Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Combowfix Ahrrrr....................................


  • This topic is locked This topic is locked
14 replies to this topic

#1 lucuetus

lucuetus

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:09 AM

Posted 02 September 2010 - 10:30 AM

Hello All.

I've had some issues with my Vista laptop getting slower and slower, programs take 10 seconds or more to open or none responsive, Start up and Shut down takes forever, I've tested the Ram (3gig) the hard drive and the CPU (AMD Athlon X2 Dual-Core QL-64, 2100Mhz). I have Norton and Malwarebytes running and did have SpyBot, but something is defiantly not right, also the laptop gets so hot it turns itself off on occasion.

Some certain processes run the CPU at 100% occasionally so I just end them.

So searching I found Combofix and foolishly ran it! Its deleted SpyBot, the Norton virus definitions and who knows what else, (I'd like to know what) the laptop is still slow so I don't know if Combofix has made things better or worse.

So, anything I can do to put it back? There is a folder made by Combofix "Qoobox" but that's only 8mb's.

Any advice would be much appreciated.

Regards.

Attached Files


Edited by lucuetus, 02 September 2010 - 11:42 AM.


BC AdBot (Login to Remove)

 


#2 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:10:09 AM

Posted 11 September 2010 - 06:23 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#3 lucuetus

lucuetus
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:09 AM

Posted 13 September 2010 - 12:56 PM

Thank's for the reply.

Please find as asked:

DDS (Ver_10-03-17.01) - NTFSx86
Run by Dddy's Laptop at 18:33:11.95 on 13/09/2010
Internet Explorer: 8.0.6001.18943
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3069.1683 [GMT 1:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\STacSV.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\aestsrv.exe
C:\Windows\system32\agrsmsvc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\DAEMON Tools Net\DTNetSrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\OO Software\Defrag\oodag.exe
C:\Program Files\OO Software\Defrag\oodtray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Dddy's Laptop\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Pavilion&pf=cnnb
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.8.0.41\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.8.0.41\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.8.0.41\coIEPlg.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [OODefragTray] c:\program files\oo software\defrag\oodtray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.8.0.41\CoIEPlg.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1008000.029\SymEFA.sys [2010-8-2 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1008000.029\BHDrvx86.sys [2010-8-2 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1008000.029\cchpx86.sys [2010-8-2 482432]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100909.001\IDSvix86.sys [2010-9-10 344112]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-2C816A897A49};c:\program files\hewlett-packard\media\dvd\000.fcl [2008-9-26 59376]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_805f33de\AEstSrv.exe [2010-8-1 77824]
R2 DTNetService;DTNetService;c:\program files\daemon tools net\DTNetSrv.exe [2010-7-29 394560]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2008-3-19 26168]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-8-23 304464]
R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2010-3-25 490280]
R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.8.0.41\ccSvcHst.exe [2010-8-2 117640]
R2 OODefragAgent;O&O Defrag Agent;c:\program files\oo software\defrag\oodag.exe [2010-6-21 1619272]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2008-11-4 365952]
R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2008-9-4 54784]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-8-10 102448]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-8-7 97536]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-8-23 20952]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\system32\drivers\nis\1008000.029\symndisv.sys [2010-8-2 48688]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2010\TuneUpUtilitiesDriver32.sys [2010-2-24 10064]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2010-8-1 22072]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2010\TuneUpUtilitiesService32.exe [2010-8-12 1051968]
S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-11-4 193840]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-8-9 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-1-21 16896]

