Scan log files--Thank you in advance for you time and help

[326_grn]

**I originally pasted the actual text of the logs into this thread,

realizing my mistake,

the log files can be found in my most recent posts at the bottom of the page

sorry for the mishap**


my original post:

Greetings,

After an installation of nero 7, nero scout, and additional w00arez, symptoms include marketing pop-up chains, pseudo-windows notifications marketing malware removal software, and a significant decrease in availability of system resources,

Thank you very much in advance for you time and assistance

 

[326_grn]

My apologies for the large blocks of text,

 

[326_grn]

Thanks alot guys, to anyone who may have already begun to sift through it, I'm willing to return a favor for any assistance lent to me,

The output of the scan completed by the AVG anti-rootkit program was--"There were no installed rootkits found on your computer."

Edited by Moderator: No need for a double post if there are no replies between your current post and the last post, unless bumping the thread. In that case, please wait at least 24 hours before doing so. Otherwise, simply use the "Edit post" button instead.

 

[kitty500cat]

Sorry for the late reply; I've been busy.

Step 1:

Run HijackThis and do a system scan. Place a check in the box next to the following entries (if there):

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = [http]www.seekerbar.com/ie.aspx?tb_id=50154

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

O2 - BHO: DownloadRedirect Class - {00000000-6CB0-410C-8C3D-8FA8D2011D0A} - C:\Program Files\iMesh\iMesh5\iMeshBHO.dll (file missing)

O2 - BHO: (no name) - {157CCC88-44B0-4858-8412-60BB1E8EB121} - C:\WINDOWS\system32\awtqp.dll (file missing)

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)

O2 - BHO: H - {B1FBF2E1-C164-4ebe-AB04-B839655CC927} - gyrpsy23.dll (file missing)

O2 - BHO: (no name) - {D714A94F-123A-45CC-8F03-040BCAF82AD6} - C:\WINDOWS\Downloaded Program Files\SbCIe02a.dll (file missing)

O2 - BHO: - {DA9E35FF-E796-4ABF-A61C-C5F669B9CD3B} - C:\WINDOWS\lbbho.dll (file missing)

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab

O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - [http]wdownload.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?

O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - [http]www.sidestep.com/get/k42037/sb02a.cab

O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - [http]yax-download.yazzle.net/YazzleActiveX.cab?refid=1123

O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - [http]atv.disney.go.com/global/download/otoy/OTOYAX29b.cab

O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - [http]moviefone.kontiki.com/securedelivery/main/kdx.cab\

O20 - AppInit_DLLs:

O20 - Winlogon Notify: khfecay - khfecay.dll (file missing)

O20 - Winlogon Notify: vturs - C:\WINDOWS\system32\vturs.dll (file missing)

Close all open programs except HijackThis. Click the Fix Checked button. Wait for the fixing to complete, which may take awhile, and then close HijackThis.

Step 2:

Boot into safe mode, under your normal user name (not the administrator account). See how HERE.

In Windows Explorer, turn on "show all files and folders, including hidden and system." See how HERE.

Search your system for the filename alcmtr.exe and delete all instances found.

Then navigate to and delete the following bold files (if there):

C:\WINDOWS\system32\UninstallPCTT.exe

C:\WINDOWS\system32\4472F5F453.sys

Once that's done, reboot into normal mode and rehide your protected files.

Step 3:

Please navigate to www.virustotal.com.

Click the Choose... button.

Navigate to the following file:

C:\WINDOWS\system32\ps.dat

Click Open. Then click Send File.

Wait until it's done scanning, then copy and paste the results into a Notepad file and save it to your computer.

Step 4:

Rerun HijackThis and ComboFix. Post their logfiles, as well as the VirusTotal log.

Regards

This thread is for the use of 326_grn only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and the Web forum.

 

[momok]

Hi

Very Important: Malware infections can possibly lead to identity theft, loss of funds from bank accounts, misuse of credit card information etc. Therefore I strongly encourage you to please read this thread HERE before deciding what course of action to take regarding your infection.


Regards,
Your friendly momok =)

This thread is for the use of 326_grn only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[326_grn]

no big deal
i appreciate any help given