Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

My Hijackthis log

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: My Hijackthis log

Unread postby masternitro » June 6th, 2010, 5:48 pm

Hey

It still doesnt work, and when I try to run normal my computer freezes and I have to restart.
I can't run it as an administrator. I saved it on my desktop.
When I do Start > All programs > Accessories then Run I can right click for run as administrator when I fill in: %userprofile%\desktop\dds.scr

Another option for me is te reset my system. But I don't have back up of vista (legit version)
There a recovery on my computer on a hidden partition.
But I have to press f8 while restarting but that doesnt work, 2 years ago it didnt, and it still doesnt.
Maybe its because my keyboard is usb, so I could try that.
But other keys like Esc, enter, f12 works fine.

Maybe you could help me on that, then I just have to back up all my files and reset my system.
masternitro
Regular Member
 
Posts: 41
Joined: February 20th, 2009, 3:13 pm
Advertisement
Register to Remove

Re: My Hijackthis log

Unread postby vict0r » June 7th, 2010, 7:34 am

It should be possible to access that recovery partition. I'll find a solution if necessary.

It's possible the malware is protecting itself by refusing dds to run.

Please try this: :)


Scan with WVCheck

Please download WVCheck and save it to the desktop.
Note: The scan with this program may take some time depending on the Hard-Drive size.

  • Double click on WVCheck.exe and follow the prompts.
  • Please post the contents of the notepad file WVCheck_1436_dd-mm-yyyy that can be located on the desktop.


OT Helper

Please right click the following link and choose Save Link As...:
OTH ... by Old Timer.
Save it to your desktop as master.exe.

  • Save all work and close all programs, the next step will stop nearly every process on your computer!
  • Double click on master.exe to run OT Helper and click Kill All Processes.
  • Click Start Misc Program and navigate to your desktop.
  • Double click the dds icon to run it and wait for the two logs to appear.
  • Save the logs to your desktop.
  • Click Reboot in OT Helper


If OT Helper will not run, then right click the following link and choose Save Link As...:
OTH ... by Old Timer.
Save it to your desktop as master.scr and double click the icon.


When ready, please post:
  • Any problems? (Include description).
  • The DDS logs.
  • The WVCheck log
vict0r
Regular Member
 
Posts: 1043
Joined: December 3rd, 2008, 3:00 pm

Re: My Hijackthis log

Unread postby masternitro » June 7th, 2010, 6:51 pm

Windows Validation Check
Log Created On: 0033_08-06-2010
------------------------

Windows Information
-----------------------
Windows Version: Windows Vista Service Pack 1
Windows Mode: Normal


WVCheck's Auto Update Check
-----------------------
Auto-Update Option: Download updates and install them automatically.
------------------------------
Last Success Time for Update Detection: 2010-06-07 14:28:21
Last Success Time for Update Download: 2010-06-07 14:28:46
Last Success Time for Update Installation: 2010-06-07 14:29:17


WVCheck's File Dump
-------------------
WVCheck found no known bad files.


WVCheck's Missing File Check
-------------------
WVCheck found no missing Windows files.


WVCheck's HOSTS File Check
-------------------
WVCheck found no bad lines in the hosts file.


WVCheck's MD5 Check
EXPERIMENTAL!!
-------------------
user32.dll - b974d9f06dc7d1908e825dc201681269


-------- End of File, program close at 0033_08-06-2010 --------

I just noticed I did OTHelper wrong, I didnt change the name to master.
I could run the program, but the scan didnt finish let it ran for like 10 mins or something.

I'm going to bed now, I will try again tomorrow unless you give me other instructions.

Btw; I would like a back up of my system anyways, if my system crashes one day. I only got my serial key from vista written on my computer case.
If you could help me with that, I would appreciate that. I don't know if I can download vista somewhere and use my serial. Or do I get an illegal version then?
Because I want a legit version of vista, just like I have now.

Thank you for your help and effort :)
masternitro
Regular Member
 
Posts: 41
Joined: February 20th, 2009, 3:13 pm

Re: My Hijackthis log

Unread postby vict0r » June 8th, 2010, 11:58 am

I will get back to you on the backup subject.

