Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to download from download.microsoft.com


  • This topic is locked This topic is locked
3 replies to this topic

#1 jacktuk

jacktuk

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:24 AM

Posted 30 January 2011 - 08:27 AM

Greetings,

I have been unable to download anything from microsoft.com, always get a "Internet Explorer cannot display the webpagepage" message. I cannot successfully ping download.microsoft.com, microsoft.com, etc., getting "request timed out message", and 100% loss of packets.

After many days of trying things including MTU's, examining the host file, run malwarebytes, CCleaner, HijackThis, and finally ComboFix, I am reaching out in this forum for help. I was scared to run the combofix as I am not a combofix guru, but I ran the scan and am posting the log file, which i don't know how to interpret. Any help would be greatly appreciated, as I just cannot resolve this issue, and need to download stuf for software / database development.

Here is the ComboFix log...

ComboFix 11-01-29.03 - John 01/30/2011 20:39:39.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1790.994 [GMT 8:00]
Running from: c:\users\John\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Microsoft Security Essentials *Disabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\users\John\GoToAssistDownloadHelper.exe
c:\windows\system32\AutoRun.inf
c:\windows\system32\html
c:\windows\system32\html\calendar.html
c:\windows\system32\html\calendarbottom.html
c:\windows\system32\html\calendartop.html
c:\windows\system32\html\crystalexportdialog.htm
c:\windows\system32\html\crystalprinthost.html
c:\windows\system32\images
c:\windows\system32\images\toolbar\calendar.gif
c:\windows\system32\images\toolbar\crlogo.gif
c:\windows\system32\images\toolbar\export.gif
c:\windows\system32\images\toolbar\export_over.gif
c:\windows\system32\images\toolbar\exportd.gif
c:\windows\system32\images\toolbar\First.gif
c:\windows\system32\images\toolbar\first_over.gif
c:\windows\system32\images\toolbar\Firstd.gif
c:\windows\system32\images\toolbar\gotopage.gif
c:\windows\system32\images\toolbar\gotopage_over.gif
c:\windows\system32\images\toolbar\gotopaged.gif
c:\windows\system32\images\toolbar\grouptree.gif
c:\windows\system32\images\toolbar\grouptree_over.gif
c:\windows\system32\images\toolbar\grouptreed.gif
c:\windows\system32\images\toolbar\grouptreepressed.gif
c:\windows\system32\images\toolbar\Last.gif
c:\windows\system32\images\toolbar\last_over.gif
c:\windows\system32\images\toolbar\Lastd.gif
c:\windows\system32\images\toolbar\Next.gif
c:\windows\system32\images\toolbar\next_over.gif
c:\windows\system32\images\toolbar\Nextd.gif
c:\windows\system32\images\toolbar\Prev.gif
c:\windows\system32\images\toolbar\prev_over.gif
c:\windows\system32\images\toolbar\Prevd.gif
c:\windows\system32\images\toolbar\print.gif
c:\windows\system32\images\toolbar\print_over.gif
c:\windows\system32\images\toolbar\printd.gif
c:\windows\system32\images\toolbar\Refresh.gif
c:\windows\system32\images\toolbar\refresh_over.gif
c:\windows\system32\images\toolbar\refreshd.gif
c:\windows\system32\images\toolbar\Search.gif
c:\windows\system32\images\toolbar\search_over.gif
c:\windows\system32\images\toolbar\searchd.gif
c:\windows\system32\images\toolbar\up.gif
c:\windows\system32\images\toolbar\up_over.gif
c:\windows\system32\images\toolbar\upd.gif
c:\windows\system32\images\tree\begindots.gif
c:\windows\system32\images\tree\beginminus.gif
c:\windows\system32\images\tree\beginplus.gif
c:\windows\system32\images\tree\blank.gif
c:\windows\system32\images\tree\blankdots.gif
c:\windows\system32\images\tree\dots.gif
c:\windows\system32\images\tree\lastdots.gif
c:\windows\system32\images\tree\lastminus.gif
c:\windows\system32\images\tree\lastplus.gif
c:\windows\system32\images\tree\Magnify.gif
c:\windows\system32\images\tree\minus.gif
c:\windows\system32\images\tree\minusbox.gif
c:\windows\system32\images\tree\plus.gif
c:\windows\system32\images\tree\plusbox.gif
c:\windows\system32\images\tree\singleminus.gif
c:\windows\system32\images\tree\singleplus.gif