=============== Created Last 30 ================

2010-09-12 17:09:09 0 d-----w- c:\windows\system32\oodag
2010-09-12 16:58:54 0 d-----w- c:\program files\OO Software
2010-09-01 12:18:18 0 d-----w- c:\program files\DAEMON Tools Net
2010-09-01 12:15:44 0 d-----w- c:\programdata\DAEMON Tools Net
2010-09-01 12:15:14 0 d-----w- c:\users\dddy's~1\appdata\roaming\DAEMON Tools Net
2010-09-01 12:08:06 0 d-----w- c:\programdata\DAEMON Tools Pro
2010-09-01 12:08:06 0 d-----w- c:\program files\DAEMON Tools Pro
2010-09-01 11:59:40 445936 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-09-01 11:58:49 0 d-----w- c:\users\dddy's~1\appdata\roaming\DAEMON Tools Pro
2010-08-24 19:31:27 30016 ----a-w- c:\windows\system32\uxtuneup.dll
2010-08-24 19:31:27 21312 ----a-w- c:\windows\system32\authuitu.dll
2010-08-23 20:41:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-23 20:41:52 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-23 20:41:51 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-23 20:09:29 419 ----a-w- c:\windows\BRWMARK.INI
2010-08-23 19:53:55 0 d-sh--w- C:\$RECYCLE.BIN
2010-08-23 19:37:43 98816 ----a-w- c:\windows\sed.exe
2010-08-23 19:37:43 77312 ----a-w- c:\windows\MBR.exe
2010-08-23 19:37:43 256512 ----a-w- c:\windows\PEV.exe
2010-08-23 19:37:43 161792 ----a-w- c:\windows\SWREG.exe
2010-08-23 19:25:27 0 d-----r- c:\program files\Norton Support
2010-08-23 19:22:49 65536 --sha-w- c:\users\dddy's laptop\ntuser.dat{a056e0d9-aeeb-11df-9b3d-002186dfe0b7}.TM.blf
2010-08-23 19:22:49 524288 --sha-w- c:\users\dddy's laptop\ntuser.dat{a056e0d9-aeeb-11df-9b3d-002186dfe0b7}.TMContainer00000000000000000002.regtrans-ms
2010-08-23 19:22:49 524288 --sha-w- c:\users\dddy's laptop\ntuser.dat{a056e0d9-aeeb-11df-9b3d-002186dfe0b7}.TMContainer00000000000000000001.regtrans-ms
2010-08-22 18:08:00 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-08-22 18:08:00 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-08-22 17:57:35 0 d-----w- c:\program files\Safer Networking
2010-08-20 19:57:58 0 d-----w- c:\users\dddy's~1\appdata\roaming\Malwarebytes
2010-08-20 19:57:24 0 d-----w- c:\programdata\Malwarebytes
2010-08-19 20:26:47 0 d-----w- c:\users\dddy's laptop\{2b66d3fe-8186-4656-b6ec-cdea5ff06291}

==================== Find3M ====================

2010-08-23 20:09:19 51200 ----a-w- c:\windows\inf\infpub.dat
2010-08-23 20:09:18 86016 ----a-w- c:\windows\inf\infstor.dat
2010-08-23 20:09:18 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-08-12 19:26:04 30528 ----a-w- c:\windows\system32\TURegOpt.exe
2010-08-09 20:47:10 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01009.Wdf
2010-08-09 20:46:41 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-08-05 19:26:47 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-08-05 19:26:20 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-08-04 19:20:55 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2010-08-02 20:59:41 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2010-08-02 18:20:44 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-08-02 18:20:44 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-08-02 18:20:44 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-08-01 22:25:01 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
2010-08-01 15:47:59 94816 ----a-w- c:\windows\fonts\cordiaz.ttf
2010-08-01 15:25:16 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-01 15:06:48 0 --sha-r- c:\windows\system32\drivers\103C_HP_cNB_Pavilion dv5 Notebook PC_Y5335KV_0U_QCNF8491M75_E503543-021_4A_I3600_SQuanta_V98.35_F.35_T090706_WV3-1_L409_M3070_J320_7AMD_8F31_92.10_#100801_N10EC8168;168C001C_(NG237EA#ABU)_XMOBILE_CN10_Z_2Rev 1.MRK
2010-08-01 14:45:53 588472 ----a-w- c:\windows\system32\ezsvc7x.dll
2010-07-16 14:03:42 15416 ----a-w- c:\windows\system32\HPMDPCoInst11.dll
2010-07-16 14:03:36 25656 ----a-w- c:\windows\system32\drivers\hpdskflt.sys
2010-07-16 14:03:30 26168 ----a-w- c:\windows\system32\hpservice.exe
2010-07-16 14:03:24 16952 ----a-w- c:\windows\system32\accelerometerdll.DLL
2010-07-16 14:03:18 35896 ----a-w- c:\windows\system32\drivers\Accelerometer.sys
2010-06-26 06:05:49 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02:15 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02:15 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25:02 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-21 21:38:22 1254728 ----a-w- c:\windows\system32\ooscrsav.scr
2010-06-21 21:37:28 200008 ----a-w- c:\windows\system32\oodbs.exe
2010-06-21 21:33:16 546120 ----a-w- c:\windows\system32\oodssrs.dll
2010-06-21 21:32:50 10056 ----a-w- c:\windows\system32\oodbsrs.dll
2010-06-21 13:37:03 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-06-18 17:31:29 36864 ----a-w- c:\windows\system32\rtutils.dll
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2008-11-04 05:49:58 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 18:34:02.45 ===============

File attached, sorry it wouldn't let me upload it zipped

Attached Files


Edited by lucuetus, 13 September 2010 - 01:05 PM.