Discard the instructions in my previous post.

Please read the instructions carefully to make it work:

Please Download DDS by right click the link below and choose Save link as...:
Link to DDS
Save the file to your desktop as asd.scr.

You can try to right click asd.scr and choose Run as Administrator to make it work or just try to double click the icon. If no success, please follow the instructions below:


OT Helper

Please right click the following link and choose Save Link As...:
OTH ... by Old Timer.
Save it to your desktop as master.exe.

  • Save all work and close all programs, the next step will stop nearly every process on your computer!
  • Double click on master.exe to run OT Helper and click Kill All Processes.
  • Click Start Misc Program and navigate to your desktop.
  • Double click asd.scr to run it and wait for the two logs to appear.
  • Save the logs to your desktop.
  • Click Reboot in OT Helper


If OT Helper will not run, please delete the master.exe file on your desktop and then right click the following link and choose Save Link As...:
OTH ... by Old Timer.
Save it to your desktop as master.scr and double click the icon.


If you still can't get the scan to run, please reboot in Safe Mode and follow the instructions there. You might want to save the instructions with notepad or print them because there's no internet in safe mode:

  • Restart your computer
  • During startup, but before the Windows logo appears, tap the F8/F5 key continually or hold down the Shift key;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.


When ready, please post:
  • Please try to carefully describe any problem.
  • The DDS logs.

If none of this works, please report back and we will try a totally different approach.
vict0r
Regular Member
 
Posts: 1043
Joined: December 3rd, 2008, 3:00 pm

Re: My Hijackthis log

Unread postby masternitro » June 8th, 2010, 5:58 pm

DDS (Ver_10-03-17.01) - NTFSx86
Run by Daniel at 23:51:26,78 on di 08-06-2010
Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_20
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.31.1043.18.3327.2204 [GMT 2:00]

