Frustrated with repeated infection NEED HELP

**canstopfishing** · 2011-12-22, 01:36

here is the last, please read them backwards from posting order. Will continue on with combofix.

Thanks.

**canstopfishing** · 2011-12-22, 02:03

Here's the combofix log. I am going to turn my antivirus back on.

Thanks.

T

**jeffce** · 2011-12-22, 05:26

Hi,

Disable Spybot S-D Tea Timer

TeaTimer needs to be disabled so that its protection does not interfere with fixes.

TeaTimer can be re-enabled once the computer is clean.

1. Open Spybot-S&D in Advanced Mode.
2. If it is not already set to do this go to the "Mode" menu and select "Advanced Mode".
3. On the left hand side, click on "Tools".
4. Then click on the Resident Icon in the List.
5. Uncheck "Resident TeaTimer" and OK any prompts.
6. Restart your computer.
----------

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
Code:
```
:filefind
*beep.sys
```
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt
----------

Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

Code:

FCopy::
c:\windows\ServicePackFiles\i386\regsvc.dll | c:\windows\System32\regsvc.dll

DDS::
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

File::
c:\program files\Ask.com\GenericAskToolbar.dll

Folder::
c:\documents and settings\customer\application data\uvD2onF4a
c:\documents and settings\customer\application data\c7fEL8gTZjCkVzN
c:\documents and settings\customer\application data\t4amH6sWKfLgXjC
c:\documents and settings\customer\application data\IUVelOBtz0c1v3n
c:\documents and settings\customer\application data\lNyxA1uvSoFpGsJ
c:\documents and settings\customer\application data\GdE8gRZqhXUrOtP
c:\documents and settings\customer\application data\e6dEK8gRZhXkVlB
c:\documents and settings\customer\application data\WWK8fRZ9hXjVlBz
c:\program files\Ask.com
c:\documents and settings\customer\local settings\application data\AskToolbar

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
----------

In your next reply let me know if you have any problems or post the logs created by SystemLook and ComboFix.

**canstopfishing** · 2011-12-22, 09:12

SystemLook 30.07.11 by jpshortstuff
Log created at 02:08 on 22/12/2011 by Customer
Administrator - Elevation successful

========== filefind ==========

Searching for "*beep.sys"
No files found.

-= EOF =-

**canstopfishing** · 2011-12-22, 09:30

Here's the combofix log.

Thanks.

**canstopfishing** · 2011-12-22, 09:31

No problems that I know of with combofix.

Thanks.

**canstopfishing** · 2011-12-22, 13:34

Hi Jeff. I will be away from this machine until Friday morning. Thanks.

**jeffce** · 2011-12-22, 14:01

Hi cantstopfishing,

I will be away from this machine until Friday morning.

Thanks for letting me know.

----------

I see that you have Malwarebytes on your system. Please open Malwarebytes, update it and then run a Quick Scan. Please save the log that is created for your next reply.
----------

ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
1. Click on to download the ESET Smart Installer. Save it to your desktop.
2. Double click on the icon on your desktop.
Check
Click the Start button.
Accept any security warnings from your browser.
Check
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push
Push , and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the Back button.
Push Finish

http://www.eset.com/onlinescan/
----------

In your next reply please post the logs created by Malwarebytes and ESET online scanner.

**canstopfishing** · 2011-12-23, 05:57

Hi. Here is the mbam log. I cannot get the next scan to run. When I try to allow eset (?can't see what the actual name of it is when I am composing a reply) to install active x, it will not let me.

Will try again in morning.

Thanks.

**canstopfishing** · 2011-12-23, 15:51

Got ESET running will post log when finished.
Thanks.

Thread: Frustrated with repeated infection NEED HELP

Thread Tools

Display

tdsskiller last (number1)

combofix log

Systemlook.txt results

combofix.txt

No Problems with combofix

Note to Jeff

Malwarebytes scan/having trouble with the next one

eset running will post shortly

Posting Permissions