Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Recycler Infection?


  • This topic is locked This topic is locked
7 replies to this topic

#1 Vfef

Vfef

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:37 PM

Posted 28 September 2009 - 04:31 AM

Hello and thank you for your time and patients.

Not very good at asking for help and my friend is helping me so here I go. For the past few weeks, I would say 2-3 weeks my internet has been freaking out. By freaking out I mean going in and out 10 second lag spikes. Ping in ventrilo around 2.5k Normal is 32. The internet could be Comcast related but I thought safer than sorry. I restarted my computer a few hours ago and my audio stopped working. Normally after ever restart I have to unplug my microphone and plug it back in but for some weird reason my audio went out. So I tried to to fix it that way, did not work so I tried reinstalling the drivers/uninstalling the drivers/letting vista install the drivers itself and none work. It recognizes that I plug it in, It swaps the default device to the headset when I plug it in. Under Playback devices It shows that there is audio playing but its not going into my headset. My headset works on the laptop so Its not that.

My friend told me to post this

By the way RootRepeal wont run

FOPS -DeviceIoControl Error! Error Code =0xc0000024
on opening and another on scan




DDS (Ver_09-09-24.01) - NTFSx86
Run by Vfef at 2:07:49.05 on Mon 09/28/2009
Internet Explorer: 7.0.6000.16386 BrowserJavaVersion: 1.6.0_14
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6000.0.1252.1.1033.18.3071.2184 [GMT -7:00]

SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\Program Files\Razer\DeathAdder\razertra.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
E:\Program Files\Steam\Steam.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Xfire\Xfire.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\PnkBstrB.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\taskeng.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
C:\Program Files\Common Files\Steam\SteamService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\conime.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\notepad.exe
C:\Users\Vfef\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Steam] "e:\program files\steam\steam.exe" -silent
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [BEGameMonitor] "c:\program files\begamemonitor\BEGameMonitor.exe" sleep autowakeup
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [BtTray] "c:\program files\ivt corporation\bluesoleil\BtTray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [CmPCIaudio] RunDll32 cmicnfg3.cpl,CMICtrlWnd
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [DeathAdder] c:\program files\razer\deathadder\razerhid.exe
mRun: [Turbine Download Manager Tray Icon] "e:\program files\turbine\turbine download manager\TurbineDownloadManagerIcon.exe"
StartupFolder: c:\users\vfef\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\users\vfef\appdata\roaming\micros~1\windows\startm~1\programs\startup\xfire.lnk - c:\program files\xfire\Xfire.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: Save YouTube Video - c:\program files\common files\dvdvideosoft\dll\IEContextMenuY.dll/scriptY2MP4.htm
IE: Save YouTube Video as MP3 - c:\program files\common files\dvdvideosoft\dll\IEContextMenuY.dll/scriptY2MP3.htm
IE: Send by Bluetooth - c:\program files\ivt corporation\bluesoleil\transsend\ie\tsinfo.htm
IE: Send via &Message... - c:\program files\ivt corporation\bluesoleil\transsend\ie\tssms.htm
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\windows\system32\skype4com.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\vfef\appdata\roaming\mozilla\firefox\profiles\6nq0xv7p.default\
FF - component: c:\program files\common files\dvdvideosoft\dll\ffcontextmenuy\components\FFContextMenu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\users\vfef\appdata\roaming\mozilla\firefox\profiles\6nq0xv7p.default\extensions\npdyyno@dyyno.com\plugins\npDyyno.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2009-1-7 20744]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2009-6-23 13696]
R1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2cIo.sys [2009-7-18 16768]
R2 BsMobileCS;BsMobileCS;c:\program files\ivt corporation\bluesoleil\BsMobileCS.exe [2009-2-27 143467]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2009-7-14 239648]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [2008-12-7 30088]
R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2009-8-14 22784]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2008-7-2 26248]
S2 LiveTurbineMessageService;Turbine Message Service - Live;e:\program files\turbine\turbine download manager\TurbineMessageService.exe [2009-9-10 267760]
S2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\common files\nero\nero backitup 4\nbservice.exe --> c:\program files\common files\nero\nero backitup 4\NBService.exe [?]
S3 LiveTurbineNetworkService;Turbine Network Service - Live;e:\program files\turbine\turbine download manager\TurbineNetworkService.exe [2009-9-10 218608]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
SUnknown getPlusHelper;getPlusHelper; [x]

