Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Security Center Virus - I think - HELP!


  • This topic is locked This topic is locked
8 replies to this topic

#1 jcameronk

jcameronk

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:42 AM

Posted 13 September 2009 - 07:39 PM

Let me start by explaining symptoms. Computer is a Dell Inspiron 6400 with Vista Basic.
The computer went stupid on my yesterday afternoon. A bunch of processes stopped responding at the same time and the computer said it had to restart. It restarted by it self and then would not start.

I can get the computer to start in Safe Mode w/ networking. Actually it doesn't even start right with that, i have to go to the task manager and manually start explorer.exe. Explains the post i guess. I cannot get malwarebytes or any anti virus software to run. I did run adaware. it got some stuff but it did not help at all. I took the thing to Best Buy's Geek Squad, they wanted $200 bucks. NO WAY... so this is my last ditch effort to fix before i get a new computer. I purchaced a cheap external hard drive and have copied all critical info off the computer.

When i try to run any anti malware software it says i don't have permissions. I tried to rename malwarebytes and said i didn't have permissions either. I've tried the right click and run as admin also w/ same results. I'm going to work my way through the prep guide and post below:


DDS.SCR just puts up a black window for a minute then closes. No results to post

RootRepel Log also started and got closed half way through. Now it says i don't have permissions.

I thank you all in advance for any help you can give whatsoever! I will be online for the next couple of hours i wish i could get these logs to work but i'm stuck!

BC AdBot (Login to Remove)

 


#2 jcameronk

jcameronk
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:42 AM

Posted 13 September 2009 - 08:04 PM

I've tried everything i can think of to try to get a log of what is going on with my machine but this malware seems to learn that i'm trying to make a log and blocks the program and takes away permissions to run the program.

I'm i'm totally wasting my time please let me know and i'll give it up also. This is EXTREMELY frustrating!

I've attached a couple of screenshots, cause that's all i've got right now.

Attached Files



#3 jcameronk

jcameronk
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:42 AM

Posted 14 September 2009 - 11:11 PM

Hopefully this helps a bit. Sorry about the impatience earlier: This is a log from a program called RSIT... The only thing i could get to run. Once again sorry for the bumps!

Logfile of random's system information tool 1.06 (written by random/random)
Run by John Kerr at 2009-09-14 23:08:33
Microsoft® Windows Vista™ Home Basic Service Pack 1
System drive C: has 29 GB (27%) free of 109 GB
Total RAM: 2046 MB (61% free)


======Scheduled tasks folder======

C:\Windows\tasks\1-Click Maintenance.job
C:\Windows\tasks\Ad-Aware Update (Weekly).job
C:\Windows\tasks\Google Software Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3633066344-2233239677-1782016164-1007Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3633066344-2233239677-1782016164-1007UA.job
C:\Windows\tasks\User_Feed_Synchronization-{D5369135-FAA9-45D7-BEFD-E70A0B313FF7}.job
C:\Windows\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
C:\Windows\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-CEC4-75A487FD6484}]
MyPoints Toolbar - C:\PROGRA~1\mypoints\mypoints.dll [2008-08-07 1909248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-24 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0BF43445-2F28-4351-9252-17FE6E806AA0}
{A057A204-BACC-4D26-CEC4-75A487FD6484} - MyPoints Toolbar - C:\PROGRA~1\mypoints\mypoints.dll [2008-08-07 1909248]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-05-13 177472]
"SigmatelSysTrayApp"=C:\Windows\sttray.exe [2007-01-12 303104]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-03-08 761947]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]
"PCTAVApp"=C:\Program Files\PC Tools AntiVirus\PCTAV.exe [2009-02-19 1374096]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-07-13 292128]
"17300974"=C:\ProgramData\17300974\17300974 [2009-09-12 56]
"tubuvugug"=c:\windows\system32\nuviyapi.dll,a []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]
""= []
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"Google Update"=C:\Users\John Kerr\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-14 133104]
"AdobeUpdater"=C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [2008-09-26 2356088]
"Protection System"=C:\Program Files\Protection System\psystem.exe -noscan []
"tubuvugug"=c:\windows\system32\nuviyapi.dll,a []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\John Kerr\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-14 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Country VPN.lnk]
C:\Windows\INSTAL~1\{14FCF~1\ICON3E~1.ICO [2008-07-24 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Nikon Monitor.lnk]
C:\PROGRA~1\COMMON~1\Nikon\Monitor\NKMONI~1.EXE [2007-10-18 479232]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
QuickSet.lnk - C:\Windows\Installer\{53A01CC6-14B0-4512-A2E7-10D39BF83DC4}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe

C:\Users\John Kerr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
TimeLeft.lnk - C:\Program Files\TimeLeft3\TimeLeft.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="c:\windows\system32\lamujafi.dll c:\windows\system32\nuviyapi.dll,fofuhiza.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\Windows\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
dakowowuj - {ae2ded7a-53f8-4e57-88a3-3d9c76ed8775} - c:\windows\system32\nuviyapi.dll []
dalubevaz - {9305cd7d-b01e-4123-94ec-f9a3dabe79f8} - c:\windows\system32\nuviyapi.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
tokatiluy - {ae2ded7a-53f8-4e57-88a3-3d9c76ed8775} - c:\windows\system32\nuviyapi.dll []
tokatiluy - {9305cd7d-b01e-4123-94ec-f9a3dabe79f8} - c:\windows\system32\nuviyapi.dll []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
mebagoti.dll
giweruru.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PCTAVSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"legalnoticecaption"=
"legalnoticetext"=
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoSetActiveDesktop"=
"NoActiveDesktopChanges"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Dell\MediaDirect\PCMService.exe"="C:\Program Files\Dell\MediaDirect\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"

======List of files/folders created in the last 1 months======

2009-09-14 23:08:33 ----D---- C:\rsit
2009-09-14 23:08:33 ----D---- C:\Program Files\trend micro
2009-09-14 22:38:08 ----HDC---- C:\ProgramData\{EF63305C-BAD7-4144-9208-D65528260864}
2009-09-14 16:59:34 ----A---- C:\avenger.txt
2009-09-14 16:40:36 ----A---- C:\Windows\system32\CF23611.exe
2009-09-14 16:37:10 ----D---- C:\Program Files\MAW
2009-09-14 16:19:45 ----A---- C:\Windows\system32\CF24029.exe
2009-09-14 16:19:44 ----A---- C:\Windows\system32\swsc.exe
2009-09-14 16:19:21 ----D---- C:\Qoobox
2009-09-14 12:05:10 ----A---- C:\Windows\system32\vetgrglw.txt
2009-09-13 23:24:16 ----D---- C:\Program Files\FileASSASSIN
2009-09-13 19:53:26 ----D---- C:\MGtools
2009-09-12 16:34:16 ----HD---- C:\MRI_PE_TEMP
2009-09-12 16:33:35 ----D---- C:\ProgramData\Geek Squad
2009-09-12 13:15:35 ----A---- C:\Windows\system32\41.exe
2009-09-12 13:12:54 ----A---- C:\Windows\system32\tftp.msc
2009-09-12 13:12:00 ----ASH---- C:\Windows\system32\winupdate.exe
2009-09-12 13:11:57 ----D---- C:\ProgramData\17300974
2009-09-12 12:32:21 ----A---- C:\Windows\system32\wscsvc32.exe
2009-09-12 12:05:08 ----A---- C:\lriaxaso.exe
2009-09-12 12:05:06 ----A---- C:\qcmqsqna.exe
2009-09-12 12:05:03 ----A---- C:\uskwdhpq.exe
2009-09-10 07:00:13 ----A---- C:\Windows\system32\netiohlp.dll
2009-09-10 07:00:12 ----A---- C:\Windows\system32\TCPSVCS.EXE
2009-09-10 07:00:12 ----A---- C:\Windows\system32\ROUTE.EXE
2009-09-10 07:00:12 ----A---- C:\Windows\system32\NETSTAT.EXE
2009-09-10 07:00:12 ----A---- C:\Windows\system32\MRINFO.EXE
2009-09-10 07:00:12 ----A---- C:\Windows\system32\HOSTNAME.EXE
2009-09-10 07:00:12 ----A---- C:\Windows\system32\finger.exe
2009-09-10 07:00:12 ----A---- C:\Windows\system32\ARP.EXE
2009-09-10 07:00:11 ----A---- C:\Windows\system32\netevent.dll
2009-09-10 06:59:49 ----A---- C:\Windows\system32\wlanmsm.dll
2009-09-10 06:59:49 ----A---- C:\Windows\system32\L2SecHC.dll
2009-09-10 06:59:48 ----A---- C:\Windows\system32\wlansvc.dll
2009-09-10 06:59:48 ----A---- C:\Windows\system32\wlansec.dll
2009-09-10 06:59:44 ----A---- C:\Windows\system32\WMVCORE.DLL
2009-09-10 06:59:44 ----A---- C:\Windows\system32\mf.dll
2009-09-10 06:59:39 ----A---- C:\Windows\system32\jscript.dll
2009-09-02 18:51:33 ----A---- C:\Windows\system32\Apphlpdm.dll
2009-09-02 18:51:32 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2009-09-01 16:51:30 ----D---- C:\SmartOnLine
2009-08-26 03:01:19 ----A---- C:\Windows\system32\tzres.dll
2009-08-23 03:01:45 ----A---- C:\Windows\system32\infocardapi.dll
2009-08-23 03:01:44 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2009-08-23 03:01:44 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-08-23 03:01:44 ----A---- C:\Windows\system32\icardres.dll
2009-08-23 03:01:44 ----A---- C:\Windows\system32\icardagt.exe
2009-08-23 03:01:41 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2009-08-23 03:01:39 ----A---- C:\Windows\system32\PresentationHost.exe

