Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Tried DDS and RootRepeal but neither work


  • Please log in to reply
10 replies to this topic

#1 kbud4

kbud4

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:24 PM

Posted 22 August 2009 - 02:22 AM

This is my first time posting.

I originally came on here to figure out if my computer is infected, but now I'm stuck before I even got started.

I downloaded both DDS and RootRepeal from the links posted on Preparation Guide, but when I tried to run them, they both failed. Is this supposed to happen? I'm on the desktop Vista at the moment.

Please help!

BC AdBot (Login to Remove)

 


#2 Guest_The weatherman_*

Guest_The weatherman_*

  • Guests
  • OFFLINE
  •  

Posted 22 August 2009 - 07:37 AM

Moved from HJT to a more appropriate forum. Tw

#3 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop

Posted 22 August 2009 - 08:37 AM

There are very few infections that need expert assistance for cleanup and removal on a 64 bit OS. Why are you trying to post in our already overloaded and backed up HJT forum?

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Edited by DaChew, 22 August 2009 - 08:38 AM.

Chewy

No. Try not. Do... or do not. There is no try.

#4 kbud4

kbud4
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:24 AM

Posted 22 August 2009 - 06:21 PM

Many apologies, I wasn't sure where to post my question.

Here is the log.

Malwarebytes' Anti-Malware 1.40
Database version: 2680
Windows 6.0.6001 Service Pack 1

8/22/2009 4:20:36 PM
mbam-log-2009-08-22 (16-20-36).txt

Scan type: Quick Scan
Objects scanned: 117131
Time elapsed: 4 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{aeb636d6-ce03-4c89-9677-964a63322e2d} (Adware.AskPop) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c7928cf3-9532-44c0-b8cc-98e2c11ecc9f} (Adware.AskPop) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{c7928cf3-9532-44c0-b8cc-98e2c11ecc9f} (Adware.AskPop) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#5 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:11:24 PM

Posted 22 August 2009 - 08:07 PM

Let's get a good look at what's running on that computer.

Please download and run Processexplorer

http://technet.microsoft.com/en-us/sysinte...s/bb896653.aspx

Under file and save as, create a log and post here

copy and paste into a reply
Chewy

No. Try not. Do... or do not. There is no try.

#6 kbud4

kbud4
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:24 AM

Posted 22 August 2009 - 08:18 PM

Process PID CPU Description Company Name
System Idle Process 0 75.20
Interrupts n/a 0.38 Hardware Interrupts
DPCs n/a 0.38 Deferred Procedure Calls
System 4 0.76
smss.exe 456
csrss.exe 548
wininit.exe 600
services.exe 656 0.38
svchost.exe 864 0.76
mobsync.exe 3184 Microsoft Sync Center Microsoft Corporation
WmiPrvSE.exe 3000
svchost.exe 924
svchost.exe 968
Ati2evxx.exe 200
Ati2evxx.exe 1272
svchost.exe 280
audiodg.exe 448
svchost.exe 404 0.76
dwm.exe 1532 2.26 Desktop Window Manager Microsoft Corporation
WUDFHost.exe 2920
svchost.exe 464
taskeng.exe 1828
mHotkey.exe 1888
ChiFuncExt.exe 1476
taskeng.exe 1900 Task Scheduler Engine Microsoft Corporation
taskeng.exe 1028
SLsvc.exe 1036
svchost.exe 1080
svchost.exe 1612
spoolsv.exe 1788
svchost.exe 1812
agr64svc.exe 1992
AppleMobileDeviceService.exe 1552
mDNSResponder.exe 1224
ETService.exe 652
LinksysUpdater.exe 2208
java.exe 2348
McciCMService.exe 2256
MDM.EXE 2280
svchost.exe 2360
RichVideo.exe 2372
svchost.exe 2396
ViewpointService.exe 2440
svchost.exe 2516
SearchIndexer.exe 2556 1.51
SearchProtocolHost.exe 5048 4.14
SearchFilterHost.exe 2700
YahooAUService.exe 2612
rundll32.exe 2668 0.38
nmsrvc.exe 2732 0.38
iPodService.exe 2628
wmpnetwk.exe 4228
TrustedInstaller.exe 3708
PresentationFontCache.exe 2012
lsass.exe 668
lsm.exe 676
csrss.exe 620
winlogon.exe 784
explorer.exe 1564 0.38 Windows Explorer Microsoft Corporation
MSASCui.exe 3400 Windows Defender User Interface Microsoft Corporation
RAVCpl64.exe 3416 HD Audio Control Panel Realtek Semiconductor
pino.exe 3540 Pino Peering Portal, Inc.
bigfix.exe 3644 0.75 BigFix Client Application BigFix Inc.
LaunchU3.exe 3784
wmpnscfg.exe 4184 Windows Media Player Network Sharing Service Configuration Application Microsoft Corporation
Linksys EasyLink Advisor.exe 3468 3.76 Linksys Easylink Advisor - Main Linksys LLC - A Division of Cisco Systems
procexp.exe 4620 Sysinternals Process Explorer Sysinternals - www.sysinternals.com
procexp64.exe 2644 2.64 Sysinternals Process Explorer Sysinternals - www.sysinternals.com
jusched.exe 3716 Java™ Platform SE binary Sun Microsystems, Inc.
MOM.exe 3960 Catalyst Control Center: Monitoring program Advanced Micro Devices Inc.
CNYHKey.exe 4028 Creative Multimedia Driver Creative
ButtonMonitor.exe 4048 0.38 ButtonMonitor IOI
AnduP2P.exe 3232 AnduP2P Hanarodream.corp.
iTunesHelper.exe 3300 iTunesHelper Module Apple Inc.
nmctxth.exe 3260 Pure Networks Platform Assistant Cisco Systems, Inc.
ModLEDKey.exe 4416 AccessL Chicony
ieuser.exe 2804 Internet Explorer Microsoft Corporation
GoogleToolbarUser.exe 4680 Google Toolbar Broker Google Inc.
iexplore.exe 520 1.13 Internet Explorer Microsoft Corporation

