please help, after removing virus from my computer Windows does not run!!!

[mya2012]

a computer tech removed virus from my computer ,however after restarting the system Windows does not run and the tech says because hard drive is broken and can not accept any info. my computer was working well before virus and i had no problem with it !can you please help !

[SuperDave]

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
We are going to be using a Windows Recovery Environment to help disinfect the system so it may boot again.

Download the OTLPE Standard REATOGO Windows Recovery Environment.

• Place a blank CD-R disc in to your CD burning drive.
• Download OTLPEStd.exe and double-click on it to burn to a CD using an ISO Burner. One can be found here.
  
• Reboot your system using the boot CD you just created.
• Note : If you do not know how to set your computer to boot from CD follow the steps here
  
• Your system should now display a REATOGO-X-PE desktop.
• Double-click on the OTLPE icon.
  
• When asked "Do you wish to load the remote registry", select Yes
  
• When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  
• Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  
• OTL should now start. Change the following settings
  
• Change Drivers to Non-Microsoft
  
• Press Run Scan to start the scan.
  
• When finished, the file will be saved  in drive C:\_OTL\MovedFiles
  
• Copy this file to your USB drive if you do not have internet connection on this system
• Please post the contents of the OTL.txt file in your reply.
  

[Darthgumby]

Your comment has been removed. Please do not post malware advice, or post here in the malware forum, unless you need help.  If you want to help, please go here. First Warning! Superdave.

[mya2012]

hi Superdave,

many thanks for your reply and helping me out.

please be patient with me as i am slow when it comes to things like this! i haven't got the cd RW and i have to buy that but can you tell me please what it should be the size of its memory first?

many thanks

mya2012

[mya2012]

sorry superdave , it just happened when i switched the pc onand no i noticed i can run the Windows in safe mode , does this help the process? thanks

[SuperDave]

it just happened when i switched the pc onand no i noticed i can run the Windows in safe mode , does this help the process? thanks

Ok. Let's run MBAM in Safe mode with Networking.

Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
• Please save the log to a location you will remember.
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

[mya2012]

hi SuperDave

here is the report, i couldn't  believe it, after removing virus from my computer by a tech , still 170 virus was detected!


Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org
Database version: v2012.04.01.04
Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 6.0.2900.5512
HP_Owner :: YOUR-447023AE6B [administrator]
01/04/2012 22:31:47
mbam-log-2012-04-01 (22-31-47).txt
Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 368692
Time elapsed: 40 minute(s), 59 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 30
C:\Documents and Settings\HP_Owner\Application Data\FunWebProducts (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\FunWebProducts\Data (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\FunWebProducts\Data\HP_Owner (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\2.bin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\Cache (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\setups (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\chrome (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Overlay (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt\1.bin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\chrome (PUP.MyWebSearch) -> Quarantined and deleted successfully.
Files Detected: 136
C:\Program Files\14res.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\2.bin\F3PLUGIN.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\2.bin\NPFUNWEB.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
C:\Program Files\HackerPro\Rec.exe (PUP.PassView) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64auxstb.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64bar.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64barsvc.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64brmon.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64brstub.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64datact.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64dlghk.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64dyn.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64feedmg.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64highin.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64hkstub.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64html.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64htmlmu.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64httpct.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64idle.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64ieovr.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64impipe.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64medint.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64mlbtn.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64msg.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64Plugin.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64radio.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64regfft.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64reghk.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64regiet.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64script.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64skin.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64skplay.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64SrcAs.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64SrchMn.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64tpinst.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64uabtn.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\NP64Stub.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\14res.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\FunWebProducts\Data\HP_Owner\avatar.dat (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\Cache\003D0595.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\Cache\files.ini (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\WebfettiBtn.html (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\CHROME.MANIFEST (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\INSTALL.RDF (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\chrome\M3FFXTBR.JAR (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00125DF7 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\003F1673 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\003F1A1D.bin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\003F1D1A.bin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\003F20C4.bin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\003F224A.bin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\003F245E.bin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0062E37D (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00A24736.bin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00A24B0E.bmp (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00A24D22.bin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00A251A6.bin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\021A0AF3.bmp (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\05D1331B.bin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\files.ini (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History\search3 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\CM.ICO (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\WB.ICO (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\8_step1.gif (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.gif (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.htm (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\bkez.jpg (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\bkgr.jpg (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\bkgs.jpg (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\bklf.jpg (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\bkrg.jpg (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\bkwebfet.jpg (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\bkzc.jpg (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\bkzl.jpg (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\bkzn.jpg (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\bkzq.jpg (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\bkzr.jpg (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\bkzu.jpg (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\bkzv.jpg (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\bkzw.jpg (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\bkzwinky.jpg (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\blubtn2d.png (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\blubtn2r.png (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\blubtn3d.png (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\blubtn3r.png (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\center.htm (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\index.htm (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\mid_dots.gif (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\protect.htm (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\rebut4.htm (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\rebut4b.htm (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\rebut4c.htm (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\shield.png (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\shocked.gif (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\stop.gif (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\systray.htm (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\systrayp.htm (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\tp_grad.gif (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\warn.gif (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Overlay\COMMON.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_FeatCk.dat (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\CHROME.MANIFEST (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\INSTALL.RDF (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\installKeys.js (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\LOGO.BMP (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\T8RES.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\chrome\64ffxtbr.jar (PUP.MyWebSearch) -> Quarantined and deleted successfully.
(end)

[SuperDave]

i couldn't  believe it, after removing virus from my computer by a tech , still 170 virus was detected!