#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:09 AM

Posted 18 September 2010 - 07:24 AM

Hello, lucuetus.
My name is etavares and I will be helping you with this log.

Here are some guidelines to ensure we are able to get your machine back under your control.
  • Please do not run any unsupervised scans, fixes, etc. We can work against each other and end up in a worse place.
  • Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
  • Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
  • Please reply within 3 days to be fair to other people asking for help.
  • When in doubt, please stop and ask first. There's no harm in asking questions!


P2P Warning and Request
The log shows that you have been using so called peer-to-peer or file-sharing programmes (in your case uTorrent, BitComet). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come a long way and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of their malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. I recommend that you uninstall this program. That is optional, however. If you decide to not uninstall, please refrain from using it until I let you know your computer is clean.





Step 1



Overheating can be caused by bad batteries, poor airflow, failing equipment, etc. That does not necessarily indicate malware.

What processes go to 100% on the CPU? Do you have any virus detections or virus-like symptoms?

QUOTE
Its deleted SpyBot, the Norton virus definitions and who knows what else, (I'd like to know what) the laptop is still slow so I don't know if Combofix has made things better or worse.


From the log you posted, Combofix did not do any of that. Have you tried to reinstall/update those programs? You do have MBAM installed, so I would leave Spybot off. You only should have 1 each of anti-virus; anti-spyware and firewall program running or they will conflict and cause system issues. (that could explain 100% cpu issues as they fight for real-time access to files).


Step 2

Scan With RKUnHooker
  • Please Rootkit Unhooker and save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.

Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

QUOTE
"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"




Step 3

Please download MBRCheck by ad_13 and save it to your desktop.

Double-click to run. A window will pop up. If it says 'non-standard' or 'infected' MBR code detected, please type 3 for Exit for now and press Enter.

It will save a logfile on your desktop that starts with MBR, then has the date, etc. Please copy and paste the contents of that log in your reply.



Step 4


Please launch MBAM (Malwarebytes' Anti-Malware), update the definitions, run a Quick Scan and post the resulting log.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#5 lucuetus

lucuetus
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:09 AM

Posted 20 September 2010 - 02:00 PM

Many thank's for the reply.

As aksed..........

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Quanta
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv5 Notebook PC
Logical Drives Mask: 0x0000007c