======List of files/folders modified in the last 1 months======

2009-09-14 23:08:33 ----RD---- C:\Program Files
2009-09-14 23:08:27 ----D---- C:\Windows\Temp
2009-09-14 23:08:27 ----D---- C:\Windows\Prefetch
2009-09-14 22:59:39 ----D---- C:\Windows\System32
2009-09-14 22:59:39 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-09-14 22:59:38 ----D---- C:\Windows\inf
2009-09-14 22:57:29 ----D---- C:\Windows\system32\drivers
2009-09-14 22:57:29 ----A---- C:\Windows\ntbtlog.txt
2009-09-14 22:57:17 ----SD---- C:\Windows\Tasks
2009-09-14 22:55:18 ----D---- C:\Program Files\PC Tools AntiVirus
2009-09-14 22:54:19 ----D---- C:\Windows
2009-09-14 22:42:39 ----D---- C:\Windows\Logs
2009-09-14 22:41:09 ----D---- C:\Program Files\Mozilla Firefox
2009-09-14 22:39:24 ----D---- C:\Windows\system32\Tasks
2009-09-14 22:39:07 ----DC---- C:\Windows\system32\DRVSTORE
2009-09-14 22:39:07 ----D---- C:\Windows\system32\catroot
2009-09-14 22:38:08 ----SHD---- C:\Windows\Installer
2009-09-14 22:38:08 ----HD---- C:\ProgramData
2009-09-14 22:37:57 ----D---- C:\Windows\winsxs
2009-09-14 22:37:26 ----D---- C:\Program File

Hello jcameronk,

We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the HJT Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.

Please be patient. It may take a while to get a response but your log will be reviewed and answered as soon as possible.

Thank you for understanding.

Regards,

The weatherman
(Moderator)

Edited by The weatherman, 16 September 2009 - 06:01 PM.


#4 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,792 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:08:42 AM

Posted 29 September 2009 - 12:52 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

animinionsmalltext.gif
If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!


#5 jcameronk

jcameronk
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:42 AM

Posted 30 September 2009 - 09:45 PM

Thanks so much for the reply. I think I may have fixed the problem, but i'm not 100% sure. I'd really like to make sure that my computer is not still infected with anything so I may not be an identity theft victim or anything of that sort. I ran the scan as instructed, below are the results. Please let me know if you need anything else.

Thanks again!