#7 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:11:24 PM

Posted 22 August 2009 - 08:39 PM

We do not analyze HJT logs here in this forum, I doubt you even have any serious infections, however I see some
iffy programs installed that might cause similar problems.

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.
More information with a screenshot, can be found here.
Chewy

No. Try not. Do... or do not. There is no try.

#8 kbud4

kbud4
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:24 AM

Posted 22 August 2009 - 08:52 PM

P2P ӱ
Action Replay Code Manager
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.2
AIM 6
Apple Software Update
AT&T Toolbar
ATT-PRT22
BigFix
Catalyst Control Center - Branding
Compatibility Pack for the 2007 Office system
CyberLink LabelPrint
CyberLink MediaShow
CyberLink MediaShow
CyberLink Power2Go
CyberLink Power2Go
Gateway Games
Gateway Recovery Management
GearDrvs
GOM Audio
GOM Player
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Memories Disc
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
Java™ 6 Update 3
Java™ 6 Update 5
KB0817 Keyboard Driver
Linksys EasyLink Advisor
Linksys EasyLink Advisor
Malwarebytes' Anti-Malware
Marvell Miniport Driver
Microsoft Money Essentials
Microsoft Money Shared Libraries
Microsoft Office Professional Edition 2003
Microsoft Office Suite Activation Assistant
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
QuickTime
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Smart Copy 3.1.1.1
U3Launcher
Viewpoint Media Player
WebEx Support Manager for Internet Explorer
Yahoo! Install Manager
Yahoo! Software Update
Yahoo! Toolbar

#9 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:11:24 PM

Posted 22 August 2009 - 09:02 PM

I would suggest uninstalling the Chinese P2P software and some of the toolbars

There are several other programs you don't need and might possibly cause conflicts

Is this a gateway computer?

BigFix is another one to kill
Chewy

No. Try not. Do... or do not. There is no try.

#10 kbud4

kbud4
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:24 AM

Posted 22 August 2009 - 09:13 PM

Yeah, this is a Gateway computer. Why do you ask?

Do you have any antivirus software you recommend? The Norton 360 trial ran out a while ago on this computer.

Thanks for all the help! I really appreciate it.

#11 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:11:24 PM

Posted 22 August 2009 - 09:39 PM

Download Avira free, install it and update it and run a scan

http://download.cnet.com/Avira-AntiVir-Per...4-10322935.html

Edited by DaChew, 22 August 2009 - 09:39 PM.

Chewy

No. Try not. Do... or do not. There is no try.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users