Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Personal Defender virus


  • This topic is locked This topic is locked
7 replies to this topic

#1 kentzebra

kentzebra

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:53 AM

Posted 06 May 2010 - 09:17 PM

Tried all kinds of removal programs, but can't get rid of Personal Defender. Will not let any of my removal programs or AVG run unless i use safe mode. Huge amounts of pop-ups and fake scans keep coming up and computer real slow! Changes settings and need help! Info below.

DDS (Ver_10-03-17.01) - NTFSx86 NETWORK
Run by kent at 21:05:09.44 on Thu 05/06/2010
Internet Explorer: 7.0.6002.18005
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.894.462 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\kent\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~3.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; GTB6.4; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; Zune 4.0; .NET CLR 3.0.30729)" -"http://www.miniclip.com/games/motocross-country-fever/en/"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [Skytel] Skytel.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~3.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; GTB6.3; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; Zune 4.0; .NET CLR 3.0.30729)" -"http://www.miniclip.com/games/sewer-run/en/"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hp digital imaging monitor.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
AppInit_DLLs: c:\progra~1\google\google~1\goec62~1.dll,avgrsstx.dll c:\progra~1\google\google~1\GoogleDesktopNetwork3.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-1-29 242896]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-8-7 216200]
S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-1-23 29512]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632]
S2 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2010-3-27 1872320]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-3-17 916760]
S2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-17 308064]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-4 135664]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-5-21 21504]
S3 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-9-3 30192]
S3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]
S3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\drivers\silabenm.sys [2008-12-8 17920]
S3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\drivers\silabser.sys [2008-12-18 62592]

=============== Created Last 30 ================

2010-05-07 01:02:02 0 ----a-w- c:\users\kent\defogger_reenable
2010-04-30 16:07:30 0 ----a-w- c:\windows\system32\setup.exe
2010-04-30 01:33:28 0 d-----w- c:\program files\Trend Micro
2010-04-29 11:21:46 0 dc-h--w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-04-29 00:18:20 691 ----a-w- c:\users\kent\appdata\roaming\GetValue.vbs
2010-04-29 00:18:20 35 ----a-w- c:\users\kent\appdata\roaming\SetValue.bat
2010-04-28 16:29:40 0 d-----w- c:\users\kent\appdata\roaming\Malwarebytes
2010-04-28 16:29:33 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-28 16:29:32 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-28 16:29:32 0 d-----w- c:\programdata\Malwarebytes
2010-04-28 16:29:31 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-27 23:37:28 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-04-27 23:26:44 0 d-----w- c:\program files\SUPERAntiSpyware
2010-04-27 23:26:40 0 d-----w- c:\users\kent\appdata\roaming\SUPERAntiSpyware.com
2010-04-27 23:19:42 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-04-27 23:16:44 0 d-----w- c:\program files\common files\PDFUninstall
2010-04-27 23:16:24 0 d-----w- c:\program files\PDF
2010-04-25 01:29:46 0 d-----w- c:\program files\Governor of Poker
2010-04-14 23:00:00 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-04-14 22:59:55 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-14 22:59:54 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-14 22:59:53 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-14 22:59:31 0 d-----w- c:\program files\Bonjour
2010-04-14 22:58:42 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-14 22:58:42 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-14 22:58:34 62464 ----a-w- c:\windows\system32\l3codeca.acm
2010-04-14 22:58:34 220672 ----a-w- c:\windows\system32\l3codecp.acm
2010-04-14 22:58:10 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-14 22:58:10 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-14 22:58:10 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-14 03:17:27 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-14 03:17:21 98304 ----a-w- c:\windows\system32\cabview.dll
2010-04-12 20:51:27 0 d-----w- c:\programdata\Office Genuine Advantage
2010-04-07 20:25:00 54 ----a-w- c:\windows\system32\rp_stats.dat
2010-04-07 20:24:59 39 ----a-w- c:\windows\system32\rp_rules.dat

==================== Find3M ====================

2010-05-02 16:51:09 2412 ----a-w- c:\windows\system32\tmp.reg
2010-04-22 13:13:21 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-22 02:28:36 9572 ----a-w- c:\users\kent\appdata\roaming\wklnhst.dat
2010-03-17 12:43:48 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-17 12:42:32 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-09 16:25:21 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-09 15:42:17 834048 ----a-w- c:\windows\system32\wininet.dll
2010-02-21 15:43:51 51200 ----a-w- c:\windows\inf\infpub.dat
2010-02-21 15:43:51 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-02-21 15:43:49 86016 ----a-w- c:\windows\inf\infstor.dat
2010-02-20 23:06:41 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:05:14 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-02-06 16:50:38 189488 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-11-24 08:29:00 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-05-23 04:29:59 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-12-16 01:08:04 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-12-16 01:08:04 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-12-16 01:08:04 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat

============= FINISH: 21:06:03.17 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 9/3/2007 21:35:43
System Uptime: 5/6/2010 19:56:30 (2 hours ago)

Motherboard: ELITEGROUP | | MCP61SM-GM
Processor: AMD Athlon™ 64 Processor 3800+ | Socket AM2 | 2410/201mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 139 GiB total, 69.629 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 3.895 GiB free.
E: is CDROM (CDFS)
F: is Removable
G: is Removable
H: is Removable
I: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================


