Jump to content

"Confirm Your Identity" eBay pop-up


Recommended Posts

Hi!

I'm having the same problem as a few previous posters - every time I try to search on eBay, a pop-up appears asking for credit card info. As far as I know, it started yesterday. I've attached the requested scan logs, thanks for any help :)

Link to post
Share on other sites

The installed version of Adobe Reader on this computer is out-dated. Install the latest version of Adobe Reader available from Adobe.

The installed version of Adobe Shockwave Player on this computer is out-dated. Install the latest version of Adobe Shockwave Player available from Adobe.

Run OTL.exe

  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
    :OTL
    DRV - (zumbus) -- system32\DRIVERS\zumbus.sys File not found
    DRV - (xpsec) -- C:\WINDOWS\system32\drivers\xpsec.sys File not found
    DRV - (xcpip) -- C:\WINDOWS\system32\drivers\xcpip.sys File not found
    DRV - (WDICA) --  File not found
    DRV - (UIUSys) -- system32\DRIVERS\UIUSYS.SYS File not found
    DRV - (PDRFRAME) --  File not found
    DRV - (PDRELI) --  File not found
    DRV - (PDFRAME) --  File not found
    DRV - (PDCOMP) --  File not found
    DRV - (PCIDump) --  File not found
    DRV - (MpKslff05689f) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{04442758-5FB7-4EB6-8513-ED2C48C0C0F7}\MpKslff05689f.sys File not found
    DRV - (MpKslfeb4d9ea) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{335EC394-8593-447E-BAD4-7480C05D815F}\MpKslfeb4d9ea.sys File not found
    DRV - (MpKslf87c6a15) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B0D5B97B-B1AE-49FE-857D-102AD47C764D}\MpKslf87c6a15.sys File not found
    DRV - (MpKslf62ff771) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FA87D638-8EA3-4AC7-9BA5-F5336BA7D1C2}\MpKslf62ff771.sys File not found
    DRV - (MpKslf4738580) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0E1FC8C9-BCD8-43AD-B371-8D95BE9E4EA3}\MpKslf4738580.sys File not found
    DRV - (MpKsleed41432) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C6FBAE59-9ED6-4390-82D5-6B84963C528E}\MpKsleed41432.sys File not found
    DRV - (MpKsleb33da4a) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{04442758-5FB7-4EB6-8513-ED2C48C0C0F7}\MpKsleb33da4a.sys File not found
    DRV - (MpKslea1feaba) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D3200C87-92ED-48C7-B813-B6580A1E1DD1}\MpKslea1feaba.sys File not found
    DRV - (MpKsle0f6744a) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{407C4400-16AB-43CD-BA02-2C2872247701}\MpKsle0f6744a.sys File not found
    DRV - (MpKsle0b79eea) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6DEE38E0-AF5C-4589-8E86-8C5664043EDF}\MpKsle0b79eea.sys File not found
    DRV - (MpKsldc56e6a5) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{56DAC770-DF9F-4FEA-B229-40AD34075080}\MpKsldc56e6a5.sys File not found
    DRV - (MpKsldbd07984) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{66FF4F84-D1EA-4920-AAEC-2161C24F532B}\MpKsldbd07984.sys File not found
    DRV - (MpKslda88ed3c) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DF6BA535-D955-4863-8987-E98A5BF0DEF6}\MpKslda88ed3c.sys File not found
    DRV - (MpKsld6ba20c2) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B06FED06-89E4-4A82-AA2C-F9924B0925CF}\MpKsld6ba20c2.sys File not found
    DRV - (MpKsld35a81ba) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FF13D50E-448B-40BD-9E73-9B0263FFF30F}\MpKsld35a81ba.sys File not found
    DRV - (MpKsld180b078) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{43EDCF75-B80C-44D6-B86A-DC55AB5CF49A}\MpKsld180b078.sys File not found
    DRV - (MpKslcc4f7e4d) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{305669F6-C306-4A05-92D0-1B3D623A5540}\MpKslcc4f7e4d.sys File not found
    DRV - (MpKslc9ed75da) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6692C902-9BF2-4F86-9C4C-91DF74FCCD95}\MpKslc9ed75da.sys File not found
