Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple infections


  • Please log in to reply
2 replies to this topic

#1 stealthguitar

stealthguitar

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:41 PM

Posted 13 July 2009 - 01:40 PM

DDS (Ver_09-06-26.01) - NTFSx86
Run by Dad at 12:28:07.51 on Mon 07/13/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.427 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\dlcdcoms.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 15\minimavis.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Malb\mbam.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Documents and Settings\Dad\Desktop\Infected\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.dell.com
mSearchMigratedDefaultURL = hxxp://windiwsfsearch.com/search?q={searchTerms}
uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
TB: Search Enhancer Toolbar: {bfb5f154-9212-46f3-b547-ac6106030a54} - c:\program files\search enhancer toolbar\enhancer.dll
uRun: [AIM] c:\progra~1\aim95\aim.exe -cnetwait.odl
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [dlcdmon.exe] "c:\program files\dell photo aio printer 944\dlcdmon.exe"
mRun: [MemoryCardManager] c:\program files\dell photo aio printer 944\memcard.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [DLCDCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCDtime.dll,_RunDLLEntry@16
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\person~1.lnk - c:\program files\broderbund\mavis beacon teaches typing 15\minimavis.exe
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\progra~1\aim95\aim.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
Notify: LMIinit - LMIinit.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dad\applic~1\mozilla\firefox\profiles\ondc32p9.default\
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava11.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava12.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava13.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava14.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava32.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJPI142_03.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPOJI610.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-7-13 327688]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-7-13 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-7-13 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-7-13 906520]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-7-13 298776]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2004-12-13 198256]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2004-12-13 165488]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-7-24 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-7-13 47640]
R3 dlcd_device;dlcd_device;c:\windows\system32\dlcdcoms.exe -service --> c:\windows\system32\dlcdcoms.exe -service [?]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-7-13 38496]
S0 goixazp;goixazp;c:\windows\system32\drivers\svmfn.sys --> c:\windows\system32\drivers\svmfn.sys [?]
S0 xcsv;xcsv;c:\windows\system32\drivers\kdtx.sys --> c:\windows\system32\drivers\kdtx.sys [?]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2004-12-13 79472]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

2009-07-13 11:21 <DIR> --d----- c:\docume~1\alluse~1\applic~1\LogMeIn
2009-07-13 11:21 28,984 a------- c:\windows\system32\LMIport.dll
2009-07-13 11:21 83,288 a------- c:\windows\system32\LMIRfsClientNP.dll
2009-07-13 11:21 47,640 a------- c:\windows\system32\drivers\LMIRfsDriver.sys
2009-07-13 11:20 87,352 a------- c:\windows\system32\LMIinit.dll
2009-07-13 11:20 1,024 a------- C:\.rnd
2009-07-13 11:19 <DIR> --d----- c:\program files\LogMeIn
2009-07-13 10:44 284,160 -------- c:\windows\system32\dllcache\pdh.dll
2009-07-13 10:44 35,328 -------- c:\windows\system32\dllcache\sc.exe
2009-07-13 10:44 401,408 -------- c:\windows\system32\dllcache\rpcss.dll
2009-07-13 10:44 473,600 -------- c:\windows\system32\dllcache\fastprox.dll
2009-07-13 10:44 110,592 -------- c:\windows\system32\dllcache\services.exe
2009-07-13 10:44 227,840 -------- c:\windows\system32\dllcache\wmiprvse.exe
2009-07-13 10:44 729,088 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-07-13 10:44 453,120 -------- c:\windows\system32\dllcache\wmiprvsd.dll
2009-07-13 10:44 617,472 -------- c:\windows\system32\dllcache\advapi32.dll
2009-07-13 10:44 714,752 -------- c:\windows\system32\dllcache\ntdll.dll
2009-07-13 10:28 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-07-13 10:17 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-07-13 10:17 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-07-13 10:16 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-07-13 10:16 327,688 a------- c:\windows\system32\drivers\avgldx86.sys
2009-07-13 10:16 <DIR> --d----- c:\program files\AVG
2009-07-13 10:16 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-07-13 09:50 <DIR> --d----- c:\docume~1\dad\applic~1\MSNInstaller
2009-07-13 09:40 <DIR> --d----- c:\windows\system32\dllcache\cache
2009-07-13 09:39 0 a------- c:\windows\system32\msxmlm.dll.tmp
2009-07-13 09:04 <DIR> a-dshr-- C:\cmdcons
2009-07-13 09:02 161,792 a------- c:\windows\SWREG.exe
2009-07-13 09:02 155,136 a------- c:\windows\PEV.exe
2009-07-13 09:02 98,816 a------- c:\windows\sed.exe
2009-07-13 09:02 <DIR> --ds---- C:\ComboFix
2009-07-13 08:32 2 a------- c:\windows\rcim355878.dat
2009-07-13 08:24 <DIR> --d----- c:\docume~1\dad\applic~1\Malwarebytes
2009-07-13 08:18 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-07-13 08:18 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 08:18 <DIR> --d----- c:\program files\Malb
2009-07-13 08:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-07-06 21:17 61,440 a------- c:\windows\system32\ndisapi.dll
2009-07-06 21:17 54,272 a------- c:\windows\system32\NetFilter.exe
2009-07-06 21:17 28,672 a------- c:\windows\system32\NFUninstall.exe
2009-07-06 21:17 24,576 a------- c:\windows\system32\drivers\ndisrd.sys
2009-07-06 21:17 <DIR> --d----- c:\program files\common files\Uninstall
2009-06-18 15:39 1 ----h--- c:\windows\jmmark2.dat
2009-06-18 15:38 1 ----h--- c:\windows\bf23567.dat
2009-06-18 15:38 2 a------- c:\windows\104116116112584747.dat
2009-06-14 20:50 81,408 a------- c:\windows\system32\tajavoho.dll

