Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijacked TCICP


  • This topic is locked This topic is locked
2 replies to this topic

#1 Helpme12

Helpme12

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:02 AM

Posted 28 October 2009 - 05:34 PM

ok..so i downloaded a file..was in .rar format.....was a link to a youtube video.....so i went to look and see what files was in te rar before i extraced....the second i clicked on the rar file.....it instantly opened it fully...a gif pic pops up saying..." your internet is mine now!!!".......skull and bones pic.

noticed there was a txt file.....it says...i own your internet now.....no anti virus in the world will remove it...only i have the removal tool.....if you ever want you rinternet back then contact me on msn....has his msn name.....gives times he is on msn.....says he from croatia....the file had his youtube name on it....was added to youtube like 8 days ago.....name is Dai.
the txt file also said you can re install internet exployer but you'll never remove my virus try all you want!!!



ok...so i noticed i get a error (not connected to internet etc....when i try to go online......yahoo works fine...messanger.

ok so i noticed if tcicp settings get reset it lets the first page on browsers load....but anything past that goes back to the error....so it's reseting the registry settings back everytime it is changed back....

i'm on firefox now and it let me get here....but even on firefox...it refuses to let me on myspace....let me on face book.....would not let me on google.....

I've ran spyhunter, malware bytes, vundofix, hijack this, combo fix, lspfix, av's rootkit removal, etc etc

still nothing. i am sure the file probally hidden somewhere.....i've set the settings to show hidden files but still not sure what file it is or where it's hiding.

probally the hardest thing to remove thus far.....i removed windowspolicepro awhile back....and the sdra64.exe virus awhile back.....but this one...apprently is even tougher to remove. combofix removed the windowspolicepro and sdra64.exe problem in just under 30 minutes......so i figured it would find this one also..but nothing.

ROOTREPEAL AD, 2007-2009
==================================================
Scan Start Time: 2009/10/28 14:22
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xFAB0D000 Size: 187776 File Visible: - Signed: -
Status: -

Name: ACPI_HAL
Image Path: DriverACPI_HAL
Address: 0x804D7000 Size: 2180480 File Visible: - Signed: -
Status: -

Name: afd.sys
Image Path: C:WINDOWSSystem32driversafd.sys
Address: 0xF9BC0000 Size: 138368 File Visible: - Signed: -
Status: -

Name: agp440.sys
Image Path: agp440.sys
Address: 0xFABBC000 Size: 42368 File Visible: - Signed: -
Status: -

Name: atapi.sys
Image Path: atapi.sys
Address: 0xFAA2B000 Size: 95360 File Visible: - Signed: -
Status: -

Name: atidrab.dll
Image Path: C:WINDOWSSystem32atidrab.dll
Address: 0xBFF00000 Size: 385024 File Visible: - Signed: -
Status: -

Name: atimpab.sys
Image Path: C:WINDOWSSystem32DRIVERSatimpab.sys
Address: 0xFA8E9000 Size: 289664 File Visible: - Signed: -
Status: -

Name: audstub.sys
Image Path: C:WINDOWSSystem32DRIVERSaudstub.sys
Address: 0xFB192000 Size: 3072 File Visible: - Signed: -
Status: -

Name: AvgArCln.sys
Image Path: C:WINDOWSSystem32DRIVERSAvgArCln.sys
Address: 0xFA8DC000 Size: 3968 File Visible: - Signed: -
Status: -

Name: avgarkt.sys
Image Path: avgarkt.sys
Address: 0xFB060000 Size: 5632 File Visible: - Signed: -
Status: -

Name: BATTC.SYS
Image Path: C:WINDOWSSystem32DRIVERSBATTC.SYS
Address: 0xFAF74000 Size: 16384 File Visible: - Signed: -
Status: -

Name: Beep.SYS
Image Path: C:WINDOWSSystem32DriversBeep.SYS
Address: 0xFB06C000 Size: 4224 File Visible: - Signed: -
Status: -

Name: BOOTVID.dll
Image Path: C:WINDOWSsystem32BOOTVID.dll
Address: 0xFAF6C000 Size: 12288 File Visible: - Signed: -
Status: -

Name: catchme.sys
Image Path: C:DOCUME~1BRANDO~1LOCALS~1Tempcatchme.sys
Address: 0xFAF2C000 Size: 30592 File Visible: No Signed: -
Status: -

Name: Cdfs.SYS
Image Path: C:WINDOWSSystem32DriversCdfs.SYS
Address: 0xFADCC000 Size: 63744 File Visible: - Signed: -
Status: -

Name: cdrom.sys
Image Path: C:WINDOWSSystem32DRIVERScdrom.sys
Address: 0xFAC3C000 Size: 49536 File Visible: - Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:WINDOWSSystem32DRIVERSCLASSPNP.SYS
Address: 0xFABAC000 Size: 53248 File Visible: - Signed: -
Status: -