AV: Panda Antivirus + Firewall 2008 *On-access scanning disabled* (Updated) {EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A}
SP: Panda Antivirus + Firewall 2008 *disabled* (Updated) {FE6602D3-1E71-4EBB-B4E3-D1C9CBDAF0A1}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FW: Panda Antivirus 2008 Personal Firewall *disabled* {7B090DC0-8905-4BAF-8040-FD98A41C8FB8}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PskSvc.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\pavsrvx86.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\AVENGINE.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\TPSrv.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\amBX\System\amBX_Service.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsCtrls.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\amBX\Device Drivers\Philips USB\Philips_HAL_Starter.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\PSIService.exe
c:\program files\panda security\panda antivirus + firewall 2008\firewall\PSHOST.EXE
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsImSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\amBX\Device Drivers\Philips USB\Philips_amBX_USB_HAL.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\amBX\Control Panel\amBXDaemon.exe
C:\Program Files\amBX\Gaming FXGen\win32\amBXFxGen.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\amBX\Effects\amBX Event Manager.exe
C:\Program Files\amBX\Illuminate\Illuminate.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\WebProxy.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\psimreal.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Daniel\Desktop\asd.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.hyves.nl/
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = 174.142.104.57:3128
BHO: Adobe PDF Reader Help bij koppelingen: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Aanmelden - Help: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: MyIdentityDefender: {a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} - c:\users\daniel\appdata\locallow\cyberdefender\cdmyidd.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: MyIdentityDefender: {a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} - c:\users\daniel\appdata\locallow\cyberdefender\cdmyidd.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [recinfo] c:\recinfo\recinfo.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Windows Runtime] c:\users\daniel\javalib.jar
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [NPCTray] c:\program files\norman\npc\bin\npc_tray.exe /LOAD
mRun: [APVXDWIN] "c:\program files\panda security\panda antivirus + firewall 2008\APVXDWIN.EXE" /s
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [amBX Daemon] "c:\program files\ambx\control panel\amBXDaemon.exe"
mRun: [amBX System Tray Application] c:\program files\ambx\gaming fxgen\win32\amBXFxGen.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [fsc-reg] c:\fsc-reg\fscreg.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\ambxef~1.lnk - c:\program files\ambx\effects\amBX Event Manager.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\ambxil~1.lnk - c:\program files\ambx\illuminate\Illuminate.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download alles met Free Download Manager. - file://c:\program files\free download manager\dlall.htm
IE: Download met Free Download Manager. - file://c:\program files\free download manager\dllink.htm
IE: Download selectie met Free Download Manager. - file://c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\program files\panda security\panda antivirus + firewall 2008\pavlsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avldr - avldr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\daniel\appdata\roaming\mozilla\firefox\profiles\gycgfuwj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.hyves.nl/
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-6-7 64288]
R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [2008-8-24 71608]
R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [2008-8-24 51256]
R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [2008-8-24 21816]
R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [2008-8-24 191672]
R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [2008-8-24 132664]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [2008-8-24 38968]
R1 SMSFLT;SMS Filter Plugin;c:\windows\system32\drivers\smsflt.sys [2008-8-24 37304]
R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [2008-8-24 30648]
R2 amBX Service;amBX Service;c:\program files\ambx\system\amBX_Service.exe [2008-4-17 599552]
R2 AmFSM;AmFSM;c:\windows\system32\drivers\amm8660.sys [2008-8-24 46648]
R2 ComFiltr;Panda Anti-Dialer;c:\windows\system32\drivers\COMFiltr.sys [2008-8-24 13880]
R2 cpoint;Panda CPoint Driver;c:\windows\system32\drivers\cpoint.sys [2008-8-24 24760]
R2 Panda Software Controller;Panda Software Controller;c:\program files\panda security\panda antivirus + firewall 2008\PsCtrlS.exe [2008-8-24 169264]
R2 PAVFNSVR;Panda Function Service;c:\program files\panda security\panda antivirus + firewall 2008\PavFnSvr.exe [2008-8-24 173360]
R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [2008-8-24 178872]
R2 PavPrSrv;Panda Process Protection Service;c:\program files\common files\panda software\pavshld\PavPrSrv.exe [2008-8-24 63024]
R2 PAVSRV;Panda anti-virus service;c:\program files\panda security\panda antivirus + firewall 2008\pavsrvx86.exe [2008-8-24 165680]
R2 Philips HAL Starter;Philips HAL Starter;c:\program files\ambx\device drivers\philips usb\Philips_HAL_Starter.exe [2008-6-9 10752]
R2 PskSvcRetail;Panda PSK service;c:\program files\panda security\panda antivirus + firewall 2008\psksvc.exe [2008-8-24 27696]
R3 NETIMFLT01050097;PANDA NDIS IM Filter Miniport v1.5.0.97;c:\windows\system32\drivers\netimflt.sys [2008-8-24 143160]
R3 Philips amBX USB HAL;Philips amBX USB HAL;c:\program files\ambx\device drivers\philips usb\Philips_amBX_USB_HAL.exe [2008-6-9 540672]
S2 gupdate1c9cd04468bf89c;Google Updateservice (gupdate1c9cd04468bf89c);c:\program files\google\update\GoogleUpdate.exe [2009-5-5 133104]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\magix\common\database\bin\fbserver.exe --> c:\program files\magix\common\database\bin\fbserver.exe [?]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2009-7-25 36608]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2009-4-19 13224]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1352320]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [2009-4-19 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [2009-4-19 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [2009-4-19 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [2009-4-19 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [2009-4-19 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [2009-4-19 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [2009-4-19 115752]

=============== Created Last 30 ================

2010-06-07 21:03:14 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-05-31 21:41:13 0 d-----w- c:\users\daniel\appdata\roaming\MixMeister Technology
2010-05-31 21:39:56 0 d-----w- c:\program files\MixMeister Studio 7.2.2
2010-05-26 14:42:44 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-25 14:09:51 0 d-----w- c:\programdata\Sun
2010-05-25 14:08:38 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-24 12:25:34 0 d-----w- c:\programdata\Insight Software Solutions
2010-05-24 12:25:34 0 d-----w- c:\programdata\Insight Software
2010-05-24 12:25:32 0 d-----w- c:\program files\common files\Insight Software Solutions
2010-05-24 12:25:30 0 d-----w- c:\program files\ShortKeys2
2010-05-12 14:39:36 738304 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-10 20:32:58 0 d-----w- c:\program files\VSO

