Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

nothing helps


  • This topic is locked This topic is locked
18 replies to this topic

#1 Chief45

Chief45

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:14 AM

Posted 02 February 2010 - 11:03 PM

It appears to be one of the zlob infections.
daughters laptop, dell inspiron 1501, Windows XP home version 2002 SP2.

I've tried rkill, all 4 versions, and made a copy and renamed one, still will not stop it.
I can copy the mbam-setup to the desktop using a flash drive, but not install or run it.
I cannot run spyware Dr. I cannot run comboFix, and cannot hit any internet sites.

I've read a lot of the help files, tutorials, before you post, etc. everything begins with being able to run malware antibytes and I cannot get it to run, so. what's next ?

BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:08:14 AM

Posted 03 February 2010 - 12:28 PM

Hello Chief45,

Posted Image

Can you tell me, please, what told you it was Zlob?
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 Chief45

Chief45
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:14 AM

Posted 03 February 2010 - 03:21 PM

just a guess based on other comments and posts from the messages it displays.

I'm leaning more toward AntivirXP08 now however.

I had success with Malwarebytes' Anti-Malware fixing a different computer that had internet security 2010, but I cannot kill processes long enough, using rkill to get Malwarebytes' Anti-Malware to load and run.

Edited by Chief45, 03 February 2010 - 03:33 PM.


#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:08:14 AM

Posted 03 February 2010 - 03:47 PM

Thanks. :thumbsup: Can you boot into Safe Mode?
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 Chief45

Chief45
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:14 AM

Posted 03 February 2010 - 06:35 PM

I've gotten GMER to run.
I'm seeing some fishy looking code and .text entries.

code 89FEF3D8 ZwEnumerateKey

PAGE ntkrnlpa.exe!ZwFlushInstructionCache

am I on the right track here, or should I be looking elsewhere ?

#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:08:14 AM

Posted 03 February 2010 - 06:36 PM

Can you post the whole log for me? :thumbsup: No....those don't help.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 Chief45

Chief45
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:14 AM

Posted 03 February 2010 - 06:39 PM

not easily.
I'm on my home computer doing this and the issue is on my daughters laptop, which will not hit the internet.
I can try to copy the log file to my flash drive and then copy that over. I'll see if I can do that.

#8 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:08:14 AM

Posted 03 February 2010 - 06:40 PM

That would be perfect. :thumbsup:
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#9 Chief45

Chief45
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:14 AM

Posted 03 February 2010 - 07:47 PM

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-03 18:40:14
Windows 5.1.2600 Service Pack 2
Running: ypijyi80.exe; Driver: C:\DOCUME~1\Smantha\LOCALS~1\Temp\pxtdypow.sys


---- System - GMER 1.0.15 ----

Code 89FEF3D8 ZwEnumerateKey
Code 8A246A90 ZwFlushInstructionCache
Code 8A05AB66 IofCallDriver
Code 89FF4B46 IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!IofCallDriver 804EE136 5 Bytes JMP 8A05AB6B
.text ntkrnlpa.exe!IofCompleteRequest 804EE1C6 5 Bytes JMP 89FF4B4B
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 805ABA9E 5 Bytes JMP 8A246A94
PAGE ntkrnlpa.exe!ZwEnumerateKey 8061A6B8 5 Bytes JMP 89FEF3DC

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.exe[296] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00BC000A
.text c:\WINDOWS\system32\ZuneBusEnum.exe[420] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00A9000A
.text C:\Program Files\Canon\CAL\CALMAIN.exe[456] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 0077000A
.text C:\WINDOWS\system32\wuauclt.exe[464] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 0077000A
.text C:\WINDOWS\system32\smss32.exe[480] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00B3000A
.text ...

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\Explorer.exe[296] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B12F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj04.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.exe[296] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B12CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj04.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.exe[296] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B12D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj04.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.exe[296] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B12CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj04.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\smss32.exe[480] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A52F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj04.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\smss32.exe[480] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A52CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj04.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\smss32.exe[480] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A52D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj04.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\smss32.exe[480] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A52CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj04.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\stsystra.exe[888] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003E2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj04.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\stsystra.exe[888] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003E2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj04.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\stsystra.exe[888] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003E2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj04.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\stsystra.exe[888] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003E2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj04.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[892] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B22F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj04.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[892] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B22CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj04.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[892] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B22D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj04.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[892] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B22CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj04.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Zune\ZuneLauncher.exe[1228] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [008E2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj04.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Zune\ZuneLauncher.exe[1228] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [008E2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj04.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Zune\ZuneLauncher.exe[1228] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [008E2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj04.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Zune\ZuneLauncher.exe[1228] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [008E2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj04.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\WLTRAY.exe[1348] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00BB2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj04.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\WLTRAY.exe[1348] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00BB2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj04.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\WLTRAY.exe[1348] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00BB2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj04.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\WLTRAY.exe[1348] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00BB2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj04.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[1992] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00AE2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj04.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[1992] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00AE2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj04.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[1992] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00AE2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj04.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[1992] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00AE2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj04.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2016] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00992F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj04.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2016] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00992CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj04.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2016] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00992D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj04.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2016] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00992CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj04.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\DellSupport\DSAgnt.exe[2064] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003E2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj04.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\DellSupport\DSAgnt.exe[2064] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003E2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj04.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\DellSupport\DSAgnt.exe[2064] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003E2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj04.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\DellSupport\DSAgnt.exe[2064] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003E2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj04.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[2076] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A02F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj04.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[2076] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A02CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj04.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[2076] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A02D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj04.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[2076] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A02CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj04.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2104] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [011B2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj04.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2104] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [011B2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj04.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2104] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [011B2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj04.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2104] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [011B2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj04.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Belkin\F5D8053\v5\Belkinwcui.exe[2180] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00D32F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj04.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Belkin\F5D8053\v5\Belkinwcui.exe[2180] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00D32CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj04.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Belkin\F5D8053\v5\Belkinwcui.exe[2180] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00D32D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj04.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Belkin\F5D8053\v5\Belkinwcui.exe[2180] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00D32CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj04.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Belkin\F5D8053\v6\Belkinwcui.exe[2192] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B12F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj04.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Belkin\F5D8053\v6\Belkinwcui.exe[2192] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B12CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj04.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Belkin\F5D8053\v6\Belkinwcui.exe[2192] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B12D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj04.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Belkin\F5D8053\v6\Belkinwcui.exe[2192] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B12CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj04.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wuauclt.exe[4040] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B22F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj04.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wuauclt.exe[4040] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B22CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj04.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wuauclt.exe[4040] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B22D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj04.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wuauclt.exe[4040] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B22CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj04.dll (Camera Helper Library./Logitech Inc.)
IAT D:\ypijyi80.exe[5880] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00BD2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj04.dll (Camera Helper Library./Logitech Inc.)
IAT D:\ypijyi80.exe[5880] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00BD2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj04.dll (Camera Helper Library./Logitech Inc.)
IAT D:\ypijyi80.exe[5880] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00BD2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj04.dll (Camera Helper Library./Logitech Inc.)
IAT D:\ypijyi80.exe[5880] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00BD2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj04.dll (Camera Helper Library./Logitech Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \FileSystem\Fastfat \Fat ADC74C8A

---- Modules - GMER 1.0.15 ----

Module \systemroot\system32\drivers\H8SRTjxtuwevwsr.sys (*** hidden *** ) B131C000-B1339000 (118784 bytes)
---- Processes - GMER 1.0.15 ----

Library \\?\globalroot\systemroot\system32\H8SRTibeetbaeqh.dll (*** hidden *** ) @ C:\WINDOWS\system32\winlogon.exe [624] 0x10000000
Library \\?\globalroot\systemroot\system32\H8SRTibeetbaeqh.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [968] 0x006F0000
Library \\?\globalroot\systemroot\system32\H8SRTibeetbaeqh.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1004] 0x006F0000
Library \\?\globalroot\systemroot\system32\H8SRTibeetbaeqh.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1044] 0x006F0000
Library \\?\globalroot\systemroot\system32\H8SRTibeetbaeqh.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1280] 0x006F0000
Library \\?\globalroot\systemroot\system32\H8SRTibeetbaeqh.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1336] 0x006F0000
Library \\?\globalroot\systemroot\system32\H8SRTibeetbaeqh.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1588] 0x006F0000
Library \\?\globalroot\systemroot\system32\H8SRTibeetbaeqh.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1856] 0x006F0000
Library \\?\globalroot\systemroot\system32\H8SRTibeetbaeqh.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\iexplore.exe [5744] 0x00C70000

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTukjjegtojf.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTukjjegtojf.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTnkumktvnlh.dll
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTjxtuwevwsr.sys
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTjxtuwevwsr.sys
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTfucbvtumlx.dll
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTmoqomamibw.dat
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTxnsrriqytp.dll
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@h8srtmsg \\?\globalroot\systemroot\system32\H8SRTibeetbaeqh.dll
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@h8srtbbr \\?\globalroot\systemroot\system32\H8SRTkwboroqklq.dll

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\All Users\Application Data\h8srtkrl32mainweq.dll 1013 bytes
File C:\Documents and Settings\All Users\Application Data\h8srtmainqt.dll 16699 bytes
File C:\Documents and Settings\Dad\Local Settings\Temp\h8srtmainqt.dll 16656 bytes
File C:\Documents and Settings\Smantha\Local Settings\Temp\H8SRT287.tmp 343040 bytes executable
File C:\Documents and Settings\Smantha\Local Settings\Temp\h8srtmainqt.dll 16656 bytes
File C:\WINDOWS\system32\H8SRTfucbvtumlx.dll 23552 bytes executable
File C:\WINDOWS\system32\H8SRTibeetbaeqh.dll 16896 bytes executable
File C:\WINDOWS\system32\h8srtkrl32mainweq.dll 1179 bytes
File C:\WINDOWS\system32\H8SRTkwboroqklq.dll 40960 bytes executable
File C:\WINDOWS\system32\H8SRTmoqomamibw.dat 248 bytes
File C:\WINDOWS\system32\h8srtshsyst.dll 1048 bytes
File C:\WINDOWS\system32\H8SRTxnsrriqytp.dll 40960 bytes executable
File C:\WINDOWS\Temp\H8SRT7606.tmp 162 bytes
File C:\WINDOWS\Temp\H8SRT771f.tmp 162 bytes
File C:\WINDOWS\Temp\H8SRTa2a8.tmp 248 bytes

---- EOF - GMER 1.0.15 ----

#10 Chief45

Chief45
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:14 AM

Posted 03 February 2010 - 07:51 PM

and no, I cannot enter safe mode. blue screen. A problem has been detected and windows has been shut down . . . .

#11 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:08:14 AM

Posted 03 February 2010 - 08:06 PM

Okay....that tells me what I need to know, thanks. Bad old rootkits. :thumbsup: Try renaming ComboFix.exe to something like Chief.exe and see if you can run it that way, in normal mode, please.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#12 Chief45

Chief45
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:14 AM

Posted 04 February 2010 - 01:27 AM

that appears to have fixed it.
Thank you very much.

#13 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:08:14 AM

Posted 04 February 2010 - 01:31 AM

wait! Can you post the report for me? I want to be sure all the files were removed before you go away....please? :thumbsup:
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#14 Chief45

Chief45
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:14 AM

Posted 04 February 2010 - 09:38 AM

I saved the log file and will post it when I get back home tonight.

#15 Chief45

Chief45
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:14 AM

Posted 04 February 2010 - 11:47 AM

Malwarebytes' Anti-Malware 1.44
Database version: 3687
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

2/4/2010 10:44:43 AM
mbam-log-2010-02-04 (10-44-43).txt

Scan type: Full Scan (C:\|)
Objects scanned: 179241
Time elapsed: 42 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users