Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Trojan I believe (keeps shuting down)


  • This topic is locked This topic is locked
3 replies to this topic

#1 Amanda704

Amanda704

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:20 PM

Posted 23 January 2010 - 07:58 PM

Getting errors that is asking that ask me to type in "2 security password" or my computer will shut down in 3 minutes, and it begins to count down.


DDS (Ver_09-12-01.01) - NTFSx86
Run by acraft at 18:32:00.42 on Sat 01/23/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3536.1803 [GMT -6:00]

AV: Microsoft Forefront Client Security *On-access scanning enabled* (Updated) {926A3D4F-E4E7-4F47-9902-4EDD55FFE1AF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
c:\program files\idt\dellxpm09b_6017v022\wdm\stacsv.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\WINDOWS\system32\PMService.exe
C:\Program Files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PGPserv.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
C:\Program Files\Microsoft Forefront\Client Security\Client\Microsoft Operations Manager 2005\MOMService.exe
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office Communicator\communicator.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Dynamics CRM\Client\res\Web\bin\Microsoft.Crm.Application.Hoster.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
C:\windows\pp14.exe
C:\windows\freddy81.exe
C:\Program Files\PGP Corporation\PGP Desktop\PGPtray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\acraft\Local Settings\Temporary Internet Files\Content.IE5\L2YQ616S\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://mac.medassets.com/Pages/Default.aspx
uWindow Title = Windows Internet Explorer provided by MedAssets, Inc
uURLSearchHooks: N/A: {00a6faf6-072e-44cf-8957-5838f569a31d} - c:\program files\mywebsearch\bar\1.bin\MWSSRCAS.DLL
BHO: MyWebSearch Search Assistant BHO: {00a6faf1-072e-44cf-8957-5838f569a31d} - c:\program files\mywebsearch\bar\1.bin\MWSSRCAS.DLL
BHO: mwsBar BHO: {07b18ea1-a523-4961-b6bb-170de4475cca} - c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLL
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: My Web Search: {07b18ea9-a523-4961-b6bb-170de4475cca} - c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLL
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSCRMStartup] "c:\program files\microsoft dynamics crm\client\res\web\bin\Microsoft.Crm.Application.Hoster.exe"
uRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\1.bin\mwsoemon.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [DellControlPoint] "c:\program files\dell\dell controlpoint\Dell.ControlPoint.exe"
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [MSCRM] "c:\program files\microsoft dynamics crm\client\configwizard\CrmForOutlookInstaller.exe" /activateaddin
mRun: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
mRun: [EPA_EZ_GPO_Tool] c:\windows\system32\EZ_GPO_Tool.exe
mRun: [Microsoft Forefront Client Security Antimalware Service] "c:\program files\microsoft forefront\client security\client\antimalware\MSASCui.exe" -hide
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Communicator] "c:\program files\microsoft office communicator\communicator.exe" /fromrunkey
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [My Web Search Bar Search Scope Monitor] "c:\progra~1\mywebs~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h
mRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\1.bin\mwsoemon.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [sysldtray] c:\windows\ld16.exe
mRun: [Captcha7] rundll "c:\program files\captcha.dll",captcha
mRun: [sysfbtray] c:\windows\freddy81.exe
mRun: [pp] c:\windows\pp14.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dellco~1.lnk - c:\program files\dell\dell controlpoint\system manager\DCPSysMgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pgptra~1.lnk - c:\windows\installer\{03c4a3eb-dd89-49ea-bf54-72b504e90feb}\Icon6560581611.exe
