Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected by dont know what!


  • This topic is locked This topic is locked
6 replies to this topic

#1 bozozob

bozozob

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:31 AM

Posted 17 March 2011 - 01:48 PM

Hi, My son was trying to install EA sports Cricket07, when my AVG prompted some 5 virus warnings(i think "win 32heur"). I promptly removed the infection but afterwards my AVG does not open at all and the tray icon has gone missing. i am posting below the DDS & gmer logs.I have since uninstalled AVG. please guide and help.



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1/17/2010 5:55:36 PM
System Uptime: 3/17/2011 9:04:35 PM (2 hours ago)
.
Motherboard: HCL Infosystems Limited | | M7VMX-K
Processor: Intel Pentium III processor | Socket 775 | 2666/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 78 GiB total, 46.696 GiB free.
D: is FIXED (NTFS) - 98 GiB total, 96.323 GiB free.
E: is FIXED (NTFS) - 98 GiB total, 95.329 GiB free.
F: is FIXED (NTFS) - 192 GiB total, 182.565 GiB free.
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP132: 12/16/2010 12:44:07 PM - Software Distribution Service 3.0
RP133: 12/19/2010 7:42:44 PM - System Checkpoint
RP134: 12/26/2010 2:04:12 PM - System Checkpoint
RP135: 12/27/2010 10:10:21 AM - Removed 5DFly Photo Design
RP136: 12/28/2010 10:19:10 AM - System Checkpoint
RP137: 12/29/2010 7:23:00 PM - Installed AVG 8.0
RP138: 12/29/2010 7:26:08 PM - Avg8 Update
RP139: 12/31/2010 9:29:28 AM - Avg8 Update
RP140: 12/31/2010 6:58:45 PM - OTL Restore Point
RP141: 1/6/2011 12:10:24 PM - Avg8 Update
RP142: 1/6/2011 12:11:28 PM - Avg8 Update
RP143: 1/10/2011 9:32:52 PM - System Checkpoint
RP144: 1/12/2011 7:38:38 PM - Software Distribution Service 3.0
RP145: 1/13/2011 10:51:01 PM - Installed Java™ 6 Update 23
RP146: 1/15/2011 8:46:10 PM - System Checkpoint
RP147: 1/20/2011 9:32:25 PM - System Checkpoint
RP148: 1/28/2011 8:59:21 AM - System Checkpoint
RP149: 2/2/2011 8:40:01 PM - System Checkpoint
RP150: 2/9/2011 9:01:57 AM - Software Distribution Service 3.0
RP151: 2/10/2011 9:32:30 AM - System Checkpoint
RP152: 2/18/2011 1:25:37 PM - System Checkpoint
RP153: 2/24/2011 8:23:07 AM - Software Distribution Service 3.0
RP154: 2/25/2011 12:54:27 PM - System Checkpoint
RP155: 2/27/2011 5:50:16 PM - System Checkpoint
RP156: 3/5/2011 9:03:38 PM - Removed QHM500-8LM (S) USB PC Camera
RP157: 3/5/2011 9:11:13 PM - Installed QHM500-8LM (S) USB PC Camera
RP158: 3/7/2011 5:28:02 PM - System Checkpoint
RP159: 3/8/2011 5:56:50 PM - System Checkpoint
RP160: 3/10/2011 9:56:44 AM - System Checkpoint
RP161: 3/10/2011 10:39:18 AM - Software Distribution Service 3.0
RP162: 3/11/2011 10:40:39 PM - System Checkpoint
RP163: 3/13/2011 9:56:14 PM - System Checkpoint
RP164: 3/14/2011 10:22:14 PM - Removed Sony Ericsson Media Manager 1.2
RP165: 3/16/2011 10:06:41 PM - Removed AVG 8.5
.
==== Installed Programs ======================
.
µTorrent
32 Bit HP CIO Components Installer
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.2
Apple Software Update
Avanquest update
BufferChm
CCleaner
Citrix XenApp Web Plugin
Copy
CustomerResearchQFolder
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DJ_AIO_03_F2200_ProductContext
DJ_AIO_03_F2200_Software
DJ_AIO_03_F2200_Software_Min
DVD Suite
Efficient Reminder Free 1.66
eSupportQFolder
F2200
F2200_Help
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService
Grand Theft Auto Vice City
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 10.0
HP Deskjet F2200 All-In-One Driver Software 10.0 Rel .3
HP Imaging Device Functions 10.0
HP Photosmart Essential 2.5
HP Smart Web Printing
HP Solution Center 10.0
HP Update
HPProductAssistant
HPSSupply
Java Auto Updater
Java™ 6 Update 23
LG ODD Auto Firmware Update
Malwarebytes' Anti-Malware
Mario Forever 5.0
MarketResearch
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
MSN
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Need For Speed III
Nero 7 Essentials
neroxml
NVIDIA Drivers
OBS School Atlas
Picasa 3
PilotDown
PowerDVD
PowerProducer
PSSWCORE
QHM500-8LM (S) USB PC Camera
QuickTime
REALTEK GbE & FE Ethernet PCI NIC Driver
Realtek High Definition Audio Driver
Recuva
Scan
SecurDisc Viewer
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Shop for HP Supplies
Skype™ 4.2
SmartDraw 2010
SmartWebPrintingOC
SnoopFree Privacy Shield
SolutionCenter
Sony Ericsson PC Suite 4.005.00
Status
Toolbox
TrayApp
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VideoToolkit01
VLC media player 1.0.5
WebFldrs XP
WebReg
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR archiver
WordWeb
.
==== Event Viewer Messages From Past Week ========
.
3/16/2011 10:25:15 PM, error: PlugPlayManager [11] - The device Root\LEGACY_NSAK_7042C453\0000 disappeared from the system without first being prepared for removal.
3/15/2011 11:10:35 PM, error: Service Control Manager [7034] - The InCD Helper service terminated unexpectedly. It has done this 1 time(s).
3/15/2011 11:10:34 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
3/15/2011 11:10:34 PM, error: Service Control Manager [7034] - The Cyberlink RichVideo Service(CRVS) service terminated unexpectedly. It has done this 1 time(s).
3/15/2011 11:02:42 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
3/15/2011 10:49:09 PM, error: Service Control Manager [7024] - The AVG8 WatchDog service terminated with service-specific error 3758198274 (0xE0018E02).
3/15/2011 10:48:06 PM, error: System Error [1003] - Error code 10000050, parameter1 fffffff0, parameter2 00000000, parameter3 80526461, parameter4 00000000.
3/15/2011 10:46:30 PM, error: Service Control Manager [7031] - The AVG8 WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
3/15/2011 10:25:39 PM, error: Service Control Manager [7000] - The amsint32 service failed to start due to the following error: Access is denied.
3/11/2011 7:36:05 AM, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
.
==== End Of File ===========================