==================== Find3M ====================

2010-06-08 21:51:21 1204 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG.bck
2010-06-08 21:51:21 1204 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG
2010-06-08 21:48:11 464772 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT.bck
2010-06-08 21:48:11 464772 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT
2010-06-04 13:46:37 86016 ----a-w- c:\windows\inf\infstor.dat
2010-06-04 13:46:37 86016 ----a-w- c:\windows\inf\infpub.dat
2010-06-04 13:46:37 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-06-04 13:33:58 667114 ----a-w- c:\windows\system32\perfh013.dat
2010-06-04 13:33:57 126648 ----a-w- c:\windows\system32\perfc013.dat
2010-06-01 23:41:29 529464 ----a-w- c:\windows\system32\drivers\ndis.sys
2010-05-12 09:21:16 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-10 21:03:19 15880 ----a-w- c:\windows\system32\lsdelete.exe
2008-07-30 01:14:05 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-04-09 09:49:52 41976 ----a-w- c:\windows\inf\perflib\0413\perfd.dat
2008-04-09 09:49:52 41976 ----a-w- c:\windows\inf\perflib\0413\perfc.dat
2008-04-09 09:49:52 336440 ----a-w- c:\windows\inf\perflib\0413\perfi.dat
2008-04-09 09:49:52 336440 ----a-w- c:\windows\inf\perflib\0413\perfh.dat
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-11-12 19:02:43 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-04-23 13:41:49 88 --sha-r- c:\windows\system32\C1F76A0D61.sys
2009-04-23 13:42:42 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
2008-08-23 12:25:37 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008082320080824\index.dat

============= FINISH: 23:52:47,54 ===============


I found out what I did wrong, I forgot to close my virus scanner :$ Sorry for that.

--------------

DDS (Ver_10-03-17.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 23-8-2008 23:15:43
System Uptime: 6-8-2010 23:44:33 (-1416 hours ago)

Motherboard: FUJITSU SIEMENS | | MS-7379VP
Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz | CPU 1 | 2403/267mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 154 GiB total, 42,555 GiB free.
D: is FIXED (NTFS) - 466 GiB total, 161,968 GiB free.
E: is FIXED (NTFS) - 303 GiB total, 33,16 GiB free.
F: is CDROM ()
G: is CDROM ()
H: is Removable
I: is Removable
J: is Removable
K: is Removable
L: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP542: 4-6-2010 15:18:44 - Windows Update
RP543: 4-6-2010 15:45:51 - PC Connectivity Solution is verwijderd
RP544: 4-6-2010 15:47:33 - Removed Vegas Movie Studio Platinum 9.0
RP545: 5-6-2010 11:43:27 - Windows Update
RP546: 6-6-2010 8:55:01 - Gepland herstelpunt
RP547: 7-6-2010 16:28:46 - Windows Update

==== Installed Programs ======================

Activation Assistant for the 2007 Microsoft Office suites
Ad-Aware
Ad-Aware Email Scanner for Outlook
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Anchor Service CS4
Adobe Color Common Settings
Adobe CSI CS4
Adobe Dreamweaver CS4
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.2 - Nederlands
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Update Manager CS4
Allok 3GP PSP MP4 iPod Video Converter 4.2.0608
amBX Audio FXGen 3.1.1
amBX Control Panel 1.2.2
amBX Effects 1.1.2
amBX Gaming FXGen 3.5.7
amBX Illuminate 1.0.2
amBX System 1.1.3.2
ATI Catalyst Install Manager
Avanquest update
AVS Audio Converter version 6.1
AVS Update Manager 1.0
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center HydraVision Full
Catalyst Control Center InstallProxy
ccc-core-static
ccc-utility
CCC Help English
CCleaner
Compatibiliteitspakket voor het 2007 Microsoft Office system
Connect
DisplayFusion
DVD Shrink 3.2
FileZilla Client 3.3.2.1
Free Download Manager 2.5
GEAR 32bit Driver Installer
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
GrabIt 1.7.2 Beta 4 (build 997)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Integrated Performance Primitives RTI 4.0
Java Auto Updater
Java DB 10.4.1.3
Java(TM) 6 Update 2
Java(TM) 6 Update 20
Java(TM) 6 Update 7
Java(TM) SE Development Kit 6 Update 11
Junk Mail filter update
K-Lite Codec Pack 4.3.4 (Full)
kuler
Live 7.0.3
Macromedia Dreamweaver MX 2004
Macromedia Extension Manager
Magic ISO Maker v5.4 (build 0256)
Medieval CUE Splitter
Messenger Plus! Live
Microsoft .NET Framework 3.5 Language Pack SP1 - nld
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (Dutch) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (Dutch) 2007
Microsoft Office PowerPoint MUI (Dutch) 2007
Microsoft Office PowerPoint Viewer 2007 (Dutch)
Microsoft Office Proof (Dutch) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proofing (Dutch) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (Dutch) 2007
Microsoft Office Word MUI (Dutch) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Microsoft XML Parser
Mozilla Firefox (3.6.3)
Mp3tag v2.45a
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyIdentityDefender Toolbar
NCH Toolbox
Nero 8 Essentials
neroxml
OJOsoft Total Video Converter
Panda Antivirus + Firewall 2008
Philips amBX V1.4
Realtek High Definition Audio Driver
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
ShortKeys Lite
Skins
Skype web features
Skype™ 4.1
Sony Ericsson PC Suite 4.010.00
Spelling Dictionaries Support For Adobe Reader 8
Suite Shared Configuration CS4
System Requirements Lab
SystemDiagnostics
Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB981715)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Word 2007 (KB974561)
Update voor Microsoft Office Excel 2007 Help (KB963678)
Update voor Microsoft Office Powerpoint 2007 Help (KB963669)
Update voor Microsoft Office Word 2007 Help (KB963665)
VCRedistSetup
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VSO Image Resizer 3.0.1.76
Windows-stuurprogrammapakket - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
Windows-stuurprogrammapakket - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
Windows Live - Hulpprogramma voor uploaden
Windows Live aanmeldhulp
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Media Player Firefox Plugin
WinRAR
Wisdom-soft AutoScreenRecorder 1.0 Free
World of Warcraft FREE Trial
YouTube Downloader 2.5.3

==== End Of File ===========================
Last edited by Dakeyras on June 9th, 2010, 8:35 am, edited 1 time in total.
Reason: Please do not attach logs unless requested as this is a teaching forum, thank you
masternitro
Regular Member
 
Posts: 41
Joined: February 20th, 2009, 3:13 pm

Re: My Hijackthis log

Unread postby vict0r » June 9th, 2010, 8:58 am

masternitro wrote:I found out what I did wrong, I forgot to close my virus scanner :$ Sorry for that.

Don't worry. I should have included a warning that you may have to allow it if your security programs pops up a warning/blocking when running DDS.


Out of date Adobe and Java installations pose a security risk. They can be used by malware as a means to infect a computer and or re-infect. I will include instructions to reinstall later.

The other applications are best to be uninstalled. They may conflict with the removal process, each other or they are just software with a dubious reputation. I recommend that you use only one download manager.

    Ad-Aware
    Ad-Aware Email Scanner for Outlook
    Adobe Reader 8.1.2 - Nederlands
    Adobe Reader 8.1.2 Security Update 1 (KB403742)
    FileZilla Client 3.3.2.1
    Free Download Manager 2.5
    GrabIt 1.7.2 Beta 4 (build 997)
    Java(TM) 6 Update 2
    Java(TM) 6 Update 7
    Messenger Plus! Live
    MyIdentityDefender Toolbar


  • Click on Start > All programs > Accessories > Run.
  • In the open text box copy/paste appwiz.cpl Then click Ok.
  • Uninstall the programs listed above.

If you can't find Ad-Aware in the list, please navigate to C:\Program Files\Lavasoft\Ad-Aware and see if you can find the uninstaller there (typical uninstall.exe).


Show All Files And Folders

  • Click the Windows Start > All programs > Accessories then Run
  • Copy and paste the following line into the box, then hit Enter on your keyboard:
    control folders
  • Select the View tab.
  • Under the Hidden files and folders heading select Show hidden files and folders.
  • Uncheck the Hide extensions of known file types option.
  • Uncheck the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Click OK.


Scan files with Virustotal

  • Please go to Virus Total
  • Click the Browse button.
  • Copy and paste the full file path below into the 'File name:' box and click Open
      c:\windows\system32\C1F76A0D61.sys
  • Click Send File and wait for the scanning to complete.
    NOTE:If the file has already been analysed please click Reanalyse file now.
  • When the "Current Status:" changes to Finished, copy the link from the address bar at the top of your browser and paste it into your next reply.

Repeat the Virustotal scan for these files:
C:\Windows\Psyxib.exe
C:\Users\Daniel\javalib.jar

If you can't reach Virustotal, please try Jotti.org

Please do not act on the information given by the scans. I will give you instruction on how to handle in my next post.

When ready, please post:
  • Any problems?
  • The links to the scan results.
vict0r
Regular Member
 
Posts: 1043
Joined: December 3rd, 2008, 3:00 pm

Re: My Hijackthis log

Unread postby vict0r » June 11th, 2010, 8:04 am

Hello...

It has again been 2 days since my last post to you.

After 24 hrs., if you have not replied to this thread... it will be closed.

Please post back even if you do not wish to continue.
vict0r
Regular Member
 
Posts: 1043
Joined: December 3rd, 2008, 3:00 pm

Re: My Hijackthis log

Unread postby masternitro » June 11th, 2010, 10:35 am

Sorry I didn't response.
I was quite busy with school.
I will do the scans tonight or tomorrow.

Sorry
masternitro
Regular Member
 
Posts: 41
Joined: February 20th, 2009, 3:13 pm

Re: My Hijackthis log

Unread postby masternitro » June 12th, 2010, 6:02 am

I couldn't delete:
Ad-Aware Email Scanner for Outlook: because it said it was already deleted.
Adobe Reader 8.1.2 Security Update 1 (KB403742): not in the list.

c:\windows\system32\C1F76A0D61.sys:
http://www.virustotal.com/nl/analisis/b ... 1276336593

It says It cant find both files listed below.
C:\Windows\Psyxib.exe
C:\Users\Daniel\javalib.jar

Sorry for letting you wait.
Hope you understand.

ps. I didnt reboot after deleting the files u asked me too. Could that be the problem?
I tried after reboot, still can't find those files.
masternitro
Regular Member
 
Posts: 41
Joined: February 20th, 2009, 3:13 pm

Re: My Hijackthis log

Unread postby vict0r » June 13th, 2010, 9:54 am

I'm sorry for the delay. I will post further instructions as soon as possible.
vict0r
Regular Member
 
Posts: 1043
Joined: December 3rd, 2008, 3:00 pm

Re: My Hijackthis log

Unread postby vict0r » June 13th, 2010, 10:53 am

(removed)
vict0r
Regular Member
 
Posts: 1043
Joined: December 3rd, 2008, 3:00 pm

Re: My Hijackthis log

Unread postby vict0r » June 13th, 2010, 6:20 pm

masternitro wrote:Sorry for letting you wait.
Hope you understand.

ps. I didnt reboot after deleting the files u asked me too. Could that be the problem?


Please try to follow the instructions and post back at least once a day.

No, a reboot or not after deleting those files should not make any difference.


TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • Click the Start button in the bottom left of TFC
  • If prompted to reboot, click "Skip reboot".

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. You may not be prompted to reboot.


Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to both:
    Update Malwarebytes' Anti-Malware
    Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Check all items and click Remove Selected.
    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt


Disable Panda

Right-click the Panda icon in the system tray and click Close Automatic Protection.


GMER

Please download GMER Rootkit Scanner from Here. Save it to your desktop.
  • Right-click the .exe file and click Run as administrator. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All << (don't miss this one)
    See image below, Click the image to enlarge it
    Image

  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in your next reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Note: Do not run any programs while Gmer is running.


Reboot

Reboot your computer before continuing. Do not skip the reboot!


DDS

  • After the reboot: Double click the DDS icon on your desktop. A command window will appear. This is normal.
  • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs into your next reply


Please re-enable Panda after the DDS scan.


When completed, please post back the following in the order asked for:
  • Did you encounter any problems following my instructions?
  • Did you reboot before you scanned with DDS?
  • the Malwarebytes Anti-Malware log.
  • the Gmer log
  • the DDS logs

Please use one reply for each log.

Continue to reply to this thread until I tell you that the logs are clean! Absence of symptoms does not necessarily mean a clean computer!
vict0r
Regular Member
 
Posts: 1043
Joined: December 3rd, 2008, 3:00 pm

Re: My Hijackthis log

Unread postby masternitro » June 14th, 2010, 10:08 am

After TFC my computer rebooted, It asked for reboot I only could click OK and X. So I clicked X but then it rebooted.
With Malwarebytes' Anti-Malware I can't find the logs, because when I try to go to Documents and Settings it says acces denied.
And when I use GMER my computer freezes, everytime.

Its kinda a mess now :S, If you could help me get a back up of my vista.
That would be nice, unless my computer can still be fixed :).
masternitro
Regular Member
 
Posts: 41
Joined: February 20th, 2009, 3:13 pm

Re: My Hijackthis log

Unread postby vict0r » June 14th, 2010, 3:46 pm

The DDS logs show that you haven't got much space left on the hard drive and that your system drive has got about 100Gb of data. That's about 12 8.5Gb (single-sided, double-layered) DVD's (not recommended). Do you own a external hard drive (or other media) that can hold the required amount of data?


Please try to navigate to the following folder to locate the log and then post it (mbam-log-yyyy-mm-dd (time).txt):
C:\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\Logs

You can also try this:

Retrieve Malwarebytes Anti-Malware (MBAM) Log(s)

  1. Start MBAM... click the Logs tab at the top.
    The log will be named by the date & time of scan in the following format: mbam-log-yyyy-mm-dd (time).txt
  2. Click on the last (most recent) log name to highlight it... then click the Open button, at bottom left. The log should open in Notepad as a text file.
  3. Please copy and paste the entire mbam-log-yyyy-mm-dd (time).txt file in your next reply.
    Be sure to post the complete log... including the top portion showing MBAM's database version and your operating system.
  4. Exit MBAM when done.


Please try to run GMER in Safe Mode. You might want to save the instructions with notepad or print them because there's no internet in safe mode:

  • Restart your computer
  • During startup, but before the Windows logo appears, tap the F5/F8 key continually or hold down the Shift key;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.


GMER

  • Right-click the GMER's .exe file on the desktop and click Run as administrator. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All << (don't miss this one)
    See image below, Click the image to enlarge it
    Image

  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in your next reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Note: Do not run any programs while Gmer is running.


Reboot

Reboot your computer normally before continuing.


DDS

  • After the reboot: Double click the DDS icon on your desktop. A command window will appear. This is normal.
    (You may have to allow it if you get a blocking popup or disable Panda as you did before).
  • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs into your next reply



When completed, please post back the following in the order asked for:
  • Any problems?
  • the Malwarebytes Anti-Malware log.
  • the Gmer log
  • the DDS logs

Please use one reply for each log.

Continue to reply to this thread until I tell you that the logs are clean! Absence of symptoms does not necessarily mean a clean computer!
vict0r
Regular Member
 
Posts: 1043
Joined: December 3rd, 2008, 3:00 pm

Re: My Hijackthis log

Unread postby masternitro » June 14th, 2010, 4:17 pm

Yes I have an extern harddrive 500gb space.
BUT my computer got in total 1tb of space.
I got 3 partitions, (C is smallest).
On the other harddrives are also over 500gb of data(mainly films and music).
But my parents are soon going to buy a new computer, so I could temporarely store my files on their new one.
masternitro
Regular Member
 
Posts: 41
Joined: February 20th, 2009, 3:13 pm
Advertisement
Register to Remove

PreviousNext

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 470 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware