Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtumonde? I think I've got more than just one virus.


  • This topic is locked This topic is locked
8 replies to this topic

#1 Anna-Liisa

Anna-Liisa

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:UK
  • Local time:05:48 PM

Posted 24 March 2010 - 07:16 AM

Hi.

Please help me, my computer is going a bit mad.

Many thanks in advance,

Anna-Liisa

Here's my log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:06:32, on 24/03/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: Shell=Explorer.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Kpigopolo] rundll32.exe "C:\WINDOWS\aqilofos.dll",Startup
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitLord\BitLord.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 4457 bytes


BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:48 PM

Posted 24 March 2010 - 04:57 PM

Hello Anna-Liisa,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • Finally, please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
1.
Please download Malwarebytes Anti-Malware (v1.43) and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

2.
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

3.
Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.

* When done, DDS will open two (2) logs:

1. DDS.txt
2. Attach.txt

Save both reports to your desktop post the contents of the DDS.txt log. Save the other report incase I need to look at it later.

Things to include in your next reply:
MBAM log
Gmer log
DDS.txt
Attach.txt
How is your machine running now?

Edited by fireman4it, 25 March 2010 - 06:57 AM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 Anna-Liisa

Anna-Liisa
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:UK
  • Local time:05:48 PM

Posted 25 March 2010 - 08:24 AM

Hi. Thank you for the quick response!
There are the logs:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 30/06/2009 22:57:58
System Uptime: 25/03/2010 13:00:15 (0 hours ago)

Motherboard: | | 4CoreDual-SATA2
Processor: Intel® Core™2 Duo CPU E4500 @ 2.20GHz | CPUSocket | 2209/200mhz
Processor: Intel® Core™2 Duo CPU E4500 @ 2.20GHz | CPUSocket | 2209/200mhz

==== Disk Partitions =========================





Malwarebytes' Anti-Malware 1.44
Database version: 3910
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

25/03/2010 07:43:03
mbam-log-2010-03-25 (07-43-00).txt

Scan type: Quick Scan
Objects scanned: 121169
Time elapsed: 3 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\srvc132.dll (Trojan.Hiloti) -> No action taken.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: srvc132.dll -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\srvc132.dll (Trojan.Vundo.H) -> No action taken.

















GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-25 12:54:59
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\poopy\LOCALS~1\Temp\pxtdqpob.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwAssignProcessToJobObject [0xF4344D82]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwCreateFile [0xF434548E]
SSDT sptd.sys ZwCreateKey [0xF737D0D0]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwDeleteFile [0xF43455DA]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwDeleteKey [0xF4348D54]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwDeleteValueKey [0xF4348D86]
SSDT sptd.sys ZwEnumerateKey [0xF7382FB2]
SSDT sptd.sys ZwEnumerateValueKey [0xF7383340]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwOpenFile [0xF434553E]
SSDT sptd.sys ZwOpenKey [0xF737D0B0]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwOpenProcess [0xF4344EC6]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwOpenThread [0xF43450B8]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwProtectVirtualMemory [0xF43451EA]
SSDT sptd.sys ZwQueryKey [0xF7383418]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwQueryValueKey [0xF4348E5E]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwRenameKey [0xF4348DC8]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwReplaceKey [0xF4348DFA]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwRestoreKey [0xF4348E2C]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwSetContextThread [0xF4344D30]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwSetInformationFile [0xF434563A]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwSetValueKey [0xF4348CEC]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwSuspendThread [0xF4344CD4]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwTerminateProcess [0xF4344C30]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwTerminateThread [0xF4344C78]

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwYieldExecution + 29A 804E4AF4 4 Bytes JMP 7DF43451
? wpukh.sys The system cannot find the file specified. !
? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF5F6B360, 0x1DEE5D, 0xE8000020]
.text USBPORT.SYS!DllUnload F5F1162C 5 Bytes JMP 899105B0
? System32\Drivers\ak6ijtc9.SYS The system cannot find the path specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1188] ntdll.dll!KiUserApcDispatcher 7C90E450 5 Bytes JMP 00412220 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (RapportMgmtService/Trusteer Ltd.)
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1188] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 716B001E
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1188] USER32.dll!EnumClipboardFormats + 213 77D6DC84 6 Bytes JMP 716E001E
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1188] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 71650022
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1188] WS2_32.dll!gethostbyname 71AB4FD4 5 Bytes JMP 71680022
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[2420] ntdll.dll!KiUserApcDispatcher 7C90E450 5 Bytes JMP 004394A0 C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (RapportService/Trusteer Ltd.)
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[2420] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 716B001E
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[2420] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 71680022
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[2420] WS2_32.dll!gethostbyname 71AB4FD4 5 Bytes JMP 716E0022
.text C:\Program Files\Mozilla Firefox\firefox.exe[3900] ntdll.dll!KiUserApcDispatcher 7C90E450 5 Bytes JMP 01366060 c:\program files\trusteer\rapport\bin\rooksdol.dll (Rooks/Dolomite/Trusteer Ltd.)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3900] ntdll.dll!LdrLoadDll + 1 7C915CBC 5 Bytes [22, 00, 68, 71, C3]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3900] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 716C000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3900] kernel32.dll!SetUnhandledExceptionFilter 7C810386 6 Bytes PUSH 71520022; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[3900] USER32.dll!TranslateMessage 77D48BCE 6 Bytes PUSH 71430022; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[3900] USER32.dll!GetMessageW 77D491A3 6 Bytes PUSH 71490022; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[3900] USER32.dll!RegisterClassExW 77D4AE29 6 Bytes PUSH 716E0022; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[3900] USER32.dll!GetWindowRect 77D4B57C 6 Bytes PUSH 71460022; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[3900] USER32.dll!DdeInitializeW 77D681FA 6 Bytes PUSH 714F0022; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[3900] USER32.dll!GetClipboardData 77D6FCB2 6 Bytes PUSH 714C0022; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[3900] GDI32.dll!BitBlt 77F16F79 6 Bytes PUSH 71550022; RET

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!IoConnectInterrupt] [F739406C] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F7394018] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F73B69AE] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F739406C] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F737DAD4] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F737DC1A] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F737DB9C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F737E748] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F737E61E] sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F739329A] sptd.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 89BA91E8
Device \FileSystem\Fastfat \FatCdrom 8979C500
Device \Driver\usbuhci \Device\USBPDO-0 8990F790
Device \Driver\dmio \Device\DmControl\DmIoDaemon 89C1D1E8
Device \Driver\dmio \Device\DmControl\DmConfig 89C1D1E8
Device \Driver\dmio \Device\DmControl\DmPnP 89C1D1E8
Device \Driver\dmio \Device\DmControl\DmInfo 89C1D1E8
Device \Driver\usbuhci \Device\USBPDO-1 8990F790
Device \Driver\PCI_NTPNP6030 \Device\00000045 sptd.sys
Device \Driver\usbuhci \Device\USBPDO-2 8990F790
Device \Driver\usbuhci \Device\USBPDO-3 8990F790
Device \Driver\usbehci \Device\USBPDO-4 899AD1E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 89BAB1E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 89BAB1E8
Device \Driver\Cdrom \Device\CdRom0 89C1B1E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 89BAB1E8
Device \Driver\Cdrom \Device\CdRom1 89C1B1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 89BAA1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-1b 89BAA1E8
Device \Driver\atapi \Device\Ide\IdePort0 89BAA1E8
Device \Driver\atapi \Device\Ide\IdePort1 89BAA1E8
Device \Driver\atapi \Device\Ide\IdePort2 89BAA1E8
Device \Driver\atapi \Device\Ide\IdePort3 89BAA1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-10 89BAA1E8
Device \Driver\Cdrom \Device\CdRom2 89C1B1E8
Device \Driver\USBSTOR \Device\00000080 8987E1E8
Device \Driver\NetBT \Device\NetBt_Wins_Export 898443D0
Device \Driver\NetBT \Device\NetbiosSmb 898443D0
Device \Driver\usbuhci \Device\USBFDO-0 8990F790
Device \Driver\usbuhci \Device\USBFDO-1 8990F790
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8975F2C8
Device \Driver\usbuhci \Device\USBFDO-2 8990F790
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8975F2C8
Device \Driver\USBSTOR \Device\0000007c 8987E1E8
Device \Driver\usbuhci \Device\USBFDO-3 8990F790
Device \Driver\usbehci \Device\USBFDO-4 899AD1E8
Device \Driver\Ftdisk \Device\FtControl 89BAB1E8
Device \Driver\USBSTOR \Device\0000007f 8987E1E8
Device \Driver\ak6ijtc9 \Device\Scsi\ak6ijtc91Port4Path0Target0Lun0 899831E8
Device \Driver\ak6ijtc9 \Device\Scsi\ak6ijtc91 899831E8
Device \FileSystem\Fastfat \Fat 8979C500
Device \FileSystem\Cdfs \Cdfs 8975D790

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xDE 0x6A 0x44 0x98 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF2 0xD7 0x9D 0x57 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x10 0x41 0x8D 0x82 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xDE 0x6A 0x44 0x98 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF2 0xD7 0x9D 0x57 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x10 0x41 0x8D 0x82 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e28eb4ee-94cb-11de-9d38-001966314812}\shell
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e28eb4ee-94cb-11de-9d38-001966314812}\shell@ None
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e28eb4ee-94cb-11de-9d38-001966314812}\shell\Autoplay
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e28eb4ee-94cb-11de-9d38-001966314812}\shell\Autoplay@MUIVerb @shell32.dll,-8504
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e28eb4ee-94cb-11de-9d38-001966314812}\shell\Autoplay\DropTarget
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e28eb4ee-94cb-11de-9d38-001966314812}\shell\Autoplay\DropTarget@CLSID {f26a669a-bcbb-4e37-abf9-7325da15f931}

---- EOF - GMER 1.0.15 ----











A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 0.463 GiB free.
E: is FIXED (NTFS) - 77 GiB total, 4.369 GiB free.
F: is CDROM (CDFS)
G: is CDROM ()
I: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: VIA Compatable Fast Ethernet Adapter
Device ID: PCI\VEN_1106&DEV_3065&SUBSYS_30651849&REV_7C\3&267A616A&0&90
Manufacturer: VIA Technologies, Inc.
Name: VIA Compatable Fast Ethernet Adapter
PNP Device ID: PCI\VEN_1106&DEV_3065&SUBSYS_30651849&REV_7C\3&267A616A&0&90
Service: FETNDIS

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\700460A4C01
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\700460A4C01
Service: NIC1394

==== System Restore Points ===================

RP39: 21/03/2010 13:20:22 - Removed Nokia Connectivity Cable Driver
RP40: 21/03/2010 13:23:03 - Removed Nokia Software Updater.
RP41: 21/03/2010 13:24:13 - Removed Autodesk Mudbox 2010 .
RP42: 22/03/2010 13:48:14 - System Checkpoint
RP43: 23/03/2010 14:45:15 - System Checkpoint
RP44: 23/03/2010 17:41:57 - Installed Rapport
RP45: 24/03/2010 06:38:24 - Software Distribution Service 3.0
RP46: 24/03/2010 06:43:51 - Software Distribution Service 3.0
RP47: 24/03/2010 16:13:25 - Software Distribution Service 3.0
RP48: 25/03/2010 03:00:22 - Software Distribution Service 3.0

==== Installed Programs ======================

"Nero SoundTrax Help
AAC Decoder
Acrobat.com
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CS4 American English Speech Analysis Models
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe Dynamiclink Support
Adobe Encore CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Encoder CS4 Dolby
Adobe Media Encoder CS4 Exporter
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe OnLocation CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Premiere Pro CS4
Adobe Premiere Pro CS4 Functional Content
Adobe Premiere Pro CS4 Third Party Content
Adobe Reader 9.1
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Advertising Center
AKME FFmpeg 0.7.9
Apple Software Update
Auto Gordian Knot 2.55
AutoUpdate
AVI to MPEG Converter
AviSynth 2.5
BitLord 1.1
CCleaner (remove only)
CDDRV_Installer
Connect
Cool Edit Pro 2.1
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
DolbyFiles
Facebook Plug-In
H.264 Decoder
Handbrake 0.9.4
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB979306)
ImagXpress
Java™ 6 Update 15
K-Lite Codec Pack 5.1.0 (Standard)
KhalInstallWrapper
kuler
Last.fm 1.5.4.24567
Logitech SetPoint
Malwarebytes' Anti-Malware
Menu Templates - Starter Kit
Microsoft .NET Framework 2.0
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Visual C++ 2005 Redistributable
MKV Splitter
Movie Templates - Starter Kit
Mozilla Firefox (3.5.8)
MSVC80_x86_v2
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Nero 9
Nero BurningROM
Nero BurnRights
Nero ControlCenter
Nero CoverDesigner
Nero CoverDesigner Help
Nero Disc Copy Gadget
Nero Disc Copy Gadget Help
Nero DiscSpeed
Nero DriveSpeed
Nero Express
Nero InfoTool
Nero Installer
Nero PhotoSnap
Nero PhotoSnap Help
Nero Recode
Nero Recode Help
Nero Rescue Agent
Nero RescueAgent Help
Nero ShowTime
Nero StartSmart
Nero StartSmart Help
Nero Vision
Nero WaveEditor
Nero WaveEditor Help
NeroBurningROM
NeroExpress
neroxml
Nokia Connectivity Cable Driver
NVIDIA Drivers
OMP Index Reference Increment
PC Connectivity Solution
PDF Settings CS4
PeerGuardian 2.0
Photoshop Camera Raw
Platform
QuickTime
Rapport
Readon TV Movie Radio Player 5.9.0.0
Realtek High Definition Audio Driver
Replay Media Catcher 3.01
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
Segoe UI
SmartFTP Client
SmartFTP Client 4.0 Setup Files (remove only)
Sony Sound Forge 8.0
SoulSeek 157 NS 13e
SoundTrax
Spybot - Search & Destroy
Suite Shared Configuration CS4
Update for Windows XP (KB898461)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB978207)
VC80CRTRedist - 8.0.50727.4053
VIA Platform Device Manager
VLC media player 0.9.9
VobSub v2.23 (Remove Only)
WebFldrs XP
Winamp
WinAVI MP4 Converter
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Installer 3.1 (KB893803)
Windows Installer Clean Up
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format Runtime
WinRAR archiver
XviD MPEG4 Video Codec (remove only)

==== Event Viewer Messages From Past Week ========

24/03/2010 06:34:29, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Nero BackItUp Scheduler 4.0 service to connect.
24/03/2010 06:34:29, error: Service Control Manager [7000] - The Nero BackItUp Scheduler 4.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
21/03/2010 13:12:18, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000007F' while processing the file 'app-config.cfg' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.

==== End Of File ===========================











DDS (Ver_10-03-17.01) - NTFSx86
Run by poopy at 13:01:11.57 on 25/03/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.2047.1683 [GMT 0:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\poopy\My Documents\Downloads\dds.scr
C:\WINDOWS\system32\rundll32.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
mWinlogon: Shell=Explorer.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [PeerGuardian] c:\program files\peerguardian2\pg2.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [BitComet] "c:\program files\bitlord\BitLord.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\poopy\applic~1\mozilla\firefox\profiles\h3y7lxxk.default\
FF - prefs.js: browser.startup.homepage - www.google.co.uk
FF - plugin: c:\documents and settings\poopy\application data\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\poopy\application data\facebook\npfbplugin_1_0_3.dll
FF - HiddenExtension: XULRunner: {A8701F83-286E-48F8-B565-39438D206721} - c:\documents and settings\poopy\local settings\application data\{A8701F83-286E-48F8-B565-39438D206721}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 RapportKELL;RapportKELL;c:\program files\trusteer\rapport\bin\RapportKELL.sys [2010-3-15 58984]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-3-15 116328]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-7-24 10384]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2010-3-15 779496]

=============== Created Last 30 ================

2010-03-25 03:05:06 0 d-----w- c:\windows\system32\KB905474
2010-03-24 23:28:03 0 d-----w- c:\windows\system32\CatRoot_bak
2010-03-24 23:16:56 0 d-----w- c:\docume~1\poopy\applic~1\Malwarebytes
2010-03-24 23:16:52 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-24 23:16:51 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-24 23:16:51 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-24 23:16:51 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-03-24 21:59:55 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-03-24 21:59:55 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-03-24 21:58:56 293376 ------w- c:\windows\system32\browserchoice.exe
2010-03-24 21:25:57 453760 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-03-24 12:05:09 0 d-----w- c:\program files\Trend Micro
2010-03-24 07:38:37 86 ----a-w- c:\windows\wininit.ini
2010-03-24 07:03:15 2180352 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-03-24 07:03:14 2015744 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-03-24 07:03:13 2057728 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-03-24 07:03:12 2136064 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-03-24 06:44:48 0 d-----w- c:\program files\MSXML 4.0
2010-03-24 06:38:30 0 d-----w- c:\windows\system32\PreInstall
2010-03-24 06:38:28 0 d--h--w- c:\windows\$hf_mig$
2010-03-23 23:34:46 0 d-----w- c:\windows\system32\SoftwareDistribution
2010-03-23 20:24:15 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-03-21 13:25:50 7936 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2010-03-21 13:25:49 7936 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2010-03-21 13:25:49 660480 ----a-w- c:\windows\system32\nmwcdcocls.dll
2010-03-21 13:25:49 22016 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2010-03-21 13:25:49 17664 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2010-03-21 13:25:49 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
2010-03-21 13:25:28 0 d-----w- c:\windows\SxsCaPendDel
2010-03-21 13:19:47 25600 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2010-03-21 13:19:47 25600 ----a-w- c:\windows\system32\drivers\usbser.sys
2010-03-21 13:14:44 0 d-----w- c:\docume~1\alluse~1\applic~1\Nokia
2010-03-21 13:12:52 0 d-----w- c:\program files\PC Connectivity Solution
2010-03-21 13:11:05 0 d-----w- c:\program files\MSXML 6.0
2010-03-21 13:06:46 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-03-21 13:06:46 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2010-03-21 13:06:40 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2010-03-21 13:05:02 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-03-21 13:04:44 91136 ----a-w- c:\windows\system32\nmwcdcls.dll
2010-03-21 13:04:43 0 d-----w- c:\program files\Nokia
2010-03-16 17:59:21 0 d-----w- c:\program files\SmartFTP Client
2010-03-16 17:59:02 0 d-----w- c:\program files\SmartFTP Client 4.0 Setup Files

==================== Find3M ====================

2010-01-11 15:14:28 323584 ----a-w- c:\windows\system32\AUDIOGENIE2.DLL
2010-01-11 02:08:44 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll
2010-01-11 02:08:44 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe

============= FINISH: 13:01:48.10 ===============




Computer is still slow and slightly mad. sad.gif

Many thanks in advance,
Anna-Liisa






#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:48 PM

Posted 25 March 2010 - 03:11 PM

Hello,

QUOTE
Computer is still slow and slightly mad. sad.gif

Many thanks in advance,
Anna-Liisa

Can you tell me exactly what you mean by this. I need to know what your machine is doing.

1.
We need to disable Spybot S&D's "TeaTimer"
TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.
  1. Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  2. If prompted with a legal dialog, accept the warning.
  3. Click and then on "Advanced Mode"
  4. You may be presented with a warning dialog. If so, press
  5. Click on
  6. Click on
  7. Uncheck this checkbox:
  8. Close/Exit Spybot Search and Destroy


2.
I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push
Note for Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

You can refer to this short video by: neomage
**Note**
To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan.

3.
Please run a BitDefender Online Scan
  • Click I Agree to agree to the EULA.
  • Allow the ActiveX control to install when prompted.
  • Click Click here to scan to begin the scan.
  • Please refrain from using the computer until the scan is finished. This might take a while to run, but it is important that nothing else is running while you scan.
  • When the scan is finished, click on Click here to export the scan results.
  • Save the report to your desktop so you can post it in your next reply.


Things to include in your next reply:
What is wrong with your machine? A detailed descriptions please.
Eset log
Bitdefender log



" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 Anna-Liisa

Anna-Liisa
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:UK
  • Local time:05:48 PM

Posted 26 March 2010 - 04:53 AM

Hi,

Sorry abut the teatimer i thought i didn't install it...it was unchecked but the other sd helper was.

So what is wrong....

Mouse flickers all the time like it's loading something.
Windows started to update itself and wanting to reboot all ther time.
(I never had uptades before) I disabled the updates again.
Said that some disk is missing.
(it had disconnected one of my externals. i unplugged it for a bit now it works again)
Firefox stopped working. I open it and it comes up for a couple of seconds and then closes.
Had to reboot now it's working again.

Here are the scan results:



QuickScan Beta 32-bit v0.9.9.12
-------------------------------

Scan date: Fri Mar 26 09:48:12 2010
Machine ID: B8FDA967



No infection found.
---------------------



Processes
---------
<verified> Firefox 2712 C:\Program Files\Mozilla Firefox\firefox.exe
<verified> Java™ Platform SE 6 U15 764 C:\Program Files\Java\jre6\bin\jqs.exe
<verified> Messenger 224 C:\Program Files\Messenger\msmsgs.exe
<verified> Microsoft® Windows® Operating System 1976 C:\WINDOWS\Explorer.exe
<verified> Microsoft® Windows® Operating System 1880 C:\WINDOWS\System32\alg.exe
<verified> Microsoft® Windows® Operating System 760 C:\WINDOWS\system32\csrss.exe
<verified> Microsoft® Windows® Operating System 840 C:\WINDOWS\system32\lsass.exe
<verified> Microsoft® Windows® Operating System 828 C:\WINDOWS\system32\services.exe
<verified> Microsoft® Windows® Operating System 704 C:\WINDOWS\System32\smss.exe
<verified> Microsoft® Windows® Operating System 1620 C:\WINDOWS\system32\spoolsv.exe
<verified> Microsoft® Windows® Operating System 480 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1012 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1080 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1248 C:\WINDOWS\System32\svchost.exe
<verified> Microsoft® Windows® Operating System 1296 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1372 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1464 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 756 C:\WINDOWS\system32\wbem\wmiprvse.exe
<verified> Microsoft® Windows® Operating System 1516 C:\WINDOWS\system32\wdfmgr.exe
<verified> Microsoft® Windows® Operating System 784 C:\WINDOWS\system32\winlogon.exe
<verified> Microsoft® Windows® Operating System 1928 C:\WINDOWS\system32\wscntfy.exe
<verified> Microsoft® Windows® Operating System 1748 C:\WINDOWS\system32\wuauclt.exe
<verified> Nero BackItUp 888 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
<verified> NVIDIA Driver Helper Service, Version 7 1164 C:\WINDOWS\system32\nvsvc32.exe
<verified> Rapport 1176 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
<verified> Rapport 2080 C:\Program Files\Trusteer\Rapport\bin\RapportService.exe


Network activity
----------------
Process firefox.exe (2712) connected on port 80 (HTTP) - ds160.xs4all.nl
Process firefox.exe (2712) connected on port 80 (HTTP) - a88-221-181-115.deploy.akamaitechnologies.com
Process firefox.exe (2712) connected on port 80 (HTTP) - *.122.2o7.net
Process firefox.exe (2712) connected on port 80 (HTTP) - wy-in-f139.1e100.net

Process svchost.exe (1080) listens on ports: 135 (RPC)


Autoruns and critical files
---------------------------
<unsigned> Freecom Hard Drive Protection I:\password.exe

<verified> Apple Software Update C:\Program Files\Apple Software Update\SoftwareUpdate.exe
<verified> BitLord C:\Program Files\BitLord\BitLord.exe
<verified> Logitech SetPoint C:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
<verified> Messenger C:\Program Files\Messenger\msmsgs.exe
<verified> Microsoft Genuine Advantage C:\WINDOWS\system32\KB905474\wgasetup.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\browseui.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\crypt32.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\cscdll.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\shell32.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll
<verified> Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\webcheck.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\wlnotify.dll
<verified> NVIDIA Compatible Windows 2000 Display C:\WINDOWS\system32\NvCpl.dll
<verified> NVIDIA Media Center Library C:\WINDOWS\system32\NvMcTray.dll
<verified> PeerGuardian 2 C:\Program Files\PeerGuardian2\pg2.exe


Browser plugins
---------------
<unsigned> Java™ Platform SE 6 U15 c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
<unsigned> QuickTime Plug-in 7.6.2 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
<unsigned> QuickTime Plug-in 7.6.2 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
<unsigned> QuickTime Plug-in 7.6.2 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
<unsigned> QuickTime Plug-in 7.6.2 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
<unsigned> QuickTime Plug-in 7.6.2 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
<unsigned> QuickTime Plug-in 7.6.2 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
<unsigned> QuickTime Plug-in 7.6.2 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
<unsigned> QuickTime Plug-in 7.6.2 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
<unsigned> QuickTime Plug-in 7.6.2 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
<unsigned> QuickTime Plug-in 7.6.2 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
<unsigned> QuickTime Plug-in 7.6.2 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
<unsigned> QuickTime Plug-in 7.6.2 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
<unsigned> QuickTime Plug-in 7.6.2 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
<unsigned> QuickTime Plug-in 7.6.2 C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

<verified> AcroIEHelperShim Library c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
<verified> Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
<verified> Adobe Acrobat C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
<verified> Adobe® Flash® Player ActiveX C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
<verified> BitDefender QuickScan C:\Documents and Settings\poopy\Application Data\Mozilla\Firefox\Profiles\h3y7lxxk.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
<verified> BitDefender QuickScan C:\Documents and Settings\poopy\Application Data\Mozilla\Firefox\Profiles\h3y7lxxk.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
<verified> DivX Player Netscape Plugin C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll
<verified> DivX Player Netscape Plugin C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
<verified> DivX Web Player C:\Program Files\DivX\DivX Web Player\npdivx32.dll
<verified> DivX Web Player C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
<verified> Java Deployment Toolkit 6.0.150.3 C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
<verified> Java™ Platform SE 6 U15 c:\program files\java\jre6\bin\jp2ssv.dll
<verified> Messenger C:\Program Files\Messenger\msmsgs.exe
<verified> Microsoft® Windows Live Login Helper c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\shdocvw.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\winrnr.dll
<verified> Mozilla Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
<verified> NPSWF32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
<verified> The OpenSSL Toolkit C:\Program Files\Mozilla Firefox\plugins\libdivx.dll
<verified> The OpenSSL Toolkit C:\Program Files\Mozilla Firefox\plugins\ssldivx.dll


Scan
----
<unsigned> MD5: 51bcb411ca018ed7aba582d3c3028324 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
<unsigned> MD5: 51bcb411ca018ed7aba582d3c3028324 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
<unsigned> MD5: 51bcb411ca018ed7aba582d3c3028324 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
<unsigned> MD5: 51bcb411ca018ed7aba582d3c3028324 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
<unsigned> MD5: 51bcb411ca018ed7aba582d3c3028324 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
<unsigned> MD5: 51bcb411ca018ed7aba582d3c3028324 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
<unsigned> MD5: 51bcb411ca018ed7aba582d3c3028324 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
<unsigned> MD5: 55e583817a2012fd75f1f8cf87ee760c c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
<unsigned> MD5: 1aab00ae4ffb5c72a0a06a254f80510e C:\Program Files\Mozilla Firefox\freebl3.dll
<unsigned> MD5: 39dfd2c92728fca093d5bdefe5f6e801 C:\Program Files\Mozilla Firefox\nssdbm3.dll
<unsigned> MD5: 51bcb411ca018ed7aba582d3c3028324 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
<unsigned> MD5: 51bcb411ca018ed7aba582d3c3028324 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
<unsigned> MD5: 51bcb411ca018ed7aba582d3c3028324 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
<unsigned> MD5: 51bcb411ca018ed7aba582d3c3028324 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
<unsigned> MD5: 51bcb411ca018ed7aba582d3c3028324 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
<unsigned> MD5: 51bcb411ca018ed7aba582d3c3028324 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
<unsigned> MD5: 51bcb411ca018ed7aba582d3c3028324 C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
<unsigned> MD5: 89e6d66ec90b4e8e41b55248eb7c84cb C:\Program Files\Mozilla Firefox\softokn3.dll
<unsigned> MD5: 5bf59c6bc737baaf541168e5cb2ec1d9 C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
<unsigned> MD5: e859a6a21d7ef625e0c1763b915051ce C:\Program Files\SmartFTP Client\en-US\sfShellTools.dll.mui
<unsigned> MD5: 64d06071f874220417b7e9e37ff8f13a C:\Program Files\Trusteer\Rapport\bin\js32.dll
<unsigned> MD5: e3c2adfe1b78370662f67e4aacfc829e C:\WINDOWS\system32\msls51.dll
<unsigned> MD5: a943b50acacdbb946f4c172d59b407e6 C:\WINDOWS\system32\uxtheme.dll
<unsigned> MD5: de969fa3275af04cd5c4cdc2e81ad569 I:\password.exe




ESET:


C:\WINDOWS\system32\msls51.dll a variant of Win32/Kryptik.CMD trojan
E:\peetrike\crap\bleep\outlook backup\Inbox.dbx HTML/Phishing.gen trojan


#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:48 PM

Posted 26 March 2010 - 05:15 PM

Hello,

QUOTE
Windows started to update itself and wanting to reboot all ther time.
(I never had uptades before) I disabled the updates again.


Turn Updates back on and let it update and reboot as many times as it needs to.

QUOTE
(it had disconnected one of my externals. i unplugged it for a bit now it works again)
Firefox stopped working. I open it and it comes up for a couple of seconds and then closes.
Had to reboot now it's working again.

This may be due to the fact Firefox or windows was updating. If Firefox continues to give you problems I would uninstall it and reinstall it.


I don't see much in your logs. Lets have another DDS log and update MBAM and run another scan.

1.
Please update Malwarebytes_Anti-Malware and do a Full Scan.


2.
We need to check your hard disk for errors.

To check the volume for errors:
  • Click start and then My Computer.
  • Right click the drive C and select Properties.
  • Under Tools tab press Check Now...
  • Put a check mark in both items and press start.
  • If you get a message click Yes to schedule the disk check and click OK and then restart your computer to start the disk check. Please be patient and let the system run. In some cases it might take a couple of hours and you don't have to sit there the whole time.
*NOTE: This scan could take along time to complete, but let it finish.

3.
    You may have corrupt critical system files. Let's see if we can fix that.

  • Click Start
  • Click run

  • Type in sfc /scannow in the command window and press enter.

  • Note the space between the c and the /

  • If any files require replacing SFC will replace them. You may be asked to insert your Windows XP CD for this process to continue. This can be done with a borrowed CD if you don't have one.

  • Be patient because the scan may take some time.

  • Allow the scan to run and when completed, reboot the system.

4.
Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.

* When done, DDS will open two (2) logs:

1. DDS.txt
2. Attach.txt

Save both reports to your desktop post the contents of the DDS.txt log. Save the other report incase I need to look at it later.

Things to include in your next reply:
MBAM log
DDS.txt
Attach.txt
How is your machine running now?






" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:48 PM

Posted 28 March 2010 - 02:45 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 1-2 days the topic will need to be closed.

Thanks for understanding smile.gif

With Regards,
fireman4it

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#8 Anna-Liisa

Anna-Liisa
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:UK
  • Local time:05:48 PM

Posted 31 March 2010 - 02:03 PM

Oh hello...Sorry I've been away, but i think it's fixed now...everything is back to normal and scans didn't come up with anything!!!!

Thank you so very very much for all your help!

Kindest regards,

Anna-LIisa

#9 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:48 PM

Posted 31 March 2010 - 06:30 PM

This thread will now be closed since the issue seems to be resolved.

If you need this topic reopened, please send a Private Message to any one of the moderating team member or myself. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users