Kernel Drivers (total 219):
0x81E11000 \SystemRoot\system32\ntkrnlpa.exe
0x821CA000 \SystemRoot\system32\hal.dll
0x80407000 \SystemRoot\system32\kdcom.dll
0x8040E000 \SystemRoot\system32\PSHED.dll
0x8041F000 \SystemRoot\system32\BOOTVID.dll
0x80427000 \SystemRoot\system32\CLFS.SYS
0x80468000 \SystemRoot\system32\CI.dll
0x80548000 \SystemRoot\system32\drivers\Wdf01000.sys
0x805B9000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80609000 \SystemRoot\System32\Drivers\sptd.sys
0x80720000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x80729000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x8074F000 \SystemRoot\system32\drivers\acpi.sys
0x80795000 \SystemRoot\system32\drivers\msisadrv.sys
0x8079D000 \SystemRoot\system32\drivers\pci.sys
0x807C4000 \SystemRoot\system32\drivers\isapnp.sys
0x807D3000 \SystemRoot\system32\drivers\mpio.sys
0x807EF000 \SystemRoot\System32\drivers\partmgr.sys
0x80600000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x805C7000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x805D1000 \SystemRoot\system32\drivers\volmgr.sys
0x83406000 \SystemRoot\System32\drivers\volmgrx.sys
0x83450000 \SystemRoot\system32\drivers\intelide.sys
0x83457000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x83465000 \SystemRoot\system32\drivers\pciide.sys
0x8346C000 \SystemRoot\system32\drivers\aliide.sys
0x83473000 \SystemRoot\system32\drivers\amdide.sys
0x8347A000 \SystemRoot\system32\drivers\cmdide.sys
0x83482000 \SystemRoot\System32\drivers\mountmgr.sys
0x83492000 \SystemRoot\system32\drivers\msdsm.sys
0x834AC000 \SystemRoot\system32\drivers\nvraid.sys
0x834C7000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x834E8000 \SystemRoot\system32\drivers\viaide.sys
0x834F0000 \SystemRoot\system32\drivers\iastorv.sys
0x83591000 \SystemRoot\system32\drivers\atapi.sys
0x83599000 \SystemRoot\system32\drivers\ataport.SYS
0x835B7000 \SystemRoot\system32\drivers\lsi_scsi.sys
0x8360A000 \SystemRoot\system32\drivers\storport.sys
0x8364B000 \SystemRoot\system32\drivers\msahci.sys
0x83655000 \SystemRoot\system32\drivers\hpcisss.sys
0x83660000 \SystemRoot\system32\drivers\adp94xx.sys
0x836CA000 \SystemRoot\system32\drivers\adpahci.sys
0x83716000 \SystemRoot\system32\drivers\adpu160m.sys
0x83731000 \SystemRoot\system32\drivers\adpu320.sys
0x83757000 \SystemRoot\system32\drivers\djsvs.sys
0x8376B000 \SystemRoot\system32\drivers\arc.sys
0x83781000 \SystemRoot\system32\drivers\arcsas.sys
0x8AA0C000 \SystemRoot\system32\drivers\elxstor.sys
0x8AAA0000 \SystemRoot\system32\drivers\i2omp.sys
0x8AAAA000 \SystemRoot\system32\drivers\iirsp.sys
0x8AABA000 \SystemRoot\system32\drivers\iteatapi.sys
0x8AAC6000 \SystemRoot\system32\drivers\iteraid.sys
0x8AAD2000 \SystemRoot\system32\drivers\lsi_fc.sys
0x8AAEC000 \SystemRoot\system32\drivers\lsi_sas.sys
0x8AB04000 \SystemRoot\system32\drivers\megasas.sys
0x8AB0E000 \SystemRoot\system32\drivers\megasr.sys
0x8ABC5000 \SystemRoot\system32\drivers\mraid35x.sys
0x8ABD0000 \SystemRoot\system32\drivers\nfrd960.sys
0x8ABDE000 \SystemRoot\system32\drivers\nvstor.sys
0x8AC0B000 \SystemRoot\system32\drivers\ql2300.sys
0x8AD43000 \SystemRoot\system32\drivers\ql40xx.sys
0x8AD98000 \SystemRoot\system32\drivers\sisraid2.sys
0x8ADA5000 \SystemRoot\system32\drivers\sisraid4.sys
0x8ADBA000 \SystemRoot\system32\drivers\symc8xx.sys
0x8ADC6000 \SystemRoot\system32\drivers\sym_hi.sys
0x8ADD1000 \SystemRoot\system32\drivers\sym_u3.sys
0x83797000 \SystemRoot\system32\drivers\uliahci.sys
0x8ADDC000 \SystemRoot\system32\drivers\ulsata.sys
0x837D3000 \SystemRoot\system32\drivers\ulsata2.sys
0x835D1000 \SystemRoot\system32\drivers\vsmraid.sys
0x8AE03000 \SystemRoot\system32\drivers\fltmgr.sys
0x8AE35000 \SystemRoot\system32\drivers\fileinfo.sys
0x8AE45000 \SystemRoot\system32\drivers\NIS\1008000.029\SYMEFA.SYS
0x8AE94000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8B006000 \SystemRoot\system32\drivers\ndis.sys
0x8B111000 \SystemRoot\system32\drivers\msrpc.sys
0x8B13C000 \SystemRoot\system32\drivers\NETIO.SYS
0x8AF05000 \SystemRoot\System32\drivers\tcpip.sys
0x8B177000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8B205000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8B315000 \SystemRoot\system32\drivers\wd.sys
0x8B31D000 \SystemRoot\system32\drivers\volsnap.sys
0x8B356000 \SystemRoot\System32\Drivers\spldr.sys
0x8B35E000 \SystemRoot\system32\drivers\sbp2port.sys
0x8B373000 \SystemRoot\System32\Drivers\mup.sys
0x8B382000 \SystemRoot\System32\drivers\ecache.sys
0x8B3A9000 \SystemRoot\system32\DRIVERS\hpdskflt.sys
0x8B3B2000 \SystemRoot\system32\drivers\disk.sys
0x8B3C3000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
0x8B3CB000 \SystemRoot\system32\drivers\crcdisk.sys
0x8B192000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8B19D000 \SystemRoot\system32\DRIVERS\processr.sys
0x9F201000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x9F80F000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x9F8B0000 \SystemRoot\System32\drivers\watchdog.sys
0x9F8BC000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x9FA0D000 \SystemRoot\system32\DRIVERS\athr.sys
0x9FB32000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x9FB8A000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x9FBA2000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x9FBAC000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x9FBEA000 \SystemRoot\system32\DRIVERS\usbfilter.sys
0x9FBF3000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x9F949000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x9F958000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x9FBF5000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x9FA00000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x9F96B000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x9F9A6000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x9F9B1000 \SystemRoot\system32\DRIVERS\enecir.sys
0x9F7AC000 \SystemRoot\System32\Drivers\apo84vqj.SYS
0x9F9C9000 \SystemRoot\system32\DRIVERS\Accelerometer.sys
