pc problems

[Filip.dahlberg]

Hello everyone at Computer Hope.

I have been having some computer problems of late, i do believe it started a month ago or so with some thing called: packed.generic.200 or something like that and also some other smaller problems that i dont quite remember one might have been vundo at some point and other trojans i thought my antivirus at the time(fsecure) had taken care of it, however my license ended the other day and now ive got all kinds of problems, ive attempted to remove fsecure and have installed one of the free antiviruses which are recommended on this site (clamwin i believe its called)

ive been using Super anti spyware, malwarebytes and hijackthis previously and have had them installed on the computer along with spybot search and destroy, ccleaner also uniblues `speed up my pc` and `registry booster` all to try and keep my pc running well. However now its not going so well anymore.

Im not sure what the exact problem is i have followed the instructions provided on the post:
http://www.computerhope.com/forum/index.php/topic,46313.0.html

The only found `threat`from the scans is:Rootkit.Mailer/Gen which i have no clue what it is but its currently quarantined by super antispyware

Problems im currently experiencing: Websites not loading/no response at all(using firefox), system reboots for no apparent reason, program crashes also for no reason at unpredictable times, programs not starting...

and i have attached the three logs from: super antispyware, malwarebytes and hijackthis.

Ive also done a `dxdiag-log` if you require information about my system and can post this later if need be.

Thanks in advance for the work you do.

/Filip



[attachment deleted by admin]

[Mulreay]

I'm no expert mate but have you tried using a pay for system protect like Norton? The ones you pay for tend to sort out a few problems that others wont. Some viruses can be nearly impossible to remove but it just sounds like you need to pull the wallet out and get a proper anti-virus etc software. Someone will come back with a free programme but I find Norton top dollar. Like I say no expert but put a price on your system.

[evilfantasy]

it just sounds like you need to pull the wallet out and get a proper anti-virus etc software.

No offense but that is just not true. I use only free antivirus, firewall and other security software. User error is what gets you infected.

Download the Norton Removal Tool (SymNRT) to your Desktop.

Once downloaded please close ALL open browsers, also save any work because this may require a restart.

• Go to your desktop and double click on the removal tool and then click Setup.
  
• Once open Click Next
  
• Accept the license agreement and click Next
  
• Type in the letters/numbers that you see into the text box then click Next.
  
• Then click Next and the tool will start running.
  
• Once finished restart the PC.
• Delete Nortonremoval tool from your Desktop.

.
----------

There is still some F-Secure antivirus to remove.

To remove the rest of F-Secure go here http://support.f-secure.com/enu/corporate/downloads/removeav.shtml

----------

I suggest uninstalling ClamWin and using another free antivirus. ClamWin does not offer real-time blocking so you are open to a malware attack.

Personally I use and recommend Avast. It's free and very good.

Remember to only install one antivirus!
 
1) Avast! Home Free Edition
2) AVG Free Edition
3) Avira AntiVir Personal

----------

After all of that please post the two logs from DDS.

Download from DDS by sUBs and save it to your Desktop. Alternate DDS download link

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or forewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs:

1) DDS.txt
2) Attach.txt

* Save both logs to your desktop.
* Please include the entire contents of both logs in your next reply.

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copy and pasting it into the reply.

[Mulreay]

I stand corrected but I find Norton really good. You know more than me hence me telling him I'm no expert.

[Filip.dahlberg]

okey i have followed your advice and gotten `avast Antivirus` have not yet run a complete scan will do so while at work today.

i have followed the instructions for removing fsecure and norton, tho i have performed those steps previously...so dont know why it wont remove it completely..anyway hope it is now removed.

Here is the dds log for the time being.


Thanks

/Filip

[attachment deleted by admin]

[evilfantasy]

Go to Add or Remove Programs and uninstall:

• Java(TM) 6 Update 2
• MyIdentityDefender Toolbar (CyberDefender Corporation) <- This is a rouge product
  
• Spybot - Search & Destroy 1.5.2.20
• Uniblue RegistryBooster 2009 <- Unless paid for
  
• Uniblue SpeedUpMyPC 2009 <- Unless paid for

.
----------

Delete your copy of ComboFix and download the new version.

Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note:  It is important that it is saved directly to your Desktop

DO NOT run it yet!

Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]

Driver::
.norton2009Reset
BackWeb Plug-in - 7681197
EraserSvc10824
5218c864
eqe700b
fskc481
hai6df3
mfra96c
gdtbadb

Folder::
c:\documents and settings\all users\application data\norton
c:\program\f-secure
c:\program\norton antivirus
c:\program\CyberDefender
c:\program\EMCO Malware Destroyer

File::
c:\windows\system32\drivers\knmc401.sys
c:\windows\system32\drivers\ggg621f.sys
c:\windows\system32\drivers\dgk7b04.sys
c:\windows\system32\drivers\gbb9fe8.sys
c:\windows\system32\drivers\bfma825.sys
c:\windows\system32\drivers\eeef475.sys
c:\windows\system32\drivers\ggg84b1.sys

DDS::
uSearch Bar = hxxp://safesearch.cyberdefender.com/smallsearch.html
uURLSearchHooks: H - No File
uURLSearchHooks: MyIdentityDefender: {a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} - c:\documents and settings\filip\lokala inställningar\application data\cyberdefender\cdmyidd.dll
BHO: MyIdentityDefender: {a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} - c:\documents and settings\filip\lokala inställningar\application data\cyberdefender\cdmyidd.dll
TB: MyIdentityDefender: {a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} - c:\documents and settings\filip\lokala inställningar\application data\cyberdefender\cdmyidd.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [HijackThis startup scan] c:\program\trend micro\hijackthis\HijackThis.exe /startupscan
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program\messenger\msmsgs.exe

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

[Filip.dahlberg]

just a note while im following the instructions:
i got that when i was getting avast from the link provided by u previously by clicking the download button on that page it linked on to that: which i removed, but not all it seems
MyIdentityDefender Toolbar (CyberDefender Corporation) <- This is a rouge product

oh well on with the work will get back to u asap

[evilfantasy]

The malware probably redirected you to the bad web site.

[Filip.dahlberg]

ye thats probably it, its been doing that some lately :/

uniblue softwares are payed for

okay the instructions have been followed and i have attached the log,

btw one small problem im also having is that i get a `logitech error message x2 everytime i restart the computer, does that have to do with the problems that seem to be effecting my computer?

thanks

[attachment deleted by admin]

[evilfantasy]

You may have to reinstall your Logitec software after we are finished.

Suspicious files to scan

Please go to VirSCAN.org FREE on-line scan service
(If more than one file needs scanned they must be done separately and logs posted for each one)

1. Copy and paste the following file path into the Suspicious files to scan box on the top of the page.

Code: [Select]

c:\windows\system32\drivers\5218c864.sys2. At the upload site, click once inside the window next to Browse.
3. Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
4. Click on the Upload button.
This will perform a scan across multiple different virus scanning engines.
Your file will possibly be entered into a queue which normally takes less than a minute to clear.
[color="Red"]Important:[/color] Wait for all of the scanning engines to complete.
5. Once the Scan is completed scroll down and click on the Copy to Clipboard button. This will copy the link of the report into the Clipboard.
6. Paste the contents of the Clipboard in your next reply.

[Filip.dahlberg]

i get: ERROR: Can't find upload file!

when i go to the site, click in the window, paste c:\windows\system32\drivers\5218c864.sys `open it` and then click uppload.

am i doing something wrong?

[evilfantasy]

Try this.

Go to My Computer->Tools->Folder Options->View tab:

• Under the Hidden files and folders heading:
• Select Show hidden files and folders.
  
• Uncheck Hide protected operating system files (recommended) option.
  
• Also, make sure there is no checkmark beside Hide file extensions for known file types.
  
• Click OK

.
Now try uploading it again.

[Filip.dahlberg]

didnt work says the same thing.

[evilfantasy]

Download the OTMoveIt3 by OldTimer

Note: If you are running on Vista, right-click on OTMoveIt3.exe and choose Run As Administrator.

* Save it to your Desktop.
* Double-click OTMoveIt3.exe to run it.
* Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy)

Code: [Select]

:Processes
explorer.exe

:services
jim2235

:files
c:\windows\system32\drivers\5218c864.sys

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

* Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
* Click the red Moveit! button.
* Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose Yes.

[Filip.dahlberg]

*censored*!! it made a log, i closed it by mistake and now i cant find it any ideas where its saved?