e979-4394-af25-98dbc5ea7bbb} (Trojan.Vundo.H) ->
> Delete on reboot.
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
> NT\CurrentVersion\Winlogon\Notify\qomcyapq (Trojan.Vundo.H) -> Delete on
> reboot.
> HKEY_CLASSES_ROOT\CLSID\{d9eec67f-e979-4394-af25-98dbc5ea7bbb}
> (Trojan.Vundo.H) -> Delete on reboot.
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
> Helper Objects\{f3ab47d7-ddde-45d2-a22d-1a7bb41090ba} (Trojan.Vundo.H) ->
> Delete on reboot.
> HKEY_CLASSES_ROOT\CLSID\{f3ab47d7-ddde-45d2-a22d-1a7bb41090ba}
> (Trojan.Vundo.H) -> Delete on reboot.
> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d9eec67f-e979-4394-af25-98dbc5ea7bbb}
> (Trojan.Vundo) -> Quarantined and deleted successfully.
> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ba410704-aff3-46df-9184-11c396259301}
> (Trojan.Vundo) -> Quarantined and deleted successfully.
> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f3ab47d7-ddde-45d2-a22d-1a7bb41090ba}
> (Trojan.Vundo) -> Quarantined and deleted successfully.
> HKEY_CLASSES_ROOT\Interface\{bd5258af-20ae-4bd3-b748-b2851aca7335}
> (Adware.Seekmo) -> Quarantined and deleted successfully.
> HKEY_CLASSES_ROOT\CLSID\{87255c51-cd7d-4506-b9ad-97606daf53f3}
> (Adware.Coupons) -> Quarantined and deleted successfully.
> HKEY_CLASSES_ROOT\AppID\{4a40e8fc-c7e4-4f57-9fa4-85dd77402897}
> (Adware.Seekmo) -> Quarantined and deleted successfully.
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution
> Units\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) ->
> Quarantined
> and deleted successfully.
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/cpbrkpie.ocx
> (Adware.Coupons) -> Quarantined and deleted successfully.
> HKEY_CURRENT_USER\SOFTWARE\RegistrySmart (Rogue.RegistrySmart) ->
> Quarantined and deleted successfully.
> HKEY_LOCAL_MACHINE\SOFTWARE\RegistrySmart (Rogue.RegistrySmart) ->
> Quarantined and deleted successfully.
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) ->
> Quarantined
> and deleted successfully.
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined
> and deleted successfully.
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) ->
> Quarantined and deleted successfully.
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined
> and
> deleted successfully.
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined
> and deleted successfully.
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) ->
> Quarantined
> and deleted successfully.
>
> Registry Values Infected:
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\49bdd6ca
> (Trojan.Vundo.H) -> Quarantined and deleted successfully.
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{d9eec67f-e979-4394-af25-98dbc5ea7bbb}
> (Trojan.Vundo) -> Delete on reboot.
> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet
> Explorer\Toolbar\ShellBrowser\{07aa283a-43d7-4cbe-a064-32a21112d94d}
> (Adware.Zango) -> Quarantined and deleted successfully.
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\cpbrkpie.ocx
> (Adware.Coupons) -> Quarantined and deleted successfully.
>
> Registry Data Items Infected:
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification
> Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\fccyassq ->
> Quarantined and deleted successfully.
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication
> Packages (Trojan.Vundo) -> Data: c:\windows\system32\fccyassq -> Delete
> on
> reboot.
> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs
> (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted
> successfully.
>
> Folders Infected:
> C:\Documents and Settings\HP_Administrator\Application Data\RegistrySmart
> (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
> C:\Documents and Settings\HP_Administrator\Application
> Data\RegistrySmart\Log (Rogue.RegistrySmart) -> Quarantined and deleted
> successfully.
>
> Files Infected:
> C:\WINDOWS\system32\aoketd.dll (Trojan.Vundo.H) -> Delete on reboot.
> C:\WINDOWS\system32\qoMcyApQ.dll (Trojan.Vundo.H) -> Delete on reboot.
> C:\WINDOWS\system32\fccyAssQ.dll (Trojan.Vundo.H) -> Delete on reboot.
> C:\WINDOWS\system32\QssAyccf.ini (Trojan.Vundo.H) -> Quarantined and
> deleted
> successfully.
> C:\WINDOWS\system32\QssAyccf.ini2 (Trojan.Vundo.H) -> Quarantined and
> deleted successfully.
> C:\WINDOWS\system32\nkcbusuh.dll (Trojan.Vundo.H) -> Quarantined and
> deleted
> successfully.