Name: CmBatt.sys
Image Path: C:WINDOWSSystem32DRIVERSCmBatt.sys
Address: 0xFAFFC000 Size: 14080 File Visible: - Signed: -
Status: -

Name: compbatt.sys
Image Path: compbatt.sys
Address: 0xFAF70000 Size: 9344 File Visible: - Signed: -
Status: -

Name: disk.sys
Image Path: disk.sys
Address: 0xFAB9C000 Size: 36352 File Visible: - Signed: -
Status: -

Name: drmk.sys
Image Path: C:WINDOWSsystem32driversdrmk.sys
Address: 0xFAC5C000 Size: 61440 File Visible: - Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:WINDOWSSystem32Driversdump_atapi.sys
Address: 0xF9A6E000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:WINDOWSSystem32Driversdump_WMILIB.SYS
Address: 0xFB072000 Size: 8192 File Visible: No Signed: -
Status: -

Name: Dxapi.sys
Image Path: C:WINDOWSSystem32driversDxapi.sys
Address: 0xFA654000 Size: 12288 File Visible: - Signed: -
Status: -

Name: dxg.sys
Image Path: C:WINDOWSSystem32driversdxg.sys
Address: 0xBF9C3000 Size: 73728 File Visible: - Signed: -
Status: -

Name: dxgthk.sys
Image Path: C:WINDOWSSystem32driversdxgthk.sys
Address: 0xFA734000 Size: 4096 File Visible: - Signed: -
Status: -

Name: e100b325.sys
Image Path: C:WINDOWSSystem32DRIVERSe100b325.sys
Address: 0xFA7CB000 Size: 145408 File Visible: - Signed: -
Status: -

Name: essm2e.sys
Image Path: C:WINDOWSsystem32driversessm2e.sys
Address: 0xFA813000 Size: 137600 File Visible: - Signed: -
Status: -

Name: Fastfat.sys
Image Path: Fastfat.sys
Address: 0xFA9D7000 Size: 143360 File Visible: - Signed: -
Status: -

Name: fdc.sys
Image Path: C:WINDOWSSystem32DRIVERSfdc.sys
Address: 0xFAE0C000 Size: 27392 File Visible: - Signed: -
Status: -

Name: Fips.SYS
Image Path: C:WINDOWSSystem32DriversFips.SYS
Address: 0xFAD6C000 Size: 34944 File Visible: - Signed: -
Status: -

Name: fltmgr.sys
Image Path: fltmgr.sys
Address: 0xFAA0C000 Size: 124800 File Visible: - Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:WINDOWSSystem32DriversFs_Rec.SYS
Address: 0xFB06A000 Size: 7936 File Visible: - Signed: -
Status: -

Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xFAA43000 Size: 125056 File Visible: - Signed: -
Status: -

Name: gameenum.sys
Image Path: C:WINDOWSSystem32DRIVERSgameenum.sys
Address: 0xFB048000 Size: 10624 File Visible: - Signed: -
Status: -

Name: hal.dll
Image Path: C:WINDOWSsystem32hal.dll
Address: 0x806EC000 Size: 81280 File Visible: - Signed: -
Status: -

Name: HTTP.sys
Image Path: C:WINDOWSSystem32DriversHTTP.sys
Address: 0xF876E000 Size: 263040 File Visible: - Signed: -
Status: -

Name: i8042prt.sys
Image Path: C:WINDOWSSystem32DRIVERSi8042prt.sys
Address: 0xFAC1C000 Size: 52736 File Visible: - Signed: -
Status: -

Name: Imapi.SYS
Image Path: C:WINDOWSSystem32DriversImapi.SYS
Address: 0xFAC2C000 Size: 41856 File Visible: - Signed: -
Status: -

Name: intelide.sys
Image Path: intelide.sys
Address: 0xFB062000 Size: 5504 File Visible: - Signed: -
Status: -

Name: ipnat.sys
Image Path: C:WINDOWSSystem32DRIVERSipnat.sys
Address: 0xF9B04000 Size: 134912 File Visible: - Signed: -
Status: -

Name: ipsec.sys
Image Path: C:WINDOWSSystem32DRIVERSipsec.sys
Address: 0xF9C62000 Size: 74752 File Visible: - Signed: -
Status: -

Name: irda.sys
Image Path: C:WINDOWSSystem32DRIVERSirda.sys
Address: 0xF9050000 Size: 87424 File Visible: - Signed: -
Status: -

Name: irenum.sys
Image Path: C:WINDOWSSystem32DRIVERSirenum.sys
Address: 0xFAFEC000 Size: 11264 File Visible: - Signed: -
Status: -

Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xFAB5C000 Size: 35840 File Visible: - Signed: -
Status: -

Name: kbdclass.sys
Image Path: C:WINDOWSSystem32DRIVERSkbdclass.sys
Address: 0xFAE14000 Size: 24576 File Visible: - Signed: -
Status: -

