Infected with something, I believe

[Assassin7772]

--Contents deleted for privacy and personal info. No issue was found in logs. Thanks again Maurice!--

[Maurice Naggar]

Hello,

I've read some of your other posts. A few perliminaries.

a) Please do not post any other topics for this system ! Stick with this topic for this Windows 7 system.

b) Confirm that this is your system and that you have physical possession (ie, that it is not the system of a friend, relative, co-worker)

c) It is not owned by a company or organization.

When you need to start replies, press the More Reply options button {at bottom right},

do not put logs in Quote or Code boxes,

do not use any special formatting in your replies

as Ron mentioned, Click on the little gray button that looks like a small light switch and it will disable the rich text formatting.

Since this is a Windows 7 system, on most all tools we may use, you will need to Right-Click the tool and select Run as Administrator and

allow to Run.

Kindly reply to my questions above, before we get started.

[Assassin7772]

Sorry, was on vacation.

a) I will not post any other topics for this system.

b) This is my computer/system. I have physical ownership of it.

c) No, I bought this computer and it does NOT belong to a company/organization.

Oh and just as a side note, I did right-click the DDS thing and it doesn't have any "Run as admin". The only options I see are:

Test

Configure

Install

and then the usual "Scan with MBAM, Hitman Pro, and Avira".

Also, I can't find the light-switch button, could you tell me where it is.

[Maurice Naggar]

Please use the "Reply to this Topic" button {at top of forum windows} or "More Reply Options" {at bottom-right of forum window} button (instead of the “Quote” and “MultiQuote” buttons) when replying here & at the other forums.

Please do NOT use the Quote button when starting a reply.

Put into words what it is that makes you think this system has an "infection".

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

To show all files:

• Go to your Desktop
  
• Double-Click the Computer icon.
  
• From the menu options, Select Tools, then Folder Options.
  
• Next click the View tab.
  
• Locate and uncheck Hide file extensions for known file types.
  
• Locate and uncheck Hide protected operating system files (Recommended).
  
• Locate and click Show hidden files and folders and drives.
  
• Click Apply > OK.
  

Step 3

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Download aswMBR.exe ( 511KB ) to your desktop.

On Windows 7 or Vista, RIGHT click on aswMBR.exe and select Run As Administrator to start.

On Windows XP, double click the exe to start.

change the a-v scan to None.

uncheck trace disk IO calls

Click the "Scan" button to start scan

On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

Step 4

Please read carefully and follow these steps.

• Delete the prior copies of TDSSKILLER.zip & TDSSKILLER.exe that you may have.
  
• Download TDSSKiller and save it to your Desktop.
  
• If on Windows 7 or Vista, RIGHT-Click on TDSSKiller.exe and select Run As Administrator to run the application.
  If on Windows XP, double-click to start.
  
• Click on "Change parameters" and place a checkmark next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
  
• Then press Start Scan
  

When the scan is done, it will display a summary screen.

• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  

Step 5

RE-Enable your antivirus program.

Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe

• Close all open windows on the Task Bar. Click the icon (for Vista, or Windows 7 Right click the icon and Run as Administrator) to start the program.
  
• In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
  
• Now click Run Scan at Top left and let the program run uninterrupted. It will take about 4 minutes.
  
• It will produce two logs for you, one will pop up called OTL.txt, the other will be saved on your desktop and called Extras.txt.
  
• Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly!
  
• Exit OTL by clicking the X at top right.
  

Download Security Check by screen317 and save it to your Desktop: here or here

• Run Security Check
  
• Follow the onscreen instructions inside of the command window.
  
• A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!
  

If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.

Then copy/paste the following into your post (in order):

• the contents of aswMBR report;
  
• the contents of TDSSKILLER log;
  
• the contents of OTL.txt;
  
• the contents of Extras.txt ; and
  
• the contents of checkup.txt
  

Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

[Assassin7772]

Hi. I just wanted to know if you saw anything suspicious in my DDS and Attach logs. I just wanted to know if I'm infected or not. Also, the reason that I suspected infection was that when I went to imgur.com, both MBAM and Hitman Pro icons were replaced by the generic windows icon. The paper with blue dots. I've found out that it is normal for MBAM and Hitman Pro to sometimes revert to the generic icon and that to just run the Microsoft Fix-it, which solved the problem (both icons are back now). The reason I posted here was to see if there were any suspicious activity at all, including weird connections to and fro from my computer. Seems to me that you didn't find anything wrong because you asked me why I thought I was infected, instead of saying "You are infected with "blah blah blah". So, unless I'm missing something here, my system is fine. Scans from Avira, MBAM, and Hitman Pro come out clean. Thanks alot for your time!

If there is something that I need to be alerted about that you saw in the logs, please let me know ASAP here. Thanks again!

[Maurice Naggar]

No, I've noticed any infection. But if you'd run the tools I outlined, they'd provide a more useful look-see.

But if you'd rather close this, just let me know.

imho, if you have MBAM you do not need Hitman Pro.

As to icons on Desktop, you'd be better off moving your files and documents elsewhere, in regular folders, so that you have a clean desktop.

Don't know imgu dot com from Adam. I'd suggest you get and add W O T Web of trust onto your browsers for better sense of what sites are "safe". Consider using Web of Trust WOT add-on for your browser(s)

http://www.mywot.com/en/download

http://www.mywot.com/en/faq/add-on

They use a 3-color scheme for summary status on reputation of website. Green is ok. Orange is caution. Red is risky.

And needless to mention, real-time protection of MBAM should be on; also, Website blocking on.

[Assassin7772]

Thanks alot Maurice. Yes, MBAM is really good at what it does, but tests show that Hitman Pro is also needed as a second opinion scanner. They freely admit it on their website. I go to MBAM first but if I suspect any infection, I scan with Hitman Pro as well. Yes, I think I'm fine, if I notice any strange behavior, I'll let you know. Since you didn't notice anything suspicious, I think it's alright. Imgur.com is a website that lets you upload pictures and then gives you the codes so that you can use it in posts (link to picture, BB Code, etc.). When I was browsing through the forums before I joined up, I saw a staff member named Strenalis recommend imgur to another user. It also has a good web rep in WOT. It's kinda like Photobucket. I use Firefox and I do use an array of addons:

NoScript

Adblock Plus

Adblock Plus Pop-up addon

WOT

BetterPrivacy

I don't know what I'd do without these addons!! Also, imgur.com comes up with green on WOT, I always read the comments associated with a website before I even go to it. I do plan to purchase MBAM in the future. Thanks for your time. If there is anything else that you think I need to know , please PM me. Thanks again!!

[Maurice Naggar]

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.