Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

rootkit/ Computer 1


  • This topic is locked This topic is locked
7 replies to this topic

#1 Joline

Joline

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:31 PM

Posted 04 January 2009 - 04:07 PM

Hi, firstly thank you so much for your help in advance. It's great for us to have someone out there fighting against these things.

I stupidly opened an email with an attachment entitled schedule of fees months ago on my home computer, my norton antivirus had gone out of date and i hadn't updated it. It said the XP security detected a virus and directed me to a site to download something to fix it.

I was suppect of it being processed through a russian bank.

I thought i had sorted out the virus problem by installing CA, but the computer got slower and slower. A friend suggested AVG or AVast. I used AVG and detected a rootkit and a trojan virus on my home computer, which i can nolonger access the internet with.

Since i had been using a memory stick to copy and paste files and updates between my computers i wanted to check them all.

AVG gave me a clear read on this computer, my laptop, however i wasn't certain if a root kit could avoid initial detection.

Can it install itself on my other computers through my memory stick or removable hard disk?

I'll be working on running dds on my main computer.

Thank you for your help.

Joline


DDS (Version 1.1.0) - NTFSx86
Run by Joline at 20:40:51.66 on Sun 01/04/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.222.52 [GMT 0:00]

AV: AVG Internet Security *On-access scanning enabled* (Updated)
FW: AVG Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AVG\AVG8\aAvgApi.exe
C:\Documents and Settings\Joline\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
BHO: EWPP - No File
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
uRun: [EPSON Stylus DX8400 Series] c:\windows\system32\spool\drivers\w32x86\3\e_faticee.exe /fu "c:\windows\temp\E_SAF.tmp" /EF "HKCU"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe
mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe"
mRunOnce: [HPWebUpdate]
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
mPolicies-system: EnableLUA = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2008-12-27 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-27 324872]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-12-27 27656]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-12-27 107272]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2008-12-27 29208]
R4 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-12-27 298264]
R4 avgfws8;AVG8 Firewall;c:\progra~1\avg\avg8\avgfws8.exe [2008-12-27 1339600]
S1 SGFPUSB;SecuGen USB FRD Service03;c:\windows\system32\drivers\SGFu03d.sys [2008-11-6 18048]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2008-12-27 29208]

=============== Created Last 30 ================

2009-01-04 20:09 82,432 a----r-- c:\windows\system32\MSXML4r.dll
2009-01-04 20:09 44,544 a----r-- c:\windows\system32\MSXML4a.dll
2009-01-04 20:09 1,230,336 a----r-- c:\windows\system32\MSXML4.dll
2009-01-04 20:09 626,960 a----r-- c:\windows\system32\hpvaut32.dll
2009-01-04 20:08 487,424 a----r-- c:\windows\system32\hpvcp70.dll
2009-01-04 20:08 344,064 a----r-- c:\windows\system32\hpvcr70.dll
2009-01-04 20:06 <DIR> --d----- c:\program files\HP
2009-01-04 20:03 135,858 a------- c:\windows\hpdj5700.his
2009-01-04 20:03 11,615 a------- c:\windows\hpdj5700.ini
2009-01-04 18:50 <DIR> --d----- c:\program files\Trend Micro
2008-12-31 19:28 107,368 a------- c:\windows\system32\GEARAspi.dll
2008-12-31 19:28 15,464 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2008-12-31 19:27 <DIR> --d----- c:\program files\iPod
2008-12-31 19:27 <DIR> --d----- c:\program files\iTunes
2008-12-31 19:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-31 19:26 <DIR> --d----- c:\program files\Bonjour
2008-12-27 21:26 <DIR> --d-h--- C:\$AVG8.VAULT$
2008-12-27 20:55 10,520 a------- c:\windows\system32\avgrsstx.dll
2008-12-27 20:54 107,272 a------- c:\windows\system32\drivers\avgtdix.sys
2008-12-27 20:54 12,552 a------- c:\windows\system32\drivers\avgrkx86.sys
2008-12-27 20:54 324,872 a------- c:\windows\system32\drivers\avgldx86.sys
2008-12-27 20:54 <DIR> --d----- c:\windows\system32\drivers\Avg
2008-12-27 20:54 <DIR> --d----- c:\docume~1\joline\applic~1\AVGTOOLBAR
2008-12-27 20:52 50,968 a------- c:\windows\system32\avgfwdx.dll
2008-12-27 20:52 29,208 a------- c:\windows\system32\drivers\avgfwdx.sys
2008-12-27 20:52 <DIR> --d----- c:\program files\AVG
2008-12-27 20:52 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2008-12-24 11:41 <DIR> --d----- c:\windows\system32\LogFiles
2008-12-24 11:39 <DIR> --d----- c:\program files\MP3 Player Utilities 4.18