Name: KDCOM.DLL
Image Path: C:WINDOWSsystem32KDCOM.DLL
Address: 0xFB05C000 Size: 8192 File Visible: - Signed: -
Status: -

Name: km_filter.sys
Image Path: C:WINDOWSsystem32driverskm_filter.sys
Address: 0xFAFF8000 Size: 8832 File Visible: - Signed: -
Status: -

Name: kmixer.sys
Image Path: C:WINDOWSsystem32driverskmixer.sys
Address: 0xEC206000 Size: 171776 File Visible: - Signed: -
Status: -

Name: ks.sys
Image Path: C:WINDOWSSystem32DRIVERSks.sys
Address: 0xFA858000 Size: 143360 File Visible: - Signed: -
Status: -

Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xFA9C0000 Size: 92032 File Visible: - Signed: -
Status: -

Name: ltmdmnt.sys
Image Path: C:WINDOWSSystem32DRIVERSltmdmnt.sys
Address: 0xFA736000 Size: 606656 File Visible: - Signed: -
Status: -

Name: mnmdd.SYS
Image Path: C:WINDOWSSystem32Driversmnmdd.SYS
Address: 0xFB06E000 Size: 4224 File Visible: - Signed: -
Status: -

Name: Modem.SYS
Image Path: C:WINDOWSSystem32DriversModem.SYS
Address: 0xFAE2C000 Size: 30080 File Visible: - Signed: -
Status: -

Name: mouclass.sys
Image Path: C:WINDOWSSystem32DRIVERSmouclass.sys
Address: 0xFAE1C000 Size: 23040 File Visible: - Signed: -
Status: -

Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xFAB7C000 Size: 42240 File Visible: - Signed: -
Status: -

Name: mrxdav.sys
Image Path: C:WINDOWSSystem32DRIVERSmrxdav.sys
Address: 0xF8E5B000 Size: 181248 File Visible: - Signed: -
Status: -

Name: mrxsmb.sys
Image Path: C:WINDOWSSystem32DRIVERSmrxsmb.sys
Address: 0xF9B25000 Size: 453632 File Visible: - Signed: -
Status: -

Name: Msfs.SYS
Image Path: C:WINDOWSSystem32DriversMsfs.SYS
Address: 0xFAE7C000 Size: 19072 File Visible: - Signed: -
Status: -

Name: msgpc.sys
Image Path: C:WINDOWSSystem32DRIVERSmsgpc.sys
Address: 0xFACAC000 Size: 35072 File Visible: - Signed: -
Status: -

Name: msmpu401.sys
Image Path: C:WINDOWSsystem32driversmsmpu401.sys
Address: 0xFA8E6000 Size: 2944 File Visible: - Signed: -
Status: -

Name: MSPCLOCK.sys
Image Path: C:WINDOWSsystem32driversMSPCLOCK.sys
Address: 0xFB092000 Size: 5376 File Visible: - Signed: -
Status: -

Name: MSPQM.sys
Image Path: C:WINDOWSsystem32driversMSPQM.sys
Address: 0xFB084000 Size: 4992 File Visible: - Signed: -
Status: -

Name: mssmbios.sys
Image Path: C:WINDOWSSystem32DRIVERSmssmbios.sys
Address: 0xFB018000 Size: 15488 File Visible: - Signed: -
Status: -

Name: Mup.sys
Image Path: Mup.sys
Address: 0xFA978000 Size: 107904 File Visible: - Signed: -
Status: -

Name: NDIS.sys
Image Path: NDIS.sys
Address: 0xFA993000 Size: 182912 File Visible: - Signed: -
Status: -

Name: ndistapi.sys
Image Path: C:WINDOWSSystem32DRIVERSndistapi.sys
Address: 0xFB004000 Size: 9600 File Visible: - Signed: -
Status: -

Name: ndisuio.sys
Image Path: C:WINDOWSSystem32DRIVERSndisuio.sys
Address: 0xF9172000 Size: 12928 File Visible: - Signed: -
Status: -

Name: ndiswan.sys
Image Path: C:WINDOWSSystem32DRIVERSndiswan.sys
Address: 0xFA715000 Size: 91776 File Visible: - Signed: -
Status: -

Name: NDProxy.SYS
Image Path: C:WINDOWSSystem32DriversNDProxy.SYS
Address: 0xFACDC000 Size: 38016 File Visible: - Signed: -
Status: -

Name: netbios.sys
Image Path: C:WINDOWSSystem32DRIVERSnetbios.sys
Address: 0xFAD5C000 Size: 34560 File Visible: - Signed: -
Status: -

Name: netbt.sys
Image Path: C:WINDOWSSystem32DRIVERSnetbt.sys
Address: 0xF9BE2000 Size: 162816 File Visible: - Signed: -
Status: -