IE: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZKxdm011YYUS
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
LSP: c:\windows\system32\PGPlsp.dll
Trusted Zone: adobe.com\get
Trusted Zone: avega.com
Trusted Zone: companyweb
Trusted Zone: hsca.com
Trusted Zone: medassets-nrs.com
Trusted Zone: medassets-nrs.com\bluecoat
Trusted Zone: medassets.com
Trusted Zone: medassets.com\bluecoat
Trusted Zone: medassets.com\bluecoatnrs
Trusted Zone: medassetshscaintranet.com
Trusted Zone: medassetsintranet.com
Trusted Zone: successfactors.com\*.%20performancemanager4
Trusted Zone: avega.com
Trusted Zone: companyweb
Trusted Zone: hsca.com
Trusted Zone: medassets-nrs.com
Trusted Zone: medassets-nrs.com\bluecoat
Trusted Zone: medassets.com
Trusted Zone: medassets.com\bluecoat
Trusted Zone: medassets.com\bluecoatnrs
Trusted Zone: medassetshscaintranet.com
Trusted Zone: medassetsintranet.com
Trusted Zone: successfactors.com\*.%20performancemanager4
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/WebfettiInitialSetup1.0.1.1.cab
DPF: {1F608277-ABD2-4F58-B449-349388B10AC5} - hxxp://scs.intranet.medassets.com/controls/PrintFile.CAB
DPF: {1FA70136-002E-11D4-816B-00C04F762641} - hxxp://scs.intranet.medassets.com/controls/Reports.CAB
DPF: {214D6051-84F5-11D4-AD03-00C04F762604} - hxxp://hostedramp.medassets.com/controls/RampSoftware.CAB
DPF: {3367BF5E-B0C3-4EF1-B8E8-17EA8F563F00} - hxxp://hostedramp.medassets.com/Controls/HSCADateControls.CAB
DPF: {3BDA2D0C-19BC-11D3-8134-00C04F762641} - hxxp://scs.intranet.medassets.com/controls/HSCAPopupMenu.CAB
DPF: {47BF9ECA-FD08-11D4-81C5-00C04F762641} - hxxp://scs.intranet.medassets.com/controls/ControlSupport.CAB
DPF: {4AD61DE9-6657-4F9E-9C18-F1C89AAA4379} - hxxp://cognos.medassets.com/cognos8/contributor/controls/epcwebinstaller84.cab
DPF: {4C72080E-3102-49B0-A1B4-B412861EB5C1} - hxxp://scs.intranet.medassets.com/controls/FileManager.CAB
DPF: {66E443FC-E2C9-11D2-8125-00C04F762641} - hxxp://scs.intranet.medassets.com/controls/FTP.CAB
DPF: {67AE4D1E-3132-4E2C-BC00-B86C5C00F31C} - hxxp://scs.intranet.medassets.com/controls/SMTPMailer.CAB
DPF: {6874589E-0302-11D3-812E-00C04F762641} - hxxp://scs.intranet.medassets.com/controls/StandardRDSGrid.CAB
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228930772015
DPF: {7002C139-FD0A-11D4-81C5-00C04F762641} - hxxp://scs.intranet.medassets.com/controls/ControlSupport2.CAB
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {90EF43F1-E237-11D2-8125-00C04F762641} - hxxp://scs.intranet.medassets.com/controls/WordTextEditing.CAB
DPF: {93A9AFB0-E09A-11D2-8125-00C04F762641} - hxxp://scs.intranet.medassets.com/controls/MyHome.CAB
DPF: {9F77174D-FD0B-11D4-81C5-00C04F762641} - hxxp://scs.intranet.medassets.com/controls/ControlSupport3.CAB
DPF: {A2428311-B7BE-11D2-AB99-00C04F762604} - hxxp://hostedramp.medassets.com/controls/Word.CAB
DPF: {AA570DC3-C841-11D2-811C-00C04F762641} - hxxp://scs.intranet.medassets.com/controls/CDQObj.CAB
DPF: {C34F6C21-DF19-11D3-8164-00C04F762641} - hxxp://scs.intranet.medassets.com/controls/tblVisionPropertiesPagePlugin.CAB
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CC06BC84-D213-442B-85F2-28E1F8108EAD} - hxxp://cognos.medassets.com/cognos8/contributor/controls/clientfull84.cab
DPF: {D78C52EB-ED7E-11D4-81BC-00C04F762641} - hxxp://scs.intranet.medassets.com/controls/UserId.CAB
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://medassets.webex.com/client/T26L10NSP49EP12/webex/ieatgpc.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://extranet.medassets.com/dana-cached/setup/JuniperSetupSP1.cab
DPF: {E9C9692E-F93C-11D1-ABB0-0040054FC6FB} - hxxp://scs.intranet.medassets.com/controls/pvdt60.cab
DPF: {EB61D6E5-307F-4AC5-B160-E695E085BA5B} - hxxp://scs.intranet.medassets.com/Controls/SCSDateControls.CAB
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://extranet.medassets.com/dana-cached/sc/JuniperSetupClient.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli PGPpwflt
Hosts: 85.13.206.114 uuu20091124.info
Hosts: 85.13.206.114 u07012010u.com

