BleepingComputer.com: malware,website redirection,ComboFix log

Jump to content

Forum Guidelines

Posted Image Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Posted Image Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.


Posted Image DO NOT RUN ComboFix unless requested to.


Posted Image Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


Posted Image When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Posted Image Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

malware,website redirection,ComboFix log MOVED to Virus,Trojan and Malware Removal Logs ~~boopme

#1 User is offline   lankoo 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 1
  • Joined: 02-June 11

Posted 03 June 2011 - 08:48 PM

Dear all,
I have got hp laptop compaq nc6320 with windows sp3 operating system. This laptop was working fine until few days ago. For three days this laptop whichever browser I use something redirects the website and turn into different ones. Basically, website I want to go I have not been able to go on it because of redirection of the website I do not know exactly what the causes are. To my knowledge, my laptop is infected but due to lack of computer software/hardware knowledge I not in a position to explain and find out the solution for this. I have had this problem before in my desktop pc I was able to solved the problem using combofix. But this time I tried with combofix it did not work so bit worried about how to get rid of this malware/virus from my laptop. I am herein pasted the combofix log please if someone who is familiar with this problm advise me what should be doing in this situation would really be a great help for me to make my laptop keep runing without virus in it.

ComboFix 09-03-23.01 - sairam 2009-03-24 22:23:27.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.528 [GMT 0:00]
Running from: c:\documents and settings\sairam\My Documents\Downloads\Programs\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090323-0] *On-access scanning enabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\wpv071233163096.cpx
c:\windows\wiaserviv.log
D:\Autorun.inf
d:\recycler\Desktop.ini
d:\recycler\Folder.htt
d:\recycler\Protect.ed
d:\recycler\Warning.bmp

.
((((((((((((((((((((((((( Files Created from 2009-02-24 to 2009-03-24 )))))))))))))))))))))))))))))))
.