Name: nnrnstdi.SYS
Image Path: C:WINDOWSSystem32Driversnnrnstdi.SYS
Address: 0xFAE8C000 Size: 32768 File Visible: - Signed: -
Status: -

Name: Npfs.SYS
Image Path: C:WINDOWSSystem32DriversNpfs.SYS
Address: 0xFAE84000 Size: 30848 File Visible: - Signed: -
Status: -

Name: ntoskrnl.exe
Image Path: C:WINDOWSsystem32ntoskrnl.exe
Address: 0x804D7000 Size: 2180480 File Visible: - Signed: -
Status: -

Name: Null.SYS
Image Path: C:WINDOWSSystem32DriversNull.SYS
Address: 0xFA8E0000 Size: 2944 File Visible: - Signed: -
Status: -

Name: nwlnkipx.sys
Image Path: C:WINDOWSSystem32DRIVERSnwlnkipx.sys
Address: 0xF903A000 Size: 88448 File Visible: - Signed: -
Status: -

Name: nwlnknb.sys
Image Path: C:WINDOWSSystem32DRIVERSnwlnknb.sys
Address: 0xF9CCF000 Size: 63232 File Visible: - Signed: -
Status: -

Name: nwlnkspx.sys
Image Path: C:WINDOWSSystem32DRIVERSnwlnkspx.sys
Address: 0xF9076000 Size: 55936 File Visible: - Signed: -
Status: -

Name: OVCAM2.sys
Image Path: C:WINDOWSSystem32DRIVERSOVCAM2.sys
Address: 0xFADAC000 Size: 49152 File Visible: - Signed: -
Status: -

Name: OVCD.sys
Image Path: C:WINDOWSSystem32DRIVERSOVCD.sys
Address: 0xFAE94000 Size: 28032 File Visible: - Signed: -
Status: -

Name: OVCODEK2.sys
Image Path: C:WINDOWSSystem32DRIVERSOVCODEK2.sys
Address: 0xF9A86000 Size: 352256 File Visible: - Signed: -
Status: -

Name: p3.sys
Image Path: C:WINDOWSSystem32DRIVERSp3.sys
Address: 0xFAC6C000 Size: 42496 File Visible: - Signed: -
Status: -

Name: parport.sys
Image Path: C:WINDOWSSystem32DRIVERSparport.sys
Address: 0xFA87B000 Size: 80128 File Visible: - Signed: -
Status: -

Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xFADE4000 Size: 18688 File Visible: - Signed: -
Status: -

Name: ParVdm.SYS
Image Path: C:WINDOWSSystem32DriversParVdm.SYS
Address: 0xFB0C8000 Size: 6784 File Visible: - Signed: -
Status: -

Name: pci.sys
Image Path: pci.sys
Address: 0xFAAFC000 Size: 68224 File Visible: - Signed: -
Status: -

Name: PCIIDEX.SYS
Image Path: C:WINDOWSSystem32DRIVERSPCIIDEX.SYS
Address: 0xFADDC000 Size: 28672 File Visible: - Signed: -
Status: -

Name: pcmcia.sys
Image Path: pcmcia.sys
Address: 0xFAA62000 Size: 119936 File Visible: - Signed: -
Status: -

Name: PnpManager
Image Path: DriverPnpManager
Address: 0x804D7000 Size: 2180480 File Visible: - Signed: -
Status: -

Name: portcls.sys
Image Path: C:WINDOWSsystem32driversportcls.sys
Address: 0xFA7EF000 Size: 147456 File Visible: - Signed: -
Status: -

Name: psched.sys
Image Path: C:WINDOWSSystem32DRIVERSpsched.sys
Address: 0xFA664000 Size: 69120 File Visible: - Signed: -
Status: -

Name: ptilink.sys
Image Path: C:WINDOWSSystem32DRIVERSptilink.sys
Address: 0xFAE44000 Size: 17792 File Visible: - Signed: -
Status: -

Name: PxHelp20.sys
Image Path: PxHelp20.sys
Address: 0xFADEC000 Size: 19392 File Visible: - Signed: -
Status: -

Name: rasacd.sys
Image Path: C:WINDOWSSystem32DRIVERSrasacd.sys
Address: 0xFB058000 Size: 8832 File Visible: - Signed: -
Status: -

Name: rasirda.sys
Image Path: C:WINDOWSSystem32DRIVERSrasirda.sys
Address: 0xFAE34000 Size: 19584 File Visible: - Signed: -
Status: -

Name: rasl2tp.sys
Image Path: C:WINDOWSSystem32DRIVERSrasl2tp.sys
Address: 0xFAC7C000 Size: 51328 File Visible: - Signed: -
Status: -

Name: raspppoe.sys
Image Path: C:WINDOWSSystem32DRIVERSraspppoe.sys
Address: 0xFAC8C000 Size: 41472 File Visible: - Signed: -
Status: -

Name: raspptp.sys
Image Path: C:WINDOWSSystem32DRIVERSraspptp.sys
Address: 0xFAC9C000 Size: 48384 File Visible: - Signed: -
Status: -

Name: raspti.sys
Image Path: C:WINDOWSSystem32DRIVERSraspti.sys
Address: 0xFAE4C000 Size: 16512 File Visible: - Signed: -
Status: -

Name: RAW
Image Path: FileSystemRAW
Address: 0x804D7000 Size: 2180480 File Visible: - Signed: -
Status: -

Name: rdbss.sys
Image Path: C:WINDOWSSystem32DRIVERSrdbss.sys
Address: 0xF9B94000 Size: 176512 File Visible: - Signed: -
Status: -

Name: RDPCDD.sys
Image Path: C:WINDOWSSystem32DRIVERSRDPCDD.sys
Address: 0xFB070000 Size: 4224 File Visible: - Signed: -
Status: -

Name: rdpdr.sys
Image Path: C:WINDOWSSystem32DRIVERSrdpdr.sys
Address: 0xFA60B000 Size: 196864 File Visible: - Signed: -
Status: -

Name: RDPWD.SYS
Image Path: C:WINDOWSSystem32DriversRDPWD.SYS
Address: 0xF8E88000 Size: 139264 File Visible: - Signed: -
Status: -

Name: redbook.sys
Image Path: C:WINDOWSSystem32DRIVERSredbook.sys
Address: 0xFAC4C000 Size: 57472 File Visible: - Signed: -
Status: -

Name: RootMdm.sys
Image Path: C:WINDOWSSystem32DriversRootMdm.sys
Address: 0xFB064000 Size: 5888 File Visible: - Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:WINDOWSsystem32driversrootrepeal.sys
Address: 0xF83E0000 Size: 49152 File Visible: No Signed: -
Status: -

Name: serenum.sys
Image Path: C:WINDOWSSystem32DRIVERSserenum.sys
Address: 0xFAFE8000 Size: 15488 File Visible: - Signed: -
Status: -

Name: serial.sys
Image Path: C:WINDOWSSystem32DRIVERSserial.sys
Address: 0xFABFC000 Size: 64896 File Visible: - Signed: -
Status: -

Name: smcirda.sys
Image Path: C:WINDOWSSystem32DRIVERSsmcirda.sys
Address: 0xFAC0C000 Size: 35840 File Visible: - Signed: -
Status: -

Name: sr.sys
Image Path: sr.sys
Address: 0xFA9FA000 Size: 73472 File Visible: - Signed: -
Status: -

Name: srv.sys
Image Path: C:WINDOWSSystem32DRIVERSsrv.sys
Address: 0xF8ACF000 Size: 333184 File Visible: - Signed: -
Status: -

Name: STREAM.SYS
Image Path: C:WINDOWSSystem32DRIVERSSTREAM.SYS
Address: 0xFADBC000 Size: 49152 File Visible: - Signed: -
Status: -

Name: swenum.sys
Image Path: C:WINDOWSSystem32DRIVERSswenum.sys
Address: 0xFB066000 Size: 4352 File Visible: - Signed: -
Status: -

Name: sysaudio.sys
Image Path: C:WINDOWSsystem32driverssysaudio.sys
Address: 0xF921E000 Size: 60800 File Visible: - Signed: -
Status: -

Name: tcpip.sys
Image Path: C:WINDOWSSystem32DRIVERStcpip.sys
Address: 0xF9C0A000 Size: 360320 File Visible: - Signed: -
Status: -

Name: TDI.SYS
Image Path: C:WINDOWSSystem32DRIVERSTDI.SYS
Address: 0xFAE3C000 Size: 20480 File Visible: - Signed: -
Status: -

Name: TDTCP.SYS
Image Path: C:WINDOWSSystem32DriversTDTCP.SYS
Address: 0xFAEAC000 Size: 21760 File Visible: - Signed: -
Status: -

Name: termdd.sys
Image Path: C:WINDOWSSystem32DRIVERStermdd.sys
Address: 0xFACBC000 Size: 40704 File Visible: - Signed: -
Status: -

Name: update.sys
Image Path: C:WINDOWSSystem32DRIVERSupdate.sys
Address: 0xFA5D7000 Size: 209408 File Visible: - Signed: -
Status: -

Name: USBD.SYS
Image Path: C:WINDOWSSystem32DRIVERSUSBD.SYS
Address: 0xFB068000 Size: 8192 File Visible: - Signed: -
Status: -

Name: usbhub.sys
Image Path: C:WINDOWSSystem32DRIVERSusbhub.sys
Address: 0xFACFC000 Size: 57600 File Visible: - Signed: -
Status: -

Name: USBPORT.SYS
Image Path: C:WINDOWSSystem32DRIVERSUSBPORT.SYS
Address: 0xFA835000 Size: 143360 File Visible: - Signed: -
Status: -

Name: usbuhci.sys
Image Path: C:WINDOWSSystem32DRIVERSusbuhci.sys
Address: 0xFAE24000 Size: 20480 File Visible: - Signed: -
Status: -

Name: vga.sys
Image Path: C:WINDOWSSystem32driversvga.sys
Address: 0xFAE74000 Size: 20992 File Visible: - Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:WINDOWSSystem32DRIVERSVIDEOPRT.SYS
Address: 0xFA88F000 Size: 81920 File Visible: - Signed: -
Status: -

Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xFAB8C000 Size: 52352 File Visible: - Signed: -
Status: -

Name: wanarp.sys
Image Path: C:WINDOWSSystem32DRIVERSwanarp.sys
Address: 0xFAD7C000 Size: 34560 File Visible: - Signed: -
Status: -

Name: wanatw4.sys
Image Path: C:WINDOWSsystem32DRIVERSwanatw4.sys
Address: 0xFAE54000 Size: 20512 File Visible: - Signed: -
Status: -

Name: watchdog.sys
Image Path: C:WINDOWSSystem32watchdog.sys
Address: 0xFAE9C000 Size: 20480 File Visible: - Signed: -
Status: -

Name: wdf01000.sys
Image Path: wdf01000.sys
Address: 0xFAA80000 Size: 507904 File Visible: - Signed: -
Status: -

Name: WDFLDR.SYS
Image Path: C:WINDOWSSystem32DriversWDFLDR.SYS
Address: 0xFAB6C000 Size: 53248 File Visible: - Signed: -
Status: -

Name: wdmaud.sys
Image Path: C:WINDOWSsystem32driverswdmaud.sys
Address: 0xF8D31000 Size: 82944 File Visible: - Signed: -
Status: -

Name: Win32k
Image Path: DriverWin32k
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -

Name: win32k.sys
Image Path: C:WINDOWSSystem32win32k.sys
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -

Name: WMILIB.SYS
Image Path: C:WINDOWSSystem32DRIVERSWMILIB.SYS
Address: 0xFB05E000 Size: 8192 File Visible: - Signed: -
Status: -

Name: WMIxWDM
Image Path: DriverWMIxWDM
Address: 0x804D7000 Size: 2180480 File Visible: - Signed: -
Status: -




DDS (Ver_09-10-26.01) - FAT32x86
Run by Brandon Pierpont at 14:19:09.78 on Wed 10/28/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.191.48 [GMT -4:00]


============== Running Processes ===============

C:WINDOWSsystem32svchost -k DcomLaunch
SVCHOST.EXE
C:WINDOWSSystem32svchost.exe -k netsvcs
SVCHOST.EXE
SVCHOST.EXE
C:WINDOWSsystem32spoolsv.exe
SVCHOST.EXE
C:WINDOWSExplorer.EXE
C:Program FilesCommon FilesAOLACSAOLAcsd.exe
C:WINDOWSSystem32atievxx.exe
C:WINDOWSSystem32svchost.exe -k imgsvc
C:Program FilesGoogleUpdate1.2.183.7GoogleCrashHandler.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesWebrootWasherWasherSvc.exe
C:Program FilesYahoo!SoftwareUpdateYahooAUService.exe
C:WINDOWSsystem32wscntfy.exe
C:WINDOWSSystem32svchost.exe -k HTTPFilter
C:Program FilesMozilla Firefoxfirefox.exe
C:Program FilesYahoo!MessengerYahooMessenger.exe
C:Documents and SettingsBrandon PierpontDesktopdds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.myspace.com/
uInternet Settings,ProxyServer = actsvr.comcastonline.com:8100
uInternet Settings,ProxyOverride = cdn
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:program filesadobeacrobat 7.0activexAcroIEHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:program filescommon filesmicrosoft sharedwindows liveWindowsLiveLogin.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:program filesgooglegoogle gearsinternet explorer0.5.32.0gears.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:program filesyahoo!companioninstallscpn0YTSingleInstance.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:windowssystem32ctfmon.exe
mRun: [QuickTime Task] "c:program filesquicktimeqttask.exe" -atboottime
mRun: [Malwarebytes Anti-Malware (reboot)] "c:program filesmalwarebytes' anti-malwarembam.exe" /runcleanupscript
IE: E&xport to Microsoft Excel - c:progra~1micros~2office10EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:program filesmessengermsmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:program filesgooglegoogle gearsinternet explorer0.5.32.0gears.dll
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37897.7892708333
DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
LSA: Authentication Packages = msv1_0 nwprovau

