Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Malware


  • This topic is locked This topic is locked
3 replies to this topic

#1 countrygent

countrygent

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:17 PM

Posted 15 February 2010 - 08:58 AM

Referred from here: http://www.bleepingcomputer.com/forums/t/288737/my-computer-is-infected/ ~ OB

ROOTREPEAL AD, 2007-2009
==================================================
Scan Start Time: 2010/01/22 11:15
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA9A24000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: c:\documents and settings\nolan\local settings\temp\~df7e27.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\nolan\local settings\temp\~dfbba4.tmp
Status: Allocation size mismatch (API: 65536, Raw: 16384)

SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "" at address 0xefedcec6

#: 053 Function Name: NtCreateThread
Status: Hooked by "" at address 0xefedcebc

#: 063 Function Name: NtDeleteKey
Status: Hooked by "" at address 0xefedcecb

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "" at address 0xefedced5

#: 098 Function Name: NtLoadKey
Status: Hooked by "" at address 0xefedceda

#: 122 Function Name: NtOpenProcess
Status: Hooked by "" at address 0xefedcea8

#: 128 Function Name: NtOpenThread
Status: Hooked by "" at address 0xefedcead

#: 193 Function Name: NtReplaceKey
Status: Hooked by "" at address 0xefedcee4

#: 204 Function Name: NtRestoreKey
Status: Hooked by "" at address 0xefedcedf

#: 247 Function Name: NtSetValueKey
Status: Hooked by "" at address 0xefedced0

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "" at address 0xefedceb7

==EOF==








DDS (Ver_09-12-01.01) - NTFSx86
Run by nolan at 7:49:16.31 on Mon 02/15/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.451 [GMT -5:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Documents and Settings\nolan\Desktop\Defogger.exe
C:\Documents and Settings\nolan\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://eeepc.asus.com/global
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AsusTray] c:\program files\eeepc\acpi\AsTray.exe
mRun: [AsusACPIServer] c:\program files\eeepc\acpi\AsAcpiSvr.exe
mRun: [AsusEPCMonitor] c:\program files\eeepc\acpi\AsEPCMon.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [ETDWare] c:\program files\elantech\ETDCtrl.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [sawetajiz] Rundll32.exe "c:\windows\system32\rolivepa.dll",a
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\asuspo~1.lnk - c:\program files\asus\eeepc\asus power management utility\Asus Power Management Utility.exe
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\gewapaba.dll c:\windows\system32\sidenohe.dll yuniyuzi.dll c:\windows\system32\tepidike.dll c:\windows\system32\mirububu.dll c:\windows\system32\rolivepa.dll
SSODL: gevodikir - {1a7704c4-0015-459e-8042-013c48b31318} - c:\windows\system32\gewapaba.dll
SSODL: gokuhugal - {12567cf3-8350-4318-9a36-9ca789d08e84} - c:\windows\system32\sidenohe.dll
SSODL: mijisopuj - {9a41f0fb-1020-49de-95be-869499c3b49e} - c:\windows\system32\tepidike.dll
SSODL: vamerobih - {82c7b213-c79e-4293-adec-62453b92577b} - c:\windows\system32\mirububu.dll
SSODL: wevowigoj - {7999983a-46ff-4d1e-8072-8e6085fe57ba} - c:\windows\system32\rolivepa.dll
STS: mujuzedij: {1a7704c4-0015-459e-8042-013c48b31318} - c:\windows\system32\gewapaba.dll
STS: jugezatag: {12567cf3-8350-4318-9a36-9ca789d08e84} - c:\windows\system32\sidenohe.dll
STS: gahurihor: {9a41f0fb-1020-49de-95be-869499c3b49e} - c:\windows\system32\tepidike.dll
STS: tokatiluy: {82c7b213-c79e-4293-adec-62453b92577b} - c:\windows\system32\mirububu.dll
STS: mujuzedij: {7999983a-46ff-4d1e-8072-8e6085fe57ba} - c:\windows\system32\rolivepa.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli davagadu.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-1-20 64288]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-1-20 11608]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-1-5 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-1-5 74480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-1-20 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-1-20 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-1-20 56816]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-12-2 1184912]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-1-5 7408]

=============== Created Last 30 ================

2010-02-15 12:48:02 0 ----a-w- c:\documents and settings\nolan\defogger_reenable
2010-02-15 12:42:49 70 ---ha-w- C:\aaw7boot.cmd
2010-01-21 18:06:39 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-01-21 18:06:23 0 d-----w- c:\program files\SUPERAntiSpyware
2010-01-21 18:06:23 0 d-----w- c:\docume~1\nolan\applic~1\SUPERAntiSpyware.com
2010-01-21 18:05:16 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-01-20 18:38:15 0 d-----w- c:\docume~1\nolan\applic~1\Malwarebytes
2010-01-20 18:38:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-20 18:38:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-20 18:38:04 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-01-20 18:38:03 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-20 16:56:45 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-20 15:43:24 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-01-20 15:30:01 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-20 15:28:13 0 d-----w- c:\program files\Lavasoft
2010-01-20 15:14:57 0 ----a-w- c:\windows\system32\18467.exe
2010-01-20 08:00:52 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2010-01-20 08:00:44 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2010-01-20 08:00:43 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2010-01-20 08:00:34 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2010-01-20 08:00:26 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2010-01-20 08:00:15 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2010-01-20 08:00:07 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2010-01-20 08:00:05 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2010-01-20 07:59:59 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2010-01-20 07:59:58 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2010-01-20 07:59:43 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys
2010-01-20 07:59:40 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys
2010-01-20 07:59:32 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys
2010-01-20 07:59:19 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys
2010-01-20 07:59:09 53760 -c--a-w- c:\windows\system32\dllcache\wiamsmud.dll
2010-01-20 07:59:01 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2010-01-20 07:57:56 19528 -c--a-w- c:\windows\system32\dllcache\w840nd.sys
2010-01-20 07:57:48 64605 -c--a-w- c:\windows\system32\dllcache\vvoice.sys
2010-01-20 07:57:39 397502 -c--a-w- c:\windows\system32\dllcache\vpctcom.sys
2010-01-20 07:57:31 604253 -c--a-w- c:\windows\system32\dllcache\vmodem.sys
2010-01-20 07:57:22 249402 -c--a-w- c:\windows\system32\dllcache\vinwm.sys
2010-01-20 07:57:14 24576 -c--a-w- c:\windows\system32\dllcache\viairda.sys
2010-01-20 07:57:12 5376 -c--a-w- c:\windows\system32\dllcache\viaide.sys
2010-01-20 07:57:12 42240 -c--a-w- c:\windows\system32\dllcache\viaagp.sys
2010-01-20 07:57:08 11325 -c--a-w- c:\windows\system32\dllcache\vchnt5.dll
2010-01-20 07:57:00 687999 -c--a-w- c:\windows\system32\dllcache\usrwdxjs.sys
2010-01-20 07:56:52 765884 -c--a-w- c:\windows\system32\dllcache\usrti.sys
2010-01-20 07:56:44 113762 -c--a-w- c:\windows\system32\dllcache\usrpda.sys
2010-01-20 07:56:36 7556 -c--a-w- c:\windows\system32\dllcache\usroslba.sys
2010-01-20 07:56:28 224802 -c--a-w- c:\windows\system32\dllcache\usr1807a.sys
2010-01-20 07:56:20 794399 -c--a-w- c:\windows\system32\dllcache\usr1806v.sys
2010-01-20 07:56:12 793598 -c--a-w- c:\windows\system32\dllcache\usr1806.sys
2010-01-20 07:56:04 794654 -c--a-w- c:\windows\system32\dllcache\usr1801.sys
2010-01-20 07:56:02 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2010-01-20 07:56:00 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2010-01-20 07:56:00 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-01-20 07:55:58 17152 -c--a-w- c:\windows\system32\dllcache\usbohci.sys
2010-01-20 07:55:56 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2010-01-20 07:55:54 12800 -c--a-w- c:\windows\system32\dllcache\usb8023x.sys
2010-01-20 07:55:52 32384 -c--a-w- c:\windows\system32\dllcache\usb101et.sys
2010-01-20 07:55:42 94720 -c--a-w- c:\windows\system32\dllcache\umaxud32.dll
2010-01-20 07:55:34 28160 -c--a-w- c:\windows\system32\dllcache\umaxu40.dll
2010-01-20 07:55:26 26624 -c--a-w- c:\windows\system32\dllcache\umaxu22.dll
2010-01-20 07:55:19 69632 -c--a-w- c:\windows\system32\dllcache\umaxu12.dll
2010-01-20 07:55:11 50688 -c--a-w- c:\windows\system32\dllcache\umaxscan.dll
2010-01-20 07:55:03 22912 -c--a-w- c:\windows\system32\dllcache\umaxpcls.sys
2010-01-20 07:54:56 50176 -c--a-w- c:\windows\system32\dllcache\umaxp60.dll
2010-01-20 07:54:48 47616 -c--a-w- c:\windows\system32\dllcache\umaxcam.dll
2010-01-20 07:54:40 211968 -c--a-w- c:\windows\system32\dllcache\um54scan.dll
2010-01-20 07:54:33 216064 -c--a-w- c:\windows\system32\dllcache\um34scan.dll
2010-01-20 07:54:25 36736 -c--a-w- c:\windows\system32\dllcache\ultra.sys
2010-01-20 07:54:23 44672 -c--a-w- c:\windows\system32\dllcache\uagp35.sys
2010-01-20 07:54:14 11520 -c--a-w- c:\windows\system32\dllcache\twotrack.sys
2010-01-20 07:54:04 166784 -c--a-w- c:\windows\system32\dllcache\tridxpm.sys
2010-01-20 07:53:56 525568 -c--a-w- c:\windows\system32\dllcache\tridxp.dll
2010-01-20 07:53:49 159232 -c--a-w- c:\windows\system32\dllcache\tridkbm.sys
2010-01-20 07:53:41 440576 -c--a-w- c:\windows\system32\dllcache\tridkb.dll
2010-01-20 07:53:33 222336 -c--a-w- c:\windows\system32\dllcache\trid3dm.sys
2010-01-20 07:53:26 315520 -c--a-w- c:\windows\system32\dllcache\trid3d.dll
2010-01-20 07:53:18 34375 -c--a-w- c:\windows\system32\dllcache\tpro4.sys
2010-01-20 07:53:10 42496 -c--a-w- c:\windows\system32\dllcache\tp4res.dll
2010-01-20 07:53:08 82944 -c--a-w- c:\windows\system32\dllcache\tp4mon.exe
2010-01-20 07:53:01 31744 -c--a-w- c:\windows\system32\dllcache\tp4.dll
2010-01-20 07:52:52 4992 -c--a-w- c:\windows\system32\dllcache\toside.sys
2010-01-20 07:52:44 230912 -c--a-w- c:\windows\system32\dllcache\tosdvd03.sys
2010-01-20 07:52:37 241664 -c--a-w- c:\windows\system32\dllcache\tosdvd02.sys
2010-01-20 07:52:29 28232 -c--a-w- c:\windows\system32\dllcache\tos4mo.sys
2010-01-20 07:52:21 123995 -c--a-w- c:\windows\system32\dllcache\tjisdn.sys
2010-01-20 07:52:12 138528 -c--a-w- c:\windows\system32\dllcache\tgiulnt5.sys
2010-01-20 07:52:04 81408 -c--a-w- c:\windows\system32\dllcache\tgiul50.dll
2010-01-20 07:52:02 149376 -c--a-w- c:\windows\system32\dllcache\tffsport.sys
2010-01-20 07:51:53 17129 -c--a-w- c:\windows\system32\dllcache\tdkcd31.sys
2010-01-20 07:51:45 37961 -c--a-w- c:\windows\system32\dllcache\tdk100b.sys
2010-01-20 07:51:36 30464 -c--a-w- c:\windows\system32\dllcache\tbatm155.sys
2010-01-20 07:51:27 7040 -c--a-w- c:\windows\system32\dllcache\tandqic.sys
2010-01-20 07:51:20 36640 -c--a-w- c:\windows\system32\dllcache\t2r4mini.sys
2010-01-20 07:51:12 172768 -c--a-w- c:\windows\system32\dllcache\t2r4disp.dll
2010-01-20 07:51:01 32640 -c--a-w- c:\windows\system32\dllcache\symc8xx.sys
2010-01-20 07:50:54 16256 -c--a-w- c:\windows\system32\dllcache\symc810.sys
2010-01-20 07:50:48 30688 -c--a-w- c:\windows\system32\dllcache\sym_u3.sys
2010-01-20 07:50:40 28384 -c--a-w- c:\windows\system32\dllcache\sym_hi.sys
2010-01-20 07:50:33 94293 -c--a-w- c:\windows\system32\dllcache\sxports.dll
2010-01-20 07:50:26 103936 -c--a-w- c:\windows\system32\dllcache\sx.sys
2010-01-20 07:50:19 3968 -c--a-w- c:\windows\system32\dllcache\swusbflt.sys
2010-01-20 07:50:12 10240 -c--a-w- c:\windows\system32\dllcache\swpidflt.dll
2010-01-20 07:50:05 10240 -c--a-w- c:\windows\system32\dllcache\swpdflt2.dll
2010-01-20 07:49:58 53760 -c--a-w- c:\windows\system32\dllcache\sw_wheel.dll
2010-01-20 07:49:51 41472 -c--a-w- c:\windows\system32\dllcache\sw_effct.dll
2010-01-20 07:49:43 155648 -c--a-w- c:\windows\system32\dllcache\stlnprop.dll
2010-01-20 07:49:37 53248 -c--a-w- c:\windows\system32\dllcache\stlncoin.dll
2010-01-20 07:49:30 285760 -c--a-w- c:\windows\system32\dllcache\stlnata.sys
2010-01-20 07:49:22 16896 -c--a-w- c:\windows\system32\dllcache\stcusb.sys
2010-01-20 07:49:13 48736 -c--a-w- c:\windows\system32\dllcache\srwlnd5.sys
2010-01-20 07:49:06 99328 -c--a-w- c:\windows\system32\dllcache\srusd.dll
2010-01-20 07:48:57 24660 -c--a-w- c:\windows\system32\dllcache\spxupchk.dll
2010-01-20 07:48:48 61824 -c--a-w- c:\windows\system32\dllcache\speed.sys
2010-01-20 07:48:41 106584 -c--a-w- c:\windows\system32\dllcache\spdports.dll
2010-01-20 07:48:34 19072 -c--a-w- c:\windows\system32\dllcache\sparrow.sys
2010-01-20 07:48:27 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
2010-01-20 07:48:20 37040 -c--a-w- c:\windows\system32\dllcache\sonypi.sys
2010-01-20 07:48:14 114688 -c--a-w- c:\windows\system32\dllcache\sonypi.dll
2010-01-20 07:48:07 20752 -c--a-w- c:\windows\system32\dllcache\sonync.sys
2010-01-20 07:48:00 9600 -c--a-w- c:\windows\system32\dllcache\sonymc.sys
2010-01-20 07:47:59 7552 -c--a-w- c:\windows\system32\dllcache\sonyait.sys
2010-01-20 07:47:51 7040 -c--a-w- c:\windows\system32\dllcache\snyaitmc.sys
2010-01-20 07:47:38 58368 -c--a-w- c:\windows\system32\dllcache\smiminib.sys
2010-01-20 07:47:31 147200 -c--a-w- c:\windows\system32\dllcache\smidispb.dll
2010-01-20 07:47:23 25034 -c--a-w- c:\windows\system32\dllcache\smcpwr2n.sys
2010-01-20 07:47:17 35913 -c--a-w- c:\windows\system32\dllcache\smcirda.sys
2010-01-20 07:47:10 24576 -c--a-w- c:\windows\system32\dllcache\smc8000n.sys
2010-01-20 07:47:03 6784 -c--a-w- c:\windows\system32\dllcache\smbhc.sys
2010-01-20 07:47:01 6912 -c--a-w- c:\windows\system32\dllcache\smbclass.sys
2010-01-20 07:47:01 16000 -c--a-w- c:\windows\system32\dllcache\smbbatt.sys
2010-01-20 07:47:00 5888 -c--a-w- c:\windows\system32\dllcache\smbali.sys
2010-01-20 07:45:55 157696 -c--a-w- c:\windows\system32\dllcache\sisv256.dll
2010-01-20 07:45:48 50432 -c--a-w- c:\windows\system32\dllcache\sisv.sys
2010-01-20 07:45:46 32768 -c--a-w- c:\windows\system32\dllcache\sisnic.sys
2010-01-20 07:45:39 238592 -c--a-w- c:\windows\system32\dllcache\sisgrv.dll
2010-01-20 07:45:33 104064 -c--a-w- c:\windows\system32\dllcache\sisgrp.sys
2010-01-20 07:45:31 40960 -c--a-w- c:\windows\system32\dllcache\sisagp.sys
2010-01-20 07:45:25 150144 -c--a-w- c:\windows\system32\dllcache\sis6306v.dll
2010-01-20 07:45:18 68608 -c--a-w- c:\windows\system32\dllcache\sis6306p.sys
2010-01-20 07:45:11 252032 -c--a-w- c:\windows\system32\dllcache\sis300iv.dll
2010-01-20 07:45:04 101760 -c--a-w- c:\windows\system32\dllcache\sis300ip.sys
2010-01-20 07:45:03 3901 -c--a-w- c:\windows\system32\dllcache\siint5.dll
2010-01-20 07:44:49 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys
2010-01-20 07:44:42 18400 -c--a-w- c:\windows\system32\dllcache\sgsmld.sys
2010-01-20 07:44:36 98080 -c--a-w- c:\windows\system32\dllcache\sgiulnt5.sys
2010-01-20 07:44:29 386560 -c--a-w- c:\windows\system32\dllcache\sgiul50.dll
2010-01-20 07:44:22 36480 -c--a-w- c:\windows\system32\dllcache\sfmanm.sys
2010-01-20 07:44:13 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2010-01-20 07:44:07 17664 -c--a-w- c:\windows\system32\dllcache\sermouse.sys
2010-01-20 07:43:59 6912 -c--a-w- c:\windows\system32\dllcache\seaddsmc.sys
2010-01-20 07:43:57 11520 -c--a-w- c:\windows\system32\dllcache\scsiscan.sys
2010-01-20 07:43:50 11648 -c--a-w- c:\windows\system32\dllcache\scsiprnt.sys
2010-01-20 07:43:42 17280 -c--a-w- c:\windows\system32\dllcache\scr111.sys
2010-01-20 07:43:35 16640 -c--a-w- c:\windows\system32\dllcache\scmstcs.sys
2010-01-20 07:43:28 23936 -c--a-w- c:\windows\system32\dllcache\sccmusbm.sys
2010-01-20 07:43:22 23936 -c--a-w- c:\windows\system32\dllcache\sccmn50m.sys
2010-01-20 07:43:20 43904 -c--a-w- c:\windows\system32\dllcache\sbp2port.sys
2010-01-20 07:43:13 495616 -c--a-w- c:\windows\system32\dllcache\sblfx.dll
2010-01-20 07:43:05 75392 -c--a-w- c:\windows\system32\dllcache\s3savmxm.sys
2010-01-20 07:42:59 245632 -c--a-w- c:\windows\system32\dllcache\s3savmx.dll
2010-01-20 07:42:52 77824 -c--a-w- c:\windows\system32\dllcache\s3sav4m.sys
2010-01-20 07:42:45 198400 -c--a-w- c:\windows\system32\dllcache\s3sav4.dll
2010-01-20 07:42:39 61504 -c--a-w- c:\windows\system32\dllcache\s3sav3dm.sys
2010-01-20 07:42:32 179264 -c--a-w- c:\windows\system32\dllcache\s3sav3d.dll
2010-01-20 07:42:25 210496 -c--a-w- c:\windows\system32\dllcache\s3mvirge.dll
2010-01-20 07:42:19 62496 -c--a-w- c:\windows\system32\dllcache\s3mtrio.dll
2010-01-20 07:42:12 41216 -c--a-w- c:\windows\system32\dllcache\s3mt3d.sys
2010-01-20 07:42:05 182272 -c--a-w- c:\windows\system32\dllcache\s3mt3d.dll
2010-01-20 07:40:58 79104 -c--a-w- c:\windows\system32\dllcache\rocket.sys
2010-01-20 07:40:57 30592 -c--a-w- c:\windows\system32\dllcache\rndismpx.sys
2010-01-20 07:40:50 37563 -c--a-w- c:\windows\system32\dllcache\rlnet5.sys
2010-01-20 07:40:48 59136 -c--a-w- c:\windows\system32\dllcache\rfcomm.sys
2010-01-20 07:40:41 86097 -c--a-w- c:\windows\system32\dllcache\reslog32.dll
2010-01-20 07:40:37 13776 -c--a-w- c:\windows\system32\dllcache\recagent.sys
2010-01-20 07:40:25 19584 -c--a-w- c:\windows\system32\dllcache\rasirda.sys
2010-01-20 07:40:17 714762 -c--a-w- c:\windows\system32\dllcache\r2mdmkxx.sys
2010-01-20 07:40:10 899146 -c--a-w- c:\windows\system32\dllcache\r2mdkxga.sys
2010-01-20 07:40:03 41472 -c--a-w- c:\windows\system32\dllcache\qvusd.dll
2010-01-20 07:39:56 3328 -c--a-w- c:\windows\system32\dllcache\qv2kux.sys
2010-01-20 07:39:47 49024 -c--a-w- c:\windows\system32\dllcache\ql1280.sys
2010-01-20 07:39:41 40448 -c--a-w- c:\windows\system32\dllcache\ql1240.sys
2010-01-20 07:39:34 45312 -c--a-w- c:\windows\system32\dllcache\ql12160.sys
2010-01-20 07:39:28 33152 -c--a-w- c:\windows\system32\dllcache\ql10wnt.sys
2010-01-20 07:39:21 40320 -c--a-w- c:\windows\system32\dllcache\ql1080.sys
2010-01-20 07:39:19 6016 -c--a-w- c:\windows\system32\dllcache\qic157.sys
2010-01-20 07:39:12 130942 -c--a-w- c:\windows\system32\dllcache\ptserlv.sys
2010-01-20 07:39:05 112574 -c--a-w- c:\windows\system32\dllcache\ptserlp.sys
2010-01-20 07:37:57 92416 -c--a-w- c:\windows\system32\dllcache\phildec.sys
2010-01-20 07:36:53 29769 -c--a-w- c:\windows\system32\dllcache\pcntn5m.sys
2010-01-20 07:36:47 30282 -c--a-w- c:\windows\system32\dllcache\pcntn5hl.sys
2010-01-20 07:36:40 26153 -c--a-w- c:\windows\system32\dllcache\pcmlm56.sys
2010-01-20 07:36:39 29502 -c--a-w- c:\windows\system32\dllcache\pca200e.sys
2010-01-20 07:36:33 30495 -c--a-w- c:\windows\system32\dllcache\pc100nds.sys
2010-01-20 07:36:25 41984 -c--a-w- c:\windows\system32\dllcache\ovui2rc.dll
2010-01-20 07:36:18 44544 -c--a-w- c:\windows\system32\dllcache\ovui2.dll
2010-01-20 07:36:12 25216 -c--a-w- c:\windows\system32\dllcache\ovsound2.sys
2010-01-20 07:36:06 39424 -c--a-w- c:\windows\system32\dllcache\ovcoms.exe
2010-01-20 07:35:59 20480 -c--a-w- c:\windows\system32\dllcache\ovcomc.dll
2010-01-20 07:35:53 351616 -c--a-w- c:\windows\system32\dllcache\ovcodek2.sys
2010-01-20 07:35:46 116736 -c--a-w- c:\windows\system32\dllcache\ovcodec2.dll
2010-01-20 07:35:40 31872 -c--a-w- c:\windows\system32\dllcache\ovce.sys
2010-01-20 07:35:33 28032 -c--a-w- c:\windows\system32\dllcache\ovcd.sys
2010-01-20 07:35:27 48000 -c--a-w- c:\windows\system32\dllcache\ovcam2.sys
2010-01-20 07:35:21 25088 -c--a-w- c:\windows\system32\dllcache\ovca.sys
2010-01-20 07:35:14 54186 -c--a-w- c:\windows\system32\dllcache\otcsercb.sys
2010-01-20 07:35:08 43689 -c--a-w- c:\windows\system32\dllcache\otceth5.sys
2010-01-20 07:35:01 27209 -c--a-w- c:\windows\system32\dllcache\otc06x5.sys
2010-01-20 07:34:54 54528 -c--a-w- c:\windows\system32\dllcache\opl3sax.sys
2010-01-20 07:34:49 61696 -c--a-w- c:\windows\system32\dllcache\ohci1394.sys
2010-01-20 07:34:45 1897408 -c--a-w- c:\windows\system32\dllcache\nv4_mini.sys
2010-01-20 07:34:44 4274816 -c--a-w- c:\windows\system32\dllcache\nv4_disp.dll
2010-01-20 07:34:37 198144 -c--a-w- c:\windows\system32\dllcache\nv3.sys
2010-01-20 07:34:31 123776 -c--a-w- c:\windows\system32\dllcache\nv3.dll
2010-01-20 07:34:28 180360 -c--a-w- c:\windows\system32\dllcache\ntmtlfax.sys
2010-01-20 07:34:17 51552 -c--a-w- c:\windows\system32\dllcache\ntgrip.sys
2010-01-20 07:34:10 9344 -c--a-w- c:\windows\system32\dllcache\ntapm.sys
2010-01-20 07:34:03 7552 -c--a-w- c:\windows\system32\dllcache\nsmmc.sys
2010-01-20 07:34:01 28672 -c--a-w- c:\windows\system32\dllcache\nscirda.sys
2010-01-20 07:33:52 87040 -c--a-w- c:\windows\system32\dllcache\nm6wdm.sys
2010-01-20 07:33:45 126080 -c--a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
2010-01-20 07:33:37 32840 -c--a-w- c:\windows\system32\dllcache\ngrpci.sys
2010-01-20 07:33:35 132695 -c--a-w- c:\windows\system32\dllcache\netwlan5.sys
2010-01-20 07:33:26 65278 -c--a-w- c:\windows\system32\dllcache\netflx3.sys
2010-01-20 07:33:19 39264 -c--a-w- c:\windows\system32\dllcache\neo20xx.sys
2010-01-20 07:33:12 60480 -c--a-w- c:\windows\system32\dllcache\neo20xx.dll
2010-01-20 07:33:06 15872 -c--a-w- c:\windows\system32\dllcache\ne2000.sys
2010-01-20 07:32:58 91488 -c--a-w- c:\windows\system32\dllcache\n9i3disp.dll
2010-01-20 07:32:52 27936 -c--a-w- c:\windows\system32\dllcache\n9i3d.sys
2010-01-20 07:32:46 33088 -c--a-w- c:\windows\system32\dllcache\n9i128v2.sys
2010-01-20 07:32:40 59104 -c--a-w- c:\windows\system32\dllcache\n9i128v2.dll
2010-01-20 07:32:33 13664 -c--a-w- c:\windows\system32\dllcache\n9i128.sys
2010-01-20 07:32:27 35392 -c--a-w- c:\windows\system32\dllcache\n9i128.dll
2010-01-20 07:32:21 128000 -c--a-w- c:\windows\system32\dllcache\n100325.sys
2010-01-20 07:32:15 52255 -c--a-w- c:\windows\system32\dllcache\n1000nt5.sys
2010-01-20 07:32:08 75520 -c--a-w- c:\windows\system32\dllcache\mxport.sys
2010-01-20 07:32:02 7168 -c--a-w- c:\windows\system32\dllcache\mxport.dll
2010-01-20 07:30:47 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2010-01-20 07:30:40 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
2010-01-20 07:30:39 56832 -c--a-w- c:\windows\system32\dllcache\msdvbnp.ax
2010-01-20 07:30:37 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2010-01-20 07:30:27 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys
2010-01-20 07:30:25 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2010-01-20 07:30:18 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2010-01-20 07:30:10 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2010-01-20 07:29:59 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys
2010-01-20 07:29:51 320384 -c--a-w- c:\windows\system32\dllcache\mgaum.sys
2010-01-20 07:29:44 235648 -c--a-w- c:\windows\system32\dllcache\mgaud.dll
2010-01-20 07:29:42 26112 -c--a-w- c:\windows\system32\dllcache\memstpci.sys
2010-01-20 07:29:36 47616 -c--a-w- c:\windows\system32\dllcache\memgrp.dll
2010-01-20 07:29:29 8320 -c--a-w- c:\windows\system32\dllcache\memcard.sys
2010-01-20 07:29:22 164586 -c--a-w- c:\windows\system32\dllcache\mdgndis5.sys
2010-01-20 07:29:15 7424 -c--a-w- c:\windows\system32\dllcache\mammoth.sys
2010-01-20 07:29:09 48768 -c--a-w- c:\windows\system32\dllcache\maestro.sys
2010-01-20 07:29:03 58880 -c--a-w- c:\windows\system32\dllcache\m3092dc.dll
2010-01-20 07:27:59 25065 -c--a-w- c:\windows\system32\dllcache\lmndis3.sys
2010-01-20 07:26:59 88192 -c--a-w- c:\windows\system32\dllcache\irda.sys
2010-01-20 07:26:51 45632 -c--a-w- c:\windows\system32\dllcache\ip5515.sys
2010-01-20 07:26:46 90200 -c--a-w- c:\windows\system32\dllcache\io8ports.dll
2010-01-20 07:26:41 38784 -c--a-w- c:\windows\system32\dllcache\io8.sys
2010-01-20 07:26:35 13056 -c--a-w- c:\windows\system32\dllcache\inport.sys
2010-01-20 07:26:29 16000 -c--a-w- c:\windows\system32\dllcache\ini910u.sys
2010-01-20 07:26:16 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll
2010-01-20 07:26:10 100992 -c--a-w- c:\windows\system32\dllcache\icam5usb.sys
2010-01-20 07:26:05 20480 -c--a-w- c:\windows\system32\dllcache\icam5ext.dll
2010-01-20 07:26:00 45056 -c--a-w- c:\windows\system32\dllcache\icam5com.dll
2010-01-20 07:25:54 154496 -c--a-w- c:\windows\system32\dllcache\icam4usb.sys
2010-01-20 07:25:49 61952 -c--a-w- c:\windows\system32\dllcache\icam4ext.dll
2010-01-20 07:25:44 91136 -c--a-w- c:\windows\system32\dllcache\icam4com.dll
2010-01-20 07:25:39 26624 -c--a-w- c:\windows\system32\dllcache\icam3ext.dll
2010-01-20 07:25:34 141056 -c--a-w- c:\windows\system32\dllcache\icam3.sys
2010-01-20 07:25:29 38528 -c--a-w- c:\windows\system32\dllcache\ibmvcap.sys
2010-01-20 07:25:23 109085 -c--a-w- c:\windows\system32\dllcache\ibmtrp.sys
2010-01-20 07:25:18 100936 -c--a-w- c:\windows\system32\dllcache\ibmtok.sys
2010-01-20 07:25:13 9216 -c--a-w- c:\windows\system32\dllcache\ibmsgnet.dll
2010-01-20 07:25:07 28700 -c--a-w- c:\windows\system32\dllcache\ibmexmp.sys
2010-01-20 07:25:04 702845 -c--a-w- c:\windows\system32\dllcache\i81xdnt5.dll
2010-01-20 07:25:04 161020 -c--a-w- c:\windows\system32\dllcache\i81xnt5.sys
2010-01-20 07:23:59 391199 -c--a-w- c:\windows\system32\dllcache\hsf_k56k.sys
2010-01-20 07:23:54 9759 -c--a-w- c:\windows\system32\dllcache\hsf_inst.dll
2010-01-20 07:23:49 115807 -c--a-w- c:\windows\system32\dllcache\hsf_fsks.sys
2010-01-20 07:23:44 199711 -c--a-w- c:\windows\system32\dllcache\hsf_faxx.sys
2010-01-20 07:23:39 289887 -c--a-w- c:\windows\system32\dllcache\hsf_fall.sys
2010-01-20 07:23:34 67167 -c--a-w- c:\windows\system32\dllcache\hsf_bsc2.sys
2010-01-20 07:23:29 150239 -c--a-w- c:\windows\system32\dllcache\hsf_amos.sys
2010-01-20 07:23:23 19456 -c--a-w- c:\windows\system32\dllcache\hr1w.dll
2010-01-20 07:23:18 5760 -c--a-w- c:\windows\system32\dllcache\hpt4qic.sys
2010-01-20 07:23:14 13312 -c--a-w- c:\windows\system32\dllcache\hpsjmcro.dll
2010-01-20 07:23:09 324608 -c--a-w- c:\windows\system32\dllcache\hpojwia.dll
2010-01-20 07:23:04 25952 -c--a-w- c:\windows\system32\dllcache\hpn.sys
2010-01-20 07:21:59 2688 -c--a-w- c:\windows\system32\dllcache\hidswvd.sys
2010-01-20 07:20:55 92160 -c--a-w- c:\windows\system32\dllcache\fuusd.dll
2010-01-20 07:20:51 455296 -c--a-w- c:\windows\system32\dllcache\fusbbase.sys
2010-01-20 07:20:46 455680 -c--a-w- c:\windows\system32\dllcache\fus2base.sys
2010-01-20 07:20:41 442240 -c--a-w- c:\windows\system32\dllcache\fpnpbase.sys
2010-01-20 07:20:36 441728 -c--a-w- c:\windows\system32\dllcache\fpcmbase.sys
2010-01-20 07:20:32 444416 -c--a-w- c:\windows\system32\dllcache\fpcibase.sys
2010-01-20 07:20:30 34173 -c--a-w- c:\windows\system32\dllcache\forehe.sys
2010-01-20 07:20:26 71680 -c--a-w- c:\windows\system32\dllcache\fnfilter.dll
2010-01-20 07:20:19 27165 -c--a-w- c:\windows\system32\dllcache\fetnd5.sys
2010-01-20 07:20:07 22090 -c--a-w- c:\windows\system32\dllcache\fem556n5.sys
2010-01-20 07:20:02 24618 -c--a-w- c:\windows\system32\dllcache\fa410nd5.sys
2010-01-20 07:18:59 72192 -c--a-w- c:\windows\system32\dllcache\es1969.sys
2010-01-20 07:17:57 455199 -c--a-w- c:\windows\system32\dllcache\el985n51.sys
2010-01-20 07:16:59 12928 -c--a-w- c:\windows\system32\dllcache\dot4prt.sys
2010-01-20 07:15:58 65622 -c--a-w- c:\windows\system32\dllcache\digiasyn.dll
2010-01-20 07:14:59 48640 -c--a-w- c:\windows\system32\dllcache\cwrwdm.sys
2010-01-20 07:13:57 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-01-20 07:12:59 60416 -c--a-w- c:\windows\system32\dllcache\brserwdm.sys
2010-01-20 07:11:58 63488 -c--a-w- c:\windows\system32\dllcache\atinxsxx.sys
2010-01-20 07:10:58 3775 -c--a-w- c:\windows\system32\dllcache\adv11nt5.dll
2010-01-20 06:00:51 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-01-20 06:00:48 0 d-----w- c:\program files\Avira
2010-01-20 06:00:48 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira
2010-01-18 19:58:05 0 d-----w- c:\program files\Audacity 1.3 Beta (Unicode)

==================== Find3M ====================

2010-01-21 18:26:23 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-01-17 16:38:37 280 ----a-w- c:\docume~1\nolan\applic~1\wklnhst.dat
2010-01-15 19:07:05 48792 ---ha-w- c:\windows\system32\mlfcache.dat
2010-01-05 16:51:12 32 ----a-w- c:\docume~1\alluse~1\applic~1\ezsid.dat
2008-05-07 08:34:00 15523560 ----a-w- c:\program files\U1 Setup.exe
1601-01-01 00:03:52 51200 --sha-w- c:\windows\system32\biserano.dll
1601-01-01 00:03:52 51200 --sha-w- c:\windows\system32\davagadu.dll
1601-01-01 00:03:28 38400 --sha-w- c:\windows\system32\saguzuwi.dll
1601-01-01 00:03:28 41984 --sha-w- c:\windows\system32\samisede.dll
1601-01-01 00:03:28 51200 --sha-w- c:\windows\system32\sijuvese.dll
1601-01-01 00:03:28 38400 --sha-w- c:\windows\system32\siruboma.dll
1601-01-01 00:03:28 43008 --sha-w- c:\windows\system32\yagehusi.dll
1601-01-01 00:03:28 38400 --sha-w- c:\windows\system32\yizofuyu.dll
1601-01-01 00:03:28 62464 --sha-w- c:\windows\system32\yofamoyu.dll
1601-01-01 00:03:52 51200 --sha-w- c:\windows\system32\yuniyuzi.dll

============= FINISH: 7:54:32.78 ===============







GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-15 08:49:37
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\nolan\LOCALS~1\Temp\awdoqpow.sys


---- System - GMER 1.0.15 ----

SSDT A15EF7C6 ZwCreateKey
SSDT A15EF7BC ZwCreateThread
SSDT A15EF7CB ZwDeleteKey
SSDT A15EF7D5 ZwDeleteValueKey
SSDT A15EF7DA ZwLoadKey
SSDT A15EF7A8 ZwOpenProcess
SSDT A15EF7AD ZwOpenThread
SSDT A15EF7E4 ZwReplaceKey
SSDT A15EF7DF ZwRestoreKey
SSDT A15EF7D0 ZwSetValueKey
SSDT A15EF7B7 ZwTerminateProcess

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)

Device -> \Driver\atapi \Device\Harddisk0\DR0 86506856

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----



Thank you in advance for your help.
Nolan

Edited by Orange Blossom, 15 February 2010 - 10:23 AM.


BC AdBot (Login to Remove)

 


#2 countrygent

countrygent
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:17 PM

Posted 15 February 2010 - 11:19 AM

Also, as a description to help diagnose;one symptom of the problem is that all my google search links get redirected to other sites.

#3 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:17 PM

Posted 15 February 2010 - 05:59 PM

Hello! smile.gif
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.




We need to create an OTL Report
  • Please download OTL from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    CREATERESTOREPOINT



  • Click the "Quick Scan" button.
  • Please copy and paste both logs back here in your next reply.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:17 PM

Posted 28 February 2010 - 12:06 PM

As there has been no response, this topic will now be closed.

If you need this topic reopened, please contact a member of the Malware Response Team and we will reopen it for you.
Include the address of this topic in your request.


Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users