Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Mal Ware problems from frostwire

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Mal Ware problems from frostwire

Unread postby Stb » November 27th, 2009, 3:08 am

Earlier today I found out my young sister downloaded frostwire, which I immediately removed, on my computer and downloaded a lot of .au and other weird files. Ever since then Firefox has been running extremely slow and using like 400,000k memory. I kept getting a pop up for search settings 1.2.2 but I think I got rid of that. I've been running ad aware, microsoft security essentials and MBAM but the problem still persists. Also whenever I try to look at my control panel explorer.exe crashes, and then drwatson post mortem debugger crashed shortly after. MSE detected several trojans in the frostwire folder and removed them, but it didn't seem to make a difference.
Here is my hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:08:05 AM, on 11/27/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.octoshape.com/play.asp?varia ... RD&lang=en
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 5387 bytes
Stb
Active Member
 
Posts: 4
Joined: November 26th, 2009, 7:46 pm
Advertisement
Register to Remove

Re: Mal Ware problems from frostwire

Unread postby MWR 3 day Mod » November 30th, 2009, 7:13 pm

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: Mal Ware problems from frostwire

Unread postby Rodav » December 4th, 2009, 3:17 pm

Hello and welcome to the Malware Removal forums.


Step 1:
Download at your desktop DDS from one of the links below:

Link 1
Link 2
  • Double click the tool to run it.
  • A black Screen will open, just read the contents and do nothing.
  • When the tool finish it will open 2 reports.
  • Copy/paste both reports back here and remove DDS from your desktop.


Step 2:
Download GMER Rootkit Scanner from here or here.
  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan..
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "ark.txt".
Save it where you can easily find it, such as your desktop

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Logs to Post:
In your next reply please post the following:
  • The 2 reports from DDS
  • The GMER log
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1481
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.

Re: Mal Ware problems from frostwire

Unread postby Stb » December 5th, 2009, 2:58 pm

Ok done, here are the logs

DDS (Ver_09-12-01.01) - NTFSx86
Run by Seth_2 at 12:02:44.04 on Sat 12/05/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.526 [GMT -6:00]

AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Documents and Settings\Seth_2\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://www.octoshape.com/play.asp?varia ... RD&lang=en
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [ICQ] "c:\program files\icq6\ICQ.exe" silent
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [AIM] c:\program files\aim\aim.exe -cnetwait.odl
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide
mRun: [Dell AIO Printer A920] "c:\program files\dell aio printer a920\dlbkbmgr.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [SearchSettings] c:\program files\search settings\SearchSettings.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/fl ... wflash.cab
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\seth_2\applic~1\mozilla\firefox\profiles\7fwv5dho.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=fi ... S:official
FF - plugin: c:\documents and settings\all users\application data\id software\quakelive\npquakezero.dll
FF - plugin: c:\program files\byond\bin\npbyond.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbyond.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 142832]
S3 scskusbf;USB SCSK Filter Driver Service;c:\windows\system32\drivers\scskusbf.sys [2008-6-3 19504]
S3 scskusbs;USB SCSK Driver Service;c:\windows\system32\drivers\scskusbs.sys [2008-6-3 83160]