=============== Created Last 30 ================

2009-09-28 01:59 0 a------- c:\windows\system32\settings.dat
2009-09-28 01:12 319,456 a------- c:\windows\DIFxAPI.dll
2009-09-28 01:12 2,388,512 a------- c:\windows\system32\RtkAPO.dll
2009-09-28 01:12 956,960 a------- c:\windows\system32\RtkPgExt.dll
2009-09-27 01:53 43,520 a------- c:\windows\system32\CmdLineExt03.dll
2009-09-26 22:22 <DIR> --d----- c:\program files\Tremulous
2009-09-26 21:26 <DIR> --d----- c:\program files\Ground Control II MP Demo
2009-09-25 19:09 <DIR> --d----- c:\programdata\Media Center Programs
2009-09-25 19:09 <DIR> --d----- c:\progra~2\Media Center Programs
2009-09-25 11:22 <DIR> --d----- c:\users\vfef\appdata\roaming\Tropico 3
2009-09-22 14:37 41,872 a------- c:\windows\system32\xfcodec.dll
2009-09-18 23:22 497,664 a------- c:\windows\system32\ac3filter.acm
2009-09-18 23:22 <DIR> --d----- c:\program files\AC3Filter
2009-09-18 16:07 <DIR> --d----- c:\programdata\Nero
2009-09-18 16:07 <DIR> --d----- c:\progra~2\Nero
2009-09-17 01:24 <DIR> --d----- c:\program files\PokerStars
2009-09-10 18:22 <DIR> --d----- c:\programdata\Turbine
2009-09-10 18:22 <DIR> --d----- c:\progra~2\Turbine
2009-09-10 18:17 <DIR> --d----- c:\programdata\PMB Files
2009-09-10 18:17 <DIR> --d----- c:\progra~2\PMB Files
2009-09-10 18:17 <DIR> --d----- c:\program files\Pando Networks
2009-09-08 13:45 90,112 a------- c:\windows\unvise32.exe
2009-09-08 13:44 <DIR> --d----- c:\program files\DAZ
2009-09-08 13:44 <DIR> --d----- c:\program files\common files\DAZ
2009-09-07 12:23 <DIR> --ds---- c:\program files\HLSW
2009-09-07 12:23 <DIR> --d----- c:\users\vfef\appdata\roaming\HLSW
2009-09-06 16:47 <DIR> --d----- c:\program files\common files\Blizzard Entertainment
2009-09-04 01:19 <DIR> --d----- c:\program files\APIStudios
2009-08-31 00:31 453 a------- c:\windows\kaillera.ini
2009-08-31 00:17 <DIR> --d----- c:\program files\Project64 1.6
2009-08-29 04:06 <DIR> --d----- c:\program files\Music AlarmClock v2

