Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Dealing with atapi.sys problem / recently removed Vundo & others


  • This topic is locked This topic is locked
2 replies to this topic

#1 jsulliv6

jsulliv6

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:56 AM

Posted 09 April 2010 - 05:26 PM

Not too long ago I was dealing with a virus that prevented me from opening and updating MBAM. I was able to restore function by downloading a renamed MBAM.exe and running in safe mode. If memory serves, I was able to identify and remove Vundo using MBAM, and subsequent runs with MBAM, SUPERAntiSpyware and AVG identified and removed more files related to Vundo, Trojan.Agent Gen-Nullo[short], Security.Hijack, Disabled.SecurityCenter, Hijack.StarMenuInternet, SHeur3.Dey, and Trojan.Dropper.

Recently, however, Firefox has been locking up and I would get occasional Google search redirects to the typical spam websites. I work from home on my own computer, so you can see how this would be annoying. I didn't have any trouble running any programs, but they also weren't finding anything significant wrong.

I updated my FF AdBlock and for some reason this seems to have helped, as FF is useable again. However, now Chrome won't work at all - it'll open, but it won't load any pages and I'll have to kill it after a little delay. I've gone through the uninstall/reinstall process a few times, and no dice.

I'm here now because I'm convinced I'm still dealing with some sort of infection, and my suspicions have only been confirmed by the fact that running GMER causes my computer to lock up, forcing a manual restart. However, while I can't attach any GMER log, I can say that when I open GMER, I see an atapi.sys suspicious modification at the bottom of the list in the window. This seems to be a common and dreadful problem, which is why I'm asking for help. What can be done about a potentially corrupted atapi.sys?

Thank you very much in advance for anything you can do.

-----------------------

DDS (Ver_10-03-17.01) - NTFSx86
Run by Jeffrey Sullivan at 14:36:38.75 on Fri 04/09/2010
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.441 [GMT -7:00]

AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\igfxsrvc.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Documents and Settings\Jeffrey Sullivan\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page =
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe
uRun: [Google Update] "c:\documents and settings\jeffrey sullivan\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} - hxxp://simcity.ea.com/play/classic/SimCityX.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CB97291A-6603-466A-AA11-80C2EB74CB10} - hxxps://install.cox.net/CoxSelfInstall/CoxSelfInstallAx10.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jeffre~1\applic~1\mozilla\firefox\profiles\fnl4pili.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://us.f324.mail.yahoo.com/ym/login?.rand=66sbvklvhjofj
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q=
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\jeffrey sullivan\application data\neulion\adaptiveplugin\npadaptiveplugin_1_6_5_7131.dll
FF - plugin: c:\documents and settings\jeffrey sullivan\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [2010-4-4 25096]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-4-4 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-4-4 216200]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-4-4 29512]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-4-4 242696]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2006-12-4 214664]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632]
R2 avg9emc;AVG E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-4-4 916760]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-4-4 308064]
R2 avgfws9;AVG Firewall;c:\program files\avg\avg9\avgfws9.exe [2010-4-4 2325816]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2010-4-4 5888008]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-9-26 189736]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-4-4 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSDriver.sys [2010-4-4 122376]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSFilter.sys [2010-4-4 30216]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSShim.sys [2010-4-4 26120]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-4-4 30104]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2006-12-4 79816]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2006-12-4 35272]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2006-12-4 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2006-12-4 40552]
S3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [2010-4-5 35816]
S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [2010-4-5 24416]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]

=============== Created Last 30 ================

2010-04-09 21:31:43 20 ----a-w- c:\documents and settings\jeffrey sullivan\defogger_reenable
2010-04-09 19:40:07 50028 ----a-w- C:\ATAPI.SY_
2010-04-09 12:48:58 96512 ----a-w- C:\atapi.sys
2010-04-09 12:48:58 96512 ------w- c:\windows\system32\drivers\atapi.sys
2010-04-09 06:13:59 0 d-sha-r- C:\cmdcons
2010-04-09 06:11:02 77312 ----a-w- c:\windows\MBR.exe
2010-04-09 05:47:11 98816 ----a-w- c:\windows\sed.exe
2010-04-09 05:47:11 261632 ----a-w- c:\windows\PEV.exe
2010-04-09 05:47:11 161792 ----a-w- c:\windows\SWREG.exe
2010-04-09 05:34:07 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-04-09 05:34:06 0 d-----w- c:\docume~1\jeffre~1\applic~1\AVG9
2010-04-09 04:48:53 0 d-----w- C:\_OTL
2010-04-09 03:54:53 20 ----a-w- c:\windows\system32\SYSTEM
2010-04-08 21:47:26 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-08 21:47:23 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-08 21:47:23 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-07 08:26:58 1581008 ----a-w- C:\ByrnesWrong_reduced.gif
2010-04-07 08:26:40 3546601 ----a-w- C:\ByrnesWrong.gif
2010-04-07 01:03:09 2486208 ----a-w- C:\Ballard3_reduced.gif
2010-04-07 01:02:40 5663186 ----a-w- C:\Ballard3.gif
2010-04-07 00:46:59 4637755 ----a-w- C:\Ballard2_reduced.gif
2010-04-07 00:46:16 11563535 ----a-w- C:\Ballard2.gif
2010-04-06 22:20:35 0 d-----w- c:\program files\CallBurner
2010-04-06 21:15:36 3363857 ----a-w- C:\BartonOut_reduced.gif
2010-04-06 21:15:04 7521999 ----a-w- C:\BartonOut.gif
2010-04-05 19:52:47 1960918 ----a-w- C:\BuehrleToss_reduced.gif
2010-04-05 19:52:20 5034269 ----a-w- C:\BuehrleToss.gif
2010-04-05 07:56:24 24416 ----a-w- c:\windows\system32\drivers\regguard.sys
2010-04-05 07:55:16 0 d-----w- c:\program files\TrendMicro
2010-04-05 07:51:17 2 --shatr- c:\windows\winstart.bat
2010-04-05 07:51:03 37600 ----a-w- c:\windows\system32\Partizan.exe
2010-04-05 07:51:03 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys
2010-04-05 07:50:50 12752 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
2010-04-05 07:50:44 0 d-----w- c:\program files\UnHackMe
2010-04-05 06:08:35 0 d-----w- C:\Malwarebytes' Anti-Malware
2010-04-05 05:33:51 0 d-----w- C:\$AVG
2010-04-05 05:15:14 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-04-05 05:15:04 0 d-----w- c:\windows\system32\drivers\Avg
2010-04-05 05:13:11 25096 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2010-04-05 05:13:10 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-04-05 05:13:07 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-05 05:13:05 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-04-05 05:10:01 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2010-04-05 04:54:52 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2010-04-05 04:54:52 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2010-04-05 04:53:06 0 d-----w- c:\program files\AVG
2010-03-28 01:37:26 2514875 ----a-w- C:\SuttonAtrain2_reduced.gif
2010-03-28 01:36:56 5879848 ----a-w- C:\SuttonAtrain2.gif
2010-03-28 01:28:41 2294229 ----a-w- C:\SuttonAtrain_reduced.gif
2010-03-28 01:28:24 5304785 ----a-w- C:\SuttonAtrain.gif
2010-03-27 02:13:41 3512681 ----a-w- C:\AlfredssonGoal_reduced.gif
2010-03-27 02:13:27 8282385 ----a-w- C:\AlfredssonGoal.gif
2010-03-27 01:09:56 1987783 ----a-w- C:\Gaustad_reduced.gif
2010-03-27 01:09:42 4689015 ----a-w- C:\Gaustad.gif
2010-03-25 23:02:14 0 d-----w- c:\program files\Audacity
2010-03-24 17:42:57 10479994 ----a-w- C:\Carcillo1_reduced.gif
2010-03-24 17:42:17 24164126 ----a-w- C:\Carcillo1.gif
2010-03-24 02:43:32 6143924 ----a-w- C:\IchiroCatch_reduced.gif
2010-03-24 02:42:21 14011909 ----a-w- C:\IchiroCatch.gif
2010-03-18 06:43:00 6520855 ----a-w- C:\BradleyTossed2_reduced.gif
2010-03-18 06:42:34 18093038 ----a-w- C:\BradleyTossed2.gif
2010-03-18 06:28:06 5795570 ----a-w- C:\BradleyTossed_reduced.gif
2010-03-18 06:27:24 19457718 ----a-w- C:\BradleyTossed.gif
2010-03-11 01:55:36 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-03-11 00:41:26 1031435 ----a-w- C:\Dominguez_reduced.gif
2010-03-11 00:41:12 2846974 ----a-w- C:\Dominguez.gif

==================== Find3M ====================

2010-03-12 21:33:01 59364 ---ha-w- c:\windows\system32\mlfcache.dat
2010-03-10 13:18:21 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2010-03-10 13:18:20 70656 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-03-09 23:03:51 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-23 05:20:02 634648 ------w- c:\windows\system32\dllcache\iexplore.exe
2010-02-23 05:18:28 161792 ----a-w- c:\windows\system32\dllcache\ieakui.dll
2007-05-31 22:09:17 80 --sh--r- c:\windows\system32\8024A197F1.dll
2008-05-07 00:12:00 88 --sh--r- c:\windows\system32\B43FA22CE6.sys
2008-05-07 00:12:38 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys
2008-09-26 05:35:37 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092520080926\index.dat

============= FINISH: 14:38:49.18 ===============

Attached Files


Edited by jsulliv6, 09 April 2010 - 05:29 PM.


BC AdBot (Login to Remove)

 


#2 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:56 AM

Posted 12 April 2010 - 09:03 PM

Hi,

My name is Extremeboy (or EB for short), and I will be helping you with your log. I apologize for the delay.

If you still require assistance we would like to see the current condition of your system so please post a new set of DDS Logs as well as a GMER log and a description of any remaining problems or symptoms you may still have please.

If for any reason you did not post a DDS log or GMER log please refer to this page and in step #6 and Step #7 and Step #8 for further instructions on downloading and running DDS & GMER. If you have any problems when running the tools or unable to produce a report for any reason, just let me know in your next reply.


For your next reply I would like to see:
-The DDS logs
---DDS.txt and Attach logs
-GMER log
-Description of any remaining problems you may still have.


With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#3 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:56 AM

Posted 18 April 2010 - 01:53 PM

Hello.

Due to Lack of feedback, this topic is now Closed

If you need this topic reopened, please Send Me a Message. In your message please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users