Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Delayed Write Failed.... terrible mess!


  • Please log in to reply
9 replies to this topic

#1 Lucy Lune

Lucy Lune

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:10 AM

Posted 04 February 2012 - 03:40 PM

Hello! I am new here! My friend referred me here because I have some crazy thing taking over my computer. It seems I have the same problem that boss123 had in http://www.bleepingcomputer.com/forums/topic424906.html
Most my stuff on my desktop has just disappeared as many other things. I cant really do anything on the computer.
The window saying "Windows-Delayed Write failed. Failed to save all the components for the file \\System32\\00005455. The file is corrupted"
pops up over and over.

So, I saw the above post and ran the progams. I was able to work in safe mode. I was on the last one (GMER), and was not sure if I was supposed to delete all the files shown or not.
It didn't say anything about deleting in your instructions, I was not sure if it was just to let you see whats happening in the computer or if I should delete/kill them.
Please let me know if I should Delete/Kill all the files shown when the scan is finished.
I don't want to delete something that is supposed to be there! :)

This site is great, thank you guys!
<3

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:10 PM

Posted 25 February 2012 - 07:51 PM

Hello please copy/paste your logs so I can tell you.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Lucy Lune

Lucy Lune
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:10 AM

Posted 25 February 2012 - 10:23 PM

It appears almost all over my programs on my computer vanished when this virus took over....Are they gone for good?
Here's the results of the scans. Thank you!!


Check up-

Results of screen317's Security Check version 0.99.24
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
McAfee Security Scan Plus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

SUPERAntiSpyware
HijackThis 2.0.2
CCleaner
Java™ 6 Update 21
Java™ 6 Update 2
Java™ 6 Update 7
Out of date Java installed!
Adobe Flash Player ( 10.3.181.34) Flash Player Out of Date!
Adobe Reader X (10.1.1)
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````



SuperAntiSpyware-
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/22/2012 at 01:12 PM

Application Version : 5.0.1142

Core Rules Database Version : 8153
Trace Rules Database Version: 5965

Scan type : Complete Scan
Total Scan Time : 02:37:01

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC Off - Administrator

Memory items scanned : 315
Memory threats detected : 0
Registry items scanned : 23594
Registry threats detected : 7
File items scanned : 319783
File threats detected : 45

Trojan.Agent/Gen-FakeAlert[Local]
[gfUomFNvRQL.exe] C:\PROGRAMDATA\GFUOMFNVRQL.EXE
C:\PROGRAMDATA\GFUOMFNVRQL.EXE
C:\PROGRAMDATA\JSHJIUPQZEYEWK.EXE
C:\Windows\Prefetch\GFUOMFNVRQL.EXE-561D533B.pf
C:\Windows\Prefetch\JSHJIUPQZEYEWK.EXE-B38CD2B1.pf

Adware.Zugo
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}
HKU\S-1-5-21-3143903562-2995705503-1674554453-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D425283-D487-4337-BAB6-AB8354A81457}
HKLM\Software\Microsoft\Internet Explorer\Toolbar#{9D425283-D487-4337-BAB6-AB8354A81457}
HKCR\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}
HKU\S-1-5-21-3143903562-2995705503-1674554453-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{9D425283-D487-4337-BAB6-AB8354A81457}

Trojan.Agent/Gen-Frauder
C:\USERS\LUCY\APPDATA\LOCAL\BPFUSUIDV\LDETNOVTSSD.EXE

Trojan.Agent/Gen-FraudScan[Prod]
C:\USERS\LUCY\APPDATA\LOCAL\TEMP\AUDIO_DRIVERS_UPDATE_UTILITY.EXE
C:\USERS\LUCY\APPDATA\LOCAL\TEMP\D50A.TMP

Trojan.Agent/Gen-BOPE
C:\USERS\LUCY\APPDATA\LOCAL\TEMP\PNGL5HMVMUZPU9.EXE.TMP
C:\USERS\LUCY\APPDATA\LOCALLOW\SUN\JAVA\DEPLOYMENT\CACHE\6.0\28\1BC060DC-65CC86F5

