Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hi guys.....noob at PC's needs help! Badly!


  • This topic is locked This topic is locked
41 replies to this topic

#1 ExactDarkness22

ExactDarkness22

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 17 February 2012 - 11:25 PM

This is my post on Yahoo! Answers:
"Ok, so, to remove this infection I tried following some forum poster's guide, and in that process I downloaded and ran Combo Fix. It was a horrible decision. Now, the only browser I can get connection with is Nightly, I feel like my PC is still infected, I can't update anything (including Malwarebytes), I can't download anything that requires a connection (including Malwarebytes), and.. basically I can't do anything with the internet unless its through Nightly. Someone please help me, and guide me on how to fix this, its really annoying!
Oh, and, I can't play video games.... and that is the main point of my desktop. PLEASE help.... thanks in advance"

I think I messed my PC up big time... I really don't know what to do. Absolutely nothing besides Nightly works in regards to connection to the internet. If you guys could help me with this, it would be great. However, if a reinstall of the OS is the only possible thing left to do.. I don't even know if I can do that, because I don't know if I have the disc. Should the CD have came with my computer? Gah, I don't even want to go there, please try to help me in other ways first! The last thing I want to hear is that there is nothing I can do. If you guys want more details, say so in your reply, I will provide anything and everything that I can. Thanks!!

BC AdBot (Login to Remove)

 


#2 ExactDarkness22

ExactDarkness22
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 19 February 2012 - 01:31 PM

I don't know how to edit my post in this forum.. so I'm left with bumping it.

I read the Preperation Guide, and here is my DDS log:


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_26
Run by John at 10:27:21 on 2012-02-19
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8184.4618 [GMT -8:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Microsoft Firewall Client 2004\FwcAgent.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Microsoft Firewall Client 2004\FwcMgmt.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Nightly\firefox.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\SysWOW64\WinMsgBalloonServer.exe
C:\Windows\SysWOW64\WinMsgBalloonClient.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Nightly\plugin-container.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Users\John\Desktop\gmer.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
dRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
dRunOnce: [DeleteEngineAfterUpdate] reg DELETE HKCU\Software\AppDataLow\Software\ConduitEngine /f
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Firewall Client 2004\FwcMgmt.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
LSP: C:\Program Files (x86)\Microsoft Firewall Client 2004\FwcWsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 10.0.0.1
TCP: Interfaces\{7F587694-1D50-4BE4-A422-99F7297C2A67} : DhcpNameServer = 10.0.0.1
TCP: Interfaces\{8BC595A1-8EB4-4A12-87EF-96415E3A724C} : DhcpNameServer = 10.0.0.1
TCP: Interfaces\{8BC595A1-8EB4-4A12-87EF-96415E3A724C}\C416272797025436B65627C696E676723702E4564777F627B6 : DhcpNameServer = 10.0.1.1
TCP: Interfaces\{8BC595A1-8EB4-4A12-87EF-96415E3A724C}\E4544574541425 : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll
BHO-X64: uTorrentBar - No File
BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
TB-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\6gdjdt60.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&q=
FF - prefs.js: network.proxy.type - 4
FF - plugin: C:\Users\John\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
FF - plugin: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
============= SERVICES / DRIVERS ===============
.
R0 ahcix64s;ahcix64s;C:\Windows\system32\DRIVERS\ahcix64s.sys --> C:\Windows\system32\DRIVERS\ahcix64s.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Users\John\AppData\Local\Temp\SAS_SelfExtract\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Users\John\AppData\Local\Temp\SAS_SelfExtract\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/02/07 11:29:53];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2010-2-7 146928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-11-9 361984]
R2 AMD_RAIDXpert;AMD RAIDXpert;C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-9-19 122880]
R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2011-6-24 55424]
R2 FwcAgent;Firewall Client Agent;C:\Program Files (x86)\Microsoft Firewall Client 2004\FwcAgent.exe [2006-12-9 128832]
R2 iPodDrv;iPodDrv;\??\C:\Windows\system32\drivers\iPodDrv.sys --> C:\Windows\system32\drivers\iPodDrv.sys [?]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 Gun;Gun;\??\C:\Windows\system32\Gun64.sys --> C:\Windows\system32\Gun64.sys [?]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\PC-Doctor for Windows\pcdsrvc_x64.pkms [2009-9-16 23536]
S3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\system32\drivers\ScreamingBAudio64.sys --> C:\Windows\system32\drivers\ScreamingBAudio64.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-02-18 04:11:14 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-02-18 04:11:14 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-02-03 01:10:48 -------- d-----w- C:\Program Files (x86)\doubleTwist 2.0
2012-01-30 20:43:01 12872 ----a-w- C:\Windows\System32\bootdelete.exe
2012-01-30 02:47:14 -------- d-----w- C:\Program Files (x86)\ESET
2012-01-30 00:58:52 25160 ----a-w- C:\Windows\System32\drivers\hitmanpro36.sys
2012-01-30 00:58:51 -------- d-----w- C:\Program Files\HitmanPro
2012-01-30 00:58:43 -------- d-----w- C:\ProgramData\HitmanPro
2012-01-30 00:57:07 -------- d-----w- C:\Users\John\AppData\Roaming\SUPERAntiSpyware.com
2012-01-30 00:57:07 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-01-28 17:10:46 374664 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-01-28 17:08:01 -------- d-sh--w- C:\$RECYCLE.BIN
2012-01-28 16:27:21 -------- d-----w- C:\Program Files (x86)\Microsoft Firewall Client 2004
2012-01-28 05:49:55 -------- d-----w- C:\Users\John\AppData\Local\HuluDesktop
2012-01-28 05:49:22 -------- d-----w- C:\Users\John\AppData\Roaming\Hardcore
2012-01-23 03:17:21 -------- d-----w- C:\Users\John\AppData\Roaming\Screaming Bee
2012-01-23 03:16:55 -------- d-----w- C:\ProgramData\Screaming Bee
.
==================== Find3M ====================
.
2012-01-31 12:44:20 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-01-29 16:26:50 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-14 04:02:25 3143168 ----a-w- C:\Windows\System32\win32k.sys
2012-01-09 05:56:46 281656 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-01-09 05:56:46 281656 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-01-09 05:51:51 281656 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-01-09 05:41:25 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-01-04 09:58:13 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-01-04 09:03:07 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-01-03 06:24:52 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-01-03 05:44:24 478208 ----a-w- C:\Windows\SysWow64\timedate.cpl
2011-12-28 03:59:11 499200 ----a-w- C:\Windows\System32\drivers\afd.sys
2011-12-23 22:26:48 21840 ----atw- C:\Windows\SysWow64\SIntfNT.dll
2011-12-23 22:26:48 17212 ----atw- C:\Windows\SysWow64\SIntf32.dll
2011-12-23 22:26:48 12067 ----atw- C:\Windows\SysWow64\SIntf16.dll
2011-12-16 08:45:22 1197568 ----a-w- C:\Windows\System32\wininet.dll
2011-12-16 08:42:13 634368 ----a-w- C:\Windows\System32\msvcrt.dll
2011-12-16 08:41:26 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2011-12-16 08:02:26 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-12-16 07:59:17 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2011-12-16 07:58:33 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-12-16 07:26:35 482816 ----a-w- C:\Windows\System32\html.iec
2011-12-16 06:49:33 386048 ----a-w- C:\Windows\SysWow64\html.iec
2011-12-16 06:43:48 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-12-16 06:15:25 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 10:27:32.87 ===============

















