Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please help.


  • This topic is locked This topic is locked
13 replies to this topic

#1 The Beast

The Beast

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:38 AM

Posted 05 November 2010 - 10:51 PM

I'm starting a topic here because I don't whats going on with my pc please help.

You can refer to my older log for more info.

http://www.bleepingcomputer.com/forums/topic357687.html/page__p__1998176__fromsearch__1#entry1998176

Here are my problems.
have a vista 32 bit system now my problems are:
I can't open application in safe mode with out my pc freezing.
My computer won't let me use youtube or any online viewing site.

And I think firefox's youtube has been crashing for a while does anyone else have this problem?

Next malwarebyes won't scan anymore I keep getting a error message.
Also I scan with superantispyware it found stuff but things still isn't working.

I was using gdata antivirus it found the virus then my pc was fine until it crashed days after now I run scans it doesn't find a thing and my problem returned.
Also I tried without being told (sorry) combofix it helped then another crashed again back to square one now this program won't run in my desktop anymore could my problem have a serious problem something stops every cleaner I use?

So want to fully clean my pc and stop it from coming back.
And not sure if my browser was hijacked but how do you know if the security programs are hijack like I have comodo and it does worry me.

And can someone help fix this thing without needing a second computer thanks for all your help.

I was told to use Malwarebytes Anti-Malware and super antispyware and gmer.

These are the log I have from my pc now first the malwarebytes I couldn't run it in windows mode so my scan came from safe mode so please let me know if this was ok.

Second I got a error message from gmer but it did run after the pop up message( I was able to run this on the desktop) does that mean anything and gmer didn't scam my 4gig usb drive.

So I've included every external drive and I thank you for your help.


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5019

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.18975

11/2/2010 5:32:31 AM
mbam-log-2010-11-02 (05-32-31).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|)
Objects scanned: 588410
Time elapsed: 2 hour(s), 1 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/02/2010 at 01:27 PM

Application Version : 4.44.1000

Core Rules Database Version : 5785
Trace Rules Database Version: 3597

Scan type : Complete Scan
Total Scan Time : 05:33:29

Memory items scanned : 310
Memory threats detected : 0
Registry items scanned : 8962
Registry threats detected : 0
File items scanned : 447402
File threats detected : 32

Adware.Tracking Cookie
ia.media-imdb.com [ C:\Users\Roads End\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZCKDXT7L ]
msnbcmedia.msn.com [ C:\Users\Roads End\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZCKDXT7L ]
.doubleclick.net [ C:\Users\Roads End\AppData\Roaming\Mozilla\Firefox\Profiles\cu54xh19.default\cookies.sqlite ]
.apmebf.com [ C:\Users\Roads End\AppData\Roaming\Mozilla\Firefox\Profiles\cu54xh19.default\cookies.sqlite ]
.fastclick.net [ C:\Users\Roads End\AppData\Roaming\Mozilla\Firefox\Profiles\cu54xh19.default\cookies.sqlite ]
.fastclick.net [ C:\Users\Roads End\AppData\Roaming\Mozilla\Firefox\Profiles\cu54xh19.default\cookies.sqlite ]
.fastclick.net [ C:\Users\Roads End\AppData\Roaming\Mozilla\Firefox\Profiles\cu54xh19.default\cookies.sqlite ]
.fastclick.net [ C:\Users\Roads End\AppData\Roaming\Mozilla\Firefox\Profiles\cu54xh19.default\cookies.sqlite ]
.2o7.net [ C:\Users\Roads End\AppData\Roaming\Mozilla\Firefox\Profiles\cu54xh19.default\cookies.sqlite ]
.collective-media.net [ C:\Users\Roads End\AppData\Roaming\Mozilla\Firefox\Profiles\cu54xh19.default\cookies.sqlite ]
.collective-media.net [ C:\Users\Roads End\AppData\Roaming\Mozilla\Firefox\Profiles\cu54xh19.default\cookies.sqlite ]
.statcounter.com [ C:\Users\Roads End\AppData\Roaming\Mozilla\Firefox\Profiles\cu54xh19.default\cookies.sqlite ]
.myroitracking.com [ C:\Users\Roads End\AppData\Roaming\Mozilla\Firefox\Profiles\cu54xh19.default\cookies.sqlite ]
.clicksor.com [ C:\Users\Roads End\AppData\Roaming\Mozilla\Firefox\Profiles\cu54xh19.default\cookies.sqlite ]
.clicksor.com [ C:\Users\Roads End\AppData\Roaming\Mozilla\Firefox\Profiles\cu54xh19.default\cookies.sqlite ]
.imrworldwide.com [ C:\Users\Roads End\AppData\Roaming\Mozilla\Firefox\Profiles\cu54xh19.default\cookies.sqlite ]
.imrworldwide.com [ C:\Users\Roads End\AppData\Roaming\Mozilla\Firefox\Profiles\cu54xh19.default\cookies.sqlite ]
.msnportal.112.2o7.net [ C:\Users\Roads End\AppData\Roaming\Mozilla\Firefox\Profiles\cu54xh19.default\cookies.sqlite ]
.msnbc.112.2o7.net [ C:\Users\Roads End\AppData\Roaming\Mozilla\Firefox\Profiles\cu54xh19.default\cookies.sqlite ]
.e-2dj6wmmiejajofo.stats.esomniture.com [ C:\Users\Roads End\AppData\Roaming\Mozilla\Firefox\Profiles\cu54xh19.default\cookies.sqlite ]
.supermediastore.com [ C:\Users\Roads End\AppData\Roaming\Mozilla\Firefox\Profiles\cu54xh19.default\cookies.sqlite ]