================= FIREFOX ===================

FF - ProfilePath - c:docume~1brando~1applic~1mozillafirefoxprofiles6ja0ybf7.default
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=13&q=
FF - prefs.js: browser.search.selectedEngine - MyWebSearch
FF - prefs.js: browser.startup.homepage - hxxp://www.tattoodle.com?v=13&tid={E1B755A6-C187-41E4-B7CD-8FDD75C2FE9F}
FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZUman000&fl=0&ptb=cTK3dSRA1dOMtCWoUB98Bw&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor=
FF - component: c:program filesgooglegoogle gearsfirefoxlibff30gears.dll
FF - component: c:program filesmozilla firefoxcomponentsnsgkff30_meter2.dll
FF - plugin: c:program filesgoogleupdate1.2.183.7npGoogleOneClick8.dll
FF - plugin: c:program filesjavaj2re1.4.2_05binNPJava11.dll
FF - plugin: c:program filesjavaj2re1.4.2_05binNPJava12.dll
FF - plugin: c:program filesjavaj2re1.4.2_05binNPJava13.dll
FF - plugin: c:program filesjavaj2re1.4.2_05binNPJava14.dll
FF - plugin: c:program filesjavaj2re1.4.2_05binNPJava32.dll
FF - plugin: c:program filesjavaj2re1.4.2_05binNPJPI142_05.dll
FF - plugin: c:program filesjavaj2re1.4.2_05binNPOJI610.dll
FF - plugin: c:program filesviewpointviewpoint experience technologynpViewpoint.dll

============= SERVICES / DRIVERS ===============

R1 nnrnstdi;nnrnstdi;c:windowssystem32driversnnrnstdi.sys [2009-10-20 14336]
R3 km_filter;km_filter;c:windowssystem32driverskm_filter.sys [2009-10-20 8832]
R3 Maestro;ESS Maestro2E Audio Driver (WDM);c:windowssystem32driversessm2e.sys [2002-6-3 137600]
S0 nielprt;Nielsen Patch Service;c:windowssystem32driversnielprt.sys [2009-10-20 21888]
S3 AWINDIS5;AWINDIS5 Protocol Driver;c:windowssystem32AWINDIS5.SYS [2003-12-29 16194]
S3 CSNPD51;CSNPD51 NDIS Protocol Driver;c:windowssystem32driversCSNPD51.sys [2009-10-10 27800]
S3 CSNPD51a64;CSNPD51a64 NDIS Protocol Driver;c:windowssystem32driverscsnpd51a64.sys --> c:windowssystem32driversCSNPD51a64.sys [?]
S3 NielGfx;Nielsen USB GFX;c:windowssystem32driversnielgfx.sys [2009-10-20 9088]
S3 PRISM_ICB;NETGEAR WG511 Wireless LAN Driver;c:windowssystem32driversWG511ICB.sys [2003-12-29 50560]

