MBAM

[westy]

Hi guys
Im trying to download MBAM! But it wont allow me.
I get a movefile failed
Code 32
The file is being used by another process.
What can i do?

[evilfantasy]

Can you get any of the other scanners from HERE to install and run?

[westy]

Yes!
I downloaded CCleaner there! although i already had it installed, and it worked fine!
I had MBAM but tried to update it, it wouldn't allow me to update.
So i removed it, and tried to download it again. And then i got this message (above)

[evilfantasy]

Try this.

Click Start > Control Panel > System > Hardware > Device Manager > View > Show Hidden Devices.

• Scroll down to “Non-plug and Play Drivers” and click the plus icon to open those drivers.
  
• Then search for TDSSserv.sys
  
• Let me know if you find this or not.
• If you do find it, right click on it, and select “Disable”. Do not try to uninstall it.
  
• Also if this is found and you disable it.
• Now reboot and see if you can run the other scans that would not run.

[westy]

No! Its not there.

[evilfantasy]

Please print these instructions as they will be needed later when Internet access is not available.
 
Download SDFix by AndyManchesta and save it to your desktop. http://rapidshare.com/files/179891642/SDFix.exe.html

When using this tool, you must use the Administrator's account or an account with Administrative rights

• Double click SDFix.exe and it will extract the files to %systemdrive%
  
• (this is the drive that contains the Windows Directory, typically C:\SDFix).
  
• DO NOT use it just yet.

.Reboot your computer in Safe Mode using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".
 
Open the SDFix folder and double click RunThis.bat to start the script.

• Type Y to begin the cleanup process.
  
• It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
  
• When the PC restarts, the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
  
• Copy and paste the contents of the results file Report.txt in your next reply.

[westy]

I downloaded SDfix, rebooted in safe mode.
Double clicked on the file, but cant see Run this bat!
It just extracts the file and takes me to a notepad, that explains how to use  SD fix!
What im i doing wrong?

[evilfantasy]

* Click on the Start button, click on the Run menu option, and type the following text from the Code Box into the Open: field then click the OK  button.

Code: [Select]

C:\SDFix\RunThis.bat
* SDFix window will open containing some brief info and a disclaimer on the use of the tool.
* Type Y on your keyboard and then press Enter to begin the cleanup process.
* It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
* Press any Key and it will restart the PC.
* When the PC restarts, the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
* Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
* Copy and paste the contents of the results file Report.txt in your next reply.

[westy]

Ok! Here it is!

[attachment deleted by admin]

[evilfantasy]

I'm skeptical that this is a malware issue since that didn't find or show any at all. It did however reset some of the default settings that can cause issues. Will MBAM work now?

[westy]

No!
It says the folder already exists. and gives me the file is being used by another process
Movefile failed CODE 32.

[evilfantasy]

Movefile failed CODE 32 is a Windows error, not an MBAM error. Are you logged on as an administrator?

Click ignore or retry and see if it works. You may need to click it several times.

[westy]

Yes! It has worked!
Thanks for your time and patience!
I also have a problem with IE, 2x IE coming on screen when i log in.
Do you think that could be a windows problem aswell?

[evilfantasy]

Post a HijackThis log please.

[westy]

Ok!
Sorry im not trying to jump the queue, as i was dealing with Broni with this problem!
But i thought the 2 cases may be related. So i thought i ask. 

[attachment deleted by admin]

[evilfantasy]

Sorry im not trying to jump the queue

This isn't a malware issue so it's OK.

Do you mean that when you log on IE automatically opens two windows?

Download Dial-a-Fix by djlizard, save it to the desktop then extract it to it's own folder.

• Open the folder and run Dial-a-fix.exe
• 2 windows will open. Close the one in the background labeled Restrictive Policies
• Check the box in section 1, Empty temp folders.
  
• Check the box in section 2, Fix Windows Installer.
  
• Check the box in section 3, Fix Windows Update.
  
• Check the box in section 4, labeled SSL/HTTPS/Cryptography. The 4 boxes under it should be pre-checked
  
• Check all boxes in section 5, labeled Registration Center.
  
• Click Go
  
• OK any error messages if received, but write them down and post them here.
• Restart the computer when done.

.
Is the problem fixed?

[westy]

Its not showing any error messages! it just says ready!
Will i restart now?

[evilfantasy]

Yes and then let me know how it is. I don't know if that will fix it but it can't hurt.

[westy]

No! its still there!
It comes on itself, without me pressing buttons or clicking on the mouse!
I just click on my name, and the screen loads, and at the end of loading these 2x IE appear!

[evilfantasy]

Download random's system information tool (RSIT) by random/random from and save it to your Desktop.

• Double click on RSIT.exe to run.
  
• Click Continue at the disclaimer screen.
  
• Once it has finished, two logs will open.
• log.txt <will be maximized and info.txt <will be minimized
  
• Please post the contents of both logs in the next reply.

[westy]

Sorry for the delay! i had to go to work

[attachment deleted by admin]

[evilfantasy]

That didn't show anything that would be causing this.

Try installing StartUp 1.3. http://majorgeeks.com/StartUp_d4436.html

Open it and see if IE is set to run at stsrtup. Right click and choose Remove if so.


Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

Go to Start > Run and type notepad.exe then click OK

Copy and paste the below into Notepad and save as fixme.reg to Your Desktop

Code: [Select]

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
Locate fixme.reg on your Desktop and double-click it. Answer Yes when prompted to merge with the Registry.

Make sure that you tell me if you receive a success message about adding the above to the registry. If you do not get a success message, it did not work.

Delete the fixme.reg from the Desktop.

----------

Uninstall:

• Ask Toolbar
• Logitech Desktop Messenger
• Mozilla Firefox (0.8.)
• Viewpoint Media Player

.
----------

Update your Mozilla Firefox Browser
Recently there have been vulnerabilities detected in older versions of Mozilla Firefox.
It is strongly suggested that you update to the current version.
Mozilla Firefox 3.0.5
You can update it by clicking Help > Check for updates...

----------

Your Java is out of date.

Older versions have vulnerabilities that malicious sites can use to infect your system.

First install the new Sun Java Runtime Environment

Be sure to close all browser windows before beginning the install.

Remove the old version(s)

Download JavaRa

• Unzip the file and open the JavaRa.exe
• Click Remove Older Versions
  
• JavaRa will search for and remove any outdated version of Java and remove any that are found.
• Click Additional Tasks
  
• Place a check next to Remove Useless JRE Files and click Go
  
• Exit JavaRa
  
• Delete the JavaRa files from the Desktop

.
----------

I'm really not sure what to do next.

[westy]

Fixme was successful!
Do i uninstall the 4 programs in ADD/REMOVE, control panel?

[evilfantasy]

Do i uninstall the 4 programs in ADD/REMOVE, control panel?

Yes please.

[westy]

I could only manage to uninstall 2 programs!
Mozilla 0.8 -uninstall log folder not found
Ask toolbar- error loading module could not be found

[westy]

Do i need firefox? As i dont think i use it! i have no idea what is anyway!

[evilfantasy]

If you don't use it then uninstall Mozilla Firefox (1.0.4) also.

Delete An Uninstall Entry

• Start HijackThis
• Click on the Open the Misc Tools section
  
• Click on the Open Uninstall Manager button.
  
• Highlight the entry you want to remove. Mozilla Firefox (0.8.)
  
• Click Delete this entry

.
----------

Download the OTMoveIt3 by OldTimer

Note: If you are running on Vista, right-click on OTMoveIt3.exe and choose Run As Administrator.

* Save it to your Desktop.
* Double-click OTMoveIt3.exe to run it.
* Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy)

Code: [Select]

:Processes
explorer.exe

:services

:reg

:files
C:\PROGRA~1\AskSBar


:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

* Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
* Click the red Moveit! button.
* Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose Yes. If not, reboot anyway.

[westy]

I think we re making progress!
I only got 1 IE onstart up, after i restarted.
And it then took me to a (would i like to run MP3 rocket)
Heres the log you requested

[attachment deleted by admin]

[evilfantasy]

This could be the source of the problem. Uninstall MP3 Rocket using Revo. Be sure to restart the computer after it's uninstalled.

Also before restarting run CCleaner.

Download Revo Uninstaller

• Go in to Revo, right click what you want to uninstall and choose Uninstall.
• Next choose Advanced Mode
  
• This will launch the programs built in uninstaller and go through the normal uninstall process.
• Once complete: In Revo Uninstaller click Next and Revo will scan the registry for leftovers.
  • This scan can take several seconds.
• Once the results are shown look at each one to ensure they are all related to the program that was uninstalled.
• Choose Select All then click Delete
  
• Click Next and Revo will scan for any files or folders that were not removed.
  
• If any files/folders are found choose Select all > Delete

[westy]

will i lose all my music?

[evilfantasy]

Since it was downloaded illegally is that really a concern. Or is your computer more important?

[westy]

I didn't know it was illegal to download the music! I thought it was a good site.
Why do they allow you to download it then?
This doesn't make any sense to me!

[westy]

OK! im going to get rid of it now!
I do have a conscience 
Some of the music is on WMP! will it stay there once i uninstall MP3 rocket?
And can you reccomend a good site for music downloads!(legal)
Do you think this is where the problem is hiding?
I thought i was on to a good thing aswell! Trust me!
I guess you cant get anything for nothing!

[evilfantasy]

Some of the music is on WMP! will it stay there once i uninstall MP3 rocket?

You won't loose any music. It's stored on your Hard Drive, not on MP3 Rocket or WMP. I just wanted to make a point

And can you reccomend a good site for music downloads!(legal)

iTunes, Amazon, Napster. You pay a fee for each download which in turn goes to the music companies and artists who own the rights to the music.

Do you think this is where the problem is hiding?

That is very likely the source of the malware.

I guess you cant get anything for nothing!

Very true. Nothing is actually free. Anything that is copyright protected can't legally be downloaded for free. Even if it's a pro version of Limewire or MP3 Rocket. The music company isn't getting paid for their product so in the US and many other countries it's illegal.


It's usually not the software that you have to worry about, BUT there are plenty of untrustworthy file sharing applications out there. It's what you download with it that can easily have extra unwanted baggage. That and badly configured file sharing software can open up your entire computer/network so others can see/steal everything on your PC!

Be sure you know just what you are doing before hand, and the potential dangers involved in P2P/File Sharing.

The Dangers Of File Sharing
File-sharing dangers involve more than legal troubles