Help I'm Infected (attach.txt) (dds.txt)

[Mike071]

Hey I've followed these steps:

https://forums.malwarebytes.org/index.php?showtopic=9573

 

So I had to upload them here so here they are: 

 

 

 

 

 

 

 

 

 

 

 

Thanks

attach.txt

dds.txt

[Psychotic]

P2P software installed

Going over your logs I noticed that you have uTorrent and Tunnelbear installed.

• Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
• They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
• Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
• The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
  

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall uTorrent and Tunnelbear, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.
If you wish to keep it, please do not use it until your computer is cleaned.

[Mike071]

Ok I have unistalled those 2 programs.

[Psychotic]

Scan with aswMBR

Please download aswMBR ( 4.5MB ) to your desktop.

• Double click the aswMBR.exe icon, and click Run.
• There will be a short delay before the next dialog box comes up. Please just wait a minute or two.
• When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
• Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.
• Click the Scan button to start the scan once the update has finished downloading
• On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.
  

Note: There will also be a file on your desktop named MBR.dat do not delete this for now. It is an actual backup of the MBR (master boot record).

 

 

In addition, please post up C:\combofix.txt

[Mike071]

When it asks for the download the latest verion of Avast! I click yes

But nothing happends?

[Mike071]

oh nevermind now hes downloading avast

And scanning now

[Mike071]

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software

Run date: 2014-01-13 12:05:36

-----------------------------

12:05:36.429    OS Version: Windows 6.1.7601 Service Pack 1

12:05:36.429    Number of processors: 2 586 0xF0D

12:05:36.429    ComputerName: GBB-PC  UserName: GBB

12:05:37.006    Initialize success

12:08:11.462    AVAST engine defs: 14011300

12:08:31.867    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2

12:08:31.867    Disk 0 Vendor: Hitachi_HTS542516K9SA00 BBCOC32P Size: 152627MB BusType: 11

12:08:31.976    Disk 0 MBR read successfully

12:08:31.976    Disk 0 MBR scan

12:08:32.038    Disk 0 Windows 7 default MBR code

12:08:32.038    Disk 0 Partition - 00     0F Extended LBA            151025 MB offset 16065

12:08:32.069    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS         1592 MB offset 309315510

12:08:32.147    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        99998 MB offset 16128

12:08:32.147    Disk 0 Partition - 00     05     Extended             51026 MB offset 204812685

12:08:32.179    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        51026 MB offset 204812748

12:08:32.210    Disk 0 scanning sectors +312576705

12:08:32.303    Disk 0 scanning C:\Windows\system32\drivers

12:08:48.808    Service scanning

12:09:06.545    Service MpKslaf622776 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{96735A88-7122-4EA4-9967-A7DF9046FB7A}\MpKslaf622776.sys **LOCKED** 32

12:09:29.914    Modules scanning

12:09:42.582    Disk 0 trace - called modules:

12:09:42.597    ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys 

12:09:42.613    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8568b030]

12:09:42.613    3 CLASSPNP.SYS[8904059e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0x851d3908]

12:09:43.081    AVAST engine scan C:\Windows

12:09:47.199    AVAST engine scan C:\Windows\system32

12:13:46.192    AVAST engine scan C:\Windows\system32\drivers

12:14:07.470    AVAST engine scan C:\Users\GBB

12:17:41.050    File: C:\Users\GBB\Desktop\rsbot\wBot.exe  **INFECTED** Win32:Malware-gen

12:26:30.125    AVAST engine scan C:\ProgramData

12:26:48.424    Scan finished successfully

12:28:53.130    Disk 0 MBR has been saved successfully to "C:\Users\GBB\Desktop\MBR.dat"

12:28:53.193    The log file has been saved successfully to "C:\Users\GBB\Desktop\aswMBR.txt"

 

 

 

 

 

[Mike071]

bump

[Psychotic]

In addition, please post up C:\combofix.txt

[Mike071]

Hey sorry but ive choosed to reinstall my computer,

I got no problems now and feel alot safer.

But thank you very much that you tried to help me !

[gringo_pr]

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.