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-03-18 00:21:24
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T1L0-10 ST3500620AS rev.SD1A
Running: dzmupxw4.exe; Driver: C:\DOCUME~1\Tab\LOCALS~1\Temp\agpyaaoc.sys


---- System - GMER 1.0.15 ----

SSDT SnopFree.sys ZwCreateProcessEx [0xBA4BC9E4]
SSDT SnopFree.sys ZwTerminateProcess [0xBA4BC9F4]

---- Kernel code sections - GMER 1.0.15 ----

? C:\WINDOWS\system32\drivers\SnopFree.sys The process cannot access the file because it is being used by another process.
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8F6F360, 0x30AD87, 0xE8000020]
? C:\WINDOWS\system32\drivers\lmelfn.sys The system cannot find the file specified. !
? C:\DOCUME~1\Tab\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Documents and Settings\Tab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7768] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\Tab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7768] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Tab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7768] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Tab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7768] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Documents and Settings\Tab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7768] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Tab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7768] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\Tab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7768] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Tab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7768] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\Tab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7768] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Tab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7768] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text C:\Documents and Settings\Tab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7768] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Tab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7768] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\Tab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7768] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Tab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7768] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\Tab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7768] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Tab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7768] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\Tab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7768] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Tab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7768] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text C:\Documents and Settings\Tab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7768] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Tab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7768] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\Tab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7768] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Tab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7768] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Documents and Settings\Tab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7768] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Tab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7768] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\Tab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7768] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Tab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7768] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\Tab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7768] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Tab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7768] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Tab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7768] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Documents and Settings\Tab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7768] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Tab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8820] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\Tab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8820] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Tab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8820] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Tab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8820] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Documents and Settings\Tab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8820] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Tab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8820] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\Tab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8820] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Tab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8820] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\Tab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8820] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Tab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8820] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text C:\Documents and Settings\Tab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8820] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Tab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8820] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\Tab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8820] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Tab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8820] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\Tab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8820] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Tab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8820] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\Tab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8820] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Tab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8820] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text C:\Documents and Settings\Tab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8820] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Tab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8820] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\Tab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8820] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Tab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8820] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Documents and Settings\Tab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8820] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Tab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8820] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\Tab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8820] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Tab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8820] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\Tab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8820] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Tab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8820] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Tab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8820] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Documents and Settings\Tab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8820] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Tab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[9040] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\Tab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[9040] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Tab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[9040] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Tab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[9040] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Documents and Settings\Tab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[9040] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Tab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[9040] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\Tab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[9040] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Tab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[9040] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\Tab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[9040] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Tab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[9040] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text C:\Documents and Settings\Tab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[9040] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Tab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[9040] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\Tab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[9040] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Tab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[9040] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\Tab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[9040] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Tab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[9040] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\Tab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[9040] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Tab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[9040] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text C:\Documents and Settings\Tab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[9040] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Tab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[9040] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\Tab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[9040] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Tab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[9040] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Documents and Settings\Tab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[9040] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Tab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[9040] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\Tab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[9040] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Tab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[9040] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\Tab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[9040] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Tab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[9040] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Tab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[9040] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Documents and Settings\Tab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[9040] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Documents and Settings\Tab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7768] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002C0010
IAT C:\Documents and Settings\Tab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8820] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002C0010
IAT C:\Documents and Settings\Tab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[9040] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002C0010