2009-03-14 11:27 . 2009-03-14 11:27 26,582 --a------ c:\windows\FontData.fdb
2009-03-11 17:26 . 2008-12-05 06:54 144,896 -----c--- c:\windows\system32\dllcache\schannel.dll
2009-03-07 00:10 . 2009-03-07 00:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\ALM
2009-03-06 23:33 . 2007-02-20 16:04 2,463,976 --a------ c:\windows\system32\NPSWF32.dll
2009-03-06 23:33 . 2007-02-20 16:04 190,696 --a------ c:\windows\system32\NPSWF32_FlashUtil.exe
2009-03-06 23:20 . 2009-03-06 23:20 <DIR> d-------- c:\program files\Bonjour
2009-03-06 21:26 . 2009-03-06 21:26 <DIR> d-------- c:\program files\Google
2009-03-03 21:27 . 2007-07-02 10:27 338,304 --a------ c:\windows\system32\_AxShlEx.dll
2009-03-03 21:25 . 2009-03-03 21:25 <DIR> d-------- c:\program files\Alcohol Toolbar
2009-03-03 21:25 . 2009-03-03 21:25 <DIR> d-------- c:\program files\Alcohol Soft
2009-03-03 21:25 . 2009-03-03 21:25 229,057 --a------ c:\windows\Alcohol_Toolbar_Uninstaller_8890.exe
2009-03-03 21:23 . 2009-03-03 21:23 <DIR> d-------- c:\program files\SpywareBlaster
2009-03-03 21:23 . 2009-03-03 21:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\TEMP
2009-03-03 21:22 . 2009-03-03 21:22 <DIR> d-------- c:\documents and settings\sairam\Application Data\WinPatrol
2009-03-03 21:22 . 2009-02-27 19:45 2,869,536 --a------ c:\documents and settings\sairam\spywareblastersetup41.exe
2009-03-03 21:22 . 2009-02-27 19:53 726,384 --a------ c:\documents and settings\sairam\wpsetup.exe
2009-03-03 21:21 . 2009-03-03 21:21 <DIR> d-------- c:\program files\BillP Studios
2009-03-02 22:38 . 2009-03-03 21:39 <DIR> d-------- c:\program files\MagicISO
2009-02-27 06:38 . 2009-02-27 07:15 <DIR> d-------- c:\program files\WebsiteX5
2009-02-27 06:38 . 1997-07-19 17:00 604,432 --a------ c:\windows\system32\COMCTL32.OCX
2009-02-27 06:38 . 1998-03-13 11:06 389,120 --a------ c:\windows\system32\Atx32.ocx
2009-02-27 06:38 . 2005-08-23 14:54 388,608 --a------ c:\windows\system32\3DABM8U.OCX
2009-02-27 06:38 . 1997-03-21 10:51 346,112 --a------ c:\windows\system32\PPRO100.DLL
2009-02-27 06:38 . 1997-03-21 15:05 154,528 --a------ c:\windows\system32\PPRO100.OCX
2009-02-27 06:38 . 1997-10-24 16:19 78,336 --a------ c:\windows\system32\ATX32PIC.DLL
2009-02-27 06:38 . 1997-11-11 16:10 28,160 --a------ c:\windows\system32\ATX32OLE.DLL
2009-02-27 06:35 . 1998-03-04 21:32 237,568 --a------ c:\windows\system32\CompPl32.dll
2009-02-27 06:35 . 2006-02-03 08:23 142,336 --a------ c:\windows\system32\iwpsetup.exe
2009-02-27 06:35 . 1997-11-05 20:03 90,624 --a------ c:\windows\system32\CPWCTL32.OCX
2009-02-27 06:35 . 1997-01-16 00:00 29,696 --a------ c:\windows\system32\VB5STKIT.DLL
2009-02-27 06:35 . 1997-01-16 13:42 6,114 --a------ c:\windows\system32\SHELLLNK.TLB
2009-02-26 06:53 . 2009-02-26 06:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\Bitstream
2009-02-26 06:41 . 2009-02-26 06:52 <DIR> d-------- c:\program files\Internet Download Manager
2009-02-26 06:41 . 2009-03-05 21:57 <DIR> d-------- c:\documents and settings\sairam\Application Data\IDM
2009-02-26 06:41 . 2009-03-24 22:25 <DIR> d-------- c:\documents and settings\sairam\Application Data\DMCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-21 21:44 --------- d-----w c:\program files\VoipCheapCom
2009-03-15 09:20 2,880 --sha-w c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-03-06 23:31 --------- d-----w c:\program files\Common Files\Adobe
2009-02-26 07:23 --------- d-----w c:\program files\Unlocker
2009-02-24 09:03 --------- d-----w c:\documents and settings\sairam\Application Data\Desktopicon
2009-02-23 22:56 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2009-02-22 22:56 8 --sh--r c:\documents and settings\All Users\Application Data\A790239F13.sys
2009-02-22 22:56 --------- d-----w c:\documents and settings\sairam\Application Data\Corel
2009-02-22 22:55 --------- d-----w c:\program files\Common Files\Protexis
2009-02-22 22:55 --------- d-----w c:\documents and settings\All Users\Application Data\Corel
2009-02-22 22:53 --------- d-----w c:\program files\Common Files\Corel
2009-02-22 22:52 --------- d-----w c:\program files\Corel
2009-02-02 23:18 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-02-02 22:17 --------- d-----w c:\program files\PowerISO
2009-02-02 22:13 --------- d-----w c:\documents and settings\sairam\Application Data\Skype(2)
2009-02-02 21:59 1,760 --sha-r c:\windows\system32\drivers\103C_HP_NTBK_HP Compaq nc6320 (RH383ET#ABU)_YN_0U_QCNU650176M_EU_46_I30AA_SHP_VKBC Version 58.13_B68YDU Ver. F.0E_T080221_WXP2_L409_M1016_J100_7Intel_8Core2 T7200_91.99_#081115_N14E4169C_(RH383ET#ABU)_XMOBILE_CN10.MRK
2009-02-02 21:57 --------- d-----w c:\program files\Hewlett-Packard
2009-02-02 17:36 --------- d-----w c:\documents and settings\sairam\Application Data\skypePM
2009-01-27 12:31 --------- d-----w c:\program files\QuickTime
2009-01-27 12:10 --------- d-----w c:\program files\Common Files\Macrovision Shared
2008-11-17 21:04 56 -csh--r c:\windows\system32\EBA05374B9.sys
2008-11-17 21:07 3,974 -csha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VoipCheapCom"="c:\program files\VoipCheapCom\VoipCheapCom.exe" [2008-09-08 9218872]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761948]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"AS00_Gear511"="c:\program files\NETGEAR\WG511SCU\Utility\Gear511.exe" [2004-12-03 475136]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2008-10-09 333120]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-01-18 581693]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2005-07-25 18:41 40960 c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2007-06-08 09:04 49152 c:\windows\system32\DeviceNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN]
2006-03-03 15:08 434176 c:\windows\system32\IfxWlxEN.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli AsWlnPkg