    DRV - (MpKslc838e143) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1E2145D3-2E3A-4C39-9F2C-62CDC085304D}\MpKslc838e143.sys File not found
    DRV - (MpKslc706ca0b) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EA002E3B-17F2-46AC-832A-B2226C35B3EA}\MpKslc706ca0b.sys File not found
    DRV - (MpKslc6256c7c) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F568FF24-5E1B-4696-9F3A-762747B05243}\MpKslc6256c7c.sys File not found
    DRV - (MpKslc059c944) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{027F1B67-19EF-4D37-BD0A-B136FC7831E3}\MpKslc059c944.sys File not found
    DRV - (MpKslba0aea00) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2DF238C3-BE30-4EB5-B7AB-5CCB53EAC599}\MpKslba0aea00.sys File not found
    DRV - (MpKslb52592bd) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CEB74AA2-D911-44C3-9A20-A27737A3237A}\MpKslb52592bd.sys File not found
    DRV - (MpKslb4bdd7f3) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B49782B0-CC9F-4779-AD1C-EA7000E1A5C7}\MpKslb4bdd7f3.sys File not found
    DRV - (MpKslacdc997c) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6945AAE4-ECA4-447C-A232-39F7BE85617F}\MpKslacdc997c.sys File not found
    DRV - (MpKsla353a317) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{917E53C0-9507-4646-A516-38BB039D4961}\MpKsla353a317.sys File not found
    DRV - (MpKsla183ca0e) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8BE76901-D49C-4585-85FD-9023ECAE6864}\MpKsla183ca0e.sys File not found
    DRV - (MpKsla0953c84) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A167A412-1CB4-40ED-AF63-C31DC506DFA0}\MpKsla0953c84.sys File not found
    DRV - (MpKsl9f066e11) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A383D315-D36C-4B75-A4B6-78A9EA1FB426}\MpKsl9f066e11.sys File not found
    DRV - (MpKsl9df0a9f4) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9E1FB779-6308-42D3-ACA3-A91D4961A687}\MpKsl9df0a9f4.sys File not found
    DRV - (MpKsl9c6e9d9a) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8D6EB2F1-DAC4-4559-B1E7-012AC9072135}\MpKsl9c6e9d9a.sys File not found
    DRV - (MpKsl9c1d27ae) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6A2C8F67-7517-48AD-B503-4F190C1B33A5}\MpKsl9c1d27ae.sys File not found
    DRV - (MpKsl965c6803) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0DA9AB10-170D-4B4E-AAA6-C89A82FECAA8}\MpKsl965c6803.sys File not found
    DRV - (MpKsl9571b26b) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A2E1B0CE-ADD2-482B-AA74-2150F9DF05B2}\MpKsl9571b26b.sys File not found
    DRV - (MpKsl951bc617) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{537E7A07-B8DB-4D2F-B5E9-A600C3CD807A}\MpKsl951bc617.sys File not found
    DRV - (MpKsl8f4611f7) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B06FED06-89E4-4A82-AA2C-F9924B0925CF}\MpKsl8f4611f7.sys File not found
    DRV - (MpKsl8e4b6f0d) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{917E53C0-9507-4646-A516-38BB039D4961}\MpKsl8e4b6f0d.sys File not found
    DRV - (MpKsl8d21b091) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3BD846EC-154C-4774-971F-82E5723B7C82}\MpKsl8d21b091.sys File not found
    DRV - (MpKsl86c8ed96) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9E1FB779-6308-42D3-ACA3-A91D4961A687}\MpKsl86c8ed96.sys File not found
    DRV - (MpKsl854cadc8) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7E76A682-D25A-45C4-B93A-1CABEF3E4437}\MpKsl854cadc8.sys File not found
    DRV - (MpKsl85352746) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{407C4400-16AB-43CD-BA02-2C2872247701}\MpKsl85352746.sys File not found
    DRV - (MpKsl7c3ea2d4) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6A2C8F67-7517-48AD-B503-4F190C1B33A5}\MpKsl7c3ea2d4.sys File not found
    DRV - (MpKsl71eb4090) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BBA14404-D1B0-43BA-93B4-6C35F8C5A071}\MpKsl71eb4090.sys File not found
    DRV - (MpKsl6b7cde71) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{55B9F23E-0109-440F-837D-253D92832C98}\MpKsl6b7cde71.sys File not found
    DRV - (MpKsl659972b2) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6945AAE4-ECA4-447C-A232-39F7BE85617F}\MpKsl659972b2.sys File not found
    DRV - (MpKsl64c47107) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FA87D638-8EA3-4AC7-9BA5-F5336BA7D1C2}\MpKsl64c47107.sys File not found
    DRV - (MpKsl61398b61) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FBB4BABC-CE1C-43F0-AFB2-0DB717F554FE}\MpKsl61398b61.sys File not found
    DRV - (MpKsl60bcdca4) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{62772EAE-E0C1-43B8-904B-A449A98A923C}\MpKsl60bcdca4.sys File not found
    DRV - (MpKsl5c016f79) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2438E178-C5E5-4D09-90B8-365A0E5FEE90}\MpKsl5c016f79.sys File not found
    DRV - (MpKsl579e5ed7) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AD6D8C17-6194-4B29-BA17-B6AA0486C09D}\MpKsl579e5ed7.sys File not found
    DRV - (MpKsl51c61e22) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B0D5B97B-B1AE-49FE-857D-102AD47C764D}\MpKsl51c61e22.sys File not found
    DRV - (MpKsl4b630135) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{27EFCADF-4BD6-4B66-B2A8-EC7CFCA57ED1}\MpKsl4b630135.sys File not found
    DRV - (MpKsl47259511) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D5C466EB-AD5F-4A29-8FB8-E3A6FBE3BF0E}\MpKsl47259511.sys File not found
    DRV - (MpKsl40513cdc) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{ED40DFF4-4FAD-4C64-AF75-3E9E65E0FC1B}\MpKsl40513cdc.sys File not found
    DRV - (MpKsl2998f019) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C54A3E2C-8F1F-46D5-9862-E6FA176270F1}\MpKsl2998f019.sys File not found
    DRV - (MpKsl27d5938d) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1C68DBDF-E1F5-4307-B6D8-DE84E3FD1F7A}\MpKsl27d5938d.sys File not found
    DRV - (MpKsl25c45f5c) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EAF645DE-7C99-4C0E-8AB3-9A18AC0447DF}\MpKsl25c45f5c.sys File not found
    DRV - (MpKsl250a2e8a) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{345DCA11-BF34-4218-8D1B-0A62C52184B1}\MpKsl250a2e8a.sys File not found
    DRV - (MpKsl1b3b5122) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{027F1B67-19EF-4D37-BD0A-B136FC7831E3}\MpKsl1b3b5122.sys File not found
    DRV - (MpKsl17f7324a) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AD6D8C17-6194-4B29-BA17-B6AA0486C09D}\MpKsl17f7324a.sys File not found
    DRV - (MpKsl154de407) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{73BC756A-E953-43AA-BED2-CF9631F5E56C}\MpKsl154de407.sys File not found
    DRV - (MpKsl14028395) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FC1EB3E7-3371-43D6-BBDD-DCC8E5732F79}\MpKsl14028395.sys File not found
    DRV - (MpKsl129e6628) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6A92711C-94FD-4CF7-9E56-00BCFD8CA9CF}\MpKsl129e6628.sys File not found
    DRV - (MpKsl0cf1416b) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CD504E3E-EEE7-4487-81C8-A2B851D11790}\MpKsl0cf1416b.sys File not found
    DRV - (MpKsl0a0df688) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EC61370C-9D9F-49C2-804B-FA9A6A31FDD0}\MpKsl0a0df688.sys File not found
    DRV - (lbrtfdc) --  File not found
    DRV - (jqeeh.sys) -- C:\WINDOWS\system32\drivers\jqeeh.sys File not found
    DRV - (i2omgmt) --  File not found
    DRV - (Changer) --  File not found
    O4 - HKCU..\Run: []  File not found
    O33 - MountPoints2\{5047fad2-276c-11df-a277-0016415caae7}\Shell - "" = AutoRun
    O33 - MountPoints2\{5047fad2-276c-11df-a277-0016415caae7}\Shell\AutoRun\command - "" = E:\Startme.exe
    [7 C:\Documents and Settings\Mtailda\Mina dokument\*.tmp files -> C:\Documents and Settings\Mtailda\Mina dokument\*.tmp -> ]
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [14 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    
    :Commands
    [Purity]
    [EmptyTemp]
    [EmptyFlash]
    [EmptyJava]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Attach the new log produced by OTL (C:\_OTL). (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS)

