Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Security 2010 and AntiMalware


  • Please log in to reply
24 replies to this topic

#1 lethalaffairs

lethalaffairs

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:08:16 PM

Posted 15 December 2009 - 06:30 PM

Here is the DDS log you wanted.

Attached Files

  • Attached File  DDS.txt   8.82KB   19 downloads


BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,462 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:16 PM

Posted 16 December 2009 - 04:11 PM

Download ComboFix from here

* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal.


====================================================


Double click on combofix.exe & follow the prompts.


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

#3 lethalaffairs

lethalaffairs
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:08:16 PM

Posted 03 January 2010 - 07:30 PM

Here is the ComboFix.txt

Attached Files



#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,462 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:16 PM

Posted 03 January 2010 - 08:13 PM

Lot's of malware removed. Few leftovers:

* Open notepad - don't use any other texteditor than notepad or the script will fail.
Copy/paste the text in the quotebox below into notepad:

File::
C:\s98vz7nf.exe
c:\windows\system32\config\systemprofile\prf6543.tmp
c:\windows\{DA550BF1-5AE0-4007-B9B0-C9FF520E8090}.dat
c:\windows\system32\bddcbfc_z.dll
c:\windows\system32\{1BADA6CB-9766-4CB8-9EA3-38879756A4DF}.dat
c:\windows\system32\config\systemprofile\Application Data\Microsoft\Protect\S-1-5-21-4252620589-2404857471-2177424868-1003\prf6E6E.tmp
c:\windows\system32\config\systemprofile\Application Data\Microsoft\Protect\S-1-5-21-4252620589-2404857471-2177424868-1003\prf6E6F.tmp
c:\windows\system32\config\systemprofile\Application Data\Microsoft\Protect\S-1-5-21-4252620589-2404857471-2177424868-1003\prf6E70.tmp
c:\windows\system32\config\systemprofile\Application Data\Microsoft\Protect\S-1-5-21-4252620589-2404857471-2177424868-1003\prf6E72.tmp


Save this as the txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply[/b].

#5 lethalaffairs

lethalaffairs
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:08:16 PM

Posted 04 January 2010 - 07:10 PM

Here is the ComboFix.txt with that script added.

I forgot to mention that after running ComboFix the first time the internet connection was restored in safe mode.

Normal mode still took forever for the desktop icons to even appear and was pretty much unresponsive. Also the taskbar was just a solid blue color.

Attached Files



#6 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,462 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:16 PM

Posted 05 January 2010 - 01:13 PM

Download GMER Rootkit Scanner from here.
  • Extract the contents of the zipped file to the desktop.
  • Double click GMER.exe and if you are asked if you want to allow gmer.sys driver to load, please allow it to do so.
  • If it gives you a warning about rootkit activity and asks if you want to run scan, please click on NO.
  • In the right panel you will see several boxes that have been checked. Uncheck the following the following checkboxes:
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Now click on the Scan button and wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in ark.txt and save it to your desktop.
Now please post the ark.txt log as a reply to this topic.

#7 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,462 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:16 PM

Posted 05 January 2010 - 01:19 PM

Also do this:

* Open notepad - don't use any other texteditor than notepad or the script will fail.
Copy/paste the text in the quotebox below into notepad:

FMove::
c:\windows\system32\dllcache\mspmsnsv.dll | c:\windows\system32\mspmsnsv.dll

Driver::
mrtRate


Save this as the txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply[/b].

#8 lethalaffairs

lethalaffairs
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:08:16 PM

Posted 06 January 2010 - 11:59 AM

I ran GMER and ComboFix again. Here are the txt files.

Attached Files



#9 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,462 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:16 PM

Posted 06 January 2010 - 06:13 PM

Looks good. How is the computer feeling to you?

#10 lethalaffairs

lethalaffairs
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:08:16 PM

Posted 06 January 2010 - 06:30 PM

Safe mode seems to work fine. When I log in to normal mode there is a black screen for about 5 minutes and then the taskbar finally appears. Then a few minutes later the desktop icons appear.
There are no fake security alerts or anything like that but its pretty much unresponsive.
I have been running everything in safe mode so far.

#11 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,462 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:16 PM

Posted 07 January 2010 - 04:43 PM

You logs look clean to me and someone else who I asked to double-check in case I missed something. One of the things that was noticed is that you are running SAS, ThreatFire, and PCTools and we are wondering if they are causing the delay in boottime. Do you want to disable those or uninstall and reboot to see if that helps?

#12 lethalaffairs

lethalaffairs
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:08:16 PM

Posted 08 January 2010 - 12:00 AM

I uninstalled ThreatFire and Spyware Doctor. It still takes about 15 minutes for the desktop to load to the point where you can click on anything.
Its so unresponsive in normal mode that I can't do anything.
All of those scans with ComboFix and GMER were ran in safe mode. Safe mode seems to work fine but when I try to boot into normal mode it takes forever and you can't do anything. No matter what you click on it takes 5-10 minutes for anything to happen.

#13 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,462 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:16 PM

Posted 08 January 2010 - 10:22 AM

I am just not seeing anything else. Let's try disabling all startups in case its one of those conflicting and causing the delay.

Please click on start, then run, and type msconfig and then press enter. When the window opens click on the startup tab and uncheck every entry. Then press ok until you are out of the program. When it asks to reboot, allow it to do so.

Does disabling all of the startups make the desktop show faster?

#14 lethalaffairs

lethalaffairs
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:08:16 PM

Posted 08 January 2010 - 12:45 PM

I disabled everything and it didn't help at all. It still starts up with just a completely black screen for 5 minutes with only the cursor on the screen. Then after 5 minutes the taskbar appears and a few minutes later the icons finally appear on the desktop.
It still doesn't do anything when you click on something or its going so slow that it takes minutes when it should just open something in a few seconds.

I have never seen this computer so slow. It would boot right up before.
There are no pop-ups or anything like that but its so unbelievably slow that its not even usable.

#15 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,462 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:16 PM

Posted 12 January 2010 - 02:28 PM

Sorry, I missed this notification. At this point, I do not see anything at all wrong with the computer. Have you checked in Event Viewer? Have you been getting any error, warning, or critical messages in there?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users