==================== Find3M ====================

2009-09-28 01:44 169,294 a------- c:\programdata\nvModes.dat
2009-09-28 01:44 169,294 a------- c:\progra~2\nvModes.dat
2009-09-28 01:41 86,016 a------- c:\windows\inf\infstrng.dat
2009-09-28 01:41 86,016 a------- c:\windows\inf\infstor.dat
2009-09-28 01:41 51,200 a------- c:\windows\inf\infpub.dat
2009-09-22 14:48 138,808 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-09-22 14:48 190,144 a------- c:\windows\system32\PnkBstrB.exe
2009-09-04 01:19 413,696 a------- c:\windows\system32\wrap_oal.dll
2009-09-04 01:19 110,592 a------- c:\windows\system32\OpenAL32.dll
2009-08-14 13:36 70,936 a------- c:\windows\system32\PhysXLoader.dll
2009-08-11 17:28 75,064 a------- c:\windows\system32\PnkBstrA.exe
2009-08-11 16:47 22,328 a------- c:\users\vfef\appdata\roaming\PnkBstrK.sys
2009-08-07 19:51 15,308,424 a------- c:\windows\system32\xlive.dll
2009-08-07 19:51 13,642,888 a------- c:\windows\system32\xlivefnt.dll
2009-08-03 00:21 23,320 a------- c:\windows\system32\PhysXDevice.dll
2009-07-18 20:39 622,080 a------- c:\windows\system32\icardagt.exe
2009-07-18 20:39 97,800 a------- c:\windows\system32\infocardapi.dll
2009-07-18 20:39 11,264 a------- c:\windows\system32\icardres.dll
2009-07-18 20:39 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
2009-07-18 20:39 326,160 a------- c:\windows\system32\PresentationHost.exe
2009-07-18 20:39 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-07-18 20:39 43,544 a------- c:\windows\system32\PresentationHostProxy.dll
2009-07-18 20:22 96,760 a------- c:\windows\system32\dfshim.dll
2009-07-18 20:22 41,984 a------- c:\windows\system32\netfxperf.dll
2009-07-18 20:22 282,112 a------- c:\windows\system32\mscoree.dll
2009-07-18 20:22 158,720 a------- c:\windows\system32\mscorier.dll
2009-07-18 20:22 83,968 a------- c:\windows\system32\mscories.dll
2009-07-16 00:17 794,408 a------- c:\windows\system32\pbsvc.exe
2009-07-14 21:33 1,524,736 a------- c:\windows\system32\wucltux.dll
2009-07-14 21:32 83,456 a------- c:\windows\system32\wudriver.dll
2009-07-14 21:31 162,064 a------- c:\windows\system32\wuwebv.dll
2009-07-14 21:31 31,232 a------- c:\windows\system32\wuapp.exe
2009-07-14 13:29 2,173,472 a------- c:\windows\system32\nvcplui.exe
2009-07-14 13:29 1,346,080 a------- c:\windows\system32\nvsvs.dll
2009-07-14 13:29 3,176,992 a------- c:\windows\system32\nvwss.dll
2009-07-14 13:29 4,033,056 a------- c:\windows\system32\nvvitvs.dll
2009-07-14 13:29 1,292,832 a------- c:\windows\system32\nvmobls.dll
2009-07-14 13:29 195,104 a------- c:\windows\system32\nvmccss.dll
2009-07-14 13:29 3,553,824 a------- c:\windows\system32\nvgames.dll
2009-07-14 13:29 13,904,416 a------- c:\windows\system32\nvcpl.dll
2009-07-14 13:29 4,930,080 a------- c:\windows\system32\nvdisps.dll
2009-07-14 13:29 764,448 a------- c:\windows\system32\nvsvc.dll
2009-07-14 13:29 215,584 a------- c:\windows\system32\nvvsvc.exe
2009-07-14 13:29 92,704 a------- c:\windows\system32\nvmctray.dll
2009-07-14 11:54 10,854,400 a------- c:\windows\system32\nvoglv32.dll
2009-07-14 11:54 7,565,824 a------- c:\windows\system32\nvd3dum.dll
2009-07-14 11:54 3,287,040 a------- c:\windows\system32\nvwgf2um.dll
2009-07-14 11:54 2,169,376 a------- c:\windows\system32\nvcuvid.dll
2009-07-14 11:54 1,983,488 a------- c:\windows\system32\nvcuda.dll
2009-07-14 11:54 1,706,528 a------- c:\windows\system32\nvcuvenc.dll
2009-07-14 11:54 1,044,992 a------- c:\windows\system32\nvapi.dll
2009-07-14 11:54 485,920 a------- c:\windows\system32\nvudisp.exe
2009-07-14 11:54 151,552 a------- c:\windows\system32\nvcod157.dll
2009-07-14 11:54 151,552 a------- c:\windows\system32\nvcod.dll
2009-07-11 12:58 34 a------- c:\users\vfef\jagex_runescape_preferences.dat
2009-07-11 12:56 410,984 a------- c:\windows\system32\deploytk.dll
2009-07-10 07:01 485,920 a------- c:\windows\system32\NVUNINST.EXE
2009-07-01 18:34 107,888 a------- c:\windows\system32\CmdLineExt.dll
2007-02-21 12:49 665,600 a------- c:\windows\inf\drvindex.dat
2006-11-02 05:50 174 a--sh--- c:\program files\desktop.ini
2006-11-02 05:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 05:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 05:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 05:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2007-02-21 12:49 8,192 a--sh--- c:\windows\users\default\NTUSER.DAT