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!

Link to post
Share on other sites

I'm having some trouble with OTL. At first it seemed to start running the fix, but then it stopped responding and the whole computer froze and I had to reboot. I tried a couple more times, and those times everything froze as soon as I clicked Run Fix. After the first reboot, a file called Thumb.db appeared on my desktop (but it was apparently created sometime last year so I don't really know if it's relevant, but thought it was worth mentioning). What should I do? Thanks

Link to post
Share on other sites

The same thing still happens. :/ I also tried redownloading OTL, but it still stops responding when I click Run Fix, the taskbar and desktop icons disappear, everything freezes. I don't know what I'm doing wrong. I reran the EEK and OTL scans (scanning works, just not the fixrunning) and have attached the logs, hopefully they can help.

Link to post
Share on other sites

Download ComboFix from one of these locations:

Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop

Link 1

Link 2

* IMPORTANT !!! Save Combo-Fix to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    See HERE for help
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: (This applies to Windows XP systems only) If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, ComboFix will produce a log.

Note:

1. Do not mouseclick combofix's window while it's running. That may cause it to stall!

2. Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet.

Attach logs for: (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS)

  • ComboFix (C:\combofix.txt)

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!

Link to post
Share on other sites

Now we need to use ComboFix to remove some stuff.

  • Make sure that the copy of combofix.exe that you downloaded earlier is on your Desktop but Do not run it!
  • If it is not on your Desktop, the below will not work.
  • Open Notepad and copy/paste the text in the below code box into it

(make sure you scroll all the way down in the code box to get all lines selected ):

KillAll::

Driver::
MpKsl0a0df688
MpKsl0cf1416b
MpKsl129e6628
MpKsl14028395
MpKsl154de407
MpKsl17f7324a
MpKsl1b3b5122
MpKsl250a2e8a
MpKsl25c45f5c
MpKsl27d5938d
MpKsl2998f019
MpKsl40513cdc
MpKsl47259511
MpKsl4b630135
MpKsl51c61e22
MpKsl579e5ed7
MpKsl5c016f79
MpKsl60bcdca4
MpKsl61398b61
MpKsl64c47107
MpKsl659972b2
MpKsl6b7cde71
MpKsl71eb4090
MpKsl7c3ea2d4
MpKsl85352746
MpKsl854cadc8
MpKsl86c8ed96
MpKsl8d21b091
MpKsl8e4b6f0d
MpKsl8f4611f7
MpKsl951bc617
MpKsl9571b26b
MpKsl965c6803
MpKsl9c1d27ae
MpKsl9c6e9d9a
MpKsl9df0a9f4
MpKsl9f066e11
MpKsla0953c84
MpKsla183ca0e
MpKsla353a317
MpKslacdc997c
MpKslb4bdd7f3
MpKslb52592bd
MpKslba0aea00
MpKslc059c944
MpKslc6256c7c
MpKslc706ca0b
MpKslc838e143
MpKslc9ed75da
MpKslcc4f7e4d
MpKsld180b078
MpKsld35a81ba
MpKsld6ba20c2
MpKslda88ed3c
MpKsldbd07984
MpKsldc56e6a5
MpKsle0b79eea
MpKsle0f6744a
MpKslea1feaba
MpKsleb33da4a
MpKsleed41432
MpKslf4738580
MpKslf62ff771
MpKslf87c6a15
MpKslfeb4d9ea
MpKslff05689f
jqeeh.sys