==================== Find3M ====================

2009-07-12 02:59 80,896 -------- c:\windows\system32\rezatovu.dll
2009-07-11 14:59 80,896 a--sh--- c:\windows\system32\kowavelo.dll
2009-07-11 02:59 80,896 a--sh--- c:\windows\system32\lenozafi.dll
2009-07-10 14:58 80,896 a--sh--- c:\windows\system32\jubifede.dll
2009-07-09 10:11 80,896 -------- c:\windows\system32\vetahadu.dll
2009-07-08 13:54 84,992 a--sh--- c:\windows\system32\dehasavu.dll
2009-07-08 01:54 714,789 a--sh--- c:\windows\system32\linivini.exe
2009-07-08 01:54 84,992 a--sh--- c:\windows\system32\romonata.dll
2009-07-07 13:53 714,789 a--sh--- c:\windows\system32\papobafo.exe
2009-07-07 13:53 84,992 a--sh--- c:\windows\system32\yubugere.dll
2009-07-07 13:53 80,896 a--sh--- c:\windows\system32\kemotasa.dll
2009-07-07 01:53 84,992 a--sh--- c:\windows\system32\bilefola.dll
2009-07-07 01:53 80,896 a--sh--- c:\windows\system32\karirabo.dll
2009-07-06 13:53 85,504 a--sh--- c:\windows\system32\kejadole.dll
2009-07-06 13:53 81,408 a--sh--- c:\windows\system32\godidusa.dll
2009-06-30 19:47 84,480 a--sh--- c:\windows\system32\japudebu.dll
2009-06-30 19:47 80,896 -------- c:\windows\system32\magovozi.dll
2009-06-17 16:59 15,360 a--sh--- c:\windows\system32\rirofida.exe
2009-06-11 16:26 3,350 a--sh--- c:\windows\system32\KGyGaAvL.sys
2009-05-28 16:28 2,713 ---sh--- c:\windows\system32\gawejeya.exe
2009-05-27 22:27 2,713 ---sh--- c:\windows\system32\berikeda.exe
2009-05-27 04:26 2,713 ---sh--- c:\windows\system32\lazuduhe.exe
2009-05-26 09:25 2,713 ---sh--- c:\windows\system32\hiyanuhe.exe
2009-05-25 15:24 2,713 ---sh--- c:\windows\system32\jenodose.exe
2009-05-24 21:23 2,713 ---sh--- c:\windows\system32\budaluyo.exe
2009-05-24 03:22 2,713 ---sh--- c:\windows\system32\kuhunuze.exe
2009-05-23 09:21 2,713 ---sh--- c:\windows\system32\votohide.exe
2009-05-22 15:19 2,713 ---sh--- c:\windows\system32\sahanudi.exe
2009-05-21 21:18 2,713 ---sh--- c:\windows\system32\kepivuji.exe
2009-05-21 03:17 2,713 ---sh--- c:\windows\system32\janodewi.exe
2009-05-20 03:11 2,713 ---sh--- c:\windows\system32\moligefa.exe
2009-05-19 09:10 2,713 ---sh--- c:\windows\system32\surefuta.exe
2009-05-18 15:08 2,713 ---sh--- c:\windows\system32\memaleho.exe
2009-05-17 21:08 89,600 a--sh--- c:\windows\system32\rigagine.dll
2009-05-17 21:08 81,920 -------- c:\windows\system32\lejorude.dll
2009-05-17 09:07 2,713 ---sh--- c:\windows\system32\pifujufo.exe
2009-05-16 15:07 89,600 a--sh--- c:\windows\system32\yitazuzu.dll
2009-05-15 22:07 81,408 a--sh--- c:\windows\system32\muvohahu.dll
2009-05-15 09:04 2,713 ---sh--- c:\windows\system32\kefazuwa.exe
2009-05-14 15:06 81,408 -------- c:\windows\system32\dojudemu.dll
2009-05-14 15:06 47,104 a--sh--- c:\windows\system32\vozoyimi.exe
2009-05-13 09:43 2,713 ---sh--- c:\windows\system32\juwufajo.exe
2009-05-12 15:42 2,713 ---sh--- c:\windows\system32\rigovele.exe
2009-05-11 21:43 81,408 -------- c:\windows\system32\yidopamo.dll
2009-05-11 07:40 5,856 ---sh--- c:\windows\system32\juvujina.exe
2009-05-10 13:40 5,856 ---sh--- c:\windows\system32\yewanotu.exe
2009-05-09 19:40 89,600 a--sh--- c:\windows\system32\sezugeda.dll
2009-05-09 19:40 81,920 -------- c:\windows\system32\nidefafe.dll
2009-05-07 22:16 31,865 a--sh--- c:\windows\system32\lemadebe.dll
2009-05-07 19:15 50,176 a--sh--- c:\windows\system32\wozupile.dll
2009-05-07 19:15 89,600 a--sh--- c:\windows\system32\wuwigisu.dll
2009-05-07 07:13 2,713 ---sh--- c:\windows\system32\nufepisa.exe
2009-05-06 13:12 2,713 ---sh--- c:\windows\system32\yiwosuni.exe