=============== Created Last 30 ================

2009-10-28 05:28:58 0 d-----w- c:docume~1alluse~1applic~1RegCure
2009-10-28 05:25:45 0 d-----w- c:docume~1brando~1applic~1GlarySoft
2009-10-28 05:25:42 0 d-----w- c:program filesGlary Registry Repair
2009-10-27 22:58:37 3968 ----a-w- c:windowssystem32driversAvgArCln.sys
2009-10-27 22:47:02 0 d-sh--w- C:FOUND.022
2009-10-27 07:53:26 0 d-----w- C:FOUND.021
2009-10-27 07:28:15 0 d-sha-r- C:cmdcons
2009-10-27 07:24:29 98816 ----a-w- c:windowssed.exe
2009-10-27 07:24:29 77312 ----a-w- c:windowsMBR.exe
2009-10-27 07:24:29 236544 ----a-w- c:windowsPEV.exe
2009-10-27 07:24:29 161792 ----a-w- c:windowsSWREG.exe
2009-10-26 10:08:40 0 d-----w- C:FOUND.020
2009-10-26 00:27:03 0 d-----w- C:SDFix
2009-10-25 17:19:17 0 d-----w- c:program filesTrend Micro
2009-10-23 19:14:49 22528 ----a-w- c:windowssystem32tdlwsp.dll
2009-10-20 11:31:55 8832 ----a-w- c:windowssystem32driverskm_filter.sys
2009-10-20 11:31:52 14336 ----a-w- c:windowssystem32driversnnrnstdi.sys
2009-10-20 11:31:43 9088 ----a-w- c:windowssystem32driversnielgfx.sys
2009-10-20 11:31:43 21888 ----a-w- c:windowssystem32driversnielprt.sys
2009-10-20 11:06:58 0 ---ha-w- c:windowssystem32driversMsft_Kernel_nielprt_01007.Wdf
2009-10-20 11:06:23 0 ---ha-w- c:windowssystem32driversMsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-10-20 11:04:22 14640 ------w- c:windowssystem32spmsgXP_2k3.dll
2009-10-20 11:00:06 1112288 ----a-w- c:windowssystem32WdfCoInstaller01007.dll
2009-10-20 10:55:03 0 d-----w- c:docume~1brando~1applic~1Babylon
2009-10-20 10:54:41 58688 ----a-w- c:windowsnsw124e.ca6
2009-10-19 01:51:20 1152 ----a-w- c:windowssystem32windrv.sys
2009-10-19 01:51:03 0 d-----w- c:program filesSpyNoMore
2009-10-19 01:00:10 0 d-----w- C:FOUND.019
2009-10-18 23:55:58 0 d-----w- C:FOUND.018
2009-10-18 12:56:22 0 d-----w- c:program filesCPoint
2009-10-17 22:40:07 318 ----a-w- c:windowsWPE PRO - modified.INI
2009-10-17 05:20:30 0 d-----w- C:FOUND.017
2009-10-16 10:16:29 0 d-----w- c:program filesHashCalc
2009-10-11 08:24:12 679936 ----a-w- c:windowssystem32D3DX81ab.dll
2009-10-11 08:24:12 1970176 ----a-w- c:windowssystem32d3dx9.dll
2009-10-11 08:24:09 0 d-----w- c:program filesCheat Engine
2009-10-11 08:23:47 165134 ----a-w- c:windowsPowerHEX Uninstaller.exe
2009-10-11 08:23:45 0 d-----w- c:program filescommon filesThraex Software
2009-10-11 08:23:44 0 d-----w- c:program filesPowerHEX
2009-10-10 12:17:59 0 d-----w- c:program filesMicroOLAP Packet Sniffer SDK
2009-10-10 12:13:38 0 d-----w- c:docume~1brando~1applic~1Colasoft Packet Builder
2009-10-10 12:13:13 0 d-----w- c:program filescommon filesColasoft Shared
2009-10-10 12:13:06 0 d-----w- c:program filesColasoft Packet Builder 1.0
2009-10-10 03:32:12 0 d-----w- C:FOUND.016
2009-10-10 01:18:03 99 ----a-w- c:documents and settingsbrandon pierpontinstalls.jsd
2009-10-10 01:17:57 80 ----a-w- c:documents and settingsbrandon pierpont.userCfgIni8Aut
2009-10-10 01:17:49 0 d-----w- c:docume~1brando~1applic~1gnupg
2009-10-10 01:15:49 0 d-----w- c:program filesAutoKrypt8
2009-10-10 00:32:14 0 d-----w- c:program filesKryptoPad
2009-10-10 00:22:05 889168 ----a-w- c:windowssystem32wodCrypt.ocx
2009-10-10 00:22:05 868688 ----a-w- c:windowssystem32wodCrypt.dll
2009-10-10 00:22:05 137934 ----a-w- c:windowssystem32wodCrypt.chm
2009-10-10 00:22:04 667648 ----a-w- c:windowssystem32wodKeys.dll
2009-10-10 00:22:04 59933 ----a-w- c:windowssystem32wodKeys.chm
2009-10-10 00:22:04 160886 ----a-w- c:windowssystem32wodCertificate.chm
2009-10-10 00:22:03 794624 ----a-w- c:windowssystem32wodCertificate.dll
2009-10-10 00:22:03 0 d-----w- c:program filesWeOnlyDo.Com
2009-10-10 00:17:34 0 d-----w- c:program filesDecryptSQL
2009-10-04 00:55:24 0 d-----w- C:FOUND.015
2009-10-03 21:19:28 64 ----a-w- c:windowsGPlrLanc.dat
2009-10-03 21:19:28 37033 ------w- c:windowsFRGT.ico
2009-10-03 21:17:11 0 d-----w- c:docume~1alluse~1applic~1Free Ride Games
2009-10-03 02:12:42 0 d-----w- C:FOUND.014
2009-09-29 17:38:09 0 d-----w- c:program filesNsauditor
2009-09-29 08:50:08 0 d-----w- C:FOUND.013
2009-09-29 04:35:22 0 d-----w- C:FOUND.012

==================== Find3M ====================

2009-09-10 18:54:06 38224 ----a-w- c:windowssystem32driversmbamswissarmy.sys
2009-09-10 18:53:50 19160 ----a-w- c:windowssystem32driversmbam.sys

============= FINISH: 14:20:17.88 ===============

Edited by The weatherman, 28 October 2009 - 06:07 PM.
Merged posts to keep the member on "0" replies.~Tw


BC AdBot (Login to Remove)

 


#2 Helpme12

Helpme12
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:02 AM

Posted 02 November 2009 - 08:32 AM

i fixed the problem

http://support.microsoft.com/kb/972034


thats a trusted microsoft website...there is a fix it program to download there.

this virus had re wrote the windows host file...had blocked all the websites i normally went to like myspace, facebook, youtube, wikipedia, yahoo, google, etc etc

that fix it file reset windows host file back to default...everything worked fine after that......the file name that had the virus was called DAI.EXE hope this helps anyone else who runs into this problem...

#3 Guest_The weatherman_*

Guest_The weatherman_*

  • Guests
  • OFFLINE
  •  

Posted 02 November 2009 - 08:53 AM

Thanks for sharing that with us Helpme12. :(




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users