Please re-boot in Normal mode and try running MBAM again. Also this one.

SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.

[mya2012]

Hi SuperDave,

I still can not run in normal mode!should I run the SUPERAntiSpyware on safe mode?

thanks
mya2012

[SuperDave]

I still can not run in normal mode!

What happens when you try to boot in Normal Mode?

Save these instructions so you can have access to them while in Safe Mode.

Please click here to download AVP Tool by Kaspersky.

• Save it to your desktop.
• Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
  
• Double click the setup file to run it.
• Click Next to continue.
• Accept the License agreement and click on next.
• It will, by default, install it to your desktop folder. Click Next.
• It will then open a box There will be a tab that says Automatic scan.
• Under Automatic scan make sure these are checked.
• Hidden Startup Objects
  
• System Memory
  
• Disk Boot Sectors.
  
• My Computer.
  
• Also any other drives (Removable that you may have)
  

Leave the rest of the settings as they appear as default.
•Then click on Scan at the to right hand Corner.
•It will automatically Neutralize any objects found.
•If some objects are left un-neutralized then click the button that says Neutralize all
•If it says it cannot be neutralized then choose the delete option when prompted.
•After that is done click on the reports button at the bottom and save it to file name it Kas.
•Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

Note: This tool will self uninstall when you close it so please save the log before closing it.

[mya2012]

hi,

when i try to boot the system, at first i see the windows logo and the blue bar underneath it but after few
seconds screen goes black  then blue and starts with a sentence saying " we are sorry for the inconvenience .
but the Windows can not complete.you have received this message as a result of installing a new software or hardware.please chose one of the followings:
safe mode
safe mode with networking
last known good configuration.

i did run the AVP tool however it did not give me any options as you mentioned in red colour.
however it did not detect any threats.here is the first part of report :
(if you want to see the full report please let me know)

Automatic Scan: completed 2 minutes ago   (events: 1389, objects: 1304, time: 00:04:02)   
03/04/2012 22:12:36   Task started         
03/04/2012 22:12:36   OK   System Memory      
03/04/2012 22:12:37   OK   smss.exe\smss.exe      
03/04/2012 22:12:37   OK   smss.exe\ntdll.dll      
03/04/2012 22:12:37   OK   C:\WINDOWS\System32\smss.exe      
03/04/2012 22:12:37   OK   C:\WINDOWS\System32\ntdll.dll      
03/04/2012 22:12:37   OK   csrss.exe\csrss.exe      
03/04/2012 22:12:37   OK   csrss.exe\ntdll.dll   Object was not changed (iChecker)   
03/04/2012 22:12:37   OK   C:\WINDOWS\System32\csrss.exe      
03/04/2012 22:12:37   OK   csrss.exe\CSRSRV.dll      
03/04/2012 22:12:37   OK   C:\WINDOWS\System32\CSRSRV.dll      
03/04/2012 22:12:37   OK   csrss.exe\basesrv.dll      
03/04/2012 22:12:37   OK   C:\WINDOWS\System32\basesrv.dll      
03/04/2012 22:12:37   OK   csrss.exe\winsrv.dll      
03/04/2012 22:12:37   OK   csrss.exe\GDI32.dll      
03/04/2012 22:12:37   OK   C:\WINDOWS\System32\winsrv.dll      
03/04/2012 22:12:38   OK   csrss.exe\KERNEL32.dll      
03/04/2012 22:12:38   OK   C:\WINDOWS\System32\GDI32.dll      
03/04/2012 22:12:38   OK   csrss.exe\USER32.dll      
03/04/2012 22:12:38   OK   C:\WINDOWS\System32\USER32.dll      
03/04/2012 22:12:38   OK   csrss.exe\sxs.dll      
03/04/2012 22:12:39   OK   C:\WINDOWS\System32\KERNEL32.dll      
03/04/2012 22:12:39   OK   csrss.exe\ADVAPI32.dll      
03/04/2012 22:12:39   OK   C:\WINDOWS\System32\sxs.dll      
03/04/2012 22:12:39   OK   csrss.exe\RPCRT4.dll      
03/04/2012 22:12:39   OK   C:\WINDOWS\System32\ADVAPI32.dll      
03/04/2012 22:12:39   OK   csrss.exe\Secur32.dll   

[SuperDave]

we are sorry for the inconvenience .
but the Windows can not complete.you have received this message as a result of installing a new software or hardware.please chose one of the followings:

Did you recently install something new? Did you try "last known good configuration" ? Did you try System Restore while in Safe Mode?

[mya2012]

no i didn't install any software or hardware. i started receiving this message after tech. "removed the virus " from my computer!
yes i did try to reboot in each different option but only the first 2 were possible to run.(safe mode ,safe mode with networking)

[mya2012]

no, sorry i didn't. i don't know anything about system restore and when i have to do that!

[SuperDave]

i started receiving this message after tech. "removed the virus " from my computer!

He/she probably removed something important.

Here's how to do a System Restore in XP. Try to restore the computer back to before the tech had his hands on it. Do you have your OS disk?