WIth GMER, however, I'm not able to check anything above "Services" (I don't know why), so I just left that out completely.

Attached Files



#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:39 AM

Posted 23 February 2012 - 08:50 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#4 ExactDarkness22

ExactDarkness22
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 24 February 2012 - 08:27 PM

I'm here. :)

#5 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:39 AM

Posted 25 February 2012 - 01:03 AM

Please note: ComboFix is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert." It is NOT for private use. Please read Combofix's Disclaimer.

Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.


Please go to start -> Run.

Copy and paste the bold line in the run-box and click OK:

cmd /c dir /a/s/b C:\QooBox >log.txt & log.txt

A text file opens up, copy and paste the content to your reply.
Posted Image
m0le is a proud member of UNITE

#6 ExactDarkness22

ExactDarkness22
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 28 February 2012 - 10:41 PM

I'm so sorry about the late reply... I have a lot of things going on right now, and I forgot about this momentarily.

Anyways, when I copy and paste that into the run box, all it does is show an empty command prompt, but I can't type or do anything in it. No text file opens.

EDIT: I waited for about 15 minutes, and in the command prompt, it said "File Not Found", and then it opened a blank .txt file.

Edited by ExactDarkness22, 28 February 2012 - 10:56 PM.


#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:39 AM

Posted 29 February 2012 - 06:16 PM

The file has gone so we'll start diagnosing from scratch

Please run aswMBR

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Posted Image
m0le is a proud member of UNITE

#8 ExactDarkness22

ExactDarkness22
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 29 February 2012 - 11:42 PM

