Results 1 to 4 of 4

Thread: Hidden Malware Survived 2 Factory Resets. Please Help!

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Junior Member
    Join Date
    Aug 2011
    Posts
    4

    Default Hidden Malware Survived 2 Factory Resets. Please Help!

    I have some kind of untraceable hidden virus. I need someone who really knows how to find it. Please help! I believe it's been present since at least 6/2010 and this un-named infection has persisted through 2 factory restores, and it's just getting worse. I don't know where to go for help. I recently received help from Bleepingcomputer.com MRT but they said my pc is clean. So I decided to address the issues thinking in terms of corrupt system files, etc., and discovered my posts on forums from over the last year that I had forgotten about...now I know that it's been on my computer all along! And since BC helped me, it's getting even worse every day. SOME of My current issues...

    I can't do a "clean" reinstall of ANYTHING!

    I have uninstalled Firefox using Revo Uninstaller multiple times...and of course choosing to remove my passwords, bookmarks, and personal data...reinstall and EVERYTHING is intact. (I had completely forgotten that IE had remembered all of this after my destructive reset back in February until now.)

    Uninstalled ESET NOD32 and ran the cleanup tool, reinstalled it and all of my settings and my ESET License(username/password) are all remembered.

    Same with SAS. My BC posts show similar issues with many other programs.

    Now my pc is freezing up for 10-20 seconds multiple times daily. Completely froze up a few times and had to do a cold shut down.

    My hidden folders won't hide. I can't reinstall Java because every jxpiinstall.exe I download is damaged. Secunia, my auto updaters(adobe, java, etc.) and securitycheck.exe all disagree on what is up to date and what isn't. My event logs are enabled but 90% of them show ZERO events...been that way all along (that shouldv've been a clue!)My event logs point to malware...Please help! Scanners and Bleeping Computer MRT say my PC is clean!

    I know this is long...sorry. It's been so long now that I don't even remember the original problems, but I found my old forum posts to help jog some memories. I'll post the links to the original forum posts for completeness.

    History:

    4/2010 Windows 7 x64 (Purchased Brand New From Gateway - NOT Refurbished)

    6/2010 Factory Restore (Don't remember the infection...purchased ESET NOD32 to prevent future malware)

    8/17/2010
    Malwarebytes found Trojan.banking and malware.trace after my laptop froze up. MBAM Quarintined them, restarted to clean and mbam said some items could not be removed." I ran CCleaner a few times then ran Malwarebytes again, which came up clean after that. But my event logs kept repeating the same errors and warnings. I was running ESET NOD32 AV but nothing was caught by NOD. I was instructed to emove threats via Windows OneCare but never got it to run. But I did follow the rest of the instructions. Ran ATF Cleaner, SuperAntiSpyware, and reran MBAM and NOD32 but nothing was ever found after that...EVER!

    Original Microsoft Answers Post Found TROJAN AND MALWARE on the computer
    (I understood even less about my event logs then than I do now so please don't mind the events posted in this post, I should have actually posted the errors and warnings but thought these looked suspicious.)

    2/1/2011
    OS still had problems - wasn't sure if it was still infected. Decided to ensure OS was clean then do factory restore. Ran the following scans:
    Malwarebytes
    SuperantiSpyware
    ESET NOD32
    Microsoft Malicious Removal Tool
    TDSSkiller
    Prevyx
    Hitman Pro
    Kaspersky online virus scanner'

    All scans found no threats.

    Original Microsoft Answers Post Returning Computer to Factory Settings

    2/8/2011 (Estimated date) Factory Restore

    2/10/2011 (I completely forgot about this until I found my old post)
    Realized Infection was still present after noticing:
    -Folder in C drive that has files modified over the entire year of 2010
    -Internet Explorer remembered my bookmarks and passwords
    -Logs from TDSSkiller.exe, MRT, etc. Still in C drive

    Original Microsoft Answers Post Malware persisted through restore, what can I do?

    After that, it seemed like my laptop was running ok so I figured, "If it ain't broke, don't fix it."

    THEN a couple of months ago, things just got worse. Really, it's too much to explain but here are my Bleeping Computer threads.

    1. Bleeping Computer: "Am I Infected"
    2. Bleeping Computer: "Virus, Trojan, Spyware, and Malware Removal Logs"

    I had a problem of some kind with every step the Bleepin Computer Malware Response Team had me take but my logs looked good so In the end, my pc was given the "All Clean."

    NOW, things are getting even worse. My posts over the last few days:

    Microsoft Answers: Hidden Folders are Showing. Can't Rehide them!

    Bleeping Computer: ESET Says jxpiinstall.exe "archive damaged" every time?

    Microsoft Answers: Windows License is validated 2 times an hour and Remote Desktop Services notifications received, Are These Events Normal?