==== Installed Programs ======================

3DVIA player 4.1
3ivx MPEG-4 5.0.3 (remove only)
a-squared Free 4.5
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
Ad-Aware
Adobe AIR
Adobe Reader 8.1.3
Adobe Shockwave Player 11
Advanced SystemCare 3
Apple Mobile Device Support
Apple Software Update
AVG Free 9.0
Backyard Baseball 2003
BigFix
Bonjour
Browser Address Error Redirector
BufferChm
Choice Guard
CustomerResearchQFolder
D1400
D1400_Help
DeviceDiscovery
DeviceManagementQFolder
Digital Media Reader
Disney Toontown Online
dj_sf_ProductContext
dj_sf_software
dj_sf_software_req
DVD Decrypter (Remove Only)
eMachines Connect
eMachines Game Console
eMachines Recovery Center Installer
eSupportQFolder
FlipShare
Google Desktop
Google Toolbar for Internet Explorer
Google Update Helper
Governor of Poker
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 8.0
HP Deskjet 8.0 Software
HP Imaging Device Functions 8.0
HP Photosmart Essential
HP Product Assistant
HP Solution Center 8.0
HP Update
HPProductAssistant
iTunes
Java Auto Updater
Java™ 6 Update 18
Java™ SE Runtime Environment 6 Update 1
Kool Kart Racers
LEGO Software Demo
LEGO® Batman™
Lemony Snicket's A Series of Unfortunate Events
LimeWire 4.18.3
Malwarebytes' Anti-Malware
MarketResearch
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Works
Microsoft WSE 2.0 SP3 Runtime
Move Media Player
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nancy Drew: Secret of the Scarlet Hand
NetJet 2.0
NVIDIA Drivers
OGA Notifier 2.0.0048.0
OpenAL
Peak Performance Snowboarding
Personal Defender
Pocket DVD Wizard
Power2Go 5.0
PunkBuster Services
Quake Live Internet Explorer Plugin
QuickTime
Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
Scooby-Doo 2 - Monsters Unleashed
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Windows Media Encoder (KB954156)
Soft Data Fax Modem with SmartCP
SolutionCenter
Spare Backup
Spongebob Pizza toss
SpongeBob SquarePants Obstacle Odyssey 2
SpongeBob Squarepants Screen Saver
Status
Super Soaker Water Fight
SUPERAntiSpyware Free Edition
THE GAME OF LIFE - SpongeBob SquarePants Edition
Timmy Roach Rampage
Toolbox
TrayApp
Unity Web Player
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB981715)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 (KB974561)
Update for Microsoft Office Word 2007 Help (KB963665)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebReg
Whiz Kid Learning System - Scooby-Doo
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Encoder 9 Series
WinZip 14.0
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Zune
Zune Language Pack (DE)
Zune Language Pack (ES)
Zune Language Pack (FR)
Zune Language Pack (IT)

==== End Of File ===========================

Edited by Budapest, 06 May 2010 - 09:30 PM.
Moved from Vista ~BP


BC AdBot (Login to Remove)

 


#2 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,702 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:04:53 AM

Posted 09 May 2010 - 05:33 AM

Hello, and welcome.gif to the Malware Removal forum! My online alias is Blade Zephon, or Blade for short, and I will be assisting you with your malware issues!

If you have since resolved the original problem you were having, we would appreciate you letting us know.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

Before we begin cleaning your machine, I'd like to lay out some guidelines for us to follow while we are working together.
  • I will be assisting you with your malware issues. This may or may not resolve other problems you are having with your computer. If you are still having problems after your machine has been determined clean, I will be glad to direct you to the proper forum for assistance.
  • Even if things appear better, that does not mean we are finished. Please continue to follow my instructions until I give you the all clean. Absence of symptoms does not mean that all the malware has been removed. If a piece of the infection is left, it can regenerate and reinfect your machine.
  • Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • I ask that you please refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. If you act independently it will cause changes to your system that I will not be aware of, which will make the process of cleaning the machine a much slower and more difficult process. Additionally, some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you are unsure or confused about any instructions I give you, you should ask me to clarify before doing anything. Additionally, if you run into any problems while carrying out instructions, you should STOP and reply back here explaining what happened.
  • After 5 days if a topic is not replied to we assume it has been abandoned and it is closed. If you need additional time, that is perfectly alright; you just need to let us know beforehand. smile.gif
***************************************************

Please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

***************************************************

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.log" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and paste its contents in your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
~Blade

In your next reply, please include the following:
GMER.log

Edited by Blade Zephon, 09 May 2010 - 05:38 AM.

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#3 kentzebra

kentzebra
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:53 AM

Posted 13 May 2010 - 07:06 PM

Attached File  GMER.log   607bytes   14 downloadswon't let me run gmer in normal mode. ran in safe mode, but it didn't seem so run long and then it would just stop. enclosing copy of gGMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-13 19:59:50
Windows 6.0.6002 Service Pack 2
Running: fc1jq578.exe; Driver: C:\Users\kent\AppData\Local\Temp\kxldqpow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----
mer.log
tried to make sure avg was off, but can't access it even in safe mode. can't rely access anything. sorry i'm so illiteret. thanks! kentzebra

#4 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,702 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:04:53 AM

Posted 13 May 2010 - 11:07 PM

Hello kentzebra

Download Combofix from any of the links below but rename it to renamed.exe before saving it to your desktop.


Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • VERY IMPORTANT: Disable all running antivirus, antimalware and firewall programs as they may interfere with the proper running of ComboFix. Click on this link to see a list of programs that should be disabled. NOTE: This list is not all-inclusive. If yours is not listed and you do not know how to disable it, please ask.
  • Double click on renamed.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


~Blade


In your next reply, please include the following:
ComboFix Log

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#5 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,702 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:04:53 AM

Posted 17 May 2010 - 08:28 PM

Are you still there?

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#6 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,702 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:04:53 AM

Posted 19 May 2010 - 06:14 PM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#7 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,702 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:04:53 AM

Posted 20 May 2010 - 11:17 PM

Topic reopened. . . please continue with the above instructions

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#8 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,702 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:04:53 AM

Posted 01 June 2010 - 06:30 PM

Due to lack of feedback, this topic is now Closed

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users