Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

rootkit infection, other malware, google redirects, and EXE files have no association


  • This topic is locked This topic is locked
2 replies to this topic

#1 mornir

mornir

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:31 AM

Posted 06 May 2011 - 06:59 PM

Referred from here: http://www.bleepingcomputer.com/forums/topic395149.html ~ OB

Hi,

I am fixing my sister in law's PC, and typically MBAM will take care of most problems she's had but this latest one or combination of malware/virus has persisted. I have run MBAM and SUPERAntiSpyware after running the TDSSKiller and the computer seems spyware free. However, I have a new problem. I cannot run any exe file. I cannot get into the registry I get "Error accessing the registry" errors. Even with admin accounts. I cannot run system restore or get into user account as they all rrequire EXE files to work. Somehow EXE files no longer have the proper association. However, on the default Admin account in Safe Mode, I am able to run EXE files, but when I start the machine normally and login to any profile or even newly created ones, EXE files do not work at all, rundll32, rstrui, none. If there is anything else I need to post let me know. Thank you for your help.

Windows XP Home SP3.

TDSSKiller has been run and a rootkit removed:

2011/05/03 09:37:47.0046 1476 Detected object count: 1
2011/05/03 09:37:51.0828 1476 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/05/03 09:37:51.0828 1476 \HardDisk0 - ok
2011/05/03 09:37:51.0828 1476 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/05/03 09:37:54.0593 1184 Deinitialize success

Attach, DDS logs posted here:

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by David Cardenas at 16:48:39.57 on Fri 05/06/2011
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.265 [GMT -7:00]
.
AV: McAfee VirusScan *Disabled/Outdated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall Plus *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\msiexec.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\David Cardenas.DAVIDSPC\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {DE9C389F-3316-41A7-809B-AA305ED9D922} - No File
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [DLCDCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCDtime.dll,_RunDLLEntry@16
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\npjpi160_03.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1157038459812
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
Notify: WRNotifier - WRLogonNTF.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {12B5B5A9-C3B2-491F-8E36-91DB518CC4FF} - rundll32.exe "c:\documents and settings\david cardenas.davidspc\application data\sun\ixokfmgyl68.dll", UnregisterDll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-8-16 64160]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2010-4-17 24576]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-4-27 27064]
S4 dlcd_device;dlcd_device;c:\windows\system32\dlcdcoms.exe -service --> c:\windows\system32\dlcdcoms.exe -service [?]
.
=============== Created Last 30 ================
.
2011-05-06 19:26:02 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll
2011-04-29 19:11:56 -------- d-----w- c:\docume~1\davidc~1.dav\applic~1\SUPERAntiSpyware.com
2011-04-29 19:11:56 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2011-04-29 19:11:47 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-04-29 18:18:24 -------- d-sha-r- C:\cmdcons
2011-04-29 18:06:20 98816 ----a-w- c:\windows\sed.exe
2011-04-29 18:06:20 89088 ----a-w- c:\windows\MBR.exe
2011-04-29 18:06:20 256512 ----a-w- c:\windows\PEV.exe
2011-04-29 18:06:20 161792 ----a-w- c:\windows\SWREG.exe
2011-04-29 17:57:07 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-04-29 17:57:07 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll
2011-04-28 03:51:41 -------- d-----w- c:\docume~1\davidc~1.dav\applic~1\AVG10
2011-04-28 03:40:33 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10
2011-04-28 03:14:37 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2011-04-28 02:59:03 -------- d-----w- c:\docume~1\davidc~1.dav\locals~1\applic~1\VS Revo Group
2011-04-28 02:57:45 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2011-04-28 02:57:41 -------- d-----w- c:\program files\VS Revo Group
2011-04-18 23:26:58 -------- d-----w- c:\docume~1\davidc~1.dav\locals~1\applic~1\{4990F72C-2352-4CA9-A173-9EE5B83C513A}
2011-04-18 00:01:45 -------- d-----w- c:\docume~1\alluse~1\applic~1\iIi06509hOlIp06509
2011-04-17 23:49:10 0 ----a-w- c:\windows\Ypuhaxedakoko.bin
.
==================== Find3M ====================
.
2011-03-30 03:15:21 7832 --sha-w- c:\windows\system32\KGyGaAvL.sys
2011-03-30 03:15:21 104 --sh--r- c:\windows\system32\6207BC8DE0.sys
2011-03-11 14:10:38 471552 ----a-w- c:\windows\apppatch\aclayers.dll
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:45:07 434176 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-17 19:00:29 832512 ----a-w- c:\windows\system32\wininet.dll
2011-02-17 19:00:28 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-02-17 19:00:28 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-17 19:00:27 17408 ----a-w- c:\windows\system32\corpol.dll
2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-17 11:44:16 389120 ----a-w- c:\windows\system32\html.iec
2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-11 13:25:52 229888 ----a-w- c:\windows\system32\fxscover.exe
2011-02-08 13:33:55 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33:55 974848 ----a-w- c:\windows\system32\mfc42u.dll
.
============= FINISH: 16:49:48.93 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 4/22/2006 7:13:49 PM
System Uptime: 5/6/2011 4:46:00 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 0JC474
Processor: Intel® Pentium® 4 CPU 2.80GHz | Microprocessor | 2793/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 144 GiB total, 89.042 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 4/17/2011 5:44:03 PM - System Checkpoint
RP2: 4/22/2011 6:41:35 PM - System Checkpoint
RP3: 4/25/2011 8:59:08 PM - Removed AVG Free 9.0
RP4: 4/25/2011 9:02:39 PM - Removed AVG Free 9.0
RP5: 4/25/2011 9:17:47 PM - Removed AVG Free 9.0
RP6: 4/27/2011 8:00:34 PM - Revo Uninstaller Pro's restore point - Ad-Aware
RP7: 4/27/2011 8:04:28 PM - Revo Uninstaller Pro's restore point - America Online (Choose which version to remove)
RP8: 4/27/2011 8:37:27 PM - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
RP9: 4/27/2011 8:38:05 PM - Installed AVG 2011
RP10: 4/27/2011 8:39:52 PM - Installed AVG 2011
RP11: 4/27/2011 9:01:28 PM - Revo Uninstaller Pro's restore point - AVG 2011
RP12: 4/27/2011 9:06:17 PM - Removed AVG 2011
RP13: 4/27/2011 9:15:22 PM - Removed AVG 2011
RP14: 5/3/2011 3:47:58 PM - Software Distribution Service 3.0
RP15: 5/6/2011 12:25:49 PM - Software Distribution Service 3.0
RP16: 5/6/2011 4:33:13 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
944plc32
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1.1
Adobe Shockwave Player 11.5
America Online (Choose which version to remove)
AOLIcon
Apple Application Support
Apple Mobile Device Support
Apple Software Update
BitTorrent
Bonjour
Canon Camera Access Library
Canon Digital Camera Solution Disk 40-46 Software Starter Guide
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon iP2700 series Printer Driver
Canon MovieEdit Task for ZoomBrowser EX
Canon Personal Printing Guide
Canon PowerShot SD1200 IS_IXUS 95 IS Camera User Guide
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CCleaner
Conexant D850 56K V.9x DFVc Modem
Dell CinePlayer
Dell Digital Jukebox Driver
Dell Driver Download Manager
Dell Driver Reset Tool
Dell Photo AIO Printer 944
Dell Support Center (Support Software)
Dell System Restore
DellConnect
DellSupport
Digital Content Portal
ELIcon
FUJIFILM USB Driver
Google Chrome
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB954550-v5)
HTC Driver Installer
HTC Sync
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections Drivers
Intel® PROSet for Wired Connections
iTunes
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Java 2 Runtime Environment, SE v1.4.2_03
Java™ 6 Update 3
Java™ SE Runtime Environment 6 Update 1
LG USB Modem driver
Malwarebytes' Anti-Malware
Mavis Beacon Teaches Typing 8.0.1
MCU
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.7
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft WinUsb 1.0
Musicmatch for Windows Media Player
Musicmatch® Jukebox
Nero 6 Enterprise Edition
QuickTime
RealPlayer Basic
Revo Uninstaller Pro 2.5.3
Roxio DLA
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Sonic Activation Module
Sonic Encoders
SoulSeek 157 NS 13e
Spelling Dictionaries Support For Adobe Reader 9
SUPERAntiSpyware
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB2492386)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows Resource Kit Tools - SubInAcl.exe
Windows XP Service Pack 3
WordPerfect Office 12
Zune
Zune Language Pack (ES)
Zune Language Pack (FR)
.
==== Event Viewer Messages From Past Week ========
.
5/6/2011 4:40:52 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 8 for Windows XP.
5/3/2011 9:13:32 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000009A' while processing the file 'errorPageStrings[1]' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
5/3/2011 8:35:15 AM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
5/3/2011 3:49:55 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706be: Windows Malicious Software Removal Tool - April 2011 (KB890830).
5/3/2011 3:49:55 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Microsoft - Other hardware - HID Non-User Input Data Filter (KB 911895).
5/3/2011 2:37:48 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde
5/3/2011 12:01:27 PM, error: Service Control Manager [7034] - The Windows Installer service terminated unexpectedly. It has done this 1 time(s).
5/3/2011 12:01:21 PM, error: Service Control Manager [7031] - The Media Center Extender Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
5/3/2011 11:55:15 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
5/3/2011 10:11:58 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file regedit.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
5/2/2011 9:52:11 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm SASDIFSV SASKUTIL
5/2/2011 9:51:03 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/2/2011 10:24:06 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
4/29/2011 10:58:20 AM, error: Service Control Manager [7023] - The Intel CPU service terminated with the following error: The specified module could not be found.
4/29/2011 10:57:20 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service iPod Service with arguments "-Service" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
4/29/2011 10:57:17 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service dlcd_device with arguments "" in order to run the server: {323CE21C-A448-40AA-BA74-7FCF1E441067}
.
==== End Of File ===========================

Edited by Orange Blossom, 15 May 2011 - 09:15 PM.


BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,947 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:12:31 AM

Posted 15 May 2011 - 09:16 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Please take note:

  • If you have since resolved the original problem you were having, we would appreciate you letting us know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.
  • If you have already posted a DDS log, please do so again, as your situation may have changed.
  • Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Thanks and again sorry for the delay.
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,947 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:12:31 AM

Posted 25 May 2011 - 02:46 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users