DDS (Ver_09-09-29.01) - NTFSx86
Run by John Kerr at 21:41:16.23 on Wed 09/30/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_05
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.2046.1047 [GMT -5:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Client Services\Country VPN\cvpnd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\sttray.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\John Kerr\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Bar =
uStart Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=2070107
mDefault_Page_URL = hxxp://www.dell.com
mStart Page = hxxp://www.dell.com
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\16.7.2.11\IPSBHO.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: MyPoints Toolbar: {a057a204-bacc-4d26-cec4-75a487fd6484} - c:\progra~1\mypoints\mypoints.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: MyPoints Toolbar: {a057a204-bacc-4d26-cec4-75a487fd6484} - c:\progra~1\mypoints\mypoints.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [<NO NAME>]
uRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [PopRock] c:\windows\temp\b.exe
StartupFolder: c:\users\johnke~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\ccc.lnk - c:\program files\ati technologies\ati.ace\core-static\CCC.exe
StartupFolder: c:\users\johnke~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\users\johnke~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\timeleft.lnk - c:\program files\timeleft3\TimeLeft.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\windows\installer\{53a01cc6-14b0-4512-a2e7-10d39bf83dc4}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\progra~1\java\jre16~3.0_0\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
AppInit_DLLs: fofuhiza.dll
SSODL: dakowowuj - {ae2ded7a-53f8-4e57-88a3-3d9c76ed8775} - No File
SSODL: dalubevaz - {9305cd7d-b01e-4123-94ec-f9a3dabe79f8} - No File
STS: {ae2ded7a-53f8-4e57-88a3-3d9c76ed8775} - No File
STS: {9305cd7d-b01e-4123-94ec-f9a3dabe79f8} - No File
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli mebagoti.dll giweruru.dll fofuhiza.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\johnke~1\appdata\roaming\mozilla\firefox\profiles\fzz8iivf.default\
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPSFDMGR.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\users\john kerr\appdata\local\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\users\john kerr\appdata\roaming\mozilla\firefox\profiles\fzz8iivf.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1007020.00b\SymEFA.sys [2009-9-16 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nav\1007020.00b\BHDrvx86.sys [2009-9-16 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nav\1007020.00b\cchpx86.sys [2009-9-16 482432]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090916.003\IDSvix86.sys [2009-9-16 342576]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-9-4 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-9-4 74480]
R2 Norton AntiVirus;Norton AntiVirus;c:\program files\norton antivirus\engine\16.7.2.11\ccSvcHst.exe [2009-9-16 117640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-9-20 102448]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\system32\drivers\nav\1007020.00b\symndisv.sys [2009-9-16 48688]
S2 gupdate1c9c6a134aeff80;Google Update Service (gupdate1c9c6a134aeff80);c:\program files\google\update\GoogleUpdate.exe [2009-4-26 133104]
S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-8-3 3662848]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-9-4 7408]