Here you go:
aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-02-29 20:41:23
-----------------------------
20:41:23.561 OS Version: Windows x64 6.1.7600
20:41:23.561 Number of processors: 4 586 0x403
20:41:23.562 ComputerName: JOHN-PC UserName: John
20:41:25.564 Initialize success
20:41:42.608 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000066
20:41:42.609 Disk 0 Vendor: WDC_____ 01.0 Size: 953674MB BusType: 8
20:41:42.627 Disk 0 MBR read successfully
20:41:42.629 Disk 0 MBR scan
20:41:42.631 Disk 0 unknown MBR code
20:41:42.636 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
20:41:42.641 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 941737 MB offset 206848
20:41:42.678 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 11835 MB offset 1928884224
20:41:42.721 Disk 0 scanning C:\Windows\system32\drivers
20:41:47.523 Service scanning
20:41:58.809 Modules scanning
20:41:58.813 Disk 0 trace - called modules:
20:41:58.827 ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll ahcix64s.sys
20:41:58.829 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800768a060]
20:41:59.155 3 CLASSPNP.SYS[fffff8800100143f] -> nt!IofCallDriver -> \Device\00000066[0xfffffa80074f79c0]
20:41:59.158 Scan finished successfully
20:42:16.921 Disk 0 MBR has been saved successfully to "C:\Users\John\Desktop\MBR.dat"
20:42:16.924 The log file has been saved successfully to "C:\Users\John\Desktop\aswMBR.txt"

#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:39 AM

Posted 01 March 2012 - 07:50 PM

Please run FSS next to check the network

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Posted Image
m0le is a proud member of UNITE

#10 ExactDarkness22

ExactDarkness22
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 02 March 2012 - 07:57 AM

Farbar Service Scanner Version: 01-03-2012
Ran by John (administrator) on 02-03-2012 at 04:56:52
Running from "C:\Users\John\Downloads"
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2012-02-15 20:30] - [2011-12-27 19:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:39 AM

Posted 02 March 2012 - 06:55 PM

The connection seems fine there.

Please run MBAM and SAS

Please download Posted Image Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
    If MBAM won't update then download and update MBAM on a clean computer then save the rules.ref folder to a memory stick. This file is found here: 'C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware' then transfer it across to the infected computer.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.


And

Download Superantispyware
  • Load Superantispyware and click the check for updates button.
  • Once the update is finished click the scan your computer button.
  • Check Perform Complete Scan and then next.
  • Superantispyware will now scan your computer and when its finished it will list all the infections it has found.
  • Make sure that they all have a check next to them and press next.
  • Click finish and you will be taken back to the main interface.
  • Click Preferences and then click the statistics/logs tab. Click the dated log and press view log and a text file will appear.
  • Copy and paste the log onto the forum.

Posted Image
m0le is a proud member of UNITE

#12 ExactDarkness22

ExactDarkness22
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 03 March 2012 - 12:18 AM

MBAM won't let me update to the latest version. It gives me an error with the following message:
An error has occurred. Please report this issue to our support team (include the content of all error message(s) and code(s) in your submission).

PROGRAM_ERROR_UPDATING (0, 0, Net Exception)

And for SAS, I don't see a statistics/logs tab.

#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:39 AM

Posted 03 March 2012 - 08:24 AM

Look for a SAS log at this location: C:\Users\your username\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Logs
Posted Image
m0le is a proud member of UNITE

#14 ExactDarkness22

ExactDarkness22
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 03 March 2012 - 09:22 PM

I actually found the logs in the program itself, but not in preferences. Can't believe I didn't catch that before.

Also, I ran 2 scans by accident, the first scan was a real quick one that I had to cancel, because I didn't make sure that I had all the right settings checked, but it still caught some stuff.

Here's the first log:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/02/2012 at 09:04 PM

Application Version : 5.0.1144

Core Rules Database Version : 8302
Trace Rules Database Version: 6114

Scan type : Quick Scan
Total Scan Time : 00:00:05

Operating System Information
Windows 7 Home Premium 64-bit (Build 6.01.7600)
UAC Off - Administrator

Memory items scanned : 9
Memory threats detected : 0
Registry items scanned : 26958
Registry threats detected : 0
File items scanned : 3648
File threats detected : 3

Adware.Tracking Cookie
C:\Users\John\AppData\Roaming\Microsoft\Windows\Cookies\HF87YMDU.txt [ /atdmt.com ]
C:\Users\John\AppData\Roaming\Microsoft\Windows\Cookies\2S26KJQ0.txt [ /c1.atdmt.com ]
C:\USERS\JOHN\Cookies\HF87YMDU.txt [ Cookie:john@atdmt.com/ ]




Here's the second log. Now, this was a full scan, but it didn't catch anything:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/02/2012 at 09:08 PM

Application Version : 5.0.1144

Core Rules Database Version : 8302
Trace Rules Database Version: 6114

Scan type : Quick Scan
Total Scan Time : 00:03:23

Operating System Information
Windows 7 Home Premium 64-bit (Build 6.01.7600)
UAC Off - Administrator

Memory items scanned : 826
Memory threats detected : 0
Registry items scanned : 54267
Registry threats detected : 0
File items scanned : 11153
File threats detected : 0

#15 ExactDarkness22

ExactDarkness22
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 03 March 2012 - 09:23 PM

Something that seems really weird to me is that, in the contents of those logs, it says I do indeed have a folder called "AppData"... however, when I go into the document itself, there is no such folder.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users