Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

major infections


  • This topic is locked This topic is locked
4 replies to this topic

#1 D_N_M

D_N_M

  • Members
  • 200 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:01 AM

Posted 27 April 2009 - 09:32 PM

Hello friends

i am helping a buddy with his PC
heres the deal
when i got this laptop (Dell latitude D800)
i would try to boot the PC only to get an error code (STOP:oxoooooooo (oxoooooooo oxoooooooo)
it happened in normal and safe mode i could not get the PC to boot
but i kept playing with it and finally got a log in window and user name was valued customer
so i tried enter (did not work)
so i tried common passwords (did not work)
so under (user name) i typed administrator and hit enter (and it loaded windows)under admin account
so i was able to get to the desktop.
i immediately downloaded malwarebytes and did a scan.
it found over 800 infections I have a log if you would like to see it
then rebooted with no errors
next i downloaded comodo firewall because there was no firewall on this PC
then AVG because there was no antivirus
it picked up severalthings as well (i also have that log if needed)
and then downloaded spybot (but have not run it yet

ihave run The DDS and here is the log
thanks for any input and help

D_N_M


DDS (Ver_09-03-16.01) - FAT32x86
Run by Administrator at 22:26:30.71 on Mon 04/27/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13

============== Pseudo HJT Report ===============

mURLSearchHooks: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aim search\AOLSearch.dll
mURLSearchHooks: H - No File
c:\docume~1\admini~1\locals~1\temp\rarsfx0\temp00
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [COMODO SafeSurf] "c:\program files\comodo\safesurf\cssurf.exe" -s
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRunOnce: [AOLRebootNeeded] regsvr32.exe /s
c:\docume~1\admini~1\locals~1\temp\rarsfx0\temp00
c:\docume~1\admini~1\locals~1\temp\rarsfx0\temp00
c:\docume~1\admini~1\locals~1\temp\rarsfx0\temp00
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
AppInit_DLLs: ntlcjc.dll c:\windows\system32\cssdll32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 nwprovau

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\hqfh6gvg.default\
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbarff\components\vmAVGConnector.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-04-27 21:36 <DIR> --d----- c:\program files\CCleaner
2009-04-27 20:48 73,728 a------- c:\windows\system32\javacpl.cpl
2009-04-27 18:31 <DIR> --d----- c:\program files\Secunia
2009-04-27 18:15 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-04-27 18:15 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-04-27 17:32 <DIR> --d----- c:\windows\system32\scripting
2009-04-27 17:32 <DIR> --d----- c:\windows\l2schemas
2009-04-27 17:32 <DIR> --d----- c:\windows\system32\en
2009-04-27 17:32 <DIR> --d----- c:\windows\system32\bits
2009-04-27 17:20 <DIR> --d----- c:\windows\ServicePackFiles
2009-04-27 17:13 <DIR> --d----- c:\windows\network diagnostic
2009-04-27 16:21 <DIR> --d----- c:\windows\pss
2009-04-27 15:10 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-04-27 15:06 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-04-27 15:06 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-04-27 15:06 325,640 a------- c:\windows\system32\drivers\avgldx86.sys
2009-04-27 15:05 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-04-27 15:05 <DIR> --d----- c:\docume~1\admini~1\applic~1\AVGTOOLBAR
2009-04-27 15:05 <DIR> --d----- c:\program files\AVG
2009-04-27 15:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-04-27 14:54 253,688 a------- c:\windows\system32\cssdll32.dll
2009-04-27 14:53 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Comodo
2009-04-27 14:52 155,384 a------- c:\windows\system32\guard32.dll
2009-04-27 14:52 110,992 a------- c:\windows\system32\drivers\cmdguard.sys
2009-04-27 14:52 24,336 a------- c:\windows\system32\drivers\cmdhlp.sys
2009-04-27 14:52 <DIR> --d----- c:\program files\COMODO
2009-04-27 14:23 473,600 -------- c:\windows\system32\dllcache\fastprox.dll
2009-04-27 14:23 453,120 -------- c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-27 14:23 401,408 -------- c:\windows\system32\dllcache\rpcss.dll
2009-04-27 14:23 284,160 -------- c:\windows\system32\dllcache\pdh.dll
2009-04-27 14:23 227,840 -------- c:\windows\system32\dllcache\wmiprvse.exe
2009-04-27 14:23 110,592 -------- c:\windows\system32\dllcache\services.exe
2009-04-27 14:23 729,088 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-04-27 14:23 714,752 -------- c:\windows\system32\dllcache\ntdll.dll
2009-04-27 14:23 617,472 -------- c:\windows\system32\dllcache\advapi32.dll
2009-04-27 14:22 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-27 14:22 215,552 -------- c:\windows\system32\dllcache\wordpad.exe
2009-04-27 14:15 <DIR> a-dshr-- C:\cmdcons
2009-04-27 14:13 161,792 a------- c:\windows\SWREG.exe
2009-04-27 14:13 98,816 a------- c:\windows\sed.exe
2009-04-27 12:25 <DIR> --d----- c:\program files\Trend Micro
2009-04-27 11:43 <DIR> --d----- c:\docume~1\admini~1\applic~1\Malwarebytes
2009-04-27 11:43 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-27 11:43 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-27 11:42 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-27 11:42 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-27 11:28 <DIR> --d----- c:\documents and settings\Administrator
2009-04-26 22:13 17,841 a------- c:\windows\system32\nvModes.001
2009-04-26 17:18 <DIR> --dsh--- C:\FOUND.011