=============== Created Last 30 ================

2009-09-27 23:07 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-09-27 23:07 26,600 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-09-27 23:05 <DIR> --d----- c:\program files\iPod
2009-09-27 23:05 <DIR> --d----- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-27 23:05 <DIR> --d----- c:\program files\iTunes
2009-09-27 23:05 <DIR> --d----- c:\progra~2\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-20 09:54 25,648 a----r-- c:\windows\system32\drivers\SymIMV.sys
2009-09-17 21:59 69,632 a------- c:\windows\RAUNINST.EXE
2009-09-17 21:59 <DIR> --d----- C:\WESTWOOD
2009-09-17 21:29 116,736 a------- c:\windows\system32\drivers\mcdbus.sys
2009-09-17 21:29 <DIR> --d----- c:\program files\MagicDisc
2009-09-16 21:10 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-16 21:10 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-16 21:10 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-16 17:51 124,976 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-09-16 17:51 7,456 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-09-16 17:51 806 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-09-16 17:50 <DIR> --d----- c:\windows\system32\drivers\NAV
2009-09-16 17:50 <DIR> --d----- c:\program files\Norton AntiVirus
2009-09-16 17:50 <DIR> --d----- c:\programdata\Norton
2009-09-16 17:50 <DIR> --d----- c:\progra~2\Norton
2009-09-16 17:49 <DIR> --d----- c:\programdata\NortonInstaller
2009-09-16 17:49 <DIR> --d----- c:\program files\NortonInstaller
2009-09-16 17:49 <DIR> --d----- c:\progra~2\NortonInstaller
2009-09-16 17:21 <DIR> --dsh--- C:\found.000
2009-09-15 21:46 55,656 a------- c:\windows\system32\drivers\avgntflt.sys
2009-09-15 21:29 <DIR> --d----- c:\users\johnke~1\appdata\roaming\AVG8
2009-09-15 19:42 <DIR> --d----- c:\programdata\SUPERAntiSpyware.com
2009-09-15 19:42 <DIR> --d----- c:\progra~2\SUPERAntiSpyware.com
2009-09-15 19:42 <DIR> --d----- c:\users\johnke~1\appdata\roaming\SUPERAntiSpyware.com
2009-09-15 19:42 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-09-15 19:41 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-09-15 18:13 <DIR> --d----- c:\programdata\Kaspersky Lab Setup Files
2009-09-15 18:13 <DIR> --d----- c:\progra~2\Kaspersky Lab Setup Files
2009-09-15 15:51 <DIR> --d----- c:\users\john kerr\DoctorWeb
2009-09-15 15:27 229,888 a------- c:\windows\PEV.exe
2009-09-15 15:27 161,792 a------- c:\windows\SWREG.exe
2009-09-15 15:27 98,816 a------- c:\windows\sed.exe
2009-09-15 15:25 <DIR> --ds---- C:\Combo-Fix
2009-09-15 15:25 318,976 a------- c:\windows\system32\CF8388.exe
2009-09-15 15:23 318,976 a------- c:\windows\system32\CF13030.exe
2009-09-15 15:04 55,808 a------- c:\windows\system32\eventlog.dll
2009-09-15 14:57 55,808 a------- c:\users\john kerr\eventlog.dll
2009-09-14 23:29 209 a------- c:\windows\system32\rotscxlog.dat
2009-09-14 23:08 <DIR> --d----- c:\program files\trend micro
2009-09-14 16:58 142,286 a------- c:\windows\DUMP3ea4.tmp
2009-09-14 16:40 318,976 a------- c:\windows\system32\CF23611.exe
2009-09-14 16:19 318,976 a------- c:\windows\system32\CF24029.exe
2009-09-13 23:24 <DIR> --d----- c:\program files\FileASSASSIN
2009-09-13 19:53 <DIR> --d----- C:\MGtools
2009-09-13 13:07 73,216 a------- c:\windows\system32\drivers\usbccgp.sys
2009-09-12 16:34 <DIR> --d-h--- C:\MRI_PE_TEMP
2009-09-12 16:33 <DIR> --d----- c:\programdata\Geek Squad
2009-09-12 16:33 <DIR> --d----- c:\progra~2\Geek Squad
2009-09-12 13:15 0 a------- c:\windows\system32\41.exe
2009-09-10 07:00 897,608 a------- c:\windows\system32\drivers\tcpip.sys
2009-09-10 07:00 104,960 a------- c:\windows\system32\netiohlp.dll
2009-09-10 07:00 27,136 a------- c:\windows\system32\NETSTAT.EXE
2009-09-10 07:00 19,968 a------- c:\windows\system32\ARP.EXE
2009-09-10 07:00 17,920 a------- c:\windows\system32\ROUTE.EXE
2009-09-10 07:00 11,264 a------- c:\windows\system32\MRINFO.EXE
2009-09-10 07:00 10,240 a------- c:\windows\system32\finger.exe
2009-09-10 07:00 9,728 a------- c:\windows\system32\TCPSVCS.EXE
2009-09-10 07:00 8,704 a------- c:\windows\system32\HOSTNAME.EXE
2009-09-10 07:00 17,920 a------- c:\windows\system32\netevent.dll
2009-09-10 06:59 2,501,921 a------- c:\windows\system32\wlan.tmf
2009-09-10 06:59 293,376 a------- c:\windows\system32\wlanmsm.dll
2009-09-10 06:59 127,488 a------- c:\windows\system32\L2SecHC.dll
2009-09-10 06:59 513,024 a------- c:\windows\system32\wlansvc.dll
2009-09-10 06:59 302,592 a------- c:\windows\system32\wlansec.dll
2009-09-10 06:59 2,868,224 a------- c:\windows\system32\mf.dll
2009-09-05 01:54 94,208 a------- c:\windows\system32\QuickTimeVR.qtx
2009-09-05 01:54 69,632 a------- c:\windows\system32\QuickTime.qts
2009-09-02 18:51 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-09-02 18:51 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-09-01 16:51 <DIR> --d----- C:\SmartOnLine

==================== Find3M ====================

2009-09-27 22:56 51,200 a------- c:\windows\inf\infpub.dat
2009-09-27 22:56 143,360 a------- c:\windows\inf\infstrng.dat
2009-09-27 22:56 86,016 a------- c:\windows\inf\infstor.dat
2009-09-14 12:05 8 a------- c:\program files\uodjeqg.txt
2009-09-13 18:51 135,014 a------- c:\windows\DUMP93b6.tmp
2009-08-28 07:39 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-08-28 07:38 2,153,984 a------- c:\windows\apppatch\AcGenral.dll
2009-08-28 07:38 541,696 a------- c:\windows\apppatch\AcLayers.dll
2009-08-28 07:38 459,776 a------- c:\windows\apppatch\AcSpecfc.dll
2009-07-18 11:06 827,904 a------- c:\windows\system32\wininet.dll
2009-07-18 11:01 78,336 a------- c:\windows\system32\ieencode.dll
2009-07-18 04:46 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-07-17 09:35 71,680 a------- c:\windows\system32\atl.dll
2009-07-14 08:00 313,344 a------- c:\windows\system32\wmpdxm.dll
2009-07-14 07:59 4,096 a------- c:\windows\system32\dxmasf.dll
2009-07-14 07:58 7,680 a------- c:\windows\system32\spwmp.dll
2009-07-14 05:59 8,147,456 a------- c:\windows\system32\wmploc.DLL
2008-11-10 17:38 20 ----h--- c:\programdata\PKP_DLdu.DAT
2008-11-10 17:38 20 ----h--- c:\progra~2\PKP_DLdu.DAT
2008-10-20 20:24 174 a--sh--- c:\program files\desktop.ini
2008-10-20 20:06 665,600 a------- c:\windows\inf\drvindex.dat
2007-08-26 16:17 112 a------- c:\users\johnke~1\appdata\roaming\wklnhst.dat
2006-11-02 07:39 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:39 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:39 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:39 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 21:42:07.49 ===============