0x9FBFA000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x9F9D5000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8B1AC000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x9F9DE000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x9F9E9000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x9F800000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8B1DB000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x9F7E8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8ABEB000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x805E0000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8AFEF000 \SystemRoot\system32\DRIVERS\termdd.sys
0x9FBFE000 \SystemRoot\system32\DRIVERS\swenum.sys
0x9FE09000 \SystemRoot\system32\DRIVERS\ks.sys
0x9FE33000 \SystemRoot\system32\DRIVERS\circlass.sys
0x9FE41000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x9FE4B000 \SystemRoot\system32\DRIVERS\umbus.sys
0x9FE58000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x9FE8D000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x9FE9E000 \SystemRoot\system32\drivers\HdAudio.sys
0x9FEDD000 \SystemRoot\system32\drivers\portcls.sys
0x9FF0A000 \SystemRoot\system32\drivers\drmk.sys
0x9FF2F000 \SystemRoot\system32\DRIVERS\stwrt.sys
0xA0000000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0xA0126000 \SystemRoot\system32\drivers\modem.sys
0xA0133000 \SystemRoot\system32\DRIVERS\hidir.sys
0xA013E000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xA014E000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xA0155000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xA015E000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xA0166000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xA017D000 \SystemRoot\System32\Drivers\usbvideo.sys
0xA019E000 \SystemRoot\System32\Drivers\NIS\1008000.029\SRTSP.SYS
0xA01F1000 \SystemRoot\System32\Drivers\BTHUSB.sys
0xA0407000 \SystemRoot\System32\Drivers\bthport.sys
0xA0487000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0xA04B0000 \SystemRoot\system32\DRIVERS\BthEnum.sys
0xA04BA000 \SystemRoot\system32\DRIVERS\bthpan.sys
0xA04D4000 \SystemRoot\system32\drivers\btwavdt.sys
0xA053F000 \SystemRoot\system32\drivers\btwaudio.sys
0xA05BF000 \SystemRoot\system32\DRIVERS\btwrchid.sys
0xA0D54000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
0xA0D8D000 \SystemRoot\system32\drivers\NIS\1008000.029\SRTSPX.SYS
0xA0D97000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xA0DA0000 \SystemRoot\System32\Drivers\Null.SYS
0xA0DA7000 \SystemRoot\System32\Drivers\Beep.SYS
0xA0DAE000 \SystemRoot\System32\drivers\vga.sys
0xA0DBA000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0xA0DDB000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xA0DE3000 \SystemRoot\system32\drivers\rdpencdd.sys
0xA0DEB000 \SystemRoot\System32\Drivers\Msfs.SYS
0xA05C2000 \SystemRoot\System32\Drivers\Npfs.SYS
0xA0DF6000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xA05D0000 \SystemRoot\system32\DRIVERS\tdx.sys
0x9FF92000 \SystemRoot\System32\Drivers\NIS\1008000.029\SYMTDI.SYS
0xA05E6000 \SystemRoot\System32\Drivers\NIS\1008000.029\SYMNDISV.SYS
0x9FFC6000 \SystemRoot\System32\Drivers\NIS\1008000.029\SYMFW.SYS
0x9FFDB000 \SystemRoot\system32\DRIVERS\smb.sys
0xA8008000 \SystemRoot\system32\drivers\afd.sys
0xA8050000 \SystemRoot\System32\DRIVERS\netbt.sys
0xA8082000 \SystemRoot\system32\DRIVERS\pacer.sys
0xA8098000 \SystemRoot\system32\DRIVERS\SymIMv.sys
0xA80A1000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA80AF000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xA80C2000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA80FE000 \SystemRoot\system32\drivers\nsiproxy.sys
0xA8108000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100917.001\IDSvix86.sys
0xA8160000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0xA81BE000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0xA81DB000 \SystemRoot\System32\Drivers\dfsc.sys
0xA8801000 \SystemRoot\System32\Drivers\NIS\1008000.029\ccHPx86.sys
0xA887C000 \SystemRoot\System32\Drivers\NIS\1008000.029\BHDrvx86.sys
0xA88BE000 \SystemRoot\System32\Drivers\crashdmp.sys
0xA88CB000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0xA88D6000 \SystemRoot\System32\Drivers\dump_msahci.sys
0xAFC20000 \SystemRoot\System32\win32k.sys
0xA88E0000 \SystemRoot\System32\drivers\Dxapi.sys
0xA88EA000 \SystemRoot\system32\DRIVERS\monitor.sys
0xAFE40000 \SystemRoot\System32\TSDDD.dll
0xAFE60000 \SystemRoot\System32\cdd.dll
0xA88F9000 \SystemRoot\system32\drivers\luafv.sys
0xAFE70000 \SystemRoot\System32\ATMFD.DLL
0xA8914000 \SystemRoot\system32\drivers\spsys.sys
0xA89C4000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xA89D4000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xA81F2000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x8B3D4000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xB480E000 \SystemRoot\system32\drivers\HTTP.sys
0xB487B000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xB4898000 \SystemRoot\system32\DRIVERS\bowser.sys
0xB48B1000 \SystemRoot\System32\drivers\mpsdrv.sys
0xB48C6000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB48E5000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xB491E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xB4936000 \SystemRoot\System32\DRIVERS\srv2.sys
0xB495D000 \SystemRoot\System32\DRIVERS\srv.sys
0xB5C0E000 \SystemRoot\system32\drivers\peauth.sys
0xB5CEC000 \SystemRoot\System32\Drivers\secdrv.SYS
0xB5CF6000 \SystemRoot\System32\drivers\tcpipreg.sys
0xB5D02000 \??\C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl
0xB5D23000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xB5D39000 \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
0xB5D3A000
0xB5D44000 \??\C:\Windows\system32\drivers\mbam.sys
0xA0C00000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100920.002\NAVEX15.SYS
0xB5D51000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100920.002\NAVENG.SYS
0x771C0000 \Windows\System32\ntdll.dll
0x10000000 \Program Files\DAEMON Tools Net\Engine.dll