=============== Created Last 30 ================

2009-11-27 18:46:45 0 d-----w- c:\program files\World of Warcraft
2009-11-26 23:37:54 0 d-----w- c:\program files\Trend Micro
2009-11-25 21:02:34 0 d-----w- c:\docume~1\seth_2\applic~1\Malwarebytes
2009-11-25 21:02:27 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-25 21:02:26 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-11-25 21:02:25 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-25 21:02:25 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-24 04:09:01 32 ----a-r- c:\documents and settings\all users\hash.dat
2009-11-23 21:04:58 242 ----a-w- c:\windows\dellstat.ini
2009-11-23 21:03:42 201216 ----a-w- c:\windows\system32\LEXP2P32.DLL
2009-11-23 21:03:41 73728 ----a-w- c:\windows\system32\dlbkpwr.dll
2009-11-23 21:03:41 40960 ----a-w- c:\windows\system32\dlbkvs.dll
2009-11-23 21:03:41 303104 ----a-w- c:\windows\system32\LEXBCES.EXE
2009-11-23 21:03:41 196096 ----a-w- c:\windows\system32\LEX2KUSB.DLL
2009-11-23 21:03:41 147456 ----a-w- c:\windows\system32\LEXBCE.DLL
2009-11-23 21:03:40 286720 ----a-w- c:\windows\system32\dlbkcomm.dll
2009-11-23 21:03:40 192512 ----a-w- c:\windows\system32\lexlmpm.dll
2009-11-23 21:03:15 0 d-----w- c:\program files\Dell AIO Printer A920
2009-11-23 21:03:05 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2009-11-23 21:03:05 87040 ----a-w- c:\windows\system32\wiafbdrv.dll
2009-11-23 21:02:56 69632 ----a-w- c:\windows\system32\dlbkscin.dll
2009-11-23 21:02:56 57344 ----a-w- c:\windows\system32\dlbkcinf.dll
2009-11-23 21:02:56 49152 ----a-w- c:\windows\system32\dlbkcoin.dll
2009-11-23 21:02:56 255 ----a-w- c:\windows\system32\dlbkcoin.ini
2009-11-23 21:02:55 0 d-----w- c:\program files\Dell A920
2009-11-23 21:02:37 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2009-11-23 21:02:37 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-11-20 04:28:03 0 ----a-r- C:\logwmemory.bin
2009-11-20 04:25:03 0 d-----w- C:\Soldat
2009-11-20 04:25:03 0 d-----w- c:\docume~1\seth_2\applic~1\Soldat
2009-11-16 23:54:09 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-16 23:50:40 0 d-----w- c:\program files\Microsoft Security Essentials
2009-11-12 04:32:48 0 d-----w- c:\docume~1\seth_2\applic~1\LucasArts
2009-11-06 21:25:46 0 d-----w- c:\program files\iPod

==================== Find3M ====================

2009-10-31 02:39:22 21840 ----atw- c:\windows\system32\SIntfNT.dll
2009-10-31 02:39:21 17212 -c--atw- c:\windows\system32\SIntf32.dll
2009-10-31 02:39:21 12067 -c--atw- c:\windows\system32\SIntf16.dll
2009-10-28 03:19:42 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-10-11 10:17:27 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-20 16:14:06 189784 -c--a-w- c:\windows\system32\PnkBstrB.exe
2009-09-19 22:58:21 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-09-19 22:58:21 2373712 ----a-w- c:\windows\system32\pbsvc.exe
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2008-08-21 10:17:08 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082120080822\index.dat

============= FINISH: 12:03:07.26 ===============


****Here is the 2nd DDS log****

DDS (Ver_09-12-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 3/19/2007 5:50:09 PM
System Uptime: 12/2/2009 8:21:24 PM (64 hours ago)

Motherboard: Dell Computer Corp. | | 0F5949
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2791/533mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 37 GiB total, 2.92 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP909: 11/11/2009 10:40:11 PM - Removed Tropico 2: Pirate Cove
RP910: 11/11/2009 10:55:53 PM - Installed Fable - The Lost Chapters
RP911: 11/13/2009 12:35:54 AM - System Checkpoint
RP912: 11/14/2009 12:41:31 AM - System Checkpoint
RP913: 11/15/2009 1:07:42 AM - System Checkpoint
RP914: 11/16/2009 2:59:15 AM - System Checkpoint
RP915: 11/16/2009 5:54:03 PM - Software Distribution Service 3.0
RP916: 11/17/2009 5:57:38 PM - Software Distribution Service 3.0
RP917: 11/18/2009 5:57:15 PM - Software Distribution Service 3.0
RP918: 11/19/2009 7:02:48 PM - Software Distribution Service 3.0
RP919: 11/20/2009 7:02:38 PM - Software Distribution Service 3.0
RP920: 11/21/2009 7:02:40 PM - Software Distribution Service 3.0
RP921: 11/22/2009 1:34:21 AM - Software Distribution Service 3.0
RP922: 11/22/2009 7:03:31 PM - Software Distribution Service 3.0
RP923: 11/23/2009 2:46:54 PM - Installed Adobe Reader 9.2.
RP924: 11/23/2009 3:35:23 PM - Microsoft Antimalware Checkpoint
RP925: 11/24/2009 4:35:32 AM - Software Distribution Service 3.0
RP926: 11/24/2009 7:08:38 PM - Software Distribution Service 3.0
RP927: 11/25/2009 2:55:56 PM - Software Distribution Service 3.0
RP928: 11/25/2009 3:08:20 PM - Microsoft Antimalware Checkpoint
RP929: 11/26/2009 3:46:49 PM - System Checkpoint
RP930: 11/27/2009 5:20:59 PM - Software Distribution Service 3.0
RP931: 11/30/2009 12:07:11 PM - Software Distribution Service 3.0
RP932: 12/1/2009 4:30:14 PM - System Checkpoint
RP933: 12/2/2009 3:18:02 AM - Software Distribution Service 3.0
RP934: 12/3/2009 5:23:21 AM - System Checkpoint
RP935: 12/3/2009 8:28:38 PM - Software Distribution Service 3.0
RP936: 12/4/2009 8:28:12 PM - Software Distribution Service 3.0