#6 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,792 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:08:42 AM

Posted 30 September 2009 - 10:06 PM

Hello, and :( to the Malware Removal forum! My online alias is Blade Zephon, or Blade for short, and I will be assisting you with your malware issues!

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

Before we begin cleaning your machine, I'd like to lay out some guidelines for us to follow while we are working together.
  • I will be assisting you with your malware issues. This may or may not resolve other problems you are having with your computer. If you are still having problems after your machine has been determined clean, I will be glad to direct you to the proper forum for assistance.
  • Even if things appear better, that does not mean we are finished. Please continue to follow my instructions until I give you the all clean. Absence of symptoms does not mean that all the malware has been removed. If a piece of the infection is left, it can regenerate and reinfect your machine.
  • Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • I ask that you please refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. If you act independently it will cause changes to your system that I will not be aware of, which will make the process of cleaning the machine a much slower and more difficult process. Additionally, some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you are unsure or confused about any instructions I give you, you should ask me to clarify before doing anything. Additionally, if you run into any problems while carrying out instructions, you should STOP and reply back here explaining what happened.
  • After 5 days if a topic is not replied to we assume it has been abandoned and it is closed. If you need additional time, that is perfectly alright; you just need to let us know beforehand. :(
  • As I am in the final stages of training an Expert Coach will also oversee your fix. Your benefit will be two people helping you instead of just one, but responses may be somewhat delayed so please be patient!!!!
Please give me a little time to go through your logs. My instructions will be forthcoming.

***************************************************

In the meantime. . .

I think I may have fixed the problem, but i'm not 100% sure.

I need for you to please list, in chronological order, the steps that you took to resolve this problem. This includes, but is not limited to, any tools you ran. Please go ahead and reply with this information.

~Blade

In your next reply, please include the following:
List of steps taken

animinionsmalltext.gif
If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!


#7 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,792 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:08:42 AM

Posted 02 October 2009 - 03:08 PM

Hello again.

Please note the following:

Your log indicates that you have run ComboFix!

Please note: ComboFix is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert." It is NOT for private use. Please read Combofix's Disclaimer.

Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Since you already ran the tool, I need to see the log it created. Please locate this file C:\Combofix.txt and include its contents in your next reply.

***************************************************

Your logs show that you have been visiting online poker sites with applets installed on your computer. I know that you may use these programs on a regular basis but I think it's important to note that often these kind of programs are installed with other unwanted software, namely spyware or adware. Due to this I strongly suggest that you uninstall these programmes if you do not use them anymore or did not install these programs yourself on purpose.
There are so many online poker games out there these days that it is close to impossible to keep track of whether a program is infected or not. Should you have installed this online poker game on purpose and wish to continue using this, you may ignore this. Should you decide to uninstall the program, then you can do so by following the below steps:
  • Go to Start > Control Panel > Add or Remove Programs.
  • Remove the following poker programs (if they are present):
  • PokerStars

If you are unsure of how to use Add or Remove Programs, the please see this tutorial

~Blade


In your next reply, please include the following:
List of steps already taken (carried over from last post)
ComboFix log

animinionsmalltext.gif
If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!


#8 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,792 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:08:42 AM

Posted 05 October 2009 - 04:05 AM

Hello.

Do you still require assistance? If you have resolved your issue please let us know.

animinionsmalltext.gif
If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!


#9 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:42 PM

Posted 07 October 2009 - 11:49 AM

This thread will now be closed due to lack of activity.

If you should have the same or a new issue, please start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users