PDA

View Full Version : Malware Issues


xClaks
2010-10-26, 17:58
Over the past week or so my laptop has been grinding to a halt and nothing I do seems to make any difference. It started off with some issues that seemed more hardware based such as:

Touchpad functionality is intermittant, sometimes doesn't work atall.
Wireless card/ethernet also randomly uninstall.
Random loss of power, laptop just dies, no shut down.

But they all started at the same time and since then I have been having other issues such as:

Freezing on startup ad generally running slowly
Spybot wouldn't open, found a workaround on this forum here (http://forums.spybot.info/showpost.php?p=294582&postcount=3)
AVG and Spybot unable to resolve server name when updating
Can't acces windows update, and tried ping on windows, AVG and Spybot server names with 100% loss result
Generic Host Process errors.

Plus other things I can't think of atm. Scans found plenty, and find more everyday, but removed everything with no apparant improvement so any help would be appreciated.

Calum

DDS Result:


DDS (Ver_10-10-21.02) - NTFSx86
Run by Calum at 15:26:14.65 on 26/10/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3001.2194 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\cacaoweb\cacaoweb.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BHODemon 2\BHODemon.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spybot - Search & Destroy\JTCHIMF.scr
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Calum\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~4\office14\GROOVEEX.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\program files\microsoft office\office14\URLREDIR.DLL__BHODemonDisabled_WQNISBNJGOMMBIMEN
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [cacaoweb] "c:\program files\cacaoweb\cacaoweb.exe" -noplayer
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
StartupFolder: c:\docume~1\calum\startm~1\programs\startup\bhodem~1.lnk - c:\program files\bhodemon 2\BHODemon.exe
uPolicies-explorer: NoSMHelp = 1 (0x1)
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
uPolicies-explorer: StartMenuLogoff = 1 (0x1)
mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-system: DisableCAD = 1 (0x1)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
dPolicies-explorer: NoSMHelp = 1 (0x1)
dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
dPolicies-explorer: StartMenuLogoff = 1 (0x1)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.1.66.0.cab
TCP: NameServer = 208.67.220.220,208.67.222.222
TCP: {0260135D-D5B0-46D6-AE28-B6EC03A63446} = 208.67.220.220,208.67.222.222
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: acaptuser32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~4\office14\GROOVEEX.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\calum\applic~1\mozilla\firefox\profiles\cxjm6rbc.default\
FF - prefs.js: network.proxy.ftp - proxy1
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.gopher - proxy1
FF - prefs.js: network.proxy.gopher_port - 80
FF - prefs.js: network.proxy.http - proxy1
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - proxy1
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - proxy1
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\calum\application

data\mozilla\firefox\profiles\cxjm6rbc.default\extensions\dttoolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation

foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-10-26 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-6-29 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-6-29 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-6-29 243024]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-7-27 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-27 308136]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-9-23 1355928]
R2 NAUpdate;@c:\program files\nero\update\nasvc.exe,-200;c:\program files\nero\update\NASvc.exe [2010-3-25 490280]
S2 KMService;KMService;c:\windows\system32\srvany.exe [2010-7-28 8192]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-10-26 517448]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 dalwdmservice;dal service;c:\windows\system32\drivers\Dalwdm.sys [2010-6-29 105472]
S3 iLokDrvr;iLok;c:\windows\system32\drivers\iLokDrvr.sys [2005-12-21 27328]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-9-23 15008]
S3 MBX2DFU;MBX2DFU;c:\windows\system32\drivers\mbx2dfu.sys --> c:\windows\system32\drivers\MBX2DFU.sys [?]
S3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;c:\windows\system32\drivers\mbx2midk.sys --> c:\windows\system32\drivers\mbx2midk.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\wpffontcache_v0400.exe -->

c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [?]