    Bleeping Computer: Safe to uninstall Firefox Using RevoUninstaller Advanced?

    Microsoft Answers: Event Viewer Enabled but 0 Events Listed?

    Please Help me. I don't know what to do. It may be network related...other pcs are having some issues to but mine is the worst on my home network.

    Attach.txt is zipped and attached as requested. Here is My DDS Log:
    --------------

    .
    DDS (Ver_2011-06-23.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421
    Run by BossLady at 1:38:15 on 2011-08-19
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3836.2853 [GMT -4:00]
    .
    AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    SP: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\Sandboxie\SbieSvc.exe
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
    C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
    C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
    C:\Windows\system32\svchost.exe -k HsfXAudioService
    C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
    C:\Program Files (x86)\Secunia\PSI\PSIA.exe
    C:\Program Files (x86)\Secunia\PSI\sua.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Program Files\Sandboxie\SbieCtrl.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Launch Manager\LManager.exe
    C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.wilderssecurity.com/
    mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv73&r=27360211k455l0324z195a49l2x330
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    uRun: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
    uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    TCP: DhcpNameServer = 68.87.75.198 68.87.64.150 0.0.0.0
    TCP: Interfaces\{FD12E0A4-0BC6-4EA2-A0B4-295544EC2A8C} : NameServer = 68.87.75.198,68.87.64.150
    TCP: Interfaces\{FD12E0A4-0BC6-4EA2-A0B4-295544EC2A8C} : DhcpNameServer = 68.87.75.198 68.87.64.150 0.0.0.0
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\BossLady\AppData\Roaming\Mozilla\Firefox\Profiles\lzvqj6v2.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.wilderssecurity.com/
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]
    R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-1-12 810144]
    R2 epfwwfpr;epfwwfpr;C:\Windows\system32\DRIVERS\epfwwfpr.sys --> C:\Windows\system32\DRIVERS\epfwwfpr.sys [?]
    R2 ePowerSvc;Acer ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2009-11-2 844320]
    R2 Greg_Service;GRegService;C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-8-28 1150496]
    R2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
    R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-9-24 62720]
    R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-4-19 993848]
    R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-4-19 399416]
    R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]
    R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
    R3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys --> C:\Windows\system32\DRIVERS\psi_mf.sys [?]
    R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2011-6-17 154752]
    R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-7-15 366640]
    S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-11-2 225280]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S4 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
    S4 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    S4 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S4 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2009-11-2 240160]
    .
    =============== Created Last 30 ================
    .
    2011-08-18 20:04:11 -------- d-----w- C:\Users\BossLady\AppData\Roaming\Packard Bell
    2011-08-18 20:04:11 -------- d-----w- C:\Users\BossLady\AppData\Local\Gateway
    2011-08-18 00:20:18 -------- d-----w- C:\MGADiagToolOutput
    2011-08-16 02:40:21 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
    2011-08-15 19:11:08 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-08-15 07:18:08 -------- d-----w- C:\Users\BossLady\AppData\Local\Secunia PSI
    2011-08-15 07:17:56 -------- d-----w- C:\Program Files (x86)\Secunia
    2011-08-15 01:20:50 -------- d-----w- C:\Users\BossLady\AppData\Roaming\SUPERAntiSpyware.com
    2011-08-15 01:20:11 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
    2011-08-15 01:20:11 -------- d-----w- C:\Program Files\SUPERAntiSpyware
    2011-08-13 02:23:47 -------- d-----w- C:\Program Files (x86)\Trend Micro
    2011-08-10 19:05:32 0 ----a-w- C:\Windows\ativpsrm.bin
    2011-08-10 15:39:59 6144 ---ha-w- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
    2011-08-08 15:15:59 -------- d-----w- C:\Users\BossLady\AppData\Local\temp
    2011-08-08 00:22:41 539968 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
    2011-08-07 17:45:06 8578896 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{107D75A3-B54F-4BE2-944D-639438788715}\mpengine.dll
    2011-08-01 21:50:25 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
    2011-08-01 21:50:15 4283672 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
    2011-08-01 21:50:03 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
    2011-07-29 17:18:25 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
    2011-07-29 17:18:11 4283672 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
    2011-07-29 17:17:59 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
    2011-07-29 17:17:56 539968 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2011-07-26 19:09:29 -------- d-----w- C:\Program Files\ESET
    2011-07-21 01:13:20 -------- d-----w- C:\ProgramData\Comodo
    2011-07-20 21:43:19 -------- d-----w- C:\Users\BossLady\AppData\Local\ATI
    2011-07-20 21:42:40 -------- d-----w- C:\Users\BossLady\AppData\Local\Power2Go
    .
    ==================== Find3M ====================
    .
    2011-07-22 05:42:23 2303488 ----a-w- C:\Windows\System32\jscript9.dll
    2011-07-22 05:36:16 1389056 ----a-w- C:\Windows\System32\wininet.dll
    2011-07-22 05:32:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2011-07-22 02:54:43 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2011-07-22 02:48:26 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
    2011-07-22 02:44:36 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2011-07-21 05:02:01 23112 ----a-w- C:\Windows\System32\drivers\hitmanpro35.sys
    2011-07-16 22:28:05 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll
    2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll
    2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll
    2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
    2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
    2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll
    2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
    2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
    2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2011-07-09 02:46:28 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
    2011-07-06 23:52:42 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2011-07-06 23:52:42 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2011-06-24 05:34:53 214528 ----a-w- C:\Windows\System32\winsrv.dll
    2011-06-24 05:25:49 338432 ----a-w- C:\Windows\System32\conhost.exe
    2011-06-23 05:43:12 5561216 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2011-06-23 04:33:57 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2011-06-23 04:33:57 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2011-06-21 06:34:00 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2011-06-15 10:02:23 212992 ----a-w- C:\Windows\System32\odbctrac.dll
    2011-06-15 10:02:23 163840 ----a-w- C:\Windows\System32\odbccp32.dll
    2011-06-15 10:02:23 106496 ----a-w- C:\Windows\System32\odbccu32.dll
    2011-06-15 10:02:23 106496 ----a-w- C:\Windows\System32\odbccr32.dll
    2011-06-15 08:55:19 86016 ----a-w- C:\Windows\SysWow64\odbccu32.dll
    2011-06-15 08:55:19 81920 ----a-w- C:\Windows\SysWow64\odbccr32.dll
    2011-06-15 08:55:19 319488 ----a-w- C:\Windows\SysWow64\odbcjt32.dll
    2011-06-15 08:55:19 163840 ----a-w- C:\Windows\SysWow64\odbctrac.dll
    2011-06-15 08:55:19 122880 ----a-w- C:\Windows\SysWow64\odbccp32.dll
    2011-06-11 03:07:25 3137536 ----a-w- C:\Windows\System32\win32k.sys
    2011-05-24 23:14:10 270720 ------w- C:\Windows\System32\MpSigStub.exe
    2011-05-24 11:42:55 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll
    2011-05-24 10:40:05 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
    2011-05-24 10:40:05 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
    2011-05-24 10:39:38 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
    2011-05-24 10:37:54 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
    .
    ============= FINISH: 1:39:31.70 ===============