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Tab\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_000072 (size mismatch) 37946720/34159580 bytes executable
File C:\Program Files\LimeWireWin.exe (size mismatch) 24295416/24225784 bytes executable

---- EOF - GMER 1.0.15 ----

BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:06:01 PM

Posted 19 March 2011 - 07:05 PM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Rootkit UnHooker (RkU)
Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".



NEXT:



Running OTL

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized


NEXT:



Please be sure to include an update on how your machine is running in your next reply.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 bozozob

bozozob
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:31 AM

Posted 20 March 2011 - 11:34 AM

HI ST,

Thanks a ton for taking time to address my problem.My name is Hasan. I understand that this is not your full time job. As instructed by you, i downloaded rootkit unhooker but as soon as i ran it my pc shutdown and restarted on its own without the ruunhooker starting, so i did not proceed any further. i had sought help elsewhere and following is the reply i recevied:

"I'm afraid I have very bad news.

You are infected with a polymorphic file infector (Sality). This infection can and will infect all the machine's executable files .exe, .scr, .rar, .zip, .htm, .html. Because there are a number of bugs in its code, it may create executable files that are corrupted beyond repair resulting in an inoperative machine.

Malware experts say that a Complete Reformat and Reinstall is the only way to clean the infection. This includes All Drives that contain following files:
*.exe
*.scr
*.htm
*.html
*.xml
*.zip
*.rar
*.doc
*.jpg
*.pdf

Backup all your documents and important items only.
DO NOT backup any files mentioned above.

I suggest you do the following immediately:

* Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.
* From a clean computer, change *all* your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups you belong to.
* DO NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.

For more information on Virut, and why you need to reformat, have a read of miekiemoes blog here.

To find out how to carry out an XP Reformat and Reinstall, please see this page. If you are using Vista, then check this page instead.

Once you have reformatted and reinstalled Windows, have a look at this page for some useful tips on staying clean, along with links to some freeware to help.

To find out more information about how you may have got infected in the first place, you can read this article.

I am sorry I cannot give any better news."
I shall be highly obliges to have your opinion/comments on the above.
Thanks,
Hasan

#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:06:01 PM

Posted 20 March 2011 - 11:37 AM

Do you have a link to that thread/post?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 bozozob

bozozob
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:31 AM

Posted 21 March 2011 - 11:40 AM

http://www.suggestafix.com/index.php?showtopic=35955&st=0&p=249655&#entry249655

#6 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:06:01 PM

Posted 21 March 2011 - 11:43 AM

Yeah, you do appear to be infected with Sality.

This is a snippet from the MBAM log you posted there.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AMSINT32 (Virus.Sality) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\amsint32 (Virus.Sality) -> No action taken.


This is what I provide my users when they are infected with Sality.


-------------
Please see ThreatExpert's awareness of Win32.Sality.

Sality Family is a family of a polymorphic file infectors which infects .exe, .scr files, downloads more malicious files to your computer, steals sensitive system information/passwords and sends it back to the attacker.

With this particular infection, the safest solution and only sure way to remove it effectively is to reformat and reinstall the OS.

As with many other malware, Sality disables anti-virus software and prevents access to certain anti-virus and security websites. Sality can also prevent booting into Safe Mode and may delete security-related files found on infected systems. To spread via the autorun component, Sality generally drops a .cmd, .pif, and .exe to the root of discoverable drives, along with an autorun.inf file which contains instructions to load the dropped file(s) when the drive is accessed.

About Sality Virus

If the computer was used for online banking, has credit card information or other sensitive data on it, you should disconnect from the Internet until your system is cleaned. All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised. You should change each password using a clean computer and not the infected one. If not, an attacker may get the new passwords and transaction information. If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connect again. Banking and credit card institutions should be notified of the possible security breach.

Sality/Win32.Sector is not effectively disinfectable. Your best option is to perform a full reformat as there is no guarantee this infection can be completely removed. In most instances it may have caused so much damage to your system files that it cannot be completely cleaned or repaired. In many cases the infected files cannot be deleted and anti-malware scanners cannot disinfect them properly. Many experts in the security community believe that once
infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Reinstalling Windows without first wiping the entire hard drive with a repartition and/or format will not remove the infection. The reinstall will only overwrite the Windows files. Any malware on the system will still be there
afterwords. Please read:

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#7 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:06:01 PM

Posted 24 March 2011 - 07:36 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users