============= FINISH: 2:08:05.69 ===============

Attached Files


Edited by Vfef, 28 September 2009 - 04:46 AM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:37 PM

Posted 28 September 2009 - 07:01 AM

Hi Vfef,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already.
  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.
  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day then I will close the topic.

Thanks :(
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:37 PM

Posted 28 September 2009 - 07:07 AM

Hi Vfef,

There's not anything showing on the log but the fact that RootRepeal won't run means that we may be dealing with an invisible threat.

Try this rootkit scanner first of all.

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.


Then please run MBAM and see what we can get rid off now.

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.

Thanks :(
Posted Image
m0le is a proud member of UNITE

#4 Vfef

Vfef
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:37 PM

Posted 28 September 2009 - 01:03 PM

Thank you for your help

Will post Maulware log in the next post



Here is the GMER log



GMER 1.0.15.15087 - http://www.gmer.net
Rootkit scan 2009-09-28 11:02:26
Windows 6.0.6000
Running: prr5gpmk.exe; Driver: C:\Users\Vfef\AppData\Local\Temp\fwedipob.sys


---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[520] kernel32.dll!LoadLibraryW 76CE9727 5 Bytes JMP 01DC2030 C:\Program Files\Xfire\xfire_toucan_39367.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Mozilla Firefox\firefox.exe[520] kernel32.dll!LoadLibraryA 76CE9A9E 5 Bytes JMP 01DC1F30 C:\Program Files\Xfire\xfire_toucan_39367.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[2580] kernel32.dll!CreateProcessA 76CC1D5C 5 Bytes JMP 0548706B C:\Program Files\Xfire\xfire_toucan_39367.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[2580] kernel32.dll!CreateThread 76D037EF 5 Bytes JMP 05486A0F C:\Program Files\Xfire\xfire_toucan_39367.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[2580] GDI32.dll!BitBlt 75CB6AB7 5 Bytes JMP 05486487 C:\Program Files\Xfire\xfire_toucan_39367.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[2580] USER32.dll!InvalidateRgn 75B47C5B 5 Bytes JMP 0548666D C:\Program Files\Xfire\xfire_toucan_39367.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[2580] USER32.dll!WindowFromPoint 75B4C97E 5 Bytes JMP 0548683B C:\Program Files\Xfire\xfire_toucan_39367.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[2580] USER32.dll!RegisterClassA 75B4D770 5 Bytes JMP 05486977 C:\Program Files\Xfire\xfire_toucan_39367.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[2580] USER32.dll!CreateWindowExW 75B585F0 5 Bytes JMP 05486D40 C:\Program Files\Xfire\xfire_toucan_39367.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[2580] USER32.dll!SetWindowPos 75B59697 5 Bytes JMP 05486BFE C:\Program Files\Xfire\xfire_toucan_39367.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[2580] USER32.dll!SetFocus 75B596B8 5 Bytes JMP 05486537 C:\Program Files\Xfire\xfire_toucan_39367.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[2580] USER32.dll!SetForegroundWindow 75B5AA84 5 Bytes JMP 05486CA8 C:\Program Files\Xfire\xfire_toucan_39367.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[2580] USER32.dll!SetCapture 75B5AB49 5 Bytes JMP 0548670B C:\Program Files\Xfire\xfire_toucan_39367.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[2580] USER32.dll!GetDC 75B5B8D8 5 Bytes JMP 05486358 C:\Program Files\Xfire\xfire_toucan_39367.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[2580] USER32.dll!ReleaseDC 75B5B8EC 5 Bytes JMP 054863EC C:\Program Files\Xfire\xfire_toucan_39367.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[2580] USER32.dll!BeginPaint 75B5C18E 5 Bytes JMP 054862C4 C:\Program Files\Xfire\xfire_toucan_39367.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[2580] USER32.dll!RedrawWindow 75B5C26A 5 Bytes JMP 054868D6 C:\Program Files\Xfire\xfire_toucan_39367.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[2580] USER32.dll!GetCursorPos 75B5C65C 5 Bytes JMP 054867A3 C:\Program Files\Xfire\xfire_toucan_39367.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[2580] USER32.dll!InvalidateRect 75B62DA7 5 Bytes JMP 054865CF C:\Program Files\Xfire\xfire_toucan_39367.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[2580] USER32.dll!IsWindowVisible 75B63429 7 Bytes JMP 05486DF9 C:\Program Files\Xfire\xfire_toucan_39367.