==================== Find3M ====================

2009-04-27 20:46 410,984 a------- c:\windows\system32\deploytk.dll
2009-04-27 17:44 87,263 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-04-27 11:30 17,841 a------- c:\windows\system32\nvModes.dat
2009-03-24 07:03 7,808 a------- c:\windows\system32\drivers\psi_mf.sys
2009-03-21 10:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll
2009-03-06 10:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-02 20:18 826,368 a------- c:\windows\system32\wininet.dll
2009-03-02 20:18 826,368 a------- c:\windows\system32\dllcache\wininet.dll
2009-02-28 00:54 636,072 a------- c:\windows\system32\dllcache\iexplore.exe
2009-02-20 06:20 70,656 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-02-20 06:20 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-02-20 01:14 161,792 a------- c:\windows\system32\dllcache\ieakui.dll
2009-02-09 08:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 08:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 08:10 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-09 08:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 07:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-09 07:13 1,846,784 -------- c:\windows\system32\dllcache\win32k.sys
2009-02-07 19:02 2,066,048 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-07 19:02 2,066,048 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-06 07:11 110,592 a------- c:\windows\system32\services.exe
2009-02-06 07:08 2,189,056 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 07:08 2,189,056 -------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-06 07:06 2,145,280 -------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-06 06:39 35,328 a------- c:\windows\system32\sc.exe
2009-02-06 06:39 35,328 a------- c:\windows\system32\dllcache\sc.exe
2009-02-06 06:32 2,023,936 -------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-03 15:59 56,832 a------- c:\windows\system32\secur32.dll
2009-02-03 15:59 56,832 -------- c:\windows\system32\dllcache\secur32.dll

============= FINISH: 22:28:20.26 ===============



i also installed ccleaner and ran the cleanup

BC AdBot (Login to Remove)

 


#2 D_N_M

D_N_M
  • Topic Starter

  • Members
  • 200 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:01 AM

Posted 29 April 2009 - 05:50 AM

ummmm FAT32? :thumbup2:
converted to NTFS
and updated windows to SP3
let me know if you need a new log
Thanks again

D_N_M

#3 D_N_M

D_N_M
  • Topic Starter

  • Members
  • 200 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:01 AM

Posted 06 May 2009 - 06:09 AM

Hello BC

i know y'all are busy but it's been 8 days since i have posted my problem.
i need to get this laptop back it's owner asap.
thanks again fore any help

#4 D_N_M

D_N_M
  • Topic Starter

  • Members
  • 200 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:01 AM

Posted 09 May 2009 - 08:08 AM

Request for topic to be closed
i did the best i could since i could not get any help here this time and had to give the laptop back because my friend needed it for school.

D_N_M

#5 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,989 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:05:01 AM

Posted 10 May 2009 - 12:46 PM

Hello,

I'm sorry you couldn't keep the laptop long enough as we just now got to your topic. We work with hundreds of logs every day and weren't able to get to your topic sooner.

Since you no longer have the computer with you, I shall close this topic.

Orange Blossom :thumbup2:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users