==================== Find3M ====================

2008-11-09 19:01 410,976 a------- c:\windows\system32\deploytk.dll

============= FINISH: 20:42:11.57 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:06:31 PM

Posted 17 January 2009 - 02:29 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click no to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 Joline

Joline
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:31 PM

Posted 17 January 2009 - 07:03 PM

Hello,

I have another computer which i am requesting help with, within a different topic. I was going to use this computer to connect and external drive to download the requested programs because that computer is one without an internet connection. Please advise if this is inapppropriate.

The logs provided are with that extenal drive attached to this computer.


Thanks
Joline


DDS (Version 1.1.0) - NTFSx86
Run by Joline at 23:37:56.26 on Sat 01/17/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.222.83 [GMT 0:00]

AV: AVG Internet Security *On-access scanning enabled* (Updated)
FW: AVG Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Documents and Settings\Joline\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
BHO: EWPP - No File
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe
mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe"
mRun: [CARPService] carpserv.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
mPolicies-system: EnableLUA = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2008-12-27 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-27 325128]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-12-27 27656]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-12-27 107272]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2008-12-27 29208]
S1 SGFPUSB;SecuGen USB FRD Service03;c:\windows\system32\drivers\SGFu03d.sys [2008-11-6 18048]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2008-12-27 29208]

=============== Created Last 30 ================

2009-01-17 22:44 250 a------- c:\windows\gmer.ini
2009-01-12 23:12 7,680 a------- c:\windows\system32\spdwnwxp.exe
2009-01-12 22:03 <DIR> --d----- c:\windows\system32\CatRoot_bak
2009-01-07 20:17 139,536 a------- c:\windows\system32\javaee.dll
2009-01-07 20:16 16,128 ac------ c:\windows\system32\dllcache\modemcsa.sys
2009-01-07 20:16 16,128 a------- c:\windows\system32\drivers\MODEMCSA.sys
2009-01-07 20:15 <DIR> --d----- c:\program files\CONEXANT
2009-01-04 20:09 82,432 a----r-- c:\windows\system32\MSXML4r.dll
2009-01-04 20:09 44,544 a----r-- c:\windows\system32\MSXML4a.dll
2009-01-04 20:09 1,230,336 a----r-- c:\windows\system32\MSXML4.dll
2009-01-04 20:09 626,960 a----r-- c:\windows\system32\hpvaut32.dll
2009-01-04 20:08 487,424 a----r-- c:\windows\system32\hpvcp70.dll
2009-01-04 20:08 344,064 a----r-- c:\windows\system32\hpvcr70.dll
2009-01-04 20:06 <DIR> --d----- c:\program files\HP
2009-01-04 20:03 135,858 a------- c:\windows\hpdj5700.his
2009-01-04 20:03 11,615 a------- c:\windows\hpdj5700.ini
2009-01-04 18:50 <DIR> --d----- c:\program files\Trend Micro
2008-12-31 19:28 107,368 a------- c:\windows\system32\GEARAspi.dll
2008-12-31 19:28 15,464 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2008-12-31 19:27 <DIR> --d----- c:\program files\iPod
2008-12-31 19:27 <DIR> --d----- c:\program files\iTunes
2008-12-31 19:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-31 19:26 <DIR> --d----- c:\program files\Bonjour
2008-12-27 21:26 <DIR> --d-h--- C:\$AVG8.VAULT$
2008-12-27 20:55 10,520 a------- c:\windows\system32\avgrsstx.dll
2008-12-27 20:54 107,272 a------- c:\windows\system32\drivers\avgtdix.sys
2008-12-27 20:54 12,552 a------- c:\windows\system32\drivers\avgrkx86.sys
2008-12-27 20:54 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2008-12-27 20:54 <DIR> --d----- c:\windows\system32\drivers\Avg
2008-12-27 20:54 <DIR> --d----- c:\docume~1\joline\applic~1\AVGTOOLBAR
2008-12-27 20:52 50,968 a------- c:\windows\system32\avgfwdx.dll
2008-12-27 20:52 29,208 a------- c:\windows\system32\drivers\avgfwdx.sys
2008-12-27 20:52 <DIR> --d----- c:\program files\AVG
2008-12-27 20:52 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2008-12-24 11:41 <DIR> --d----- c:\windows\system32\LogFiles
2008-12-24 11:39 <DIR> --d----- c:\program files\MP3 Player Utilities 4.18

==================== Find3M ====================

2009-01-07 20:17 2,678 a------- c:\windows\java\packages\data\5VXFXBFN.DAT
2009-01-07 20:17 2,678 a------- c:\windows\java\packages\data\LZJN5VZN.DAT
2009-01-07 20:17 2,678 a------- c:\windows\java\packages\data\K6O1RP7X.DAT
2009-01-07 20:17 2,678 a------- c:\windows\java\packages\data\ICQQWSIC.DAT
2009-01-07 20:17 2,678 a------- c:\windows\java\packages\data\FZRJ7XR5.DAT
2008-11-09 19:01 410,976 a------- c:\windows\system32\deploytk.dll

============= FINISH: 23:39:12.50 ===============

Attached Files


Edited by Joline, 18 January 2009 - 12:05 PM.


#4 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:03:31 PM

Posted 18 January 2009 - 08:43 PM

Hello, Joline
I don't see malware in here. Are you still having problems?

We need to scan for Rootkits with GMER
  • Please download GMER from one of the following mirrors:
  • Close any and all open programs, as this process may crash your computer.
  • Unzip the downloaded file to your desktop.
  • Double click Posted Image on your desktop.
  • Allow the gmer.sys driver to load if asked.
  • You may see this window. If you do, click No.
    Posted Image
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.
I would like us to use ESET (NOD32)'s Online Scanner
  • Please go to ESET OnlineScan (NOD32)
  • You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use
  • Now click Start
  • Should you face a Security Warning that asks if you want to install and run a file called "OnlineScanner.cab", click Yes
  • Click Start
    • Note: (the Onlinescanner will now prepare itself for running on your pc)
  • To do a full-scan, tick: "Remove found threats" and "Scan potentially unwanted applications"
  • Press Scan
  • The Onlinescan will now start and scan your pc (this could take a while)
  • When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window
  • Click Start >> Run... >> type: C:\Program Files\EsetOnlineScanner\log.txt
  • The Scanresults will now open in Notepad
  • Click into the text area, right-click and chose "select all" (or use <Control>+A)
  • Right-click again and chose "Copy" (or <Control>+C)
  • Close/Exit Notepad
  • Navigate to this thread and post your log along with anything else requested from us, by right-clicking and "paste" (or ctrl+v) in the text area of the reply post you just created.
Note: For Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

In your next reply, please include the following:
  • GMER's Log
  • ESET OnlineScan's Log

BillyIII
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#5 Joline

Joline
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:31 PM

Posted 19 January 2009 - 04:46 PM

Hi Billy

The problems i have on this computer is with the network connection and start up. e Once it didn't start up properly, it just sounded like the fan running and the screen didn't even come on. I'm constantly having trouble with the network connection, it says network cable is unplugged and when i use my ethernet/usb cable i usually have to unplug it then plug it back into a different port until it works.

Here is the gmer log. The eset scan said there were no infections and didn't produce a log.

Could there be another reason for those problems?

Thanks for your help
Joline

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-01-19 19:59:51
Windows 5.1.2600 Service Pack 2


---- Devices - GMER 1.0.14 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Ip ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)

---- EOF - GMER 1.0.14 ----

#6 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:03:31 PM

Posted 19 January 2009 - 05:02 PM

Hello, Joline
It sounds like you've got a hardware problem here. The machine appears clean.

I would head on over to the hardware forum here:
http://www.bleepingcomputer.com/forums/f/7/internal-hardware/

They know a lot more about diagnosis of this stuff than I do.

BillyIII
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#7 Joline

Joline
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:31 PM

Posted 19 January 2009 - 05:10 PM

Thanks for your help.

Joline

#8 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:03:31 PM

Posted 22 January 2009 - 08:38 PM

Hello, Joline
Since this issue appears resolved, this topic has been closed.

If you need this topic reopened, please send me or another moderator a PM.

Everyone else please begin a new topic.

BillyIII
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users