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[2580] USER32.dll!TrackPopupMenu 75B6CFF8 5 Bytes JMP 05486FC1 C:\Program Files\Xfire\xfire_toucan_39367.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[2580] USER32.dll!DialogBoxParamW 75B7129F 5 Bytes JMP 05486AB6 C:\Program Files\Xfire\xfire_toucan_39367.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[2580] USER32.dll!CreateDialogParamW 75B7A500 5 Bytes JMP 05486B5A C:\Program Files\Xfire\xfire_toucan_39367.dll (Xfire Toucan DLL/Xfire Inc.)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[3060] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [743EFE0C] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3060] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [743BC53D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3060] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [743AA31F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3060] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [743ACBEF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3060] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [743A8AAA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3060] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [743BDAB8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3060] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [743A7D8D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3060] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [743A7CF4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3060] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [743A6A4E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3060] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7443BE7C] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3060] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [743C8A5E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3060] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [743A90CD] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3060] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [743B2248] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3060] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [743B2273] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3060] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [743B7724] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3060] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [743B7546] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3060] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [743E861D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Edited by Vfef, 28 September 2009 - 01:26 PM.


#5 Vfef

Vfef
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:37 PM

Posted 28 September 2009 - 08:30 PM

Malwarebytes' Anti-Malware 1.41
Database version: 2868
Windows 6.0.6000

9/28/2009 6:29:32 PM
mbam-log-2009-09-28 (18-29-32).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 459256
Time elapsed: 1 hour(s), 27 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#6 Vfef

Vfef
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:37 PM

Posted 28 September 2009 - 10:06 PM

Sorry to bother you with my problem, I have decided to take my 30 gig windows drive and throw it in the trash. Its about 9 years old and dieing. If there are viruses that can survive a total format please let me know because thats what im going to do.

My Internet Sluggishness is due to my modem and/or Comcast. They tell me my modem could be dead so I should rent one from them to test it. If that dosent work then I have to have a Technician come out and fix it

Edited by Vfef, 29 September 2009 - 12:52 AM.


#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:37 PM

Posted 29 September 2009 - 07:27 AM

Hi Vfef,

Fair enough. your logs looked clean anyway.

If you want to make sure that no infections could reoccur (if there were some...) then you need to reformat and reinstall.

I will keep this topic open for five days in case you want to contact me again.
Posted Image
m0le is a proud member of UNITE

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:37 PM

Posted 05 October 2009 - 04:43 PM

Since this issue appears to be resolved ... this topic has been closed. Glad we could help. :(

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users