    Topic in Spybot-S&D forum: http://forums.spybot.info/showthread.php?t=63674

  2. #2
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    Hello Jula9600,

    Quote Originally Posted by Jula9600 View Post
    I recently received help from Bleepingcomputer.com MRT but they said my pc is clean.
    Quote Originally Posted by Jula9600 View Post
    And since BC helped me, it's getting even worse every day
    Quote Originally Posted by Jula9600 View Post
    I need someone who really knows how to find it.
    Note some of our helpers and malware removal teachers also assist users at other sites, including BC. It is a small community and volunteer resources are limited.

    Please provide links to the particular topic/s where you received malware removal assistance and also your usernames, (apparently there are at least three), so the information can be merged with your original post.

    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  3. #3
    Junior Member
    Join Date
    Aug 2011
    Posts
    4

    Default

    I really only received malware removal assistance one time and only from Bleeping Computer. First thread, to see if I needed removal assistance. Second thread, to receive removal assistance.
    Username: Jewel431
    http://www.bleepingcomputer.com/forums/topic410917.html
    http://www.bleepingcomputer.com/forums/topic411844.html

    Other threads regarding malware that I linked to have problem details, answers to questions and suggestions... not assistance, as I didn't post logs or results. But my Microsoft Answers username is JR1437. My last list of threads are my most recent issues before posting here, most of which no one can help me with (0 replies).
    Sorry if I wasn't clear...it's a lot of information but I wish I had put 2 and 2 together before seeking help from BC. Logging on to Microsoft Answers a few days ago is when I saw my list of old posts, and it occurred to me, this isn't new at all.

  4. #4
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    Hello Jula9600
    Quote Originally Posted by gringo_pr
    Posted 15 August 2011 - 11:14 AM
    Hello

    post in the windows forum but send me the link - I want to follow this

    It does not sound like any malware I have heard of but I do want to know what is going on.

    also I will ask someone to look into it.

    gringo
    http://www.bleepingcomputer.com/foru...st__p__2373162

    Quote Originally Posted by gringo_pr
    Posted 17 August 2011 - 11:33 PM
    It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
    http://www.bleepingcomputer.com/foru...st__p__2376611

    Please do that, it makes more sense to continue with a volunteer who has already assisted with three pages of help.
    Last edited by tashi; 2011-08-25 at 22:40. Reason: Topic archived
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •