Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    Mozilla Removes 23 Firefox Add-Ons That Snooped on Users

Featured Deal: This Free Course Lets You Achieve Digital Transformation for Your Company

Photo

my combofix log

Started by jaremy , Aug 13 2010 12:29 PM

  • This topic is locked This topic is locked
3 replies to this topic

#1 jaremy

jaremy

  • Members
  • 2 posts
  • OFFLINE
    •  
  • Local time:09:31 PM

Posted 13 August 2010 - 12:29 PM

i've been having quite a few problems with my laptop lately. below is my ComboFix log, please help!

ComboFix 10-08-12.03 - Jaremy 13/08/2010 11:49:13.1.1 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.2.1033.18.3002.1900 [GMT -5:00]
Running from: c:\users\Jaremy\Downloads\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Jaremy\AppData\Local\{9CBEF342-CF72-4B80-BF56-D679CC843846}
c:\users\Jaremy\AppData\Local\{9CBEF342-CF72-4B80-BF56-D679CC843846}\chrome.manifest
c:\users\Jaremy\AppData\Local\{9CBEF342-CF72-4B80-BF56-D679CC843846}\chrome\content\_cfg.js
c:\users\Jaremy\AppData\Local\{9CBEF342-CF72-4B80-BF56-D679CC843846}\chrome\content\overlay.xul
c:\users\Jaremy\AppData\Local\{9CBEF342-CF72-4B80-BF56-D679CC843846}\install.rdf
c:\users\Jaremy\AppData\Local\uxuhilofejinur.dll
c:\users\Jaremy\AppData\Roaming\avdrn.dat

.
((((((((((((((((((((((((( Files Created from 2010-07-13 to 2010-08-13 )))))))))))))))))))))))))))))))
.

2010-08-13 16:56 . 2010-08-13 16:58 -------- d-----w- c:\users\Jaremy\AppData\Local\temp
2010-08-13 16:56 . 2010-08-13 16:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-13 05:25 . 2010-08-13 10:50 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-08-13 05:25 . 2010-08-13 05:25 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-08-08 16:34 . 2010-08-08 16:34 -------- d-----w- c:\programdata\PrevxCSI
2010-07-26 15:56 . 2010-07-26 16:56 -------- d-----w- c:\programdata\STOPzilla!
2010-07-24 00:02 . 2010-07-24 00:02 -------- d-----w- c:\programdata\WindowsSearch
2010-07-23 17:16 . 2010-07-23 17:17 -------- d-----w- c:\program files\iPod
2010-07-23 17:16 . 2010-07-23 17:17 -------- d-----w- c:\program files\iTunes
2010-07-20 17:10 . 2010-08-13 15:42 120 ----a-w- c:\users\Jaremy\AppData\Local\Dzaganejo.dat
2010-07-20 17:10 . 2010-08-13 05:02 0 ----a-w- c:\users\Jaremy\AppData\Local\Gpaquwaqiqamala.bin
2010-07-20 17:08 . 2010-07-20 17:08 -------- d-----w- c:\users\Jaremy\AppData\Roaming\52E2EC57EC20CFCEAE7E6567E6850BFE
2010-07-20 06:01 . 2010-07-20 06:40 -------- d-----w- C:\Music

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-10 01:38 . 2010-06-19 05:12 -------- d-----w- c:\users\Jaremy\AppData\Roaming\Azureus
2010-08-06 21:32 . 2009-10-13 16:59 1 ----a-w- c:\users\Jaremy\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-08-02 06:32 . 2010-08-02 06:32 114176 --sha-r- c:\users\Jaremy\AppData\Roaming\notepadb.dll
2010-08-02 06:32 . 2010-08-02 06:32 114176 --sha-r- c:\users\Jaremy\AppData\Roaming\notepadb.dll
2010-07-31 21:18 . 2010-06-16 02:26 680 ----a-w- c:\users\Jaremy\AppData\Local\d3d9caps.dat
2010-07-26 16:05 . 2010-07-26 16:04 968 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2010-07-23 17:16 . 2009-10-21 03:04 -------- d-----w- c:\program files\Common Files\Apple
2010-07-23 17:13 . 2010-07-23 17:13 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-07-11 16:42 . 2010-07-11 16:42 12 ----a-w- c:\users\Jaremy\AppData\Roaming\uzkrij.dat
2010-07-09 01:04 . 2010-07-09 01:04 -------- d-----w- c:\program files\TagRename
2010-07-03 17:37 . 2010-07-02 22:43 -------- d-----w- c:\users\Jaremy\AppData\Roaming\Winamp
2010-07-03 04:17 . 2010-07-02 22:43 -------- d-----w- c:\program files\Winamp
2010-07-02 22:43 . 2010-07-02 22:43 -------- d-----w- c:\program files\Winamp Detect
2010-07-02 22:43 . 2010-07-02 22:43 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-06-23 04:50 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-22 22:11 . 2010-06-22 22:06 -------- d-----w- c:\users\Jaremy\AppData\Roaming\Apple Computer
2010-06-22 22:05 . 2010-06-22 22:04 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-06-22 22:04 . 2010-06-22 21:56 -------- d-----w- c:\programdata\Apple Computer
2010-06-22 21:58 . 2010-06-22 21:56 -------- d-----w- c:\program files\QuickTime
2010-06-22 21:53 . 2010-06-22 21:53 -------- d-----w- c:\program files\Apple Software Update
2010-06-22 21:52 . 2009-10-21 03:03 -------- d-----w- c:\programdata\Apple
2010-06-22 21:49 . 2010-06-22 21:48 -------- d-----w- c:\program files\Bonjour
2010-06-22 21:37 . 2010-06-22 21:37 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2010-06-21 22:34 . 2010-06-21 22:34 -------- d-----w- c:\program files\DVDFab 7
2010-06-19 22:40 . 2010-06-19 22:40 -------- d-----w- c:\program files\AudioConverter Studio
2010-06-19 21:43 . 2010-06-19 21:34 -------- d-----w- c:\program files\Free Audio Pack
2010-06-19 21:34 . 2010-06-19 21:34 -------- d-----w- c:\users\Jaremy\AppData\Roaming\FreeAudioPack
2010-06-19 05:10 . 2010-06-19 05:10 -------- d-----w- c:\program files\Vuze
2010-06-18 04:46 . 2010-06-18 04:46 -------- d-----w- c:\users\Jaremy\AppData\Roaming\CyberLink
2010-06-18 04:46 . 2010-06-18 04:46 -------- d-----w- c:\programdata\CyberLink
2010-06-17 17:28 . 2010-06-17 17:28 50354 ----a-w- c:\users\Jaremy\AppData\Roaming\Facebook\uninstall.exe
2010-06-17 17:28 . 2010-06-17 17:28 -------- d-----w- c:\users\Jaremy\AppData\Roaming\Facebook
2010-06-16 22:08 . 2010-06-16 22:08 -------- d-----w- c:\users\Jaremy\AppData\Roaming\Nero
2010-06-16 22:07 . 2010-06-16 22:03 -------- d-----w- c:\program files\Common Files\Nero
2010-06-16 22:03 . 2010-06-16 22:03 -------- d-----w- c:\programdata\Nero
2010-06-16 22:03 . 2010-06-16 22:03 -------- d-----w- c:\program files\Nero
2010-06-09 10:45 . 2010-06-09 10:45 5591040 ----a-w- c:\users\Jaremy\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
2010-05-26 16:16 . 2010-06-22 21:48 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:25 . 2010-06-22 21:48 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 19:14 . 2009-10-13 17:33 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-18 21:35 . 2010-05-18 21:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 21:35 . 2010-05-18 21:35 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-05-18 21:35 . 2010-05-18 21:35 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-05-18 21:35 . 2010-05-18 21:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-05-15 03:02 120104 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"ululwpzvg"="c:\users\Jaremy\AppData\Roaming\notepadb.dll" [2010-08-02 114176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]
"AmIcoSinglun"="c:\program files\Selective Suspend Driver\AmIcoSinglun.exe" [2009-04-29 237568]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-06-09 7539232]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-06-18 703008]
"EgisTecLiveUpdate"="c:\program files\EgisTec Egis Software Update\EgisUpdate.exe" [2009-05-13 199464]
"mwlDaemon"="c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-05-15 345384]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-05-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-05-28 175128]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-05-28 153624]
"PLFSetI"="c:\windows\PLFSetI.exe" [2009-10-13 200704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-27 1434920]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-05-14 805384]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2009-03-31 62760]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-08-07 200704]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-10 2221352]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-06-29 74752]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]

c:\users\Jaremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-7-1 565248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R3 SSDISK;SSDISK Filter;c:\windows\system32\DRIVERS\SSDISK.sys [2009-03-30 10752]
R3 SSUSB;SSUSB Filter;c:\windows\system32\DRIVERS\SSUSB.sys [2009-04-08 14848]
S1 DPMemGridVista;Physical Memory I/O for GridVista;c:\program files\GridVista\DPMemGridVista.sys [2008-10-01 10504]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2008-12-04 19504]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2008-12-04 16432]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2008-12-04 59952]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-06-18 723488]
S2 MWLService;MyWinLocker Service;c:\program files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-05-15 305448]
S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2009-02-05 237568]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-12-04 112640]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C60x86.sys [2009-04-27 50176]
S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2009-03-04 4232704]


