System infected

AJ1874 · Jan 3, 2013

Hi Majorgeeks

Used your site plenty of times for good advice, but after 7 years, I have finally succumb to problems I need help with.

First I noticed CPU was not behaving as usual and my system just felt notright. I then began having an issue updating through Windows Update, especially .NET Framework 4 update with update just hanging and not completing. Also, boot time is little longer and Windows Explorer seems to be unresponsive at times.

I have follwed all instructions and attach my logs. MGtools will not run and I get the following message:-

16 bit MS-DOS subsystem

C:\Windows\system32\cmd.exe
SYSTEM\CurrentControlSet\Control\VirtualDeviceDrivers. Virtual Device Driver format in the registry is invalid.

Look forward to receiving your help and in advance wish to thankyou.

Just running Malwarebytes now and will post as soon as it is finished.

From what I have already seen, I'm infected. lol

chaslang · Jan 3, 2013

Welcome to Major Geeks!

AJ1874 said: ↑

I have follwed all instructions and attach my logs. MGtools will not run and I get the following message:-

16 bit MS-DOS subsystem

C:\Windows\system32\cmd.exe
SYSTEM\CurrentControlSet\Control\VirtualDeviceDrivers. Virtual Device Driver format in the registry is invalid.
Click to expand...

It is running. At least some pieces are. Also this message was explained in the Using MGtools link that you were given in the READ & RUN ME FIRST instructions. Please see this and the fix.

Also make sure that you attach the log from Malwarebytes.

Thus far only minor junk from Babylon and Wajam was seen in your Hitman Pro log. So you may not be having malware problems. Still need to see the other logs to be sure.

AJ1874 · Jan 4, 2013

Hi Chasland and thanks for help.

Here is the MBAM scan log.

Looks pretty clear

AJ1874 · Jan 4, 2013

chaslang said: ↑

Welcome to Major Geeks!
It is running. At least some pieces are. Also this message was explained in the Using MGtools link that you were given in the READ & RUN ME FIRST instructions. Please see this and the fix.

Also make sure that you attach the log from Malwarebytes.

Thus far only minor junk from Babylon and Wajam was seen in your Hitman Pro log. So you may not be having malware problems. Still need to see the other logs to be sure.
Click to expand...

I have tried the fix for MGtools but I do not have the registry key which it quotes in order to make the fix. It states XP, but if you look for the fix for Vista, it directs you to the same fix as also applicable for Vista:-

"Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756 How to back up and restore the registry in Windows
To resolve this issue:

Start Registry Editor (Regedt32.exe or Regedit.exe).

NOTE: In Windows XP, Regedit.exe and Regedt32.exe have been integrated into a single program that combines the features of the two registry editors in Windows 2000.
Locate and select the following value:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\VirtualDeviceDrivers\VDD
On the Edit menu, click Delete.
On the Edit menu, point to New, and then click Multi-string Value.
Type VDD in the Value Name box, and then press ENTER.
Quit Registry Editor.

If the issue continues to occur, verify that the proper version of the Command.com file is installed in the systemroot/System32 folder on your computer."

chaslang · Jan 5, 2013

Try the below and let's see if it actually fixes the problem. There may be other Windows problems.

Download and save the below to your Desktop

VDDFix

Use Right-click and Save as ( or Save Target As ) option in your browser to download the patch.

Save the patch file directly to your Desktop folder.

Right-click the REG file and choose Merge. Alternately, you can open the Registry Editor and then using the Import option from the File menu, to merge the REG file contents.

Approve any requests or warnings about modifying the registry.

Note that you need to be an administrator to apply these fixes.

After this is successfully added to the registry, reboot and retry MGtools.
The only issues observed thus far is the below junk noted in your Hitman Pro log. And these are not major problems.

Potential Unwanted Programs _________________________________________________
C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml (Babylon)
C:\Users\Asa\AppData\Local\Wajam\ (Claro)
C:\Users\Asa\AppData\Local\Wajam\Chrome\ (Claro)
C:\Users\Asa\AppData\Local\Wajam\Chrome\wajam.crx (Claro)
HKLM\SOFTWARE\Babylon\ (Babylon)
HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}\ (Babylon)
HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}\ (Claro)
HKLM\SOFTWARE\Classes\CLSID\{80922ee0-8a76-46ae-95d5-bd3c3fe0708d}\ (Yontoo)
HKLM\SOFTWARE\Classes\Prod.cap\ (Claro)
HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\ (Claro)
HKU\S-1-5-21-1229182414-3585863512-3144731536-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ (Babylon)
HKU\S-1-5-21-1229182414-3585863512-3144731536-1000\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ (Blekko)
Click to expand...

Log in or Sign up

System infected

AJ1874 Private E-2

Attached Files:

RKreport[1]_S_01032013_02d2348.txt

HitmanPro_20130104_0009.log

TDSSKiller.2.8.15.0_03.01.2013_23.53.38_log.txt

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

AJ1874 Private E-2

Attached Files:

mbam-log-2013-01-04 (00-43-30).txt

AJ1874 Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member