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DVD Check.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\DVD Check.lnk
backup=c:\windows\pss\DVD Check.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CognizanceTS]
--a------ 2003-12-22 18:12 17920 c:\progra~1\HPQ\IAM\Bin\AsTsVcc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2008-04-14 00:12 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
--a------ 2006-02-14 10:49 454656 c:\program files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2005-08-11 16:30 249856 c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-08-11 16:30 81920 c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-14 00:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
--a------ 2006-05-08 09:56 131072 c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 04:27 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-11-23 20:12 185872 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
--a------ 2005-11-08 11:59 184320 c:\program files\InterVideo\DVD Check\DVDCheck.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\VoipCheapCom\\VoipCheapCom.exe"=
"c:\\cygwin\\bin\\XWin.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-15 114768]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [2005-11-29 36768]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [2006-02-28 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-11-15 20560]
R3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [2009-01-17 16194]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2006-02-28 87808]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2008-11-15 36352]
S3 DAMDrv;DAMDrv;c:\windows\system32\drivers\DAMDrv.sys [2008-12-24 30008]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [2007-06-08 172131]
S3 NETGEAR_WG511_SERVICE;NETGEAR WG511T Wireless Adapter Service;c:\windows\system32\drivers\wg511nd5.sys [2009-01-17 395840]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASChannel

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a6889bc0-ff9a-11dd-a6d5-0017084a6761}]
\Shell\AutoRun\command - iph.exe %1
\Shell\Explore\command - iph.exe %1
\Shell\Open\command - iph.exe %1
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.hp.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-24 22:29:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(912)
c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll
c:\windows\system32\DeviceNP.dll
c:\windows\system32\IfxWlxEN.dll
c:\program files\HPQ\IAM\Bin\ASChnl.dll
c:\program files\HPQ\IAM\Bin\ItMsg.dll

- - - - - - - > 'lsass.exe'(972)
c:\program files\HPQ\IAM\bin\AsWlnPkg.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\scardsvr.exe
c:\program files\HPQ\IAM\Bin\asghost.exe
c:\program files\WIDCOMM\Bluetooth Software\BTStackServer.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\IFXSPMGT.exe
c:\windows\system32\IFXTCS.exe
c:\program files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\windows\system32\wscntfy.exe
c:\program files\ProtectTools\Embedded Security Software\PSDrt.exe
.
**************************************************************************
.
Completion time: 2009-03-24 22:33:41 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-24 22:33:38

Pre-Run: 56,841,195,520 bytes free
Post-Run: 57,961,607,168 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

236 --- E O F --- 2009-03-16 10:41:45
ComboFix 09-03-31.01 - sairam 2009-03-31 21:15:17.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.585 [GMT 1:00]
Running from: c:\documents and settings\sairam\My Documents\Downloads\Programs\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090330-0] *On-access scanning disabled* (Updated)
* Created a new restore point
.

the log herein pasted was part of the log because the message with log was too long so could not upload the whole log got from combofix..

This post has been edited by boopme: 03 June 2011 - 08:58 PM

#2 User is offline   SweetTech 

  • Agent ST
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 12,662
  • Joined: 15-March 09
  • Gender:Male
  • Location:Antarctica

Posted 08 June 2011 - 01:59 PM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.

  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.

  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!

  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!

  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.

  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!

  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.

  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days     failure to reply will result in the topic being closed!

  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.


____________________________________________________

Rootkit UnHooker (RkU)
Please download Rootkit Unhooker from one of the following links and save it to your desktop.

In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth Code, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.

-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".



NEXT:


Running OTL

We need to create a FULL OTL Report
  • Please download OTL from here:

  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized


NEXT:


Please provide an update on how things are running in your next reply.
Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.

#3 User is offline   SweetTech 

  • Agent ST
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 12,662
  • Joined: 15-March 09
  • Gender:Male
  • Location:Antarctica

Posted 10 June 2011 - 09:32 AM

Do you still need help with your machine?

If the instructions are unclear or something isn't working, please let me know before proceeding.
Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.

#4 User is offline   SweetTech 

  • Agent ST
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 12,662
  • Joined: 15-March 09
  • Gender:Male
  • Location:Antarctica

Posted 11 June 2011 - 09:49 AM

Due to lack of feedback this thread will now be closed. If you still require assistance, and would like to have your thread re-opened, please feel free to send me a Private Message (PM) being sure to include a link to your topic, and I'd be happy to re-open it.
Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users