> C:\WINDOWS\system32\husubckn.ini (Trojan.Vundo.H) -> Quarantined and
> deleted
> successfully.
> C:\WINDOWS\system32\xkjkbrtp.dll (Trojan.Vundo.H) -> Delete on reboot.
> C:\WINDOWS\system32\ptrbkjkx.ini (Trojan.Vundo.H) -> Quarantined and
> deleted
> successfully.
> C:\Documents and Settings\HP_Administrator\Local Settings\Temporary
> Internet
> Files\Content.IE5\4D6VC5YV\kb600179[1] (Trojan.Vundo) -> Quarantined and
> deleted successfully.
> C:\System Volume
> Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP950\A0087684.dll
> (Trojan.Vundo) -> Quarantined and deleted successfully.
> C:\System Volume
> Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP951\A0087705.dll
> (Trojan.Vundo) -> Quarantined and deleted successfully.
> C:\System Volume
> Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP951\A0087714.dll
> (Trojan.Vundo) -> Quarantined and deleted successfully.
> C:\System Volume
> Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP951\A0088727.dll
> (Trojan.Vundo) -> Quarantined and deleted successfully.
> C:\System Volume
> Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP956\A0088919.dll
> (Trojan.Vundo) -> Quarantined and deleted successfully.
> C:\System Volume
> Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP957\A0089105.dll
> (Trojan.Vundo) -> Quarantined and deleted successfully.
> C:\System Volume
> Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP958\A0089181.dll
> (Trojan.Vundo) -> Quarantined and deleted successfully.
> C:\WINDOWS\cpbrkpie.ocx (Adware.Coupons) -> Quarantined and deleted
> successfully.
> C:\WINDOWS\system32\cekkeikx.dll (Trojan.Vundo) -> Quarantined and deleted
> successfully.
> C:\WINDOWS\system32\qoMdbCrr.dll (Trojan.Vundo) -> Quarantined and deleted
> successfully.
> C:\Documents and Settings\HP_Administrator\Application
> Data\RegistrySmart\Log\2008 Mar 09 - 09_35_29 AM_343.log
> (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
> C:\Documents and Settings\HP_Administrator\Application
> Data\RegistrySmart\Log\2008 Mar 09 - 09_35_32 AM_406.log
> (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
>
>
> "Maurice N ~ MVP" wrote:
>
>> Hello,
>>
>> Insure that your system is malware-free /first/ before getting windows
>> updates.
>> Thoroughly scan the system with your updated anti-virus and anti-malware
>> program.
>> Document the results so you can have them for posting on an anti-malware
>> forum ---- not here.
>>
>> Use Windows' Disk Cleanup to delete all temporary files.
>>
>> Download & save Malwarebytes Anti-Malware from
>> http://www.besttechie.net/tools/mbam-setup.exe or
>> http://www.majorgeeks.com/Malwarebyt...are_d5756.html
>> Double Click mbam-setup.exe to install the application.
>> Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware
>> and Launch Malwarebytes Anti-Malware, then click Finish. If an update is
>> found, it will download and install the latest version.
>> Once the program has loaded, select Perform FULL Scan, then click Scan.
>> The scan may take some time to finish,so please be patient.
>> When the scan is complete, click OK, then Show Results to view the
>> results.
>> Make sure that everything is checked, and click Remove Selected.
>> When disinfection is completed, a log will open in Notepad and you may be
>> prompted to Restart.(See Extra Note)
>> The log is automatically saved by MBAM and can be viewed by clicking the
>> Logs tab in MBAM.
>> Copy & Paste the entire report in a new reply as soon as it has finished.
>> Extra Note:
>> If MBAM encounters a file that is difficult to remove, you will be
>> presented with 1 of 2 prompts.
>> click OK to either and let MBAM proceed with the disinfection process.
>> If asked to restart the computer, please do so immediately.
>>
>> MBAM is an excellent first-line program to use and keep.
>>
>> Run a /thorough/ check for malware, including posting your HijackThis log
>> to an appropriate forum.
>>
>> Checking for/Help with Hijackware
>> http://aumha.org/a/parasite.htm
>> http://aumha.org/a/quickfix.htm
>> http://aumha.net/viewtopic.php?t=5878
>> http://wiki.castlecops.com/Malware_R...:_Introduction
>> http://mvps.org/winhelp2002/unwanted.htm
>> http://inetexplorer.mvps.org/data/prevention.htm
>> http://inetexplorer.mvps.org/tshoot.html
>> http://www.mvps.org/sramesh2k/Malware_Defence.htm
>> http://defendingyourmachine.blogspot.com/
>> http://www.elephantboycomputers.com/...moving_Malware
>>
>> When all else fails, HijackThis v2.0.2
>> (http://aumha.org/downloads/hijackthis.zip) is the preferred tool to
>> use.
