Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Being Hijacked, crashes


  • Please log in to reply
37 replies to this topic

#16 caccigirl

caccigirl
  • Topic Starter

  • Members
  • 213 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:01 AM

Posted 19 December 2010 - 09:15 AM

I will get right on your directions, but I wanted to add something else.

This has just come about in the last couple of days. I've been (apparently) have trouble with my Internet connection. I mean, I know that's crap. I know my internet is working fine. The absolute worst point was when I tried to open Safari after a reboot, and it said I wasn't connected to the internet. I could still get it on my iPhone from wifi, so clearly our internet was not turned OFF. All cords and wires that needed to attached were. Everything was fine. After a reboot, just fine! Internet works great.
This happens a LOT more though. I'll click a link or go to a webpage. I'm not sure if you're familiar with it, but safari shows the "loading bar" in the address bar. It will load about a sixth of the way, then just sit there loading. If you don't touch it and let it load, it will finally come to tell you that it either "can't read the raw data" on the webpage or that you're not connected to the internet. I've found that simply clicking the link twice instead of once, or hitting enter again can make it load. But still, that's still very weird...never had that problem before.

Anyways, I will be following your directions soon, I just wanted to let you know of that weird problem.

Thank you again for all your help and all that you're doing!
Cassidy

BC AdBot (Login to Remove)

 


#17 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:01:01 AM

Posted 21 December 2010 - 07:41 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 5-7 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#18 caccigirl

caccigirl
  • Topic Starter

  • Members
  • 213 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:01 AM

Posted 21 December 2010 - 10:14 PM

Hi,
Sorry, I am almost done with the GMER scan. Results/logs will be posted as soon as the scan is finished.

Thanks,
Cassidy

#19 caccigirl

caccigirl
  • Topic Starter

  • Members
  • 213 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:01 AM

Posted 21 December 2010 - 11:06 PM

I ran the TDSS remvoing tool, it came out clean. I ran GMER, here is my log:
By the way, my Internet seems to be a little bit less laggy, but it's still too soon to tell.