Adware.Tracking Cookie
.doubleclick.net [ C:\USERS\LUCY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7Q3SO69V.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\LUCY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7Q3SO69V.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\USERS\LUCY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7Q3SO69V.DEFAULT\COOKIES.SQLITE ]
ad.insightexpressai.com [ C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\ESGZLJTX ]
art.aim4media.com [ C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\ESGZLJTX ]
cdn.fondnessmedia.com [ C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\ESGZLJTX ]
cdn.tremormedia.com [ C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\ESGZLJTX ]
cloud.video.unrulymedia.com [ C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\ESGZLJTX ]
content.yieldmanager.edgesuite.net [ C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\ESGZLJTX ]
crackle.com [ C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\ESGZLJTX ]
i.adultswim.com [ C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\ESGZLJTX ]
ictv-ic-ec.indieclicktv.com [ C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\ESGZLJTX ]
inline.admedia.com [ C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\ESGZLJTX ]
macromedia.com [ C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\ESGZLJTX ]
media.alldayslim.com [ C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\ESGZLJTX ]
media.mtvnservices.com [ C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\ESGZLJTX ]
media.oprah.com [ C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\ESGZLJTX ]
media1.break.com [ C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\ESGZLJTX ]
mediacast.realgravity.com [ C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\ESGZLJTX ]
msnbcmedia.msn.com [ C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\ESGZLJTX ]
objects.tremormedia.com [ C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\ESGZLJTX ]
overlay.admedia.com [ C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\ESGZLJTX ]
s0.2mdn.net [ C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\ESGZLJTX ]
secure-uk.imrworldwide.com [ C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\ESGZLJTX ]
secure-us.imrworldwide.com [ C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\ESGZLJTX ]
stat.easydate.biz [ C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\ESGZLJTX ]
tag.2bluemedia.hiro.tv [ C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\ESGZLJTX ]
tag.mediashakers.hiro.tv [ C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\ESGZLJTX ]
video.adultswim.com [ C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\ESGZLJTX ]
www.baronsmedia.com [ C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\ESGZLJTX ]
www.goodcholesterolcount.com [ C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\ESGZLJTX ]
www.pornhub.com [ C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\ESGZLJTX ]
www.royalmediamarketing.com [ C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\ESGZLJTX ]

Trojan.Agent/Gen-FakeAV
C:\USERS\LUCY\DOWNLOADS\INSTALLANTIVIRUS2010.EXE

Trojan.Agent/Gen-Sirefef
C:\WINDOWS\SYSTEM32\DRIVERS\AFD.SYS
C:\WINDOWS\WINSXS\X86_MICROSOFT-WINDOWS-WINSOCK-CORE_31BF3856AD364E35_6.0.6002.18457_NONE_D99FB42E5BB59D9B\AFD.SYS

System.BrokenFileAssociation
HKCR\.exe


Maleware bytes-
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 9.0.8112.16421

1/21/2012 12:41:15 AM
mbam-log-2012-01-21 (00-41-15).txt

Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 397600
Time elapsed: 1 hour(s), 28 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


GMER-
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-02-04 15:21:14
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 ST9200827AS rev.3.BHA
Running: tupp2.exe; Driver: C:\Users\Lucy\AppData\Local\Temp\kxldapob.sys


---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[1116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73B77817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73BCA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73B7BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73B6F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73B775E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73B6E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73BA8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73B7DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73B6FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73B6FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73B671CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [73BFCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73B9C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73B6D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73B66853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73B6687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73B72AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\OpenWithProgids@Lg\5l\x2013U

---- Files - GMER 1.0.15 ----

File C:\Windows\$NtUninstallKB62280$\3188815822 0 bytes
File C:\Windows\$NtUninstallKB62280$\485945278 0 bytes
File C:\Windows\$NtUninstallKB62280$\485945278\@ 2048 bytes
File C:\Windows\$NtUninstallKB62280$\485945278\bckfg.tmp 846 bytes
File C:\Windows\$NtUninstallKB62280$\485945278\cfg.ini 208 bytes
File C:\Windows\$NtUninstallKB62280$\485945278\Desktop.ini 4608 bytes
File C:\Windows\$NtUninstallKB62280$\485945278\keywords 390 bytes
File C:\Windows\$NtUninstallKB62280$\485945278\kwrd.dll 223744 bytes
File C:\Windows\$NtUninstallKB62280$\485945278\L 0 bytes
File C:\Windows\$NtUninstallKB62280$\485945278\L\qnbwvoto 273408 bytes
File C:\Windows\$NtUninstallKB62280$\485945278\lsflt7.ver 5176 bytes
File C:\Windows\$NtUninstallKB62280$\485945278\U 0 bytes
File C:\Windows\$NtUninstallKB62280$\485945278\U\00000001.@ 2048 bytes
File C:\Windows\$NtUninstallKB62280$\485945278\U\00000002.@ 224768 bytes
File C:\Windows\$NtUninstallKB62280$\485945278\U\00000004.@ 1024 bytes
File C:\Windows\$NtUninstallKB62280$\485945278\U\80000000.@ 11264 bytes
File C:\Windows\$NtUninstallKB62280$\485945278\U\80000004.@ 12800 bytes
File C:\Windows\$NtUninstallKB62280$\485945278\U\80000032.@ 77312 bytes