.
((((((((((((((((((((((((( Files Created from 2010-12-28 to 2011-01-30 )))))))))))))))))))))))))))))))
.

2011-01-30 12:50 . 2011-01-30 12:50 -------- d-----w- c:\users\John\AppData\Local\temp
2011-01-30 12:50 . 2011-01-30 12:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-30 11:23 . 2011-01-30 11:23 28752 ----a-w- c:\progra~2\Microsoft\Microsoft Antimalware\Definition Updates\{F17D9EC7-D303-4C1D-9472-C0AC166B9490}\MpKslafb2ca6f.sys
2011-01-30 10:51 . 2011-01-30 10:51 28752 ----a-w- c:\progra~2\Microsoft\Microsoft Antimalware\Definition Updates\{F17D9EC7-D303-4C1D-9472-C0AC166B9490}\MpKsla28d477c.sys
2011-01-29 19:03 . 2011-01-29 19:03 28752 ----a-w- c:\progra~2\Microsoft\Microsoft Antimalware\Definition Updates\{F17D9EC7-D303-4C1D-9472-C0AC166B9490}\MpKslc77544bf.sys
2011-01-28 18:33 . 2011-01-30 06:18 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-01-28 18:33 . 2011-01-29 01:56 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2011-01-28 17:43 . 2011-01-28 17:49 -------- d-----w- c:\program files\Windows Live Safety Center
2011-01-28 11:26 . 2011-01-28 11:26 28752 ----a-w- c:\progra~2\Microsoft\Microsoft Antimalware\Definition Updates\{F17D9EC7-D303-4C1D-9472-C0AC166B9490}\MpKslf0b0f0c0.sys
2011-01-25 06:29 . 2011-01-25 06:29 28752 ----a-w- c:\progra~2\Microsoft\Microsoft Antimalware\Definition Updates\{F17D9EC7-D303-4C1D-9472-C0AC166B9490}\MpKslb6901cf9.sys
2011-01-25 05:43 . 2011-01-13 09:41 5890896 ----a-w- c:\progra~2\Microsoft\Microsoft Antimalware\Definition Updates\{F17D9EC7-D303-4C1D-9472-C0AC166B9490}\mpengine.dll
2011-01-23 03:16 . 2011-01-23 03:17 -------- d-----w- c:\users\John\AppData\Local\{F356FF98-6255-4A23-B10E-CDC2624F8E70}
2011-01-22 12:00 . 2011-01-22 12:01 -------- d-----w- c:\users\John\AppData\Local\{B5953ECC-8222-40EC-8E04-1376C8A60AC9}
2011-01-22 11:32 . 2011-01-22 11:32 -------- d-----w- c:\users\John\AppData\Local\{664311A6-373D-4BE1-B53D-C228406CCF15}
2011-01-22 06:30 . 2009-09-04 09:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2011-01-22 06:30 . 2009-09-04 09:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2011-01-22 06:30 . 2009-09-04 09:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-01-22 06:26 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
2011-01-22 06:21 . 2011-01-22 06:21 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\8f7b0ba31cbb9fc04\MeshBetaRemover.exe
2011-01-22 06:20 . 2011-01-22 06:20 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\7d2755831cbb9fc03\DSETUP.dll
2011-01-22 06:20 . 2011-01-22 06:20 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\7d2755831cbb9fc03\DXSETUP.exe
2011-01-22 06:20 . 2011-01-22 06:20 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\7d2755831cbb9fc03\dsetup32.dll
2011-01-22 06:20 . 2011-01-22 06:20 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\691da2631cbb9fc02\DXSETUP.exe
2011-01-22 06:20 . 2011-01-22 06:20 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\691da2631cbb9fc02\dsetup32.dll
2011-01-22 06:20 . 2011-01-22 06:20 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\691da2631cbb9fc02\DSETUP.dll
2011-01-22 04:28 . 2011-01-22 11:13 -------- d-----w- c:\users\John\AppData\Local\Windows Live
2011-01-22 03:59 . 2011-01-22 03:59 -------- d-----w- c:\program files\Windows Portable Devices
2011-01-22 03:24 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2011-01-22 03:24 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2011-01-22 03:24 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2011-01-22 03:22 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2011-01-22 03:20 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-01-22 03:20 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2011-01-22 03:20 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-01-22 02:02 . 2010-11-02 06:03 638232 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2011-01-22 02:01 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2011-01-22 02:01 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2011-01-22 02:00 . 2010-10-28 13:20 2048 ----a-w- c:\windows\system32\tzres.dll
2011-01-22 01:59 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
2011-01-22 01:59 . 2010-09-06 13:45 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2011-01-22 01:59 . 2010-09-06 13:45 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-01-22 01:59 . 2010-09-06 13:45 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-01-22 01:59 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
2011-01-22 01:59 . 2010-06-28 17:00 1316864 ----a-w- c:\windows\system32\ole32.dll
2011-01-22 01:59 . 2010-06-28 14:54 339968 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2011-01-22 01:59 . 2010-06-11 16:15 1248768 ----a-w- c:\windows\system32\msxml3.dll
2011-01-22 01:59 . 2010-10-28 13:27 292352 ----a-w- c:\windows\system32\atmfd.dll
2011-01-22 01:59 . 2010-10-28 15:44 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-22 01:59 . 2010-06-16 15:30 72704 ----a-w- c:\windows\system32\fontsub.dll
2011-01-22 01:57 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe
2011-01-22 01:56 . 2010-08-26 16:37 157184 ----a-w- c:\windows\system32\t2embed.dll
2011-01-22 01:56 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2011-01-22 01:56 . 2010-05-27 20:08 81920 ----a-w- c:\windows\system32\iccvid.dll
2011-01-22 01:56 . 2010-08-20 16:05 867328 ----a-w- c:\windows\system32\wmpmde.dll
2011-01-22 01:47 . 2010-11-03 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-01-22 01:35 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll
2011-01-22 01:35 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
2011-01-22 00:34 . 2011-01-22 00:34 -------- d-----w- c:\program files\CCleaner
2011-01-21 13:38 . 2011-01-21 13:39 -------- d-----w- c:\windows\system32\ca-ES
2011-01-21 13:38 . 2011-01-21 13:39 -------- d-----w- c:\windows\system32\eu-ES
2011-01-21 13:38 . 2011-01-21 13:39 -------- d-----w- c:\windows\system32\vi-VN
2011-01-21 08:37 . 2011-01-21 08:37 -------- d-----w- c:\users\John\AppData\Roaming\ParetoLogic
2011-01-21 08:37 . 2011-01-21 08:37 -------- d-----w- c:\users\John\AppData\Roaming\DriverCure
2011-01-21 08:37 . 2011-01-21 09:31 -------- d-----w- c:\progra~2\ParetoLogic
2011-01-21 05:58 . 2011-01-21 05:58 -------- d-----w- c:\progra~2\Office Genuine Advantage
2011-01-21 05:17 . 2011-01-21 05:17 -------- d-----w- c:\windows\system32\EventProviders