File::
c:\windows\system32\drivers\jqeeh.sys

  • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
  • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
  • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
  • Now use your mouse to drag CFScript.txt on top of ComboFix.exe
    th_CFScript.gif
  • Follow the prompts.
  • When it finishes, a log will be produced named c:\combofix.txt
  • I will ask for this log below

Note: DO NOT mouseclick combofix's window while it is running. That may cause it to stall.

The ComboFix folder should not be renamed since ComboFix and even we would have suspicions about it. Also when you uninstall CF, the folder would not be removed since it does not look for that folder name.

Attach the log from ComboFix

Link to post
Share on other sites

ComboFix has been running for more than six hours, but it's still not past the screen saying it's searching for infected files and that it should take 10 mins or double etc. I haven't clicked it or anything (I'm on a different computer). It hasn't said anything about completing any stages like it did when I ran the scan, but the cursor is still blinking... Is this normal? Is it doing something or is it just not working?

Link to post
Share on other sites

That's better.

Read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Double-click on TDSSKiller.exe to run the application.
    tdss1.png
  • Click Change parameters
    tdss2.png
  • Check the boxes next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
    tdss3.png
  • Click on the Start Scan button to begin the scan and wait for it to finish.
    NOTE: Do not use the computer during the scan!
  • During the scan it will look similar to the image below:
    tdss4.jpg
  • When it finishes, you will either see a report that no threats were found like below:
    tdss5.jpg
    If no threats are found at this point, just click the Report selection on the top right of the form to generate a log. A log file report will pop which you can just close since the report file is already saved.
  • If any infection or suspected items are found, you will see a window similar to below:
    tdss7.jpg
    • If you have files that are shown to fail signature check do not take any action on these. Make sure you select Skip. I will tell you what to do with these later. They may not be issues at all.
    • If Suspicious objects are detected, the default action will be Skip. Leave the default set to Skip.
    • If Malicious objects are detected, they will show in the Scan results. TDSSKiller automatically selects an action (Cure or Delete) for malicious objects
      Make sure that Cure is selected. Important! - If Cure is not available, please choose Skip instead. Do not choose Delete unless instructed to do so.

    [*]Click Continue to apply selected actions.

    [*]A reboot may be required to complete disinfection. A window like the below will appear:

    tdss6.jpg

    Reboot immediately if TDSSKiller states that one is needed.

    [*]Whether an infection is found or not, a log file should have already been created on your C: drive (or whatever drive you boot from) in the root folder named something like TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt which is based on the program version # and date and time run.

    [*]Attach this log to your next reply.

Link to post
Share on other sites

All the UnsignedFile.Multi.Generic detections can be ignored. Rarely a generic detection is something that needs to be addressed.

We've dealt with the major part of the infection, now to finish cleaning up.

Download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update

    [*]Press "Scan".

    [*]It will create a log (FSS.txt) in the same directory the tool is run.

    [*]Please attach the log to your reply.

Link to post
Share on other sites

Run Farbar Service Scanner.

Type the following in the edit box after "Search:"

dhcpcsvc.dll; dnsrslvr.dll; ipnathlp.dll; netman.dll; WMIsvc.dll; srsvc.dll; sr.sys; wscsvc.dll; WMIsvc.dll; wuauserv.dll; qmgr.dll; es.dll; cryptsvc.dll; svchost.exe; rpcss.dll; services.exe

Click Search Files button and attach the log (FSS.txt) it makes to your reply.

Link to post
Share on other sites

Run OTL.exe

  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
    :OTL
    SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
    DRV - (zumbus) -- system32\DRIVERS\zumbus.sys File not found
    DRV - (xpsec) -- C:\WINDOWS\system32\drivers\xpsec.sys File not found
    DRV - (WDICA) --  File not found
    DRV - (UIUSys) -- system32\DRIVERS\UIUSYS.SYS File not found
    DRV - (PDRFRAME) --  File not found
    DRV - (PDRELI) --  File not found
    DRV - (PDFRAME) --  File not found
    DRV - (PDCOMP) --  File not found
    DRV - (PCIDump) --  File not found
    DRV - (lbrtfdc) --  File not found
    DRV - (i2omgmt) --  File not found
    DRV - (Changer) --  File not found
    DRV - (catchme) -- C:\Combo-Fix\catchme.sys File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    
    :Commands
    [Purity]
    [EmptyTemp]
    [EmptyFlash]
    [EmptyJava]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Attach the new log produced by OTL (C:\_OTL). (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS)

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!

Link to post
Share on other sites

The same thing happened as before with the other OTL fix. It seems to start fine, then nothing happens. I let it sit for a few hours, but still nothing. It just stops responding. The antivirus program was deactivated when I tried running the fix so I don't know what could be interfering with OTL.

Link to post
Share on other sites

The computer has been super slow since the FSS scan, but maybe that's something that will improve after I uninstall that program? Other than that, I just checked eBay and the pop-up is gone! So in that regard things are running great - thank you so much :)

Link to post
Share on other sites

I can't find it in the list of programs. Could it be hidden somehow? I searched for the name it had in the EEK log, which was a .lnk file located in the folder with recently used documents, and it appears to at one point have been a .jpg that now no longer exists but I guess still has a shortcut in that folder. Maybe that other file just happened to be named the same thing. Or is it the key logger program being sneaky?

Link to post
Share on other sites

Well, let's see if we can figure out where the key logger is hiding.

Download:

- ISeeYouXP by ShadowPuterDude

Double-click ISeeYouXP.exe, ISeeYouXp will be extracted to C:\ISeeYouXP; and a shortcut to ISeeYouXP.bat will be placed on the Desktop.

Double-click the ISeeYouXP shortcut to run ISeeYouXP.

Possible Error Messages

  • If your ISeeYouXP.txt log appears to be empty or semi-empty or you get an error message similar to the below when running ISeeYouXP.bat and you are running Windows XP or Windows 2000, follow the steps further down that relate to your OS
    C:\WINDOWS\SYSTEM32\AUTOEXEC.NT. The system file is not suitable for running MS-DOS and Microsoft Window applications.
    To fix the above error message, choose the download below which is appropriate for your system
    • For Windows XP Pro: download and run: XPproFix
    • For Windows XP Home: download and run: XPHomeFix
    • For Windows 2000: download and run: W2KFix

    Then run ISeeYouXP.bat again and attach the log.

    [*]A possible second type of error message may occur as shown in the quote box below! If you get either of these two messages, perform the Resolution steps given in this: Virtual Device Driver Error Message in 16-Bit MS-DOS Subsystem

16 bit MS-DOS Subsystem

drive:\program path

XXXX. An installable Virtual Device Driver failed DLL initialization. Choose 'Close' to terminate the application.

-or-

16 bit MS-DOS Subsystem

drive:\program path

SYSTEM\CurrentControlSet\Control\VirtualDeviceDrivers. VDD. Virtual Device Driver format in the registry is invalid. Choose 'Close' to terminate the application.

After attempting to fix the above errors, run ISeeYouXP.bat and attach the log.

IMPORTANT NOTE:

Vista Users

UAC must be turned off to run this script.

Turning Off/On UAC in Vista

1. Open the Control Panel.

2. Under User Account and Family settings click on the "Add or remove user account".

3. Click on your user account.

4. Under the user account click on the "Go to the main User Account page" link.

5. Under "Make changes to your user account" click on the "Change security settings" link.

6. In the "Turn on User Account Control (UAC) to make your computer more secure" click to unselect the "Use User Account Control (UAC) to help protect your computer". Click on the Ok button.

7. You will be prompted to reboot your computer. Do so.

In order to re-enable UAC just select the above checkbox and reboot.

To Run ISeeYouXP right-click on the batch file and select "Run as Administrator"

Attach the ISeeYouXP log, it will be on the Desktop, to your next reply.

Link to post
Share on other sites

I didn't get any error message, but I also didn't get a log. The program finished its scan and said the log would be on the desktop, but it's not there, nor is it in the ISeeYouXP folder. Should I try the XPHomeFix, or is this a different kind of error?

Link to post
Share on other sites

That didn't work either. But I think I know what the problem is: my computer is in Swedish. I took a closer look at the scan window, and under the *** Building Report *** headline it says something along the lines of "The file path could not be found". I'm guessing it doesn't know where to save the log because "Desktop" is "Skrivbord" on my computer.

Have I understood correctly that the KG file that EEK found is in the folder with shortcuts to recently used documents? Maybe I could try deleting all the files in that folder, and then maybe KG will go away?

Link to post
Share on other sites

OK, I know what the issue is with ISeeYouXP. Look in C:\ISeeYouXP locate GetUnKeys.bat. Double-click it to run it. The log will be at C:\GetUnKey.txt. Notepad will also open with the log.

Attach GetUnKey.txt

Link to post
Share on other sites

Unless you are having problems, it is time to do the final steps.

Now to remove most of the tools that we have used in fixing your machine:

  • Download OTC to your desktop and run it
  • A list of tool components used in the cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  • Click Yes to begin the cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the cleanup process. If you are asked to reboot the machine choose Yes.

Delete the following from your Desktop (If they exist)

CFscript.txt

ISeeYouXP.exe

ISeeYouXP.lnk

ISeeYouXP.txt

TDSSKiller.exe

Anything else I had you use

Delete the following files: (If they exist)

C:\ComboFix.txt

Delete the following folders: (If they exist)

C:\ComboFix

C:\Qoobox

Empty the Recycle Bin

Download to your Desktop:

- CCleaner Portable

  • UnZip CCleaner Portable to a folder on your Desktop named CCleaner

Run CCleaner

  • Open the CCleaner Folder on your Desktop and double click CCleaner.exe (32-bit) or CCleaner64.exe (64-bit)
  • The following should be selected by default, if not, please select:
    4l5a4i.png
  • Click 16jox2o.png and choose 5x3nu8.gif
  • Uncheck amuvj8.gif
  • Then go back to 2jb4qyb.gif and click nf47ev.gif to run it.
  • Exit CCleaner.

Turn off System restore to flush all your restore points then turn system restore back on. See How To Enable and Disable System Restore.

Inside the ISeeYouXP folder, locate and double-click HideIT.bat (C:\ISeeYouXP\HideIT.bat). This will return viewing of Hidden and System Files and Folders to the default settings.

Delete C:\ISeeYouXP

You can delete and uninstall any programs I had you download, that you do not wish to keep on the system.

Run Windows Update and update your Windows Operating System.

Run the Secunia Online Software Inspector, this will inspect your system for software that is out-of-date and in need of updating. Update anything program/application detected as being out-dated.

Articles to read:

How to Protect Your Computer From Malware

How to keep you and your Windows PC happy

Web, email, chat, password and kids safety

10 Sources of Malware Infections

That should take care of everything.

Safe Surfing!

Link to post
Share on other sites

Thread Closed

Reason: Resolved

The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...