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-12-21 22:03:08
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 ST3120026A rev.3.16
Running: 766l5h6k.exe; Driver: C:\DOCUME~1\Scott\LOCALS~1\Temp\uwriypob.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF678E360, 0x32E00D, 0xE8000020]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Detective Saunders\My Documents\My Pictures\1.jpg 147928 bytes
File C:\Documents and Settings\Detective Saunders\My Documents\My Pictures\10.jpg 148242 bytes
File C:\Documents and Settings\Detective Saunders\My Documents\My Pictures\100o.jpg 2508 bytes
File C:\Documents and Settings\Detective Saunders\My Documents\My Pictures\101o.jpg 4206 bytes
File C:\Documents and Settings\Detective Saunders\My Documents\My Pictures\102o.jpg 4620 bytes
File C:\Documents and Settings\Detective Saunders\My Documents\My Pictures\103o.jpg 3831 bytes
File C:\Documents and Settings\Detective Saunders\My Documents\My Pictures\104o.jpg 2777 bytes
File C:\Documents and Settings\Detective Saunders\My Documents\My Pictures\105o.jpg 4206 bytes
File C:\Documents and Settings\Detective Saunders\My Documents\My Pictures\106o.jpg 4620 bytes
File C:\Documents and Settings\Detective Saunders\My Documents\My Pictures\107o.jpg 4386 bytes
File C:\Documents and Settings\Detective Saunders\My Documents\My Pictures\108o.jpg 3849 bytes
File C:\Documents and Settings\Detective Saunders\My Documents\My Pictures\109o.jpg 3310 bytes
File C:\Documents and Settings\Detective Saunders\My Documents\My Pictures\10a.jpg 110590 bytes
File C:\Documents and Settings\Detective Saunders\My Documents\My Pictures\10b.jpg 102933 bytes
File C:\Documents and Settings\Detective Saunders\My Documents\My Pictures\10e.jpg 103297 bytes
File C:\Documents and Settings\Detective Saunders\My Documents\My Pictures\10f.bmp 712326 bytes
File C:\Documents and Settings\Detective Saunders\My Documents\My Pictures\10g.JPG 22784 bytes
File C:\Documents and Settings\Detective Saunders\My Documents\My Pictures\10h.jpg 126851 bytes
File C:\Documents and Settings\Detective Saunders\My Documents\My Pictures\10i.jpg 81363 bytes
File C:\Documents and Settings\Detective Saunders\My Documents\My Pictures\10k.jpg 2597 bytes
File C:\Documents and Settings\Detective Saunders\My Documents\My Pictures\10l.jpg 3915 bytes
File C:\Documents and Settings\Detective Saunders\My Documents\My Pictures\10m.jpg 138282 bytes
File C:\Documents and Settings\Detective Saunders\My Documents\My Pictures\10n.jpg 3509 bytes
File C:\Documents and Settings\Detective Saunders\My Documents\My Pictures\10o.jpg 4352 bytes
File C:\Documents and Settings\Detective Saunders\My Documents\My Pictures\10z.jpg 2397 bytes
File C:\Documents and Settings\Detective Saunders\My Documents\My Pictures\11.jpg 191480 bytes
File C:\Documents and Settings\Detective Saunders\My Documents\My Pictures\110o.jpg 3264 bytes
File C:\Documents and Settings\Detective Saunders\My Documents\My Pictures\111o.jpg 2957 bytes
File C:\Documents and Settings\Detective Saunders\My Documents\My Pictures\112.bmp 693934 bytes
File C:\Documents and Settings\Detective Saunders\My Documents\My Pictures\112o.jpg 3341 bytes
File C:\Documents and Settings\Detective Saunders\My Documents\My Pictures\113o.jpg 5463 bytes
File C:\Documents and Settings\Detective Saunders\My Documents\My Pictures\114o.jpg 5475 bytes
File C:\Documents and Settings\Detective Saunders\My Documents\My Pictures\115o.jpg 4517 bytes
File C:\Documents and Settings\Detective Saunders\My Documents\My Pictures\116o.jpg 4133 bytes
File C:\Documents and Settings\Detective Saunders\My Documents\My Pictures\117o.jpg 3300 bytes
File C:\Documents and Settings\Detective Saunders\My Documents\My Pictures\118o.jpg 4152 bytes
File C:\Documents and Settings\Detective Saunders\My Documents\My Pictures\119o.jpg 2605 bytes
File C:\Documents and Settings\Detective Saunders\My Documents\My Pictures\11a.jpg 92270 bytes
File C:\Documents and Settings\Detective Saunders\My Documents\My Pictures\11e.jpg 96710 bytes
File C:\Documents and Settings\Detective Saunders\My Documents\My Pictures\11f.bmp 695286 bytes
File C:\Documents and Settings\Detective Saunders\My Documents\My Pictures\11g.JPG 24355 bytes
File C:\Documents and Settings\Detective Saunders\My Documents\My Pictures\11h.jpg 159533 bytes
File C:\Documents and Settings\Detective Saunders\My Documents\My Pictures\11i.jpg 101117 bytes
File C:\Documents and Settings\Detective Saunders\My Documents\My Pictures\11j.jpg 90448 bytes
File C:\Documents and Settings\Detective Saunders\My Documents\My Pictures\11k.jpg 3792 bytes
File C:\Documents and Settings\Detective Saunders\My Documents\My Pictures\11l.jpg 2693 bytes
File C:\Documents and Settings\Detective Saunders\My Documents\My Pictures\11m.jpg 137928 bytes