Processes (total 63):
0 System Idle Process
4 System
472 C:\Windows\System32\smss.exe
608 csrss.exe
668 C:\Windows\System32\wininit.exe
676 csrss.exe
716 C:\Windows\System32\winlogon.exe
752 C:\Windows\System32\services.exe
764 C:\Windows\System32\lsass.exe
776 C:\Windows\System32\lsm.exe
944 C:\Windows\System32\svchost.exe
1004 C:\Windows\System32\svchost.exe
1152 C:\Windows\System32\Ati2evxx.exe
1168 C:\Windows\System32\svchost.exe
1196 C:\Windows\System32\svchost.exe
1252 C:\Windows\System32\svchost.exe
1284 C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\stacsv.exe
1360 C:\Windows\System32\audiodg.exe
1532 C:\Windows\System32\svchost.exe
1548 C:\Windows\System32\SLsvc.exe
1588 C:\Windows\System32\svchost.exe
1672 C:\Windows\System32\hpservice.exe
1684 C:\Windows\System32\Ati2evxx.exe
1776 C:\Windows\System32\svchost.exe
1952 C:\Windows\System32\wlanext.exe
260 C:\Windows\System32\spoolsv.exe
332 C:\Windows\System32\svchost.exe
768 C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\AEstSrv.exe
1184 C:\Windows\System32\agrsmsvc.exe
1340 C:\Windows\System32\svchost.exe
484 C:\Program Files\DAEMON Tools Net\DTNetSrv.exe
2064 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2096 C:\Program Files\Nero\Update\NASvc.exe
2124 C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
2164 C:\Windows\System32\svchost.exe
2192 C:\Program Files\SMINST\BLService.exe
2284 C:\Program Files\CyberLink\Shared files\RichVideo.exe
2316 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2368 C:\Windows\System32\svchost.exe
2476 C:\Windows\System32\svchost.exe
2504 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
3084 C:\Windows\System32\dwm.exe
3108 C:\Windows\explorer.exe
3120 C:\Windows\System32\taskeng.exe
3264 C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
3280 C:\Windows\System32\taskeng.exe
3492 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
4052 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
4068 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
3344 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
1244 C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
3160 C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
2980 dllhost.exe
2572 WmiPrvSE.exe
1504 C:\Program Files\Windows Mail\WinMail.exe
3348 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
3620 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
3464 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
4264 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
3648 C:\Program Files\Internet Explorer\iexplore.exe
5896 C:\Program Files\Internet Explorer\iexplore.exe
5348 C:\Windows\System32\Macromed\Flash\FlashUtil10i_ActiveX.exe
5504 C:\Users\Dddy's Laptop\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000047`e1200000 (NTFS)