--- Other Services/Drivers In Memory ---

*Deregistered* - wqyqww
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&s=2&o=vp32&d=1009&m=aspire_1410
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&s=2&o=vp32&d=1009&m=aspire_1410
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {74172B85-8BB9-492D-8B3F-3A45593ECDAB} = 192.168.0.1,192.168.0.2
FF - ProfilePath - c:\users\Jaremy\AppData\Roaming\Mozilla\Firefox\Profiles\n2o535yj.default\
FF - prefs.js: browser.search.selectedEngine - YouTube Video Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/ig?brand=ACAW&bmod=ACRW
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Jaremy\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Yveveteda - c:\users\Jaremy\AppData\Local\uxuhilofejinur.dll
SafeBoot-mcmscsvc
SafeBoot-MCODS



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-13 11:59
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

[0] 0x00FFFFFF

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wqyqww]

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-183000981-3404324012-4134517592-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{CDD7A461-F740-15BE-1BCD-AA3B62E98712}*]
"habbikgjhakjfilh"=hex:6b,61,66,67,68,6b,69,63,6e,6c,6b,69,62,68,6e,63,66,70,
69,62,68,6a,00,02
"iahngpdkocmbcblnjn"=hex:6b,61,66,67,68,6b,69,63,6e,6c,6b,69,62,68,6e,63,66,70,
69,62,68,6a,00,02
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(2732)
c:\program files\EgisTec\MyWinLocker 3\x86\psdprotect.dll
c:\program files\EgisTec\MyWinLocker 3\x86\sysenv.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\EgisTec\MyWinLocker 3\x86\MWLService.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\conime.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Windows Media Player\wmpnscfg.exe
.
**************************************************************************
.
Completion time: 2010-08-13 12:04:48 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-13 17:04

Pre-Run: 88,759,574,528 bytes free
Post-Run: 88,751,644,672 bytes free

- - End Of File - - E4D753EC6B944F414522B6DC7AF91C5C

BC AdBot (Login to Remove)

 

#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:31 PM

Posted 20 August 2010 - 01:54 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.
  1. Do not run any other tool untill instructed to do so!
  2. Please Do not Attach logs or put in code boxes.
  3. Tell me about any problems that have occurred during the fix.
  4. Tell me of any other symptoms you may be having as these can help also.
  5. Do not run anything while running a fix.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:
    Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
    • The application window will appear
    • Click the Disable button to disable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger may ask you to reboot the machine, if it does - click OK
    Do not re-enable these drivers until otherwise instructed.

Download DDS:
    Please download DDS by sUBs from one of the links below and save it to your desktop:


    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.
    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
      • DDS.txt
      • Attach.txt
    • A window will open instructing you save & post the logs
    • Save the logs to a convenient place such as your desktop
    • Copy the contents of both logs & post in your next reply

Scan With RKUnHooker
  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

MBRCheck

Please also download MBRCheck to your desktop
  • Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
  • It will show a Black screen with some data on it
  • a report called MBRcheck will be on your desktop
  • open this report
  • Right click on the screen and select > Select All
  • Press Control+C
  • now please copy that report to this thread


information and logs:
    In your next post I need the following
      1.logs from DDS
      2.log from RKUnHooker
      3. report from MBRchecker
      4.let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 jaremy

jaremy
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
    •  
  • Local time:09:31 PM

Posted 22 August 2010 - 01:50 AM

Hi Gringo,
Thanks for taking time to respond to my request. I appreciate your help, but I actually decided to reformat my hard drive and go back to using Windows XP, since I prefer it to Vista. If I have any problems I'll be back here for help.
Thanks again,
-Jaremy

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:31 PM

Posted 22 August 2010 - 02:06 AM

thank you for letting me Know



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University
Back to Virus, Trojan, Spyware, and Malware Removal Help


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Help
  4. Privacy Policy
  5. Rules ·