2009-05-05 19:11 2,713 ---sh--- c:\windows\system32\gedayuje.exe
2009-05-05 01:10 2,713 ---sh--- c:\windows\system32\muzefeto.exe
2009-05-04 07:09 2,713 ---sh--- c:\windows\system32\yazivele.exe
2009-05-03 13:13 81,920 a--sh--- c:\windows\system32\vukenowi.dll
2009-05-03 13:12 89,600 a--sh--- c:\windows\system32\woserali.dll
2009-05-03 13:09 47,104 a--sh--- c:\windows\system32\talezuwe.exe
2009-05-02 22:07 2,713 ---sh--- c:\windows\system32\notetiki.exe
2009-05-01 09:05 2,713 ---sh--- c:\windows\system32\buhunafa.exe
2009-04-29 09:03 2,713 ---sh--- c:\windows\system32\sifozoli.exe
2009-04-28 15:03 80,896 a--sh--- c:\windows\system32\wudepuve.dll
2009-04-28 15:03 88,576 a--sh--- c:\windows\system32\remudaze.dll
2009-04-27 22:05 2,713 ---sh--- c:\windows\system32\womojozo.dll
2009-04-27 22:05 2,713 ---sh--- c:\windows\system32\rifabana.dll
2009-04-27 06:00 2,713 ---sh--- c:\windows\system32\gumeyesu.exe
2009-04-26 12:01 2,713 ---sh--- c:\windows\system32\tubevatu.exe
2009-04-25 18:59 2,713 ---sh--- c:\windows\system32\pifojaso.exe
2009-04-25 00:58 2,713 ---sh--- c:\windows\system32\joripeze.exe
2009-04-24 06:57 2,713 ---sh--- c:\windows\system32\vamomovi.exe
2009-04-23 12:55 2,713 ---sh--- c:\windows\system32\zihaleha.exe
2009-04-21 20:00 81,408 a------- c:\windows\system32\yuwehosu.dll
2009-04-21 20:00 47,616 a------- c:\windows\system32\vijobaje.exe
2009-04-21 19:57 7,016 a--sh--- c:\windows\system32\diripeyi.dll
2009-04-21 13:55 50,176 a--sh--- c:\windows\system32\tinuhagu.dll
2009-04-19 15:49 2,713 ---sh--- c:\windows\system32\nalerosa.dll
2008-11-11 00:38 534 a------- c:\docume~1\dad\applic~1\wklnhst.dat
2009-02-26 21:25 49,152 a--sh--- c:\windows\system32\babeleso.dll
2009-01-27 22:04 11,264 a--sh--- c:\windows\system32\bovusuyo.dll
2009-03-17 16:57 79,872 a--sh--- c:\windows\system32\hakujara.dll
2009-02-26 21:25 28,672 a--sh--- c:\windows\system32\safevayi.dll
2009-03-10 20:00 60,416 a--sh--- c:\windows\system32\surefuta.dll
2009-02-07 19:13 52,224 a--sh--- c:\windows\system32\tefazewa.dll
2009-01-21 13:54 67,584 a--sh--- c:\windows\system32\yorerufo.dll

============= FINISH: 12:32:54.20 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 stealthguitar

stealthguitar
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:41 PM

Posted 14 July 2009 - 05:41 AM

I keep running across netfilter.exe as well as seeing a quick flash of what looks like two os's during boot. This thing also keeps on turning system restore back on no matter what I try. This has been the toughest virus I've ran across yet. I should have reformatted right away but it's never easy to determine which will take longer.

Hello stealthguitar,

We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the HJT Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.

Please be patient. It may take a while to get a response but your log will be reviewed and answered as soon as possible.

Thank you for understanding.

Regards,

The weatherman
(Moderator)

Edited by The weatherman, 14 July 2009 - 06:29 PM.


#3 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:03:41 PM

Posted 24 July 2009 - 04:29 PM

Hello stealthguitar

Welcome to Welcome to BleepingComputer :thumbup2:
=====================
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
===========
Download This file. Note its name and save it to your root folder, such as C:\.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "Yes" to begin the scan.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users