>> It will help you to both identify and remove any hijackware/spyware with
>> assistance from an expert. ** Post your log to one (and only one) of
>> the
>> following http://aumha.net/viewforum.php?f=30,
>> http://www.bleepingcomputer.com/forums/forum22.html,
>> http://castlecops.com/forum67.html,
>> http://forum.malwareremoval.com/viewforum.php?f=11
>> http://forums.spywareinfo.com/index.php?showforum=18
>>
>> http://www.spywarewarrior.com/viewfo...0ca7ab9210f7ae,
>> http://forums.subratam.org/index.php?showforum=7,
>> http://forums.spybot.info/forumdisplay.php?f=22
>> or other appropriate forums for expert analysis, not here.**
>>
>> Make very sure you read and follow the very topmost instructions at the
>> forum you have selected.
>>
>> --
>> Maurice N
>> MS-MVP (Windows Client) , Aumha.net VSOP , DTS-L
>> -----
>>
>> "dirtydboi" <dirtydboi@discussions.microsoft.com> wrote in message
>> news:5A50927B-861A-40F7-B572-34C6B1BF32C3@microsoft.com...
>>> im trying to turn on my automatic updates and the services.msc is not
>>> working. it displays error 1058 everytime. i think i have the malware
>>> vundo cuz im getting these pop up ads. how do i get rid of this?
>>> --
>>> hmph.....
Yeah I got the same trouble and did what Maurice said Malwarebytes' is frickin awsome. I had a problem like this before and problem was every time u ran the scan it found the trojans but couldnt delete em cos they r running programs that delete on reboot is gr8. I guess it deletes em b4 they can start their programs! So glad of this cos I was scared shitless when I saw all those random ads poping up. Also btw if anyones thinking of joining Barclays Bank don't one of the ads was theirs. I guess they've resorted to infecting people's computers with viruses for advertising. Funny cos that advert propably has much more a negative effect than positive for example I vow never to even think of joining barclays for that grief it gave me the bastards.
Malwarebytes' Anti-Malware 1.31
Database version: 1456
Windows 5.1.2600 Service Pack 3
12/21/2008 8:54:25 AM
mbam-log-2008-12-21 (08-54-25).txt
Scan type: Full Scan (C:\|F:\|)
Objects scanned: 421581
Time elapsed: 2 hour(s), 10 minute(s), 38 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 2
Registry Keys Infected: 22
Registry Values Infected: 3
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 10
Memory Processes Infected:
C:\WINDOWS\system32\prunnet.exe (Trojan.Agent) -> Unloaded process successfully.
Memory Modules Infected:
C:\WINDOWS\system32\nnnliFyw.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\hgGywUnK.dll (Trojan.Vundo) -> Delete on reboot.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22357569-6a4d-4d7a-8590-d22daf8f5bfd} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{22357569-6a4d-4d7a-8590-d22daf8f5bfd} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{22357569-6a4d-4d7a-8590-d22daf8f5bfd} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\main.bho (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\main.bho.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{986a8ac1-ab4d-4f41-9068-4b01c0197867} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\hggywunk (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\Typelib\{8e3c68cd-f500-4a2a-8cb9-132bb38c3573} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{a0e1054b-01ee-4d57-a059-4d99f339709f} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{afd4ad01-58c1-47db-a404-fbe00a6c5486} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3aa42713-5c1e-48e2-b432-d8bf420dd31d} (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\prunnet (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\prunnet (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\nnnlifyw -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\nnnlifyw -> Delete on reboot.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\nnnliFyw.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\wyFilnnn.ini (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\wyFilnnn.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jlhcjalk.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\klajchlj.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hgGywUnK.dll (Trojan.Vundo) -> Delete on reboot.
C:\Program Files\Common\_helper.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\prunnet.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Downloaded Program Files\atmgr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\The Taylors account\Local Settings\Temp\winvsnet.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
Why did you post the MBAM log? You've got a lot more work to do.
1. See if you can download/run the MSRT manually:
http://www.microsoft.com/security/ma...e/default.mspx
2. Run this online scan (in safe mode w/networking, if need be):
http://onecare.live.com/site/en-us/center/howsafe.htm
3. Run additional checks for hijackware, including posting your hijackthis
log to an appropriate forum.