==== Installed Programs ======================

7-Zip 4.65
AAC Decoder
AC3Filter (remove only)
Acrobat.com
Ad-Aware SE Personal
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Reader 9.2
Adobe Shockwave Player 11
Age of Chivalry
Age of Empires III
Age of Empires III - The Asian Dynasties
Age of Empires III - The WarChiefs
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.6
AutoHotkey 1.0.48.03
AutoUpdate
Battlefield 2(TM)
Bonjour
Broadcom 440x 10/100 Integrated Controller
Broadcom Management Programs
Build Your Own Net Dream (remove only)
Command & Conquer™ Red Alert™ 3
Conexant D850 56K V.9x DFVc Modem
Counter-Strike: Source
Critical Update for Windows Media Player 11 (KB959772)
DAEMON Tools Toolbar
Dealio Toolbar v4.0.1
Dell AIO Printer A920
Dell ResourceCD
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
EverQuest Titanium
Fable - The Lost Chapters
Fallout 3
Fallout2
Free Mp3 Wma Converter V 1.8.0
GTA San Andreas
H.264 Decoder
HeavensLair
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Intel(R) Extreme Graphics Driver
iTunes
Java(TM) 6 Update 17
Malwarebytes' Anti-Malware
MechWarrior 4 Mercenaries
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Halo
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Security Essentials
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft XNA Framework Redistributable 3.0
mIRC
MKV Splitter
MobileMe Control Panel
Morrowind
Mozilla Firefox (3.5.5)
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
NVIDIA Drivers
Paint.NET v3.36
PowerDVD 5.1
Project Reality 0860 Core
Project Reality 0860 Levels
Project Reality 0860 Patch
PunkBuster Services
Puzzle Pirates
Quake Live Mozilla Plugin
QuickTime
Recuva (remove only)
Safari
Search Settings 1.2.2
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
SimCity 3000
SimpleMU MUD Client
Soldat 1.5.0
SoundMAX
SpaceMonger 2.1.1
Starcraft
Steam
Stronghold Crusader Extreme
System Requirements Lab
Tasker version 3.13
TES Construction Set
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.762
Ventrilo Client
Vuze
WebFldrs XP
WhiteCap
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
World of Warcraft
Wow Web Stats Client v3.0
Xfire (remove only)

==== Event Viewer Messages From Past Week ========

12/5/2009 12:00:44 PM, error: Service Control Manager [7016] - The BrSplService service has reported an invalid current state 0.
11/29/2009 12:40:46 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
11/29/2009 12:37:25 PM, error: Service Control Manager [7001] - The Print Spooler service depends on the LexBce Server service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

==== End Of File ===========================

GMER 1.0.15.15252 - http://www.gmer.net
Rootkit scan 2009-12-05 13:02:55
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Seth_2\LOCALS~1\Temp\ufqiafoc.sys



---- System - GMER 1.0.15 ----

SSDT spka.sys ZwCreateKey [0xF74C40E0]
SSDT spka.sys ZwEnumerateKey [0xF74E2CA4]
SSDT spka.sys ZwEnumerateValueKey [0xF74E3032]
SSDT spka.sys ZwOpenKey [0xF74C40C0]
SSDT spka.sys ZwQueryKey [0xF74E310A]
SSDT spka.sys ZwQueryValueKey [0xF74E2F8A]
SSDT spka.sys ZwSetValueKey [0xF74E319C]

