Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtumundo ony on one account?


  • This topic is locked This topic is locked
72 replies to this topic

#1 lunchroompirate

lunchroompirate

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:09:27 AM

Posted 14 September 2010 - 10:04 AM

Hey there, yesterday I was downloading music off of a blogspot, usually I never have any trouble with blogspots, but I guess i ran into a virus. Some fake virus scanner came up. I closed it and now on my other account, I cannot access firefox. It says that firefox's proxy server has refused connection. Also when I start up my laptop, the icons take longer to load, the screen flashes black a couple of times before it finally loads.



I scanned my computer with spybot search and destroy but nothing came up except for a few tracking cookies. I did notice that spybot search and destroy spent well over 50% of the time scanning something called virtumundo. Whatever it is, it greatly slows down my computer.

To access internet, I switched to another account on my laptop. I can access internet and everything but whenever i run programs like gmer it is extremely slow and I cannot access internet. Last night I tried to run gmer and it crashed my computer, but this morning i was successful to get a scan. I preformed scans of dds on the account which i have internet access, but I do not know if the logs are the same as on my other account.

It causes both accounts to be much slower then before.


DDS (Ver_10-03-17.01) - NTFSx86
Run by thecreektree at 19:19:38.09 on Mon 09/13/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1404 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\NLSSRV32.EXE
C:\Program Files\iDumpPro\NMSAccessU.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\thecreektree\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\thecreektree\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://finance.yahoo.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: {0C37B053-FD68-456a-82E1-D788EE342E6F} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - No File
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\documents and settings\thecreektree\local settings\application data\google\update\GoogleUpdate.exe" /c
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\NPSWF32_FlashUtil.exe -p
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\eb4f~1.lnk - c:\program files\uitv\baidux\BaiduX.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: ???QQ?? - c:\program files\tencent\qq\bin\AddEmotion.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\windows\system32\ASProxy.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\thecre~1\applic~1\mozilla\firefox\profiles\ktciysdb.default\
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\ironman\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\thecreektree\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\thecreektree\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\thecreektree\local settings\application data\google\update\1.2.183.27\npGoogleOneClick8.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\windows\system32\npOGPPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-1-12 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-1-12 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-1-12 243024]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-16 308136]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2009-12-16 65856]
S3 ASProxy;ASProxy;c:\documents and settings\ironman\application data\astrill\ASProxy.exe [2010-6-16 2695168]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

============== File Associations ===============

txtfile=c:\windows\notepad.exe %1

=============== Created Last 30 ================


==================== Find3M ====================

2010-09-13 01:44:13 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-09-13 01:44:11 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-08-08 15:08:22 67660 ---ha-w- c:\windows\system32\mlfcache.dat
2010-07-16 15:07:22 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-16 15:07:20 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-16 15:06:37 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:10:44 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-06-24 12:10:44 667136 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2009-08-04 03:21:16 136 ----a-w- c:\program files\common files\jyverify.dat
2010-01-12 03:31:40 1594912 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-01-12 03:31:40 26144 --sha-w- c:\windows\system32\drivers\fidbox2.dat

============= FINISH: 19:22:04.00 ===============

Oh, I forgot to ask, is it even possible for a virus to avoid a virus scanner?

EDIT: Posts merged ~BP

Attached Files


Edited by Budapest, 14 September 2010 - 10:51 PM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:27 PM

Posted 20 September 2010 - 06:33 PM

Hi,

QUOTE
is it even possible for a virus to avoid a virus scanner?


Yes. If the scanner has not identified the virus yet.


Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#3 lunchroompirate

lunchroompirate
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:09:27 AM

Posted 23 September 2010 - 01:52 PM

Hey, along with the problems I have already had I recently just somehow obtained all these trojans. I think it is due to my lack of updates on my computer. AVG has identified these new viruses as Trojan Horse Generic 19.NWZ and some unknown virus WIN32/DH.CAFF840167. Should I just try to rid them with AVG or should I post new DDS and GMER logs?

Also when I try to run my task manager, something pops up saying that the administrator has disabled the task manager.

Edited by lunchroompirate, 23 September 2010 - 04:26 PM.


#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:27 PM

Posted 23 September 2010 - 05:07 PM

The logs don't look that bad so let's take a look for a rootkit here

Please download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log when you reply.


Then
  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\

Posted Image
m0le is a proud member of UNITE

#5 lunchroompirate

lunchroompirate
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:09:27 AM

Posted 23 September 2010 - 05:41 PM

Ok so for the trojans, I think AVG took care of them, all I did was scan and it automatically removed them and my computer is back to before the trojans. I still cannot use my task manager.

Also I noticed that the TDSS didn't detect anything, is it because I am scanning everything on my other computer account? The main account cannot access internet.


EDIT: As soon as I posted the logs and switched pages, my computer screen turned blue saying that windows has dected an error and it has shut down your computer to prevent damage

here is mds
MBRCheck, version 1.2.3
2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 141):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA0B8000 ohci1394.sys
0xBA0C8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xBA0D8000 Hookport.sys
0xBA4BC000 compbatt.sys
0xBA4C0000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA0E8000 MountMgr.sys
0xB9F49000 ftdisk.sys
0xBA330000 PartMgr.sys
0xBA0F8000 VolSnap.sys
0xB9E82000 iaStor.sys
0xB9E6A000 atapi.sys
0xBA338000 cercsr6.sys
0xB9E52000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xBA108000 disk.sys
0xBA118000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9E32000 fltmgr.sys
0xB9E20000 sr.sys
0xBA128000 PxHelp20.sys
0xB9E09000 KSecDD.sys
0xB9D7C000 Ntfs.sys
0xB9D4F000 NDIS.sys
0xB9D35000 Mup.sys
0xBA148000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xBA218000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB80B1000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xB809D000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xBA458000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB8079000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA460000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB8051000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB7F16000 \SystemRoot\system32\DRIVERS\bcmwl5.sys
0xB7EEB000 \SystemRoot\system32\DRIVERS\b57xp32.sys
0xB7ED7000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xBA228000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0xB7EC3000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0xB7E72000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0xBA238000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xBA468000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA470000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB9655000 \SystemRoot\system32\DRIVERS\imapi.sys
0xB9645000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB9635000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB7E4F000 \SystemRoot\system32\DRIVERS\ks.sys
0xBA478000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xBA560000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xBA564000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xBA568000 \SystemRoot\system32\DRIVERS\fsvga.sys
0xBA72A000 \SystemRoot\system32\DRIVERS\audstub.sys
0xB9625000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA56C000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB7E38000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xB9615000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB9605000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA480000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB7E27000 \SystemRoot\system32\DRIVERS\psched.sys
0xB95F5000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA488000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA490000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB95E5000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA5E4000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB7DC9000 \SystemRoot\system32\DRIVERS\update.sys
0xBA57C000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB8644000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA1D8000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA622000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xA537E000 \SystemRoot\system32\drivers\sthda.sys
0xA535A000 \SystemRoot\system32\drivers\portcls.sys
0xA641A000 \SystemRoot\system32\drivers\drmk.sys
0xA5326000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys
0xA5234000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
0xA5181000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xBA3E8000 \SystemRoot\System32\Drivers\Modem.SYS
0xA4DF1000 \SystemRoot\system32\DRIVERS\bdfsfltr.sys
0xBA62E000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA7B8000 \SystemRoot\System32\Drivers\Null.SYS
0xBA630000 \SystemRoot\System32\Drivers\Beep.SYS
0x9FBAA000 \SystemRoot\system32\drivers\360SelfProtection.sys
0x9C4F3000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x9C4EB000 \SystemRoot\System32\drivers\vga.sys
0xBA652000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA654000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x9C4E3000 \SystemRoot\System32\Drivers\Msfs.SYS
0x9C4DB000 \SystemRoot\System32\Drivers\Npfs.SYS
0x9CA78000 \SystemRoot\system32\DRIVERS\rasacd.sys
0x9BABA000 \SystemRoot\system32\DRIVERS\ipsec.sys
0x9BA61000 \SystemRoot\system32\DRIVERS\tcpip.sys
0x9BA27000 \SystemRoot\System32\Drivers\avgtdix.sys
0x9BA01000 \SystemRoot\system32\DRIVERS\ipnat.sys
0x9CA9C000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x9CA8C000 \SystemRoot\system32\DRIVERS\arp1394.sys
0x9B9D9000 \SystemRoot\system32\DRIVERS\netbt.sys
0x9CA5C000 \SystemRoot\System32\drivers\ws2ifsl.sys
0x9B9B7000 \SystemRoot\System32\drivers\afd.sys
0x9CA7C000 \SystemRoot\system32\DRIVERS\netbios.sys
0x9B98C000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x9C0E2000 \??\C:\WINDOWS\system32\drivers\qutmipc.sys
0x9B977000 \??\C:\WINDOWS\system32\drivers\qutmdrv.sys
0x9B907000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9C3DB000 \SystemRoot\System32\Drivers\Fips.SYS
0x9CA58000 \SystemRoot\System32\Drivers\Efimon.sys
0x9C3BB000 \??\C:\WINDOWS\system32\drivers\BAPIDRV.SYS
0x9C0DA000 \SystemRoot\System32\Drivers\avgmfx86.sys
0x9B8D3000 \SystemRoot\System32\Drivers\avgldx86.sys
0x9C1A0000 \SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS
0xA6F14000 \SystemRoot\System32\Drivers\Cdfs.SYS
0x9B80C000 \SystemRoot\System32\Drivers\dump_iastor.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0xA34E5000 \SystemRoot\System32\drivers\Dxapi.sys
0xA1F01000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0x9BE7D000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF04E000 \SystemRoot\System32\igxpdv32.DLL
0xBF1D9000 \SystemRoot\System32\igxpdx32.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0x9B7F6000 \SystemRoot\system32\DRIVERS\nwlnkipx.sys
0xA6F04000 \SystemRoot\system32\DRIVERS\nwlnknb.sys
0x9C5F3000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9B679000 \SystemRoot\system32\drivers\wdmaud.sys
0xA29EB000 \SystemRoot\system32\drivers\sysaudio.sys
0x9B4E9000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0x9B37A000 \SystemRoot\system32\DRIVERS\srv.sys
0x9B18E000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x9B1C2000 \SystemRoot\system32\DRIVERS\nwlnkspx.sys
0x9B0AA000 \??\C:\Program Files\Roland\Virtual Sound Canvas DXi\RVIEg01.sys
0x9C0EA000 \SystemRoot\system32\DRIVERS\LVPr2Mon.sys
0x9A951000 \SystemRoot\System32\Drivers\HTTP.sys
0x9A46F000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll
0x00400000 \WINDOWS\system32\ntkrnlpa.exe

Processes (total 57):
0 System Idle Process
4 System
864 C:\WINDOWS\system32\smss.exe
932 csrss.exe
968 C:\WINDOWS\system32\winlogon.exe
1012 C:\WINDOWS\system32\services.exe
1024 C:\WINDOWS\system32\lsass.exe
1180 C:\WINDOWS\system32\svchost.exe
1256 svchost.exe
1296 C:\WINDOWS\system32\svchost.exe
1484 svchost.exe
1508 svchost.exe
1524 C:\Program Files\360\360safe\deepscan\ZhuDongFangYu.exe
1748 C:\Program Files\AVG\AVG9\avgchsvx.exe
1756 C:\Program Files\AVG\AVG9\avgrsx.exe
1772 C:\WINDOWS\system32\WLTRYSVC.EXE
1852 C:\WINDOWS\system32\BCMWLTRY.EXE
1912 C:\Program Files\AVG\AVG9\avgcsrvx.exe
1964 C:\WINDOWS\system32\spoolsv.exe
1668 C:\WINDOWS\explorer.exe
564 svchost.exe
732 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
768 C:\Program Files\AVG\AVG9\avgwdsvc.exe
560 C:\Program Files\Bonjour\mDNSResponder.exe
896 C:\Program Files\Java\jre6\bin\jqs.exe
848 C:\Program Files\Dell\QuickSet\quickset.exe
936 C:\WINDOWS\system32\hkcmd.exe
1196 C:\WINDOWS\system32\igfxpers.exe
1200 C:\WINDOWS\stsystra.exe
1344 C:\WINDOWS\system32\WLTRAY.EXE
1420 C:\Program Files\iTunes\iTunesHelper.exe
1432 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
1448 C:\WINDOWS\system32\igfxsrvc.exe
1400 C:\PROGRA~1\AVG\AVG9\avgtray.exe
2172 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2212 C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
2236 C:\Program Files\Dell\MediaDirect\PCMService.exe
2252 C:\WINDOWS\system32\ctfmon.exe
2356 C:\Program Files\360\360sd\360sd.exe
2368 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
2624 C:\WINDOWS\system32\NLSSRV32.EXE
2672 C:\Program Files\iDumpPro\NMSAccessU.exe
2716 C:\Program Files\AVG\AVG9\avgnsx.exe
2796 C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe
3100 C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
3168 C:\WINDOWS\system32\svchost.exe
3252 wdfmgr.exe
3736 wmiprvse.exe
3828 C:\Program Files\iPod\bin\iPodService.exe
640 alg.exe
820 C:\Program Files\360\360safe\safemon\360tray.exe
3204 C:\WINDOWS\system32\wuauclt.exe
2876 C:\Program Files\Mozilla Firefox\firefox.exe
632 C:\Program Files\360\360sd\360rp.exe
2152 C:\Program Files\Mozilla Firefox\plugin-container.exe
2060 C:\Documents and Settings\thecreektree\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
2316 C:\Documents and Settings\thecreektree\My Documents\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02f10c00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000013`035a0e00

PhysicalDrive0 Model Number: HitachiHTS542512K9SA00, Rev: BB2OC39P

Size Device Name MBR Status
--------------------------------------------
111 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!


here is tdss

2010/09/23 18:36:01.0656 TDSS rootkit removing tool 2.4.2.1 Sep 7 2010 14:43:44
2010/09/23 18:36:01.0656 ================================================================================
2010/09/23 18:36:01.0656 SystemInfo:
2010/09/23 18:36:01.0656
2010/09/23 18:36:01.0656 OS Version: 5.1.2600 ServicePack: 3.0
2010/09/23 18:36:01.0656 Product type: Workstation
2010/09/23 18:36:01.0656 ComputerName: CREEKTREE
2010/09/23 18:36:01.0671 UserName: thecreektree
2010/09/23 18:36:01.0671 Windows directory: C:\WINDOWS
2010/09/23 18:36:01.0671 System windows directory: C:\WINDOWS
2010/09/23 18:36:01.0671 Processor architecture: Intel x86
2010/09/23 18:36:01.0671 Number of processors: 2
2010/09/23 18:36:01.0671 Page size: 0x1000
2010/09/23 18:36:01.0671 Boot type: Normal boot
2010/09/23 18:36:01.0671 ================================================================================
2010/09/23 18:36:05.0328 Initialize success
2010/09/23 18:36:22.0296 ================================================================================
2010/09/23 18:36:22.0296 Scan started
2010/09/23 18:36:22.0296 Mode: Manual;
2010/09/23 18:36:22.0296 ================================================================================
2010/09/23 18:36:23.0218 360SelfProtection (024fea9b543f28acf8cf99e2c6bab79f) C:\WINDOWS\system32\drivers\360SelfProtection.sys
2010/09/23 18:36:23.0390 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/09/23 18:36:23.0500 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/09/23 18:36:23.0640 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/09/23 18:36:23.0796 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/09/23 18:36:24.0078 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
2010/09/23 18:36:24.0218 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/09/23 18:36:24.0421 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/09/23 18:36:24.0468 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/09/23 18:36:24.0656 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/09/23 18:36:24.0734 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/09/23 18:36:24.0843 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\System32\Drivers\avgldx86.sys
2010/09/23 18:36:24.0921 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\System32\Drivers\avgmfx86.sys
2010/09/23 18:36:25.0062 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\WINDOWS\System32\Drivers\avgtdix.sys
2010/09/23 18:36:25.0156 b57w2k (74a65415dfaad20f06e7550fa9b6e012) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2010/09/23 18:36:25.0234 BAPIDRV (98c642962f6a6c2683940547302320b6) C:\WINDOWS\system32\drivers\BAPIDRV.SYS
2010/09/23 18:36:25.0437 BCM43XX (9208c78bd9283f79a30252ad954c77a2) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2010/09/23 18:36:25.0609 bdfsfltr (9b281f5f673cbc5b9ec886d59e0b4f26) C:\WINDOWS\system32\DRIVERS\bdfsfltr.sys
2010/09/23 18:36:25.0687 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/09/23 18:36:26.0078 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/09/23 18:36:26.0171 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/09/23 18:36:26.0281 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/09/23 18:36:26.0421 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/09/23 18:36:26.0500 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/09/23 18:36:26.0578 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
2010/09/23 18:36:26.0796 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/09/23 18:36:26.0921 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/09/23 18:36:27.0140 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/09/23 18:36:27.0250 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/09/23 18:36:27.0375 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/09/23 18:36:27.0453 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/09/23 18:36:27.0515 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/09/23 18:36:27.0640 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/09/23 18:36:27.0765 EfiMon (e6329a6044d78c8a54c5665aaf58d82e) C:\WINDOWS\system32\Drivers\Efimon.sys
2010/09/23 18:36:27.0953 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/09/23 18:36:28.0015 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/09/23 18:36:28.0109 FilterService (b73ec688c29f81f9da0fcf63682b3ecb) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
2010/09/23 18:36:28.0187 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/09/23 18:36:28.0312 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/09/23 18:36:28.0390 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/09/23 18:36:28.0484 FsVga (455f778ee14368468560bd7cb8c854d0) C:\WINDOWS\system32\DRIVERS\fsvga.sys
2010/09/23 18:36:28.0578 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/09/23 18:36:28.0703 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/09/23 18:36:28.0750 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/09/23 18:36:28.0828 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/09/23 18:36:28.0937 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/09/23 18:36:29.0031 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/09/23 18:36:29.0140 HookPort (042105a1c5fdb59651e8534a571fd1e1) C:\WINDOWS\system32\Drivers\Hookport.sys
2010/09/23 18:36:29.0328 HSFHWAZL (b1526810210980bed9d22315946c919d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
2010/09/23 18:36:29.0421 HSF_DPV (ddbd528e60f5961c142a490dc4ea7780) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2010/09/23 18:36:29.0609 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/09/23 18:36:29.0703 hwdatacard (8adf5ef39e896a65beded878494ee2b6) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
2010/09/23 18:36:29.0953 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/09/23 18:36:30.0328 ialm (8b998e6c0aebbaecd6da33df947695d3) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2010/09/23 18:36:30.0718 iastor (2358c53f30cb9dcd1d3843c4e2f299b2) C:\WINDOWS\system32\DRIVERS\iaStor.sys
2010/09/23 18:36:30.0828 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/09/23 18:36:31.0015 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/09/23 18:36:31.0062 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/09/23 18:36:31.0218 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/09/23 18:36:31.0250 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/09/23 18:36:31.0328 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/09/23 18:36:31.0421 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/09/23 18:36:31.0500 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/09/23 18:36:31.0562 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/09/23 18:36:31.0718 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/09/23 18:36:31.0812 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/09/23 18:36:31.0890 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/09/23 18:36:32.0062 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/09/23 18:36:32.0234 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
2010/09/23 18:36:32.0328 LVRS (37072ec9299e825f4335cc554b6fac6a) C:\WINDOWS\system32\DRIVERS\lvrs.sys
2010/09/23 18:36:32.0750 LVUVC (a240e42a7402e927a71b6e8aa4629b13) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
2010/09/23 18:36:33.0125 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/09/23 18:36:33.0218 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/09/23 18:36:33.0312 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/09/23 18:36:33.0390 motmodem (5023875a94b0766d98a62a72bc4cb055) C:\WINDOWS\system32\DRIVERS\motmodem.sys
2010/09/23 18:36:33.0484 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/09/23 18:36:33.0578 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/09/23 18:36:33.0687 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/09/23 18:36:33.0812 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/09/23 18:36:33.0921 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/09/23 18:36:34.0093 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/09/23 18:36:34.0171 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/09/23 18:36:34.0218 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/09/23 18:36:34.0281 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/09/23 18:36:34.0328 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/09/23 18:36:34.0390 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/09/23 18:36:34.0531 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/09/23 18:36:34.0625 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/09/23 18:36:34.0703 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/09/23 18:36:34.0750 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/09/23 18:36:34.0812 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/09/23 18:36:34.0984 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/09/23 18:36:35.0093 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/09/23 18:36:35.0140 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/09/23 18:36:35.0187 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/09/23 18:36:35.0250 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/09/23 18:36:35.0375 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/09/23 18:36:35.0468 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/09/23 18:36:35.0640 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/09/23 18:36:35.0796 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/09/23 18:36:35.0906 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/09/23 18:36:35.0953 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/09/23 18:36:36.0031 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
2010/09/23 18:36:36.0078 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
2010/09/23 18:36:36.0140 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
2010/09/23 18:36:36.0281 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/09/23 18:36:36.0359 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2010/09/23 18:36:36.0421 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/09/23 18:36:36.0578 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/09/23 18:36:36.0812 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/09/23 18:36:37.0046 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/09/23 18:36:37.0203 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/09/23 18:36:37.0687 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/09/23 18:36:37.0765 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/09/23 18:36:37.0859 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/09/23 18:36:37.0968 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/09/23 18:36:38.0281 qutmdserv (1f3d08fb228d5d28a7144b86fd472796) C:\WINDOWS\system32\drivers\qutmdrv.sys
2010/09/23 18:36:38.0312 qutmipc (af7ec44482f2feaa102355e975ad12dd) C:\WINDOWS\system32\drivers\qutmipc.sys
2010/09/23 18:36:38.0421 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/09/23 18:36:38.0515 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/09/23 18:36:38.0640 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/09/23 18:36:38.0718 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/09/23 18:36:38.0781 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/09/23 18:36:38.0828 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/09/23 18:36:38.0937 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/09/23 18:36:39.0015 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/09/23 18:36:39.0140 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
2010/09/23 18:36:39.0187 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
2010/09/23 18:36:39.0312 rismxdp (d231b577024aa324af13a42f3a807d10) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
2010/09/23 18:36:39.0500 RVIEG01 (93f66faea8bf047d4242ac85aada403d) C:\Program Files\Roland\Virtual Sound Canvas DXi\RVIEg01.sys
2010/09/23 18:36:39.0703 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2010/09/23 18:36:39.0812 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/09/23 18:36:39.0921 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2010/09/23 18:36:40.0015 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/09/23 18:36:40.0187 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/09/23 18:36:40.0296 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/09/23 18:36:40.0359 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/09/23 18:36:40.0453 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/09/23 18:36:40.0687 STHDA (58f855684e163466a5c565adf0865536) C:\WINDOWS\system32\drivers\sthda.sys
2010/09/23 18:36:40.0890 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/09/23 18:36:40.0968 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/09/23 18:36:41.0015 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/09/23 18:36:41.0250 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/09/23 18:36:41.0375 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/09/23 18:36:41.0515 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/09/23 18:36:41.0562 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/09/23 18:36:41.0640 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/09/23 18:36:41.0734 TIEHDUSB (a1124ebc672aa3ae1b327096c1dcc346) C:\WINDOWS\system32\drivers\tiehdusb.sys
2010/09/23 18:36:41.0937 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/09/23 18:36:42.0203 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/09/23 18:36:42.0406 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/09/23 18:36:42.0515 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/09/23 18:36:42.0593 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/09/23 18:36:42.0750 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/09/23 18:36:42.0859 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/09/23 18:36:42.0921 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/09/23 18:36:43.0000 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/09/23 18:36:43.0093 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/09/23 18:36:43.0218 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/09/23 18:36:43.0328 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2010/09/23 18:36:43.0453 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/09/23 18:36:43.0625 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/09/23 18:36:43.0734 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/09/23 18:36:43.0812 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2010/09/23 18:36:44.0031 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/09/23 18:36:44.0140 winachsf (96aff1738271755a39b52eef7e35f98f) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2010/09/23 18:36:44.0453 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2010/09/23 18:36:44.0578 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2010/09/23 18:36:44.0750 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/09/23 18:36:44.0921 ================================================================================
2010/09/23 18:36:44.0921 Scan finished
2010/09/23 18:36:44.0921 ================================================================================

Edited by lunchroompirate, 23 September 2010 - 05:51 PM.


#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:27 PM

Posted 23 September 2010 - 06:22 PM

QUOTE
I still cannot use my task manager.


Download Fix Task Manager
  • Save it to your desktop.
  • Unzip it and double click the FixMu.reg file and allow it to enter into the registry.
  • Reboot and let me know if Task Manager is now restored.


QUOTE
Also I noticed that the TDSS didn't detect anything, is it because I am scanning everything on my other computer account? The main account cannot access internet.


Please scan the other account with TDSSKiller and post the log. We will have to check your account as well after we've dealt with the infected one.



Posted Image
m0le is a proud member of UNITE

#7 lunchroompirate

lunchroompirate
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:09:27 AM

Posted 24 September 2010 - 09:47 PM

On the main account (the account with out internet access), there was also nothing detected. Right after I scanned it though the screen went blue again saying that windows has shut down my computer to prevent any damage.

The dds and gmer logs were from the account that i can access internet, perhaps i need to scan the main account with dds and gmer??


#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:27 PM

Posted 25 September 2010 - 03:36 AM

Yes, please run DDS and Gmer for the no-internet account - from now on we will call that the infected account just to avoid confusion.
Posted Image
m0le is a proud member of UNITE

#9 lunchroompirate

lunchroompirate
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:09:27 AM

Posted 25 September 2010 - 11:58 AM

Ok. I can run gmer on the infected account but I don't know how i can access dds on the infected account without internet. Any ideas?

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:27 PM

Posted 25 September 2010 - 12:12 PM

Do you have a USB drive? You can download on a clean machine and transfer these tools over to the infected machine.

Posted Image
m0le is a proud member of UNITE

#11 lunchroompirate

lunchroompirate
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:09:27 AM

Posted 28 September 2010 - 02:50 PM

I transferred the GMER to the infected account, but I cant choose where to save the dds scans, it just downloads on firefoxes little download box then you have to execute it.... sorry for being a total noobie wacko.gif

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:27 PM

Posted 28 September 2010 - 04:51 PM

No need to apologise. smile.gif

We can try OTL. It saves to a log on the computer whereas DDS opens and then closes and that's gone forever.

Transfer it over and run it from the desktop if you are able
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Posted Image
m0le is a proud member of UNITE

#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:27 PM

Posted 30 September 2010 - 07:19 PM

Hi,

I have not had a reply from you for 3 days. Can you please tell me if you still need help with your computer as I am unable to help other members with their problems while I have your topic still open. The time taken between posts can also change the situation with your PC making it more difficult to help you.

If you like you can PM me.

Thanks,


m0le
Posted Image
m0le is a proud member of UNITE

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:27 PM

Posted 01 October 2010 - 06:51 PM

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE

#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:27 PM

Posted 02 October 2010 - 03:27 PM

Reopened at user's request

-----------------------------------------

Post the logs when you're ready. smile.gif
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users