=============== Created Last 30 ================

2010-10-26 13:41:18 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-10-26 13:41:18 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-10-26 13:37:34 -------- d-----w- c:\docume~1\calum\locals~1\applic~1\AVG Security Toolbar
2010-10-26 12:21:45 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-10-26 10:53:42 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-10-26 10:53:20 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\{E961CE1B-C3EA-4882-9F67-F859B555D097}
2010-10-26 10:53:06 -------- d-----w- c:\program files\Lavasoft
2010-10-26 10:37:41 -------- d-----w- c:\program files\BHODemon 2
2010-10-25 22:52:13 -------- d-----w- c:\windows\pss
2010-10-24 11:10:16 -------- d--h--w- C:\$AVG
2010-10-23 09:41:53 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2010-10-22 22:24:08 -------- d-----w- c:\program files\Convert AVI to MP4
2010-10-22 21:12:39 -------- d-----w- c:\docume~1\calum\locals~1\applic~1\Xilisoft
2010-10-22 21:12:37 -------- d-----w- c:\docume~1\calum\applic~1\Xilisoft
2010-10-22 20:56:18 -------- d-----w- c:\docume~1\calum\locals~1\applic~1\iJoysoft
2010-10-22 20:56:14 -------- d-----w- c:\docume~1\calum\applic~1\iJoysoft
2010-10-22 20:50:24 -------- d-----w- c:\docume~1\calum\applic~1\GetRightToGo
2010-10-22 20:41:30 -------- d-----w- c:\docume~1\calum\applic~1\NeroDigital(TM)
2010-10-22 19:22:39 -------- d-----w- c:\program files\MSXML 4.0
2010-10-22 09:28:22 -------- d-----w- c:\program files\VideoLAN
2010-10-22 09:05:17 -------- d-----w- c:\docume~1\calum\locals~1\applic~1\Nero_AG
2010-10-22 09:04:46 -------- d-----w- c:\docume~1\calum\locals~1\applic~1\Nero
2010-10-22 00:36:23 -------- d-----w- c:\program files\Total Video2Dvd
2010-10-22 00:17:32 -------- d-----w- c:\docume~1\alluse~1\applic~1\Nero
2010-10-22 00:16:22 -------- d-----w- c:\program files\Nero
2010-10-22 00:08:33 -------- d-----w- c:\windows\system32\XPSViewer
2010-10-21 22:48:35 -------- d-----w- C:\finalburner
2010-10-21 22:48:35 -------- d-----w- c:\docume~1\calum\applic~1\FinalBurner Video DVD
2010-10-21 22:47:15 839680 ----a-w- c:\windows\system32\lameACM.acm
2010-10-21 22:47:15 178176 ----a-w- c:\windows\system32\unrar.dll
2010-10-21 22:47:14 881664 ----a-w- c:\windows\system32\xvidcore.dll
2010-10-21 22:47:14 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2010-10-21 22:47:14 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2010-10-21 22:47:14 118784 ----a-w- c:\windows\system32\ac3acm.acm
2010-10-21 22:47:13 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2010-10-21 22:47:12 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-10-21 22:11:25 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-10-21 22:11:20 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-10-21 22:11:15 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2010-10-21 22:11:09 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
2010-10-21 22:11:02 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
2010-10-15 02:03:53 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-10-15 01:22:56 -------- d-----w- c:\program files\Veoh Networks
2010-10-07 23:15:57 -------- d-----w- c:\docume~1\calum\applic~1\cacaoweb
2010-10-07 23:15:51 -------- d-----w- c:\program files\cacaoweb
2010-10-05 10:19:02 323584 ----a-w- c:\windows\system32\AUDIOGENIE2.DLL
2010-10-05 10:16:07 -------- d-----w- c:\windows\Replay Music
2010-10-05 10:16:07 -------- d-----w- c:\program files\Replay Music 3
2010-10-04 23:57:16 -------- d-----w- c:\docume~1\calum\applic~1\Dojotech Software
2010-10-04 23:40:30 -------- d-----w- c:\program files\Transcribe!

==================== Find3M ====================

2010-09-18 11:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-09 14:16:31 667136 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 14:16:30 61952 ----a-w- c:\windows\system32\tdc.ocx
2010-09-09 14:16:29 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-09-08 16:49:49 369664 ----a-w- c:\windows\system32\html.iec
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll

============= FINISH: 15:27:25.06 ===============
km2357
2010-11-02, 20:21
Hello and welcome to Safer Networking.

My name is km2357 and I will be helping you to remove any infection(s) that you may have.

I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.

Please do not start another thread or topic, I will assist you at this thread until we solve your problems.

Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.

Sorry for the delay in replying, the forum is very busy. If you still need help, please do the following:


Step # 1 Download and run DDS

Download DDS and save it to your desktop from here (http://download.bleepingcomputer.com/sUBs/dds.scr) or here (http://www.forospyware.com/sUBs/dds) or here (http://download.bleepingcomputer.com/sUBs/dds.com)
Disable any script blocker, and then double click dds.scr to run the tool.
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt

Save both reports to your desktop. Post them back to your topic.



Step # 2: Download and Run Gmer

Please download gmer.zip (http://www.gmer.net/gmer.zip) from Gmer and save it to your desktop.

***Please close any open programs ***

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOTKIT" entries unless advised by a trained Security Analyst

If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click No.

If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure that the 'Sections' button is ticked and the 'Show All' button is unticked. Click the Scan button and let the program do its work. GMER will produce a log.

Once the scan is complete, you may receive another notice about rootkit activity.
Click OK.

GMER will produce a log. Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.

DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !

Please post the results from the GMER scan in your reply.


In your next post/reply, I need to see the following:

1. The two DDS Logs (DDS and Attach.txt)
2. The GMER Log

Use multiple posts if you can't fit everything into one post
km2357
2010-11-05, 21:00
xClaks? Do you still need help?
km2357
2010-11-08, 22:48
This topic has been archived due to inactivity.

If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a new HijackThis log with a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

Applies only to the original poster, anyone else with similar problems please start a new topic.