PhysicalDrive0 Model Number: SAMSUNGHM320JI, Rev: 2SS00_03

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 6DF26AE7D6663DFFFF5602BEDE5BE4683120D56C


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

And also.....

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4657

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

20/09/2010 7:22:07 PM
mbam-log-2010-09-20 (19-22-07).txt

Scan type: Quick scan
Objects scanned: 143693
Time elapsed: 8 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------


And yes it did delete SpyBot and the Norton virus definitions! wacko.gif
Regards.



#6 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:09 AM

Posted 20 September 2010 - 05:39 PM

Hello, lucuetus.

Combofix would have quarantined it and there's no signs of it in the log. I think it may have been removed during the reboot, but related to another uninstall routine or something. I have no doubt they disappeared during the reboot, but the only things Combofix removed were two hyperlinks and a couple of files related to a BITS exploit from this domain: hxxp://dnusax.com
Do you know that domain?

Let's run an online scan and get another file.





Step 1


Please attach C:\Qoobox\ComboFix-quarantined-files.txt to your reply.



Step 2

Please go to the Kaspersky website and perform an online antivirus scan.
  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    Spyware, Adware, Dialers, and other potentially dangerous programs
    Archives
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply.

Note: Kaspersky online scan may take time to complete, please be patient.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#7 lucuetus

lucuetus
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:09 AM

Posted 22 September 2010 - 01:52 PM

Hello etavares

Well what do you know! How come Norton and Malwarebytes missed them? I've deleteted them myself so does this mean I'm now clear?



--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Wednesday, September 22, 2010
Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 2 (build 6002)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, September 21, 2010 12:50:28
Records in database: 4236313
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\

Scan statistics:
Objects scanned: 174018
Threats found: 2
Infected objects found: 2
Suspicious objects found: 0
Scan duration: 04:23:33


File name / Threat / Threats count
C:\Users\Dddy's Laptop\AppData\Local\temp\Modio Launcher.exe Infected: Trojan-Dropper.MSIL.Agent.hci 1
C:\Users\Dddy's Laptop\Desktop\eMail 30-7-10\eMail 30-7-10\Local Folders\Imported Folder\Imported Fo 216\Saved Stuff\5DE976C9-000000B3.eml Infected: Trojan-Spy.HTML.Paylap.iu 1

Selected area has been scanned.

----------------------------------------------------------------------------------------------------------------------------------------------------

2010-08-23 19:53:07 . 2010-08-23 19:53:07 890 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Agere Systems Soft Modem.reg.dat
2010-08-23 19:47:54 . 2010-08-23 19:47:54 5,827 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2010-08-23 18:50:33 . 2010-08-23 19:40:09 133 ----a-w- C:\Qoobox\Quarantine\catchme.log
2010-08-05 18:10:35 . 2010-08-05 18:10:35 166 ----a-w- C:\Qoobox\Quarantine\C\Users\Dddy's Laptop\AppData\Roaming\Microsoft\Windows\Recent\••? Free ads, classifieds,.url.vir
2010-08-05 18:08:11 . 2010-08-05 18:08:11 162 ----a-w- C:\Qoobox\Quarantine\C\Users\Dddy's Laptop\AppData\Roaming\Microsoft\Windows\Recent\Statshop Limited.url.vir
2006-11-02 13:04:06 . 2010-08-20 20:13:58 4,194,304 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Network\Downloader\qmgr1.dat.vir
2006-11-02 13:04:06 . 2010-08-20 20:13:58 4,194,304 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Network\Downloader\qmgr0.dat.vir

---------------------------------------------------------------------------------------------------------------------------------------------------

Regards.