GMER 1.0.15.15477 - http://www.gmer.net
Rootkit scan 2010-11-03 18:34:58
Windows 6.0.6002 Service Pack 2
Running: jhbt3yvq.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\ffffffffffff (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\ffffffffffff@00076161d642 0x97 0x4C 0x8C 0xA0 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\ffffffffffff (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\ffffffffffff@00076161d642 0x86 0xD2 0x2C 0x70 ...
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations ????????????????????????Used by the LightScribe software components to support 3rd party disc labeling applications using the LightScribe COM Application Programming Interface (LSCAPI). This service needs to run for LightScribe direct disc labeling to work.?????d??????m??????HKLM\SYSTEM\ControlSet005\Control\ServiceCurrent\???? d??????t?????iVi??HKLM\SYSTEM\ControlSet005\Control\ServiceCurrent\???? ??????????????????????????????b?????4?????????0???1???2???3???4???????????{A849657D-8B79-47A7-94E0-1D87890E92C6}?m????????????????s?????b?????????????HKLM\SYSTEM\ControlSet005\Services\MBAMSwissArmy?0??? b??????6?????Fil??HKLM\SYSTEM\ControlSet005\Services\MBAMSwissArmy?M???????????'?mnt??? ????????????????????????????????? ?????d???????????l?m\M??? ????????????????????????????????????2?????????????????s???????????????????? ??? ??????????????????? ???????????????????????????????????????d?????????????m????? ?????????????????????????????????????????????????????m????? ????????????????????????????????N???3????????????
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\ffffffffffff
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\ffffffffffff@00076161d642 0x86 0xD2 0x2C 0x70 ...