Checking for/Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://aumha.net/viewtopic.php?t=5878
http://wiki.castlecops.com/Malware_R...:_Introduction
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://defendingyourmachine2.blogspot.com/
http://www.elephantboycomputers.com/...moving_Malware
When all else fails, HijackThis v2.0.2
(http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use (in
conjuction with some other utilities). HijackThis will NOT fix anything on
its own, but it will help you to both identify and remove any
hijackware/spyware with assistance from an expert. **Post your log to
http://spywarehammer.com/simplemachi...php?board=10.0,
http://forums.spybot.info/forumdisplay.php?f=22,
http://aumha.net/viewforum.php?f=30, or another appropriate forum for review
by an expert in such matters, not here.**
If the procedures look too complex - and there is no shame in admitting this
isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA) computer repair shop.
=====================
Start a free Windows Update support incident request:
https://support.microsoft.com/oas/de...spx?gprid=6527
Support for Windows Update:
http://support.microsoft.com/gp/wusupport
For home users, no-charge support is available by calling 1-866-PCSAFETY in
the United States and in Canada or by contacting your local Microsoft
subsidiary. There is no-charge for support calls that are associated with
security updates.
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
AumHa VSOP & Admin http://aumha.net
DTS-L http://dts-l.net/
TT wrote:
> Malwarebytes' Anti-Malware 1.31
> Database version: 1456
> Windows 5.1.2600 Service Pack 3
>
> 12/21/2008 8:54:25 AM
> mbam-log-2008-12-21 (08-54-25).txt
>
> Scan type: Full Scan (C:\|F:\|)
> Objects scanned: 421581
> Time elapsed: 2 hour(s), 10 minute(s), 38 second(s)
>
> Memory Processes Infected: 1
> Memory Modules Infected: 2
> Registry Keys Infected: 22
> Registry Values Infected: 3
> Registry Data Items Infected: 2
> Folders Infected: 0
> Files Infected: 10
<snip>
i have the same problem. did you fix it? i need help
"dirtydboi" wrote:
> im trying to turn on my automatic updates and the services.msc is not
> working. it displays error 1058 everytime. i think i have the malware vundo
> cuz im getting these pop up ads. how do i get rid of this?
> --
> hmph.....
"Maurice N ~ MVP" wrote:
> Hello,
>
> Insure that your system is malware-free /first/ before getting windows updates.
> Thoroughly scan the system with your updated anti-virus and anti-malware program.
> Document the results so you can have them for posting on an anti-malware forum ---- not here.
>
> Use Windows' Disk Cleanup to delete all temporary files.
>
> Download & save Malwarebytes Anti-Malware from
> http://www.besttechie.net/tools/mbam-setup.exe or
> http://www.majorgeeks.com/Malwarebyt...are_d5756.html
> Double Click mbam-setup.exe to install the application.
> Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
> If an update is found, it will download and install the latest version.
> Once the program has loaded, select Perform FULL Scan, then click Scan.
> The scan may take some time to finish,so please be patient.
> When the scan is complete, click OK, then Show Results to view the results.
> Make sure that everything is checked, and click Remove Selected.
> When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
> The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
> Copy & Paste the entire report in a new reply as soon as it has finished.
> Extra Note:
> If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
> click OK to either and let MBAM proceed with the disinfection process.
> If asked to restart the computer, please do so immediately.
>
> MBAM is an excellent first-line program to use and keep.
>
> Run a /thorough/ check for malware, including posting your HijackThis log to an appropriate forum.
>
> Checking for/Help with Hijackware
> http://aumha.org/a/parasite.htm
> http://aumha.org/a/quickfix.htm
> http://aumha.net/viewtopic.php?t=5878
> http://wiki.castlecops.com/Malware_R...:_Introduction
> http://mvps.org/winhelp2002/unwanted.htm
> http://inetexplorer.mvps.org/data/prevention.htm
> http://inetexplorer.mvps.org/tshoot.html
> http://www.mvps.org/sramesh2k/Malware_Defence.htm
> http://defendingyourmachine.blogspot.com/
> http://www.elephantboycomputers.com/...moving_Malware
>
> When all else fails, HijackThis v2.0.2
> (http://aumha.org/downloads/hijackthis.zip) is the preferred tool to use.
> It will help you to both identify and remove any hijackware/spyware with
> assistance from an expert. ** Post your log to one (and only one) of the following
> http://aumha.net/viewforum.php?f=30,
> http://www.bleepingcomputer.com/forums/forum22.html,
> http://castlecops.com/forum67.html,
> http://forum.malwareremoval.com/viewforum.php?f=11
> http://forums.spywareinfo.com/index.php?showforum=18
> http://www.spywarewarrior.com/viewfo...0ca7ab9210f7ae,
> http://forums.subratam.org/index.php?showforum=7,
> http://forums.spybot.info/forumdisplay.php?f=22
> or other appropriate forums for expert analysis, not here.**
>
> Make very sure you read and follow the very topmost instructions at the forum you have selected.
>
> --
> Maurice N
> MS-MVP (Windows Client) , Aumha.net VSOP , DTS-L
> -----
As well as the 1058 problem I am getting W32/Fake AlertTDSSXFUM.DLL &
3iMaximus viruses and I cannot update my PC Guard or run the Malware
software. Please Help!!
Peter
Peter wrote:
> "Maurice N ~ MVP" wrote:
>> Insure that your system is malware-free /first/ before getting windows
>> updates.
>> Thoroughly scan the system with your updated anti-virus and anti-malware
>> program.
>> Document the results so you can have them for posting on an anti-malware
>> forum ---- not here.
>>
>> Use Windows' Disk Cleanup to delete all temporary files.
>>
>> Download & save Malwarebytes Anti-Malware from
>> http://www.besttechie.net/tools/mbam-setup.exe or
>> http://www.majorgeeks.com/Malwarebyt...are_d5756.html
>> Double Click mbam-setup.exe to install the application.
>> Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware
>> and Launch Malwarebytes Anti-Malware, then click Finish. If an update is
>> found, it will download and install the latest version.
>> Once the program has loaded, select Perform FULL Scan, then click Scan.
>> The scan may take some time to finish,so please be patient.
>> When the scan is complete, click OK, then Show Results to view the
>> results.
>> Make sure that everything is checked, and click Remove Selected.
>> When disinfection is completed, a log will open in Notepad and you may be
>> prompted to Restart.(See Extra Note)
>> The log is automatically saved by MBAM and can be viewed by clicking the
>> Logs tab in MBAM.
>> Copy & Paste the entire report in a new reply as soon as it has finished.
>> Extra Note:
>> If MBAM encounters a file that is difficult to remove, you will be
>> presented with 1 of 2 prompts.
>> click OK to either and let MBAM proceed with the disinfection process.
>> If asked to restart the computer, please do so immediately.
>>
>> MBAM is an excellent first-line program to use and keep.
>>
>> Run a /thorough/ check for malware, including posting your HijackThis log
>> to an appropriate forum.
>>
>> Checking for/Help with Hijackware
>> http://aumha.org/a/parasite.htm
>> http://aumha.org/a/quickfix.htm
>> http://aumha.net/viewtopic.php?t=5878
>> http://wiki.castlecops.com/Malware_R...:_Introduction
>> http://mvps.org/winhelp2002/unwanted.htm
>> http://inetexplorer.mvps.org/data/prevention.htm
>> http://inetexplorer.mvps.org/tshoot.html
>> http://www.mvps.org/sramesh2k/Malware_Defence.htm
>> http://defendingyourmachine.blogspot.com/
>> http://www.elephantboycomputers.com/...moving_Malware
>>
>> When all else fails, HijackThis v2.0.2
>> (http://aumha.org/downloads/hijackthis.zip) is the preferred tool to
>> use.
>> It will help you to both identify and remove any hijackware/spyware with
>> assistance from an expert. ** Post your log to one (and only one) of
>> the
>> following http://aumha.net/viewforum.php?f=30,
>> http://www.bleepingcomputer.com/forums/forum22.html,
>> http://castlecops.com/forum67.html,
>> http://forum.malwareremoval.com/viewforum.php?f=11
>> http://forums.spywareinfo.com/index.php?showforum=18
>>
>> http://www.spywarewarrior.com/viewfo...0ca7ab9210f7ae,
>> http://forums.subratam.org/index.php?showforum=7,
>> http://forums.spybot.info/forumdisplay.php?f=22
>> or other appropriate forums for expert analysis, not here.**
>>
>> Make very sure you read and follow the very topmost instructions at the
>> forum you have selected.
>>
>> --
>> Maurice N
>> MS-MVP (Windows Client) , Aumha.net VSOP , DTS-L
>> -----
> As well as the 1058 problem I am getting W32/Fake AlertTDSSXFUM.DLL &
> 3iMaximus viruses and I cannot update my PC Guard or run the Malware
> software. Please Help!!
Follow the instructions Maurice posted & which you quoted?
Hello,
When you try to start a service (say, Windows Update) on your computer, you may receive error 1058. A description will also appear which is shown below: Error 1058: "The service cannot be started, either because it is disabled or because it has no enabled devices associated with it."
Reregister Windows Update Files
Uninstall Recent Updates
Repair Windows Registry
Verify that the Service is Not Disabled
Verify Essential Services are Already Started
Scan System Files
Bookmarks