============= SERVICES / DRIVERS ===============

R0 pgpfs;PGP File Sharing;c:\windows\system32\drivers\PGPfsfd.sys [2009-3-4 135736]
R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\dell\dell controlpoint\DCPButtonSvc.exe [2008-9-4 406808]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostControlService.exe [2008-11-11 808296]
R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostStorageService.exe [2008-11-11 20840]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\dell\dell controlpoint\system manager\DCPSysMgrSvc.exe [2008-11-11 451872]
R2 EPA_GPO_PMService;Energy Star™ EZ GPO Power Management Configuration Tool;c:\windows\system32\PMService.exe [2008-2-29 81920]
R2 FCSAM;Microsoft Forefront Client Security Antimalware Service;c:\program files\microsoft forefront\client security\client\antimalware\MsMpEng.exe [2009-6-3 16880]
R2 FcsSas;Microsoft Forefront Client Security State Assessment Service;c:\program files\microsoft forefront\client security\client\ssa\FcsSas.exe [2007-4-6 73120]
R2 MOM;MOM;c:\program files\microsoft forefront\client security\client\microsoft operations manager 2005\MOMService.exe [2005-7-21 134656]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2008-12-23 108160]
R3 CCIDFILTER;Broadcom Smart Card Reader Filter Driver;c:\windows\system32\drivers\ccidflt.sys [2008-12-23 12840]
R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [2008-12-23 32808]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2008-9-17 244368]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-12-23 110080]
R3 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-7-8 69616]
S2 MyWebSearchService;My Web Search Service;c:\progra~1\mywebs~1\bar\1.bin\mwssvc.exe [2009-12-22 28762]
S3 vmfilter323;323 filter service, Normal;c:\windows\system32\drivers\vmfilter323.sys [2007-9-21 420480]
S3 ZSMC326;Vimicro USB2.0 PC Camera(VC0323);c:\windows\system32\drivers\usbvm323.sys [2008-2-18 260608]

=============== Created Last 30 ================

2010-01-23 16:58:47 11007 ----a-w- c:\windows\fs1235.dat
2010-01-23 02:18:01 699 ----a-w- c:\windows\rdr_1264213080.exe
2010-01-23 01:39:08 31744 ---h--w- c:\windows\pp14.exe
2010-01-23 01:39:08 1 ----a-w- c:\windows\fdgg34353edfgdfdf
2010-01-23 01:38:59 18432 --sh--r- c:\program files\captcha.dll
2010-01-23 01:38:58 1 ---h--w- c:\windows\bk23567.dat
2010-01-23 01:38:56 2 ----a-w- c:\windows\010112010146114101.xxe
2010-01-23 01:38:54 55296 ------w- c:\windows\freddy81.exe
2010-01-23 01:38:47 2 ----a-w- c:\windows\01011201014650115.xxe
2010-01-23 01:38:09 36864 ----a-w- c:\windows\ld16.exe

==================== Find3M ====================

2010-01-14 17:12:06 181120 ------w- c:\windows\system32\MpSigStub.exe
2009-12-23 04:35:16 28672 ----a-w- c:\windows\system32\f3PSSavr.scr
2009-12-09 13:25:16 398632 ----a-w- c:\windows\system32\dsNcSmartCardProv.dll
2009-12-09 13:25:16 345384 ----a-w- c:\windows\system32\dsNcCredProv.dll
2009-12-09 13:22:54 221184 ----a-w- c:\windows\system32\dsGinaLoader.dll
2009-12-09 13:10:40 26624 ----a-w- c:\windows\system32\drivers\dsNcAdpt.sys
2008-12-23 19:48:02 32768 --sha-w- c:\windows\system32\config\systemprofile\application data\microsoft\internet explorer\userdata\index.dat
2008-12-26 17:51:08 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat

============= FINISH: 18:32:16.68 ===============


ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2010/01/23 18:46
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA8C0F000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBA63E000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal[1].sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal[1].sys
Address: 0xA7706000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: Volume C:\, Sector 28
Status: Sector mismatch

Path: Volume C:\, Sector 29
Status: Sector mismatch

Path: Volume C:\, Sector 30
Status: Sector mismatch

Path: Volume C:\, Sector 31
Status: Sector mismatch

Path: Volume C:\, Sector 32
Status: Sector mismatch

Path: Volume C:\, Sector 33
Status: Sector mismatch

Path: Volume C:\, Sector 34
Status: Sector mismatch

Path: Volume C:\, Sector 35
Status: Sector mismatch

Path: Volume C:\, Sector 36
Status: Sector mismatch

Path: Volume C:\, Sector 37
Status: Sector mismatch

Path: Volume C:\, Sector 38
Status: Sector mismatch

Path: Volume C:\, Sector 39
Status: Sector mismatch

Path: Volume C:\, Sector 40
Status: Sector mismatch

Path: Volume C:\, Sector 41
Status: Sector mismatch

Path: Volume C:\, Sector 42
Status: Sector mismatch

Path: Volume C:\, Sector 43
Status: Sector mismatch

Path: Volume C:\, Sector 44
Status: Sector mismatch

Path: Volume C:\, Sector 45
Status: Sector mismatch

Path: Volume C:\, Sector 46
Status: Sector mismatch

Path: Volume C:\, Sector 47
Status: Sector mismatch

Path: Volume C:\, Sector 48
Status: Sector mismatch

Path: Volume C:\, Sector 49
Status: Sector mismatch

Path: Volume C:\, Sector 50
Status: Sector mismatch

Path: Volume C:\, Sector 51
Status: Sector mismatch

Path: Volume C:\, Sector 52
Status: Sector mismatch

Path: Volume C:\, Sector 53
Status: Sector mismatch

Path: Volume C:\, Sector 54
Status: Sector mismatch

Path: Volume C:\, Sector 55
Status: Sector mismatch

Path: Volume C:\, Sector 56
Status: Sector mismatch

Path: Volume C:\, Sector 57
Status: Sector mismatch

Path: Volume C:\, Sector 58
Status: Sector mismatch

Path: Volume C:\, Sector 59
Status: Sector mismatch

Path: Volume C:\, Sector 60
Status: Sector mismatch

Path: Volume C:\, Sector 61
Status: Sector mismatch

Path: Volume C:\, Sector 62
Status: Sector mismatch

Stealth Objects
-------------------
Object: Hidden Handle [Index: 4, Type: UnknownType]
Process: MsMpEng.exe (PID: 968) Address: 0xe3d31818 Size: -

Object: Hidden Handle [Index: 4, Type: UnknownType]
Process: svchost.exe (PID: 1008) Address: 0xe246d020 Size: -

Object: Hidden Handle [Index: 6148, Type: UnknownType]
Process: svchost.exe (PID: 1008) Address: 0xe3cf4818 Size: -

==EOF==


I am able to do most things just fine on the internet and everywhere else until i get that screen-and it then it locks my computer, turns my background dark-and pulls up a "window based" application or screen that asks me to type in two words. it would not let me do a print screen.




Attached Files



BC AdBot (Login to Remove)

 


#2 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:20 PM

Posted 29 January 2010 - 07:15 PM

Hi,

My name is Extremeboy (or EB for short), and I will be helping you with your log.

We apologize for the delay of response.

Do you still require help?

If you still require assistance we would like to see the current condition of your system so please post a new set of DDS Logs as well as a RootRepeal log and a description of any remaining problems or symptoms you may still have please.

If for any reason you did not post a DDS log or RootRepeal log please refer to this page and in step #6 and Step #7 for further instructions on downloading and running DDS & RootRepeal. If you have any problems when running the tools or unable to produce a report for any reason, just let me know in your next reply.


For your next reply I would like to see:
-The DDS logs
---DDS.txt and Attach logs
-RootRepeal logs
-Description of any remaining problems you may still have.


Thanks again and we apologize for the delay.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#3 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:20 PM

Posted 01 February 2010 - 12:43 PM

Hello.

Are you still there? Do you still require help?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 5-7 from the last day I replied initially, the topic will need to be closed.

Thanks for understanding.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:20 PM

Posted 03 February 2010 - 03:44 PM

Hello.

Due to Lack of feedback, this topic is now Closed

If you need this topic reopened, please Send Me a Message. In your message please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users