#8 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:09 AM

Posted 22 September 2010 - 05:24 PM

Hello, lucuetus.

Deleting them is good, so we should be ok. Before we clean up, let's unlock a few registry keys and close a security hole. After this, we'll clean up to insure you can't be reinfected accidentally from this virus. You did have an infection for sure.



Step 1

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

QUOTE
RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]


Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.



Step 2


You have the most up to date Java version (Java 1.6 Update 21) installed, however you still have older and insecure Java versions installed. Please go to Control Panel --> Add/remove Programs and uninstall the earlier versions.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#9 lucuetus

lucuetus
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:09 AM

Posted 23 September 2010 - 01:58 PM

Hello again etavares.

Old Java removed, procedure followed and new Combofix log attached. thumbup.gif

Regards.

Attached Files



#10 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:09 AM

Posted 23 September 2010 - 08:20 PM

How is your computer running now? Still have processes that ramp up to 100%? Your computer does appear clean of malware now, and I can help diagnose other issues if you'd like. For the definitions and Spybot, you will have to reinstall those as CF doesn't have the files to restore.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#11 lucuetus

lucuetus
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:09 AM

Posted 26 September 2010 - 01:24 PM

It now take's over 10 minutes to start up properly with all things loaded, if you try to open anything whilst its starting the program freezes.
I think things are still not as they should be.

#12 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:09 AM

Posted 26 September 2010 - 01:35 PM

Try StartupLite. Download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance. If you are running Windows Vista or Windows 7, please right-click on the icon, and select "Run As Administrator"; otherwise it won't work.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware

Let me know how it's running after trying the steps above.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#13 lucuetus

lucuetus
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:09 AM

Posted 29 September 2010 - 02:24 PM

What have you done to my PC its now worse than when you started!

It's now so slow, really slow every program hangs while that stupid circle spins "Not Responding."

It will now only do one thing at a time! or just freeze completely.

I've added Hijack this Log.

Attached Files


Edited by lucuetus, 29 September 2010 - 02:40 PM.


#14 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:09 AM

Posted 29 September 2010 - 06:02 PM

So far, we have run non-invasive steps since you ran Combofix unsupervised. We have run DDS, GMER, RKUnhooker and MBRCheck. We have also run MBAM and Kapserky antivirus scans, both of which did not change anything on your system. You have deleted two files Kaperksy detected manually. We have also unlocked a few registry keys that you were locked out of, but did not change them. We have also removed your outdated Java.

At this point it does not appear you have active malware remaining on your system.

However, I need your help to try and solve the performance issues. I'm here to help you. In your original post you said:
QUOTE
Some certain processes run the CPU at 100% occasionally so I just end them.


I asked for more information about what processes you killed. Killing processes manually can result in system instability (hence the warning from Windows when you do so) and it's critical to know so we can determine the root cause. We can troubleshoot what processes may be tying up your processor.
QUOTE
What processes go to 100% on the CPU? Do you have any virus detections or virus-like symptoms?



I also suggested this tool:
QUOTE
Try StartupLite. Download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance. If you are running Windows Vista or Windows 7, please right-click on the icon, and select "Run As Administrator"; otherwise it won't work.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware

Let me know how it's running after trying the steps above.


In order to get your system running, I need more information from you. Given the overheating you're seeing, it very well may be hardware related as I pointed out in my first post.
  • What processes run at 100%? What processes were you killing manually before?
  • Have you run StartupLite?
  • How does this perform if you boot into Safe Mode?
  • Do you still have programs eating up high amounts of your processing power? That can cause nonresponsive programs.
  • Is your fan spinning?
  • Are the air vents clogged? is there visible dust?
  • At what point did it get worse? We can uninstall MBAM if updating it caused the issues. We can restore the files you deleted if that triggered it, etc. I can't troubleshoot without more information.
  • Where is hot on your computer? Is it the battery? Is it by the power connection from the wall?

Please post a DDS log if you are able.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#15 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:09 AM

Posted 05 October 2010 - 07:04 AM

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users