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-20 23:09 . 2010-10-13 05:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2010-10-13 05:30 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-10 04:33 . 2010-01-10 07:36 6273872 ----a-w- c:\progra~2\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eRecoveryService"="" [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R1 MpKsl5f6ba2d2;MpKsl5f6ba2d2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F17D9EC7-D303-4C1D-9472-C0AC166B9490}\MpKsl5f6ba2d2.sys [2011-01-29 28752]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1ca28cd9f3a3070;Google Update Service (gupdate1ca28cd9f3a3070);c:\program files\Google\Update\GoogleUpdate.exe [2009-08-29 133104]
R2 OracleVssWriterCLASSDB;Oracle CLASSDB VSS Writer Service;d:\app\John\product\11.1.0\db_1\bin\OraVSSW.exe CLASSDB [x]
R2 OracleVssWriterORCL;Oracle ORCL VSS Writer Service;d:\app\John\product\11.1.0\db_1\bin\OraVSSW.exe ORCL [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-26 42368]
R3 WMSvc;Web Management Service;c:\windows\system32\inetsrv\wmsvc.exe [2008-01-19 11264]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2007-02-22 2808664]
R4 OracleJobSchedulerCLASSDB;OracleJobSchedulerCLASSDB;d:\app\john\product\11.1.0\db_1\Bin\extjob.exe CLASSDB [x]
R4 OracleJobSchedulerORCL;OracleJobSchedulerORCL;d:\app\john\product\11.1.0\db_1\Bin\extjob.exe ORCL [x]
R4 OracleOraDb11g_home1TNSListener;OracleOraDb11g_home1TNSListener;d:\app\John\product\11.1.0\db_1\BIN\TNSLSNR [x]
R4 OracleServiceCLASSDB;OracleServiceCLASSDB;d:\app\john\product\11.1.0\db_1\bin\ORACLE.EXE CLASSDB [x]
R4 OracleServiceORCL;OracleServiceORCL;d:\app\john\product\11.1.0\db_1\bin\ORACLE.EXE ORCL [x]
S1 MpKslafb2ca6f;MpKslafb2ca6f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F17D9EC7-D303-4C1D-9472-C0AC166B9490}\MpKslafb2ca6f.sys [2011-01-30 28752]
S2 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [2007-01-26 50688]
S2 MsDtsServer;SQL Server Integration Services;c:\program files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe [2008-12-18 202592]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2007-05-16 32256]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2011-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-29 17:24]

2011-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-29 17:24]

2011-01-29 c:\windows\Tasks\User_Feed_Synchronization-{B83BA6FC-D31D-4680-8CA4-CCFF376A6534}.job
- c:\windows\system32\msfeedssync.exe [2011-01-22 04:25]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
WebBrowser-{7B13EC3E-999A-4B70-B9CB-2617B8323822} - (no file)
WebBrowser-{5B291E6C-9A74-4034-971B-A4B007A0B315} - (no file)
AddRemove-Lizard Safeguard - PDF Viewer_is1 - f:\e-books\Lizard Safeguard PDF Viewer\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-30 20:50
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msftesql]
"ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:MSSQLSERVER"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\OracleOraDb11g_home1TNSListener]
"ImagePath"="d:\app\John\product\11.1.0\db_1\BIN\TNSLSNR "
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-01-30 20:54:38
ComboFix-quarantined-files.txt 2011-01-30 12:54

Pre-Run: 5,802,229,760 bytes free
Post-Run: 5,665,177,600 bytes free

- - End Of File - - 9E998CA20967DA566D18C6D704E7BFB3

Edited by Budapest, 30 January 2011 - 04:37 PM.
Moved from Vista forum to Malware Removal Logs.


BC AdBot (Login to Remove)

 


#2 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:10:24 PM

Posted 04 February 2011 - 01:16 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

We need to create a New FULL OTL Report
  • Please download OTL from here if you have not done so already:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.

Best Regards,
oneof4.

Best Regards,
oneof4.


#3 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:10:24 PM

Posted 07 February 2011 - 04:40 PM

Do you still need help?

Best Regards,
oneof4.


#4 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:10:24 PM

Posted 11 February 2011 - 02:37 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users