---- Files - GMER 1.0.15 ----

File C:\Qoobox\BackEnv\AppData.folder.dat 127 bytes
File C:\Qoobox\BackEnv\Cache.folder.dat 232 bytes
File C:\Qoobox\BackEnv\Cookies.folder.dat 64 bytes
File C:\Qoobox\BackEnv\Desktop.folder.dat 85 bytes
File C:\Qoobox\BackEnv\Favorites.folder.dat 121 bytes
File C:\Qoobox\BackEnv\History.folder.dat 62 bytes
File C:\Qoobox\BackEnv\LocalAppData.folder.dat 103 bytes
File C:\Qoobox\BackEnv\LocalSettings.folder.dat 103 bytes
File C:\Qoobox\BackEnv\Music.folder.dat 53 bytes
File C:\Qoobox\BackEnv\NetHood.folder.dat 74 bytes
File C:\Qoobox\BackEnv\Personal.folder.dat 91 bytes
File C:\Qoobox\BackEnv\Pictures.folder.dat 88 bytes
File C:\Qoobox\BackEnv\PrintHood.folder.dat 74 bytes
File C:\Qoobox\BackEnv\Profiles.Folder.dat 181 bytes
File C:\Qoobox\BackEnv\Profiles.Folder.folder.dat 251 bytes
File C:\Qoobox\BackEnv\Programs.folder.dat 352 bytes
File C:\Qoobox\BackEnv\Recent.folder.dat 63 bytes
File C:\Qoobox\BackEnv\SendTo.folder.dat 63 bytes
File C:\Qoobox\BackEnv\SetPath.bat 4855 bytes
File C:\Qoobox\BackEnv\StartMenu.folder.dat 243 bytes
File C:\Qoobox\BackEnv\StartUp.folder.dat 392 bytes
File C:\Qoobox\BackEnv\SysPath.dat 829 bytes
File C:\Qoobox\BackEnv\Templates.folder.dat 239 bytes
File C:\Windows\CSC\v2.0.6 0 bytes
File C:\Windows\CSC\v2.0.6\namespace 0 bytes
File C:\Windows\CSC\v2.0.6\pq 64 bytes
File C:\Windows\CSC\v2.0.6\sm 4 bytes
File C:\Windows\CSC\v2.0.6\temp 0 bytes
File C:\Windows\CSC\v2.0.6\temp\ea-{5407fa9c-44d5-11df-95ad-f2c622b97794} 0 bytes
File C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl 64 bytes
File C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl 64 bytes
File C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Microsoft-Windows-Backup.etl 0 bytes
File C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl 64 bytes
File C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl 64 bytes
File C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl 0 bytes
File D:\System Volume Information\LightningSand.CFD 72 bytes
File D:\System Volume Information\SPP 0 bytes
File D:\System Volume Information\tracking.log 20480 bytes
File D:\System Volume Information\{04c001cc-e6d9-11df-829e-00188b6ee49f}{3808876b-c176-4e48-b7ae-04046e6cc752} 39632896 bytes
File D:\System Volume Information\{26a7e1d2-e3be-11df-98e2-00188b6ee49f}{3808876b-c176-4e48-b7ae-04046e6cc752} 43958272 bytes
File D:\System Volume Information\{2920794f-e6e7-11df-8353-00188b6ee49f}{3808876b-c176-4e48-b7ae-04046e6cc752} 36732928 bytes
File D:\System Volume Information\{2920795b-e6e7-11df-8353-00188b6ee49f}{3808876b-c176-4e48-b7ae-04046e6cc752} 314572800 bytes
File D:\System Volume Information\{2a7ad4d4-df76-11df-be96-00188b6ee49f}{3808876b-c176-4e48-b7ae-04046e6cc752} 33914880 bytes
File D:\System Volume Information\{2a7ad4e1-df76-11df-be96-00188b6ee49f}{3808876b-c176-4e48-b7ae-04046e6cc752} 38912000 bytes
File D:\System Volume Information\{2d069a6a-de9c-11df-ba0e-00188b6ee49f}{3808876b-c176-4e48-b7ae-04046e6cc752} 34684928 bytes
File D:\System Volume Information\{2d069a76-de9c-11df-ba0e-00188b6ee49f}{3808876b-c176-4e48-b7ae-04046e6cc752} 34553856 bytes
File D:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} 65536 bytes
File D:\System Volume Information\{3d0ef42e-dcb7-11df-b88f-00188b6ee49f}{3808876b-c176-4e48-b7ae-04046e6cc752} 33980416 bytes
File D:\System Volume Information\{3d0ef460-dcb7-11df-b88f-00188b6ee49f}{3808876b-c176-4e48-b7ae-04046e6cc752} 38944768 bytes
File D:\System Volume Information\{665763f8-e2fb-11df-a73f-00188b6ee49f}{3808876b-c176-4e48-b7ae-04046e6cc752} 38453248 bytes
File D:\System Volume Information\{bbf2c2f0-de5a-11df-9704-00188b6ee49f}{3808876b-c176-4e48-b7ae-04046e6cc752} 39714816 bytes
File D:\System Volume Information\{cc92ed09-ded7-11df-bd55-00188b6ee49f}{3808876b-c176-4e48-b7ae-04046e6cc752} 39092224 bytes
File D:\System Volume Information\{ce6e8c34-e6b0-11df-8dc1-00188b6ee49f}{3808876b-c176-4e48-b7ae-04046e6cc752} 34652160 bytes