---- EOF - GMER 1.0.15 ----

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:10 PM

Posted 25 February 2012 - 10:47 PM

Hello, are you saying you cannot see some files ..like "My Computer"? Do NOT run a Temp file or Registry cleaner or they will be gone.

This infection family will also hide all the files on your computer from being seen. To make your files visible again, please download the following program to your desktop:

Unhide.exe

Once the program has been downloaded, double-click on the Unhide.exe icon on your desktop and allow the program to run. This program will remove the +H, or hidden, attribute from all the files on your hard drives. If there are any files that were purposely hidden by you, you will need to hide them again after this tool is run.


Your MBAM is an old version (Malwarebytes' Anti-Malware 1.46 is now at 1.50). We should update,rerun to be certain we miss nothing.

Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.



Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.

Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Lucy Lune

Lucy Lune
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:10 AM

Posted 25 February 2012 - 11:34 PM

Yes, the ONLY thing on my start up menu that is shown is "My Computer". When I click the "programs" tab, most of them seem to be there but I am scared to try and open anything.
The only thing on my desk top is the 4 scanning programs I have installed.

I am not able to update MBAM in normal mode....when I do, the computer restarts.
Will it possibly work to download it and update it from a separate computer, put it on a flash drive, start my computer in safe mode and run it?
That is what I have had to do with all the other ones...

Should it be effective to run the updated MBAM and TDSSkiller in safe mode?

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:10 PM

Posted 25 February 2012 - 11:51 PM

Ok, run Unhide.

Yes you can put it on a flashdrove or CD and run it.
Youo can also do that with TDSS.

I have to leave but will look back in the am.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 Lucy Lune

Lucy Lune
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:10 AM

Posted 26 February 2012 - 01:17 AM

I ran both in safe mode, and they both said no threats detected....so there was no logs/nothing on the logs.

Running unhide did return most of my desktop!
But, after a minute or two after start up the computer shuts down and restarts...

I appreciate any of your help!
Thank you!

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:10 PM

Posted 26 February 2012 - 04:31 PM

Lucy it ooks like we need a deeper look. Please go here....Preparation Guide ,do steps 6-9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
You can just repost the GMER log above and skip that step.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 Lucy Lune

Lucy Lune
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:10 AM

Posted 03 March 2012 - 12:53 PM

I am having an issue downloading DDS.
(working from my friends computer to DL programs...)
When I click the "Download" button nothing happens. Opening the "Download" button on a new tab the web address only comes up "about:Blank" and nothing on the page.
I've tried googleing other links to a DDS download, and it looks like they all go to the same place/do the same thing.

I will try again later....

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:10 PM

Posted 03 March 2012 - 08:45 PM

Hi Lucy,apologize,had a busy day.

If you cannot get DDS to work, please try this instead.

Please download OTL by OldTimer and save it to your Desktop.
  • Close all other applications and windows so that you have nothing open.
  • Double click on the Posted Image icon on your desktop.

    Vista/Windows 7 users right-click and select Run As Administrator.
    If you receive a UAC prompt asking if you would like to continue running the program, you should press the Continue button.
  • Under Output, ensure that Minimal Output is selected.
  • Click the "Scan All Users" checkbox.
    Leave the remaining selections to the default settings.
  • Click the Posted Image button.
  • Do not use the computer while the scan is in progress.
  • When the scan is complete, two log files will open in Notepad:
    • OTListIt.txt <- (will be maximized)
    • Extras.txt <- (will be minimized in the Task Bar).
  • Both logs are automatically saved to the Desktop.
  • Please copy and paste the contents of OTListIt.txt and Extras.txt in your next reply.
    If the Extras.txt log is too long, you may need to add a second reply to your thread or upload it as an attachment.
  • Click the red X in the upper right corner to exit OTL.
Important: Be sure to mention that you tried to follow the Prep Guide but were unable to get DDS to run. If OTL did not work, then reply back here.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users