Followed Guidelines, still infected :(

berain666 · Oct 23, 2010

Hello and thanks for your time!

Just to give you a little background info that might help explain my problem:
A few days ago, a friend of mine turned me on to some tools that might help me to prevent hackers from getting my info, or otherwise damaging my computer. These programs were Privoxy and Peerblock. I tried them out for a day or two BEFORE getting info on them, then decided they were worthless to me(especially
Peerblock). I uninstalled them and continued normal computer use. While
browsing for some internet security tools, I think I picked up some malware that kept trying to redirect me to someones Utube video. I am running Avast!, and it gave me a warning message telling me the site was blocked, but I was still unable to leave the site. Not knowing what to do, and not wanting to click yes or no in the "are you sure you want to close this?" box, I rebooted my CPU.
Everything seemed fine for awhile, then I started to notice oddities, like Avast not being able to auto update itself, and the currency exchange rate on my
sidebar telling me it is 'unavailable'. I then tried to log on to Steam for some
gaming. The steam update bar comes up like always, but then it tells me It can't update. I figured maybe I was still connected to a proxy and it was giving me problems, but disabling proxy in my browser didn't help. I then ran windows network diagnostics, and it tells me that it cannot communicate with microsoft.com.

At this point, I am unable to auto update ANY apps on my PC. I have followed all the guidelines, and I am having the same problems. I was unable to run ComboFix, it gives me the same message I had when i previously posted several months ago, trying to backup the registry and then hanging indefinitely(I left it on overnight to see if it was just REALLY slow, but that didn't help). I was also
unable to get the logs or even finish running RootRepeal. It stops while scanning for hidden/locked on the directory:

c:\windows\winsxs\manifests

The last file it was able to scan was

C:\windows\winsxs\catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e8e3b(appended, as

it only shows part of the filename)It then times out, and gives me the (not responding) message on the top of the bar.

I am sorry for the length of this post, I just wanted to be as descriptive and
give as much background info as possible. I will attach the logs I was able
to get, and thanks again for your help!!!!

berain666 · Oct 23, 2010

OOPS I did find the root repeal error log, so I will include that as well.
hopefully this helps and thanks again for taking the time to read this!

chaslang · Oct 23, 2010

I'm not seeing any malware in your logs. Try the below.

Please also download MBRCheck to your desktop

Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)

It will show a Black screen with some information that will contain either the below line if no problem is found:

Done! Press ENTER to exit...

Or you will see more information like below if a problem is found:

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Either way, just choose to exit the program at this point since we want to see only the scan results to begin with.

MBRCheck will create a log named similar to MBRCheck_07.16.10_00.32.33.txt which is random based on date and time.

Attach this log to your next message. (See: HOW TO: Attach Items To Your Post )

Now please save Win32kDiag file to your desktop.

Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please attach this log

"%userprofile%\desktop\win32kdiag.exe" -f -r

berain666 · Oct 23, 2010

Here are the requested logs:

chaslang · Oct 24, 2010

I'm still not seeing any malware in your logs. Let's try a few other tools especially since you could not run ComboFix and RootRepeal, but there may not be any malware at play here. Powering down your PC may have caused some corruption to the registry or some programs. A System Restore may possibly help if we do not find any problems within the below scans.

Please try running GMER per the below and attach the log:

Example using GMER to fix things - Informational Only

Download OTL ny OldTimer from one of the below links and save it to your Desktop.

OTL_Link1

OTL-Link2

OTL-Link3

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Under the Custom Scan box paste this in the below

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Please attach both of these logs to your next message.

berain666 · Oct 24, 2010

Hi Chaslang,

Attached are the logs you requested. I am also starting to think this isn't malware, but something very strange is definitely happening.. I'm not sure, but I don't believe I have any restore points that I am aware of that don't have this problem, so if I can't figure this out, I may have to find a way to reinstall windows.

I also wanted to let you know that when I ran gmer it instantly gave me the blue screen of death and rebooted my PC. The second time around it was able to run the initial scan, then gave me the blue screen of death for the second scan. I'm not certain if that is what is meant by rebooting, but I hope it helps!

Thanks again,

Berain666

chaslang · Oct 26, 2010

Still not looking like malware, but let's take a couple more steps.

Click Start, Run, and enter sfc /scannow and click OK. There is a space after the sfc. This runs System File Checker which looks for missing or corrupted system files and attempts to replace/repair them from files on your hard disk or from the CD if necessary. So it will ask for the Windows CD if it needs it.

Now run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following
Code:
:OTL
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:364682BC
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:4D066AD2
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:ADF211B1
:Commands
[emptytemp]

[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

Open OTL again and click the Quick Scan button. Attach the new log it produces in your next reply.

Any improvement? If not, it is time for you to post in the Software Forum.

berain666 · Oct 26, 2010

Ok, I went ahead and did those two things, and they seem to have worked successfully. The Windows disk was never required, and after the reboot there was some sort of log file, but I closed it, thinking it was saved to my desktop. I did a search for all txt files but was unable to find it anywhere on my pc. At any rate, the problem persists. I thank you for all of your time, and I will continue as you suggested by posting in the software forums. I am still considering just doing a clean wipe of windows, do you think that might be a good idea?

Thanks again,

Berain666

chaslang · Oct 29, 2010

You're welcome

berain666 said: ↑

Iam still considering just doing a clean wipe of windows, do you think that might be a good idea?
Click to expand...

Could be a good idea. I quick test for ideas in the Software Forum wouldn't hurt though. Performing a System Restore or possibly a repair may or may not help but could be tried before opting for a reinstall. You should however get all things you need backed up either way before continuing.

berain666 · Oct 29, 2010

Done and Done.

Thanks again for all your help, a clean reinstall of Windows did the trick when nothing else worked.

chaslang · Oct 29, 2010

You're welcome. Be sure to work thru the below now:

How to Protect yourself from malware!

Log in or Sign up

Followed Guidelines, still infected :(

berain666 Private E-2

Attached Files:

mbam-log-2010-10-22 (21-25-34).txt

MGlogs.zip

SUPERAntiSpyware Scan Log - 10-22-2010 - 19-22-00.log

berain666 Private E-2

Attached Files:

log.txt

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

berain666 Private E-2

Attached Files:

Win32kDiag.txt

MBRCheck_10.23.10_19.28.17.txt

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

berain666 Private E-2

Attached Files:

gmerlog.log

OTL.Txt

Extras.Txt

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

berain666 Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

berain666 Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member