File C:\Documents and Settings\Detective Saunders\My Documents\My Pictures\11n.jpg 3403 bytes
File C:\Documents and Settings\Detective Saunders\My Documents\My Pictures\11o.jpg 3995 bytes
File C:\Documents and Settings\Detective Saunders\My Documents\My Pictures\11z.jpg 3372 bytes
File C:\Documents and Settings\Detective Saunders\My Documents\My Pictures\12.jpg 128490 bytes
File C:\Documents and Settings\Detective Saunders\My Documents\My Pictures\120o.jpg 2465 bytes
File C:\Documents and Settings\Detective Saunders\My Documents\My Pictures\121o.jpg 4390 bytes
File C:\Documents and Settings\Detective Saunders\My Documents\My Pictures\122o.jpg 3809 bytes
File C:\Documents and Settings\Detective Saunders\My Documents\My Pictures\123o.jpg 5166 bytes
File C:\Documents and Settings\Detective Saunders\My Documents\My Pictures\124o.jpg 3980 bytes
File C:\Documents and Settings\Detective Saunders\My Documents\My Pictures\125o.jpg 3666 bytes
File C:\Documents and Settings\Detective Saunders\My Documents\My Pictures\126o.jpg 4856 bytes
File C:\Documents and Settings\Detective Saunders\My Documents\My Pictures\128o.jpg 5238 bytes
File C:\Documents and Settings\Detective Saunders\My Documents\My Pictures\129o.jpg 4196 bytes
File C:\Documents and Settings\Detective Saunders\My Documents\My Pictures\12a.jpg 124773 bytes
File C:\Documents and Settings\Detective Saunders\My Documents\My Pictures\12b.jpg 73246 bytes
File C:\Documents and Settings\Detective Saunders\My Documents\My Pictures\12e.jpg 102367 bytes
File C:\Documents and Settings\Detective Saunders\My Documents\My Pictures\12f.bmp 722550 bytes
File C:\Documents and Settings\Detective Saunders\My Documents\My Pictures\12g.JPG 31338 bytes
File C:\Documents and Settings\Detective Saunders\My Documents\My Pictures\12h.jpg 139479 bytes
File C:\Documents and Settings\Detective Saunders\My Documents\My Pictures\12i.jpg 115281 bytes
File C:\Documents and Settings\Detective Saunders\My Documents\My Pictures\12j.jpg 150018 bytes
File C:\Documents and Settings\Detective Saunders\My Documents\My Pictures\12k.jpg 2900 bytes
File C:\Documents and Settings\Detective Saunders\My Documents\My Pictures\12l.jpg 3376 bytes
File C:\Documents and Settings\Detective Saunders\My Documents\My Pictures\12m.jpg 179159 bytes
File C:\Documents and Settings\Detective Saunders\My Documents\My Pictures\12n.jpg 3625 bytes
File C:\Documents and Settings\Detective Saunders\My Documents\My Pictures\12o.jpg 3873 bytes
File C:\Documents and Settings\Detective Saunders\My Documents\My Pictures\12z.bmp 693934 bytes
File C:\Documents and Settings\Detective Saunders\My Documents\My Pictures\13.jpg 159467 bytes
File C:\Documents and Settings\Detective Saunders\My Documents\My Pictures\130o.jpg 5555 bytes
File C:\Documents and Settings\Detective Saunders\My Documents\My Pictures\131o.jpg 4002 bytes
File C:\Documents and Settings\Detective Saunders\My Documents\My Pictures\132o.jpg 4150 bytes
File C:\Documents and Settings\Detective Saunders\My Documents\My Pictures\134o.jpg 3389 bytes
File C:\Documents and Settings\Detective Saunders\My Documents\My Pictures\135o.jpg 4413 bytes
File C:\Documents and Settings\Detective Saunders\My Documents\My Pictures\136o.jpg 3282 bytes
File C:\Documents and Settings\Detective Saunders\My Documents\My Pictures\137o.jpg 4319 bytes
File C:\Documents and Settings\Detective Saunders\My Documents\My Pictures\138o.jpg 2703 bytes
File C:\Documents and Settings\Detective Saunders\My Documents\My Pictures\139o.jpg 4060 bytes
File C:\Documents and Settings\Detective Saunders\My Documents\My Pictures\13a.jpg 88175 bytes
File C:\Documents and Settings\Detective Saunders\My Documents\My Pictures\13b.jpg 91821 bytes
File C:\Documents and Settings\Detective Saunders\My Documents\My Pictures\13e.jpg 107423 bytes
File C:\Documents and Settings\Detective Saunders\My Documents\My Pictures\13h.jpg 166138 bytes
File C:\Documents and Settings\Detective Saunders\My Documents\My Pictures\13i.jpg 160326 bytes
File C:\Documents and Settings\Detective Saunders\My Documents\My Pictures\13j.jpg 107199 bytes
File C:\Documents and Settings\Detective Saunders\My Documents\My Pictures\13k.jpg 3894 bytes
File C:\Documents and Settings\Detective Saunders\My Documents\My Pictures\13l.jpg 4248 bytes
File C:\Documents and Settings\Detective Saunders\My Documents\My Pictures\13m.jpg 93414 bytes
File C:\Documents and Settings\Detective Saunders\My Documents\My Pictures\13n.jpg 3767 bytes
File C:\Documents and Settings\Detective Saunders\My Documents\My Pictures\13o.jpg 2090 bytes
File C:\Documents and Settings\Detective Saunders\My Documents\My Pictures\13z.bmp 693934 bytes
File C:\Documents and Settings\Detective Saunders\My Documents\My Pictures\14.jpg 118638 bytes
File C:\Documents and Settings\Detective Saunders\My Documents\My Pictures\14a.jpg 98743 bytes