INT 0x62 ? 86F6EBF8
INT 0x63 ? 86FDABF8
INT 0x82 ? 86F6EBF8
INT 0x83 ? 86FDABF8
INT 0xA4 ? 86FDABF8
INT 0xB4 ? 86FDABF8

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 86FD91F8
Device \Driver\PCI_PNP9276 \Device\00000043 spka.sys
Device \Driver\PCI_PNP9276 \Device\00000043 spka.sys
Device \Driver\usbuhci \Device\USBPDO-0 86E24500
Device \Driver\usbuhci \Device\USBPDO-1 86E24500
Device \Driver\NetBT \Device\NetBT_Tcpip_{B53903B6-6A02-47CE-9F04-F3F9E36D8575} 86D411F8
Device \Driver\usbuhci \Device\USBPDO-2 86E24500
Device \Driver\usbehci \Device\USBPDO-3 86E19500
Device \Driver\Ftdisk \Device\HarddiskVolume1 86FDB1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 86FDB1F8
Device \Driver\Cdrom \Device\CdRom0 86D9C1F8
Device \Driver\Cdrom \Device\CdRom1 86D9C1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F743EB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [F743EB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F743EB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [F743EB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Cdrom \Device\CdRom2 86D9C1F8
Device \Driver\sptd \Device\1375571776 spka.sys
Device \Driver\NetBT \Device\NetBt_Wins_Export 86D411F8
Device \Driver\NetBT \Device\NetbiosSmb 86D411F8
Device \Driver\usbuhci \Device\USBFDO-0 86E24500
Device \Driver\usbuhci \Device\USBFDO-1 86E24500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 86BFA500
Device \Driver\usbuhci \Device\USBFDO-2 86E24500
Device \FileSystem\MRxSmb \Device\LanmanRedirector 86BFA500
Device \Driver\usbehci \Device\USBFDO-3 86E19500
Device \Driver\Ftdisk \Device\FtControl 86FDB1F8
Device \Driver\a2ndwu4a \Device\Scsi\a2ndwu4a1Port2Path0Target1Lun0 86D8D500
Device \Driver\a2ndwu4a \Device\Scsi\a2ndwu4a1 86D8D500
Device \Driver\a2ndwu4a \Device\Scsi\a2ndwu4a1Port2Path0Target0Lun0 86D8D500
Device \FileSystem\Fastfat \Fat 8669A500
Device \FileSystem\Fastfat \Fat 8D429297

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs 86968500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x07 0xD6 0x93 0x3E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x4A 0x71 0xB4 0xF0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xF3 0x93 0x61 0x2F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x02 0xC6 0x57 0x0D ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x07 0xD6 0x93 0x3E ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x4A 0x71 0xB4 0xF0 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xF3 0x93 0x61 0x2F ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x02 0xC6 0x57 0x0D ...

---- EOF - GMER 1.0.15 ----
Stb
Active Member
 
Posts: 4
Joined: November 26th, 2009, 7:46 pm

Re: Mal Ware problems from frostwire

Unread postby Rodav » December 6th, 2009, 5:58 pm

I'm not seeing too much of anything malware related, are you are still still having issues with your control panel? You could try doing a system restore from before it started happening if you haven't already.

Step 1:
Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1481
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.

Re: Mal Ware problems from frostwire

Unread postby Stb » December 6th, 2009, 7:59 pm

Yes I am still having problems with control panel, but I think it might actually be pre-existing and not related to any malware. My computer is also running faster now, but just today when I was browsing a web page I got redirected to an obviously fake antivirus downloader, the web page it redirected me to mimicked a my computer folder. I immediately exited out of firefox. The webpage I was browsing was safe too, so I don't think it was the site.

Here is the log


ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=14e85bc598155c40b525d2c609cdad75
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2009-12-06 11:53:21
# local_time=2009-12-06 05:53:21 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 779470 779470 0 0
# compatibility_mode=5891 16776869 100 100 0 13846860 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=54746
# found=0
# cleaned=0
# scan_time=2661
Stb
Active Member
 
Posts: 4
Joined: November 26th, 2009, 7:46 pm

Re: Mal Ware problems from frostwire

Unread postby Rodav » December 7th, 2009, 2:13 pm

If you are getting redirects, then it's probable malware is on board.

Step 1:
Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.


Step 2:
We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix


* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1481
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.

Re: Mal Ware problems from frostwire

Unread postby NonSuch » December 10th, 2009, 5:55 pm

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 486 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware