TechSpot

Hi, malware problem here :/

By bryan22
Jun 25, 2010
  1. Hi, im new here. sorry if anything i did is completely wrong. so ill begin. ive been having music randomly playing in the background, no where can i find the program. it also plays some ads of some sort. ive used ad-ware program w/ little success, my computer still sounds like there is something running. my os is windows 7 incase your wondering. i followed the 8 steps to malware removal. i suppose ill post my logs from the programs. i have a 64 bit so i skipped the GMER since it told
    me.

    Here are the attachments:

    View attachment DDS.txt

    View attachment mbam-log-2010-06-25 (22-34-56).txt

    View attachment Attach.zip
     
  2. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Please, don't zip any logs.

    I don't see any AV program running. Please, download and install ONE of these:
    - Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
    - Avira free antivirus: http://www.free-av.com/en/download/1/avira_antivir_personal__free_antivirus.html
    After installation, run full scan.

    When done...

    Download SUPERAntiSpyware Free for Home Users:
    http://www.superantispyware.com/

    Print these instructions out.

    * Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    * An icon will be created on your desktop. Double-click that icon to launch the program.
    * If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
    * Close SUPERAntiSpyware.

    Restart computer in Safe Mode.
    To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; pick Safe Mode; you'll see "Safe Mode" in all four corners of your screen

    * Open SUPERAntiSpyware.
    * Under "Configuration and Preferences", click the Preferences button.
    * Click the Scanning Control tab.
    * Under Scanner Options make sure the following are checked (leave all others unchecked):
    o Close browsers before scanning.
    o Scan for tracking cookies.
    o Terminate memory threats before quarantining.
    * Click the "Close" button to leave the control center screen.
    * Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    * On the left, make sure you check C:\Fixed Drive.
    * On the right, under "Complete Scan", choose Perform Complete Scan.
    * Click "Next" to start the scan. Please be patient while it scans your computer.
    * After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    * Make sure everything has a checkmark next to it and click "Next".
    * A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    * If asked if you want to reboot, click "Yes".
    * To retrieve the removal information after reboot, launch SUPERAntispyware again.
    o Click Preferences, then click the Statistics/Logs tab.
    o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    o Please copy and paste the Scan Log results in your next reply with a new HijackThis log.
    * Click Close to exit the program.
    Post SUPERAntiSpyware log.

    =========================================================

    Download OTL to your Desktop.

    * Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    * Under the Custom Scan box paste this in:


    netsvcs
    drivers32 /all
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\user32.dll /md5
    %systemroot%\system32\ws2_32.dll /md5
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU


    * Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     

    Attached Files:

  3. bryan22

    bryan22 TS Rookie Topic Starter

    ok sorry about the zipped log if i remember correctly the program asked me to zip it. well, ill more then likely get to this tomorrow i have a grad party today. just wanted to post so this topic didnt look inactive. thanks again
     
  4. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    No problem :)
     
  5. bryan22

    bryan22 TS Rookie Topic Starter

    ok here it is :) hope i didnt miss anything
     

    Attached Files:

  6. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O4 - HKCU..\Run: [AdobeBridge]  File not found
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
      O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
      O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
      O20:[b]64bit:[/b] - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
      O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
      O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
      O33 - MountPoints2\{2c62a0b0-012f-11df-89a6-806e6f6e6963}\Shell - "" = AutoRun
      O33 - MountPoints2\{2c62a0b0-012f-11df-89a6-806e6f6e6963}\Shell\AutoRun\command - "" = D:\SETUP.EXE -- [1998/11/30 16:04:40 | 000,025,600 | R--- | M] ()
      O33 - MountPoints2\{e99247ff-0141-11df-b90e-806e6f6e6963}\Shell - "" = AutoRun
      O33 - MountPoints2\{e99247ff-0141-11df-b90e-806e6f6e6963}\Shell\AutoRun\command - "" = D:\SETUP.EXE -- [1998/11/30 16:04:40 | 000,025,600 | R--- | M] ()
      [2010/06/21 18:01:03 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\At2.job
      [2010/06/21 18:01:03 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At4.job
      [2010/06/20 16:00:10 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\At1.job
      [2010/06/20 14:00:33 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At3.job
      
      
      :Services
      
      :Reg
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [resethosts]
      [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
     
  7. bryan22

    bryan22 TS Rookie Topic Starter

    ok here are the results
     

    Attached Files:

  8. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    How is the computer doing at the moment?

    1. Download Temp File Cleaner (TFC)
    Double click on TFC.exe to run the program.
    Click on Start button to begin cleaning process.
    TFC will close all running programs, and it may ask you to restart computer.


    2. Go to Kaspersky website and perform an online antivirus scan.

    1. Disable your active antivirus program.
    2. Read through the requirements and privacy statement and click on Accept button.
    3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    4. When the downloads have finished, click on Settings.
    5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

    • Spyware, Adware, Dialers, and other potentially dangerous programs
      [*] Archives
      [*] Mail databases
    6. Click on My Computer under Scan.
    7. Once the scan is complete, it will display the results. Click on View Scan Report.
    8. You will see a list of infected items there. Click on Save Report As....
    9. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.
     
  9. bryan22

    bryan22 TS Rookie Topic Starter

    the computer has seemed to have improved. defiantly a lot quieter.

    heres the log
     

    Attached Files:

  10. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      
      :Services
      
      :Reg
      
      :Files
      C:\Users\Byran\Desktop\cs5\Adobe.Photoshop.CS5.Extended.v12\Adobe CS5\payloads\AdobeAIR1.5.3-mul\AdobeAIRInstaller.exe	
      C:\Users\Byran\Desktop\cs5\Adobe.Photoshop.CS5.Extended.v12\Adobe CS5\payloads\AdobeAMP1.8-mul\AdobeAIRInstaller.exe	
      C:\Users\Byran\Downloads\Adobe.Photoshop.CS5.Extended.v12.rar	
      C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\520d39ad-65c9eee0	
      C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\520d39ad-65c9eee0
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [resethosts]
      [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
     
  11. bryan22

    bryan22 TS Rookie Topic Starter

    alrighty, here they are sir. thanks much in advance
     

    Attached Files:

  12. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    OTL Clean-Up
    Clean up with OTL:

    * Double-click OTL.exe to start the program.
    * Close all other programs apart from OTL as this step will require a reboot
    * On the OTL main screen, press the CLEANUP button
    * Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    ====================================================================


    Your computer is clean [​IMG]

    1. Turn off System Restore:

    - Windows XP:
    1. Click Start.
    2. Right-click the My Computer icon, and then click Properties.
    3. Click the System Restore tab.
    4. Check "Turn off System Restore".
    5. Click Apply.
    6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
    7. Click OK.
    - Windows Vista:
    1. Click Start.
    2. Right-click the Computer icon, and then click Properties.
    3. Click on System Protection under the Tasks column on the left side
    4. Click on Continue on the "User Account Control" window that pops up
    5. Under the System Protection tab, find Available Disks
    6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C:")
    7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
    8. Click OK

    2. Restart computer.

    3. Turn System Restore on.

    4. Make sure, Windows Updates are current.

    5. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    7. Run defrag at your convenience.

    8. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    9. Please, let me know, how is your computer doing.
     
  13. bryan22

    bryan22 TS Rookie Topic Starter

    its doing well thanks
     
  14. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Way to go!! [​IMG]
    Good luck and stay safe :)
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...