---- EOF - GMER 1.0.15 ----

#20 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:01:01 AM

Posted 22 December 2010 - 02:19 AM

Hello,

Ok, Gmer log Looks good.


1.
Please download Posted ImageMalwarebytes Anti-Malware (v1.43) and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

2.
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
Note for Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)
Posted Image
You can refer to this short video by: neomage
**Note**
To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan.

3.
Please download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log when you reply.


4.
  • Go to Start -> Control Panel -> Network and Internet Connection ->Network Connections.
  • Right-click your default connection, usually Local Area Connection or Dial-up Connection (if you are using dial-up), and left-click on the Properties option.
  • Double-click on the Internet Protocol (TCP/IP) item and select the radio button that says "Obtain DNS servers automatically".
  • Click OK twice.
    spacer.gif
  • Go to Start -> Run...
  • In the Open: field type cmd and click OK or hit Enter.
    This will open a Command Prompt.
  • At the DOS prompt screen, type in ipconfig /flushdns and then press Enter (notice the space between "ipconfig" and "/flushdns").
  • Exit the Command Prompt.
  • Reboot your PC and try to open any website.


5.
We need to check your hard disk for errors.

To check the volume for errors:
  • Click start and then My Computer.
  • Right click the drive C and select Properties.
  • Under Tools tab press Check Now...
  • Put a check mark in both items and press start.
  • If you get a message click Yes to schedule the disk check and click OK and then restart your computer to start the disk check. Please be patient and let the system run. In some cases it might take a couple of hours and you don't have to sit there the whole time.
*NOTE: This scan could take along time to complete, but let it finish.

Things to include in your next reply::

MBAM log
ESET log
A new DDS log
Dont need the attach.txt this time.
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#21 caccigirl

caccigirl
  • Topic Starter

  • Members
  • 213 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:01 AM

Posted 22 December 2010 - 04:14 AM

I ran scans with both ESET and MBAM before I posted a topic here. Should I run the scans anyways? (they came out clean before)

Thanks!

#22 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:01:01 AM

Posted 22 December 2010 - 04:21 AM

Hello,

Yes please run the scans. You had a rootkit blocking some stuff so now they may find things :) Just want to make sure nothing is hiding. :whistle: Don't forget about MBRCHECK

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#23 caccigirl

caccigirl
  • Topic Starter

  • Members
  • 213 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:01 AM

Posted 22 December 2010 - 01:55 PM

Wow, a rootkit? Goodness. Anyways, I'll get right on those scans. Thank you again for all your help!

#24 caccigirl

caccigirl
  • Topic Starter

  • Members
  • 213 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:01 AM

Posted 22 December 2010 - 02:08 PM

MBAM came out clean, but I saved the log anyways. ESET is next, log will come soon!


Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3930

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/22/2010 1:08:09 PM
mbam-log-2010-12-22 (13-08-09).txt

Scan type: Quick scan
Objects scanned: 134061
Time elapsed: 11 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#25 caccigirl

caccigirl
  • Topic Starter

  • Members
  • 213 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:01 AM

Posted 22 December 2010 - 05:15 PM

ESET came out clean as well. I'll work on that next scan now.

#26 caccigirl

caccigirl
  • Topic Starter

  • Members
  • 213 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:01 AM

Posted 22 December 2010 - 05:20 PM

Here is the log from my next scan:

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001d

Kernel Drivers (total 125):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806FF000 \WINDOWS\system32\hal.dll
0xF7D61000 \WINDOWS\system32\KDCOM.DLL
0xF7C71000 \WINDOWS\system32\BOOTVID.dll
0xF7812000 ACPI.sys
0xF7D63000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7801000 pci.sys
0xF7861000 isapnp.sys
0xF7E29000 PCIIde.sys
0xF7AE1000 \WINDOWS\System32\Drivers\PCIIDEX.SYS
0xF7D65000 intelide.sys
0xF7871000 MountMgr.sys
0xF77E2000 ftdisk.sys
0xF7D67000 dmload.sys
0xF77BC000 dmio.sys
0xF7AE9000 PartMgr.sys
0xF7881000 VolSnap.sys
0xF77A4000 atapi.sys
0xF7891000 disk.sys
0xF78A1000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7784000 fltMgr.sys
0xF7772000 sr.sys
0xF7AF1000 PxHelp20.sys
0xF775B000 KSecDD.sys
0xF76CE000 Ntfs.sys
0xF76A1000 NDIS.sys
0xF7687000 Mup.sys
0xF78B1000 agp440.sys
0xF7971000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF7BA1000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF6D68000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7BA9000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF678E000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xF677A000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF674F000 \SystemRoot\system32\DRIVERS\e1000325.sys
0xF7BB1000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF7981000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7BB9000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7BC1000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7991000 \SystemRoot\system32\DRIVERS\serial.sys
0xF7652000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF673B000 \SystemRoot\system32\DRIVERS\parport.sys
0xF79A1000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF79B1000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF79C1000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF6718000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7BC9000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF668A000 \SystemRoot\system32\drivers\smwdm.sys
0xF6666000 \SystemRoot\system32\drivers\portcls.sys
0xF79D1000 \SystemRoot\system32\drivers\drmk.sys
0xF7D8F000 \SystemRoot\system32\drivers\aeaudio.sys
0xF7FB8000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF79E1000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF764A000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF664F000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF79F1000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7A01000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7BD1000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF663E000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7A11000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7BD9000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7BE1000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF660E000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF7A21000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7D91000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF65B0000 \SystemRoot\system32\DRIVERS\update.sys
0xF762E000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7A41000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7A51000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7D93000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7BE9000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xF7D95000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7F16000 \SystemRoot\System32\Drivers\Null.SYS
0xF7D97000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7BF9000 \SystemRoot\System32\drivers\vga.sys
0xF7D99000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7D9B000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7C01000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7C09000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7D01000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF3312000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF32B9000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF327F000 \SystemRoot\System32\Drivers\avgtdix.sys
0xF3259000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF7A71000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF7C11000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF3209000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF31E7000 \SystemRoot\System32\drivers\afd.sys
0xF7A81000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF31C5000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xF7C19000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xF319A000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF312A000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF7A91000 \SystemRoot\System32\Drivers\Fips.SYS