File D:\System Volume Information\{ce6e8c42-e6b0-11df-8dc1-00188b6ee49f}{3808876b-c176-4e48-b7ae-04046e6cc752} 34783232 bytes
File D:\System Volume Information\{d2c085c8-dfd6-11df-804d-00188b6ee49f}{3808876b-c176-4e48-b7ae-04046e6cc752} 43941888 bytes
File D:\System Volume Information\{f876fbb7-dca2-11df-ab30-00188b6ee49f}{3808876b-c176-4e48-b7ae-04046e6cc752} 39927808 bytes
File D:\System Volume Information\{f876fcb3-dca2-11df-ab30-00188b6ee49f}{3808876b-c176-4e48-b7ae-04046e6cc752} 40960000 bytes
File D:\System Volume Information\{fd2a7fea-e303-11df-bdae-00188b6ee49f}{3808876b-c176-4e48-b7ae-04046e6cc752} 33947648 bytes
File D:\System Volume Information\{fd2a801f-e303-11df-bdae-00188b6ee49f}{3808876b-c176-4e48-b7ae-04046e6cc752} 38961152 bytes
File D:\System Volume Information\{3d0ef391-dcb7-11df-b88f-00188b6ee49f}{3808876b-c176-4e48-b7ae-04046e6cc752} 40648704 bytes
File F:\System Volume Information\EfaData 0 bytes
File F:\System Volume Information\EfaData\SYMEFA.DB 4349952 bytes
File F:\System Volume Information\LightningSand.CFD 72 bytes
File F:\System Volume Information\MountPointManagerRemoteDatabase 0 bytes
File F:\System Volume Information\SPP 0 bytes
File F:\System Volume Information\tracking.log 20480 bytes
File F:\System Volume Information\{04c001ce-e6d9-11df-829e-00188b6ee49f}{3808876b-c176-4e48-b7ae-04046e6cc752} 355483648 bytes
File F:\System Volume Information\{29207951-e6e7-11df-8353-00188b6ee49f}{3808876b-c176-4e48-b7ae-04046e6cc752} 36978688 bytes
File F:\System Volume Information\{2920795d-e6e7-11df-8353-00188b6ee49f}{3808876b-c176-4e48-b7ae-04046e6cc752} -1149239296 bytes
File F:\System Volume Information\{2a7ad4d6-df76-11df-be96-00188b6ee49f}{3808876b-c176-4e48-b7ae-04046e6cc752} 37044224 bytes
File F:\System Volume Information\{2a7ad4e3-df76-11df-be96-00188b6ee49f}{3808876b-c176-4e48-b7ae-04046e6cc752} 294223872 bytes
File F:\System Volume Information\{2d069a6c-de9c-11df-ba0e-00188b6ee49f}{3808876b-c176-4e48-b7ae-04046e6cc752} 37552128 bytes
File F:\System Volume Information\{2d069a78-de9c-11df-ba0e-00188b6ee49f}{3808876b-c176-4e48-b7ae-04046e6cc752} 37339136 bytes
File F:\System Volume Information\{3d0ef393-dcb7-11df-b88f-00188b6ee49f}{3808876b-c176-4e48-b7ae-04046e6cc752} 1040957440 bytes
File F:\System Volume Information\{3d0ef430-dcb7-11df-b88f-00188b6ee49f}{3808876b-c176-4e48-b7ae-04046e6cc752} -1952759808 bytes
File F:\System Volume Information\{3d0ef462-dcb7-11df-b88f-00188b6ee49f}{3808876b-c176-4e48-b7ae-04046e6cc752} 37797888 bytes
File F:\System Volume Information\{bbf2c2f2-de5a-11df-9704-00188b6ee49f}{3808876b-c176-4e48-b7ae-04046e6cc752} 1408630784 bytes
File F:\System Volume Information\{cc92ed0b-ded7-11df-bd55-00188b6ee49f}{3808876b-c176-4e48-b7ae-04046e6cc752} 38780928 bytes
File F:\System Volume Information\{ce6e8c36-e6b0-11df-8dc1-00188b6ee49f}{3808876b-c176-4e48-b7ae-04046e6cc752} -1162739712 bytes
File F:\System Volume Information\{ce6e8c44-e6b0-11df-8dc1-00188b6ee49f}{3808876b-c176-4e48-b7ae-04046e6cc752} 965230592 bytes
File F:\System Volume Information\{d2c085ca-dfd6-11df-804d-00188b6ee49f}{3808876b-c176-4e48-b7ae-04046e6cc752} -641974272 bytes
File F:\System Volume Information\{f876fbb9-dca2-11df-ab30-00188b6ee49f}{3808876b-c176-4e48-b7ae-04046e6cc752} -705495040 bytes
File F:\System Volume Information\{f876fcb5-dca2-11df-ab30-00188b6ee49f}{3808876b-c176-4e48-b7ae-04046e6cc752} 37535744 bytes
File F:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} 65536 bytes
File G:\System Volume Information\SPP 0 bytes
File G:\System Volume Information\tracking.log 20480 bytes
File G:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} 65536 bytes
File G:\System Volume Information\{d2a96ed4-d3b6-11df-bea7-00188b6ee49f}{3808876b-c176-4e48-b7ae-04046e6cc752} -1044381696 bytes
File G:\System Volume Information\{d40f80b1-49b8-11df-a6dd-00188b6ee49f}{3808876b-c176-4e48-b7ae-04046e6cc752} 762150912 bytes

---- EOF - GMER 1.0.15 ----

.supermediastore.com [ C:\Users\Roads End\AppData\Roaming\Mozilla\Firefox\Profiles\cu54xh19.default\cookies.sqlite ]
.supermediastore.com [ C:\Users\Roads End\AppData\Roaming\Mozilla\Firefox\Profiles\cu54xh19.default\cookies.sqlite ]
.supermediastore.com [ C:\Users\Roads End\AppData\Roaming\Mozilla\Firefox\Profiles\cu54xh19.default\cookies.sqlite ]
www.supermediastore.com [ C:\Users\Roads End\AppData\Roaming\Mozilla\Firefox\Profiles\cu54xh19.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Roads End\AppData\Roaming\Mozilla\Firefox\Profiles\cu54xh19.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Roads End\AppData\Roaming\Mozilla\Firefox\Profiles\cu54xh19.default\cookies.sqlite ]
.content.yieldmanager.com [ C:\Users\Roads End\AppData\Roaming\Mozilla\Firefox\Profiles\cu54xh19.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Roads End\AppData\Roaming\Mozilla\Firefox\Profiles\cu54xh19.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Roads End\AppData\Roaming\Mozilla\Firefox\Profiles\cu54xh19.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Roads End\AppData\Roaming\Mozilla\Firefox\Profiles\cu54xh19.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Roads End\AppData\Roaming\Mozilla\Firefox\Profiles\cu54xh19.default\cookies.sqlite ]

Sorry for not cleaning cookies.

So my helper told me to you use dds and gmer then post here but he didn't tell me if my logs were good or okay.
http://www.bleepingcomputer.com/forums/topic34773.html Guide.

This is what happened gmer gave me a error but the scan did run afterwords and dds didn't even work so please help.

Right now I know malwarebytes won't work in windows after logging screen this is my error I tried changing the exe and all.


An error has occured.Please report this error to our support team.
MBAM_ERROR_MEMORY_SCAN (0,48)

Run-time error'48':
File not found: advapi32

Run-time error '0'


And this is my error.

EDIT: Posts merged ~BP

Edited by Budapest, 12 November 2010 - 05:10 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:38 AM

Posted 14 November 2010 - 12:57 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply



Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • extract RKUnhooker to your desktop
    Note** it is zipped up in a .rar file - If you do not have a program to unzip this type of file
    you can get a free one from here - http://www.7-zip.org/
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


"just click on Cancel, then Accept".


information and logs:

In your next post I need the following

1.logs from DDS
2.log from RKUnHooker
3.let me know of any problems you may have had
[/list]
Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 The Beast

The Beast
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:38 AM

Posted 15 November 2010 - 09:05 PM

Hello and thank you for your help now I tried every program you recommended and only the Defogger works so I wait for your response I just got errors for DDs and RKunhooker they wouldn't scan.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:38 AM

Posted 15 November 2010 - 09:44 PM

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click on Minimal Output at the top
  • Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save"
  • Double click inside the Custom Scan box at the bottom
  • A window will appear saying "Click Ok to load a custom scan from a file or Cancel to cancel"
  • Click the Ok button and navigate to the file scan.txt which we just saved to your desktop
  • Select scan.txt and click Open. Writing will now appear under the Custom Scan box
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the OTL.Txt into this topic and please attach the Extras.Txt.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 The Beast

The Beast
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:38 AM

Posted 16 November 2010 - 08:25 PM

Can you explain when to run the scan I'm a little confused was this after clicking on Minimal output or before.




Now the line here:Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save"




This link  takes me to a website and there isn't any item to download from(Click here to download it. ).




Sorry I get home so late please explain your instructions again.




Thank you.



#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:38 AM

Posted 17 November 2010 - 10:22 AM

Download OTL to your Desktop
  • Double click on the icon to start it. Make sure all other windows are closed
  • Click on Minimal Output at the top
    after the program has started click on Minimal Output at the top
  • Download the following file scan.txt to your Desktop.
    I have attached it see below
  • Double click inside the Custom Scan box at the bottom
  • A window will appear saying "Click Ok to load a custom scan from a file or Cancel to cancel"
  • Click the Ok button and navigate to the file scan.txt which we just saved to your desktop
  • Select scan.txt and click Open. Writing will now appear under the Custom Scan box
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.


  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the OTL.Txt into this topic and please attach the Extras.Txt.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 The Beast

The Beast
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:38 AM

Posted 19 November 2010 - 08:12 PM

Now I've tried this program as well it would start scanning then it would give me a error program start up it seems to stop every program I've downloaded and I'm disconnected from the internet.

Most program I get really work in safe mode if this helps.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:38 AM

Posted 19 November 2010 - 09:21 PM

If you can run it in safe mode then do it


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:38 AM

Posted 22 November 2010 - 12:08 AM

Hello

three day bump

It has been Three days since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 The Beast

The Beast
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:38 AM

Posted 22 November 2010 - 08:45 PM

I had to reinstall my system the thing got so bad I couldn't even log into my pc so how can I keep my pc clean now tell me what you want me to do now.




Because vista always keep a old windows can the malware come.



#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:38 AM

Posted 23 November 2010 - 02:43 AM

here is part of my all clean speech and should be the info you are needing


:Make your Internet Explorer more secure:

  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialise and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    Next press the Apply button and then the OK to exit the Internet Properties page.


:Make Firefox more secure:

please visit this page to explain how to make Firefox more secure - How to Secure Firefox


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector


:Turn On Automatic Updates:

Turn On Automatic Updates
1. Click Start, click Run, type sysdm.cpl, and then press ENTER.
2. Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them

If you click this setting, click to select the day and time for scheduled updates to occur. You can schedule Automatic Updates for any time of day. Remember, your computer must be on at the scheduled time for updates to be installed. After you set this option, Windows recognizes when you are online and uses your Internet connection to find updates on the Windows Update Web site or on the Microsoft Update Web site that apply to your computer. Updates are downloaded automatically in the background, and you are not notified or interrupted during this process. An icon appears in the notification area of your taskbar when the updates are being downloaded. You can point to the icon to view the download status. To pause or to resume the download, right-click the icon, and then click Pause or Resume. When the download is completed, another message appears in the notification area so that you can review the updates that are scheduled for installation. If you choose not to install at that time, Windows starts the installation on your set schedule.

or visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

:antispyware programs:

I would reccomend the download and installation of some or all of the following programs (all free), and the updating of them regularly:

  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Spyware Blaster - By altering your registry, this program stops harmful sites from installing things like ActiveX Controls on your machines.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often.

Here is a great read about PC Safety and Security - What Do I Need? from my friends at Tech Support Forum


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 The Beast

The Beast
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:38 AM

Posted 23 November 2010 - 08:44 PM

I always keep my system up to date and I have every program you listed but I got rid of Winpatrol a while back but now I will keep.




So how can malware still get into system are you familiar with ebay.url as a virus?




I thank you for your help  but I really wanted to find the problem what ever it was because I don't think it was in my antivirus data base.




I'm grateful to see that are people that are around that help people with pc problems but I was told I had a trojan injection every program I used to fix the computer wouldn't work after the first try was it a hijack and thanks again?



#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:38 AM

Posted 23 November 2010 - 10:58 PM

I always keep my system up to date and I have every program you listed but I got rid of Winpatrol a while back but now I will keep.
Good idead I like it alot and run it on three computers

So how can malware still get into system are you familiar with ebay.url as a virus?

ebay.url is not a virus persay but was put on by the virus

I thank you for your help but I really wanted to find the problem what ever it was because I don't think it was in my antivirus data base.
There are lots of ways for viruses to get into the system

I'm grateful to see that are people that are around that help people with pc problems but I was told I had a trojan injection every program I used to fix the computer wouldn't work after the first try was it a hijack and thanks again?
it sounds like a file infecter or there are viruses that change the permisions of programs as I didn't get any reports there was not much for me to go on

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:38 AM

Posted 26 November 2010 - 11:27 PM

Since the issue is resolved, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

The fixes and advice in this thread are for this machine only.
Do not apply the instructions from this thread to your own machine.
Please start a new thread describing your issue and someone will be along to assist you.


With Regards,
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users