0xF7C21000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xF7C29000 \SystemRoot\System32\Drivers\avgmfx86.sys
0xF30F6000 \SystemRoot\System32\Drivers\avgldx86.sys
0xF7D21000 \SystemRoot\system32\DRIVERS\usbscan.sys
0xF7C31000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xF7C39000 \SystemRoot\system32\DRIVERS\HPZius12.sys
0xF7AA1000 \SystemRoot\system32\DRIVERS\HPZid412.sys
0xF7D25000 \SystemRoot\system32\DRIVERS\HPZipr12.sys
0xF7AC1000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF30DE000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7DAF000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF7D51000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7C59000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7E7D000 \SystemRoot\System32\drivers\dxgthk.sys
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xBA710000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xBA3C3000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF7DDF000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xBA18B000 \SystemRoot\system32\DRIVERS\srv.sys
0xB9F0F000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xB9C7A000 \SystemRoot\system32\drivers\wdmaud.sys
0xBA0AB000 \SystemRoot\system32\drivers\sysaudio.sys
0xB989B000 \SystemRoot\System32\Drivers\HTTP.sys
0xB8CD6000 \??\C:\DOCUME~1\Scott\LOCALS~1\Temp\uwriypob.sys
0xB8D02000 \SystemRoot\system32\DRIVERS\CG814.SYS
0xBFF50000 \SystemRoot\System32\TSDDD.dll
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xB3B51000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 53):
0 System Idle Process
4 System
740 C:\WINDOWS\system32\smss.exe
788 csrss.exe
812 C:\WINDOWS\system32\winlogon.exe
856 C:\WINDOWS\system32\services.exe
876 C:\WINDOWS\system32\lsass.exe
1052 C:\WINDOWS\system32\svchost.exe
1100 svchost.exe
1244 C:\WINDOWS\system32\svchost.exe
1380 svchost.exe
1440 svchost.exe
1556 C:\Program Files\AVG\AVG9\avgchsvx.exe
1564 C:\Program Files\AVG\AVG9\avgrsx.exe
1604 C:\WINDOWS\system32\spoolsv.exe
1784 svchost.exe
1804 C:\Program Files\AVG\AVG9\avgcsrvx.exe
1880 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
168 C:\Program Files\AVG\AVG9\avgwdsvc.exe
196 C:\Program Files\Bonjour\mDNSResponder.exe
348 C:\Program Files\Java\jre6\bin\jqs.exe
444 C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
576 C:\WINDOWS\system32\nvsvc32.exe
592 C:\WINDOWS\system32\HPZipm12.exe
680 C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
112 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
1136 C:\WINDOWS\system32\svchost.exe
2096 C:\Program Files\AVG\AVG9\avgemc.exe
2168 C:\Program Files\AVG\AVG9\avgnsx.exe
2324 C:\Program Files\AVG\AVG9\avgcsrvx.exe
2836 C:\WINDOWS\explorer.exe
3040 C:\PROGRA~1\AVG\AVG9\avgtray.exe
3072 C:\Program Files\iTunes\iTunesHelper.exe
3100 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3112 C:\WINDOWS\system32\ctfmon.exe
3176 C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
3212 C:\Program Files\OpenOffice.org 2.4\program\soffice.bin
2428 alg.exe
2848 C:\Program Files\iPod\bin\iPodService.exe
1456 csrss.exe
3732 C:\WINDOWS\system32\winlogon.exe
3236 explorer.exe
2756 avgtray.exe
1592 iTunesHelper.exe
3220 ctfmon.exe
1680 GoogleToolbarNotifier.exe
2924 msmsgs.exe
2732 soffice.exe
2568 soffice.bin
3124 AdobeARM.exe
3120 Safari.exe
3708 AcroRd32.exe
4208 C:\Documents and Settings\Scott\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: ST3120026A, Rev: 3.16

Size Device Name MBR Status
--------------------------------------------
111 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

I'm not sure I quite understand the instructions for the next step though?

#27 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:01:01 AM

Posted 22 December 2010 - 06:45 PM

Hello,

We can do this another way.

Go to Start>Run.
In the run box Copy and paste chkdsk c:/f/r
If you get telling you the volume is in use would you like to check the disk for errors at next start up. Y a
Type Y and click Enter.
Now restart you machine for it to check for errors.
Note: This may take some time but let it run.

Edited by fireman4it, 22 December 2010 - 06:46 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#28 caccigirl

caccigirl
  • Topic Starter

  • Members
  • 213 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:01 AM

Posted 23 December 2010 - 02:46 AM

Okie doke, I did that. Now what? (:

#29 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:01:01 AM

Posted 23 December 2010 - 02:58 AM

Hello,

How is your machine running now?

Please post a new DDS log

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#30 caccigirl

caccigirl
  • Topic Starter

  • Members
  • 213 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:01 AM

Posted 23 December 2010 - 03:12 AM

DDS log?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users