Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help!


  • This topic is locked This topic is locked
2 replies to this topic

#1 lil green sprout

lil green sprout

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Deep in the Heart of Texas
  • Local time:01:34 AM

Posted 02 June 2011 - 11:06 AM

My machine is infected with what I don't know. I've tried to run every scanner on it, but the ones that will run do not pick it up! If i try to run GMER as soon as it pops up my machine reboots. I tried to download AVG free and install it and same thing - reboot. I managed to get a Stinger to run and it displayed "Artemis Virus" detected and cleaned, then my machine rebooted by itself. I ran it again and it said something about a "BCS Trojan" and "BCS Virus", then rebooted. Also, if i try to access certain files, it will reboot, and my system restore is "disabled by group policy"???? (if i try to go into the admin. tool folder-reboot." The last thing is i keep getting these popup "ie explorer script error" messages on my desktop and redirects if i search on internet. i tried to run GMER won't let me. i ran dds, but it rebooted. it did put 2 files on the desktop though. anyone please help me. i don't want to reload windows and wipe my files.

The DDS : File(s)
.
DDS (Ver_2011-06-02.02) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Chris at 11:31:10 on 2011-06-02
.
============== Running Processes ===============
.
D:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe
d:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
D:\windows\system32\spoolsv.exe
D:\windows\system32\FsUsbExService.Exe
D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdnserv.exe
D:\WINDOWS\system32\lxdncoms.exe
D:\windows\System32\snmp.exe
D:\windows\Explorer.EXE
D:\WINDOWS\system32\igfxtray.exe
D:\WINDOWS\system32\hkcmd.exe
D:\WINDOWS\system32\igfxpers.exe
D:\WINDOWS\system32\igfxsrvc.exe
D:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
D:\Program Files\Lexmark 2600 Series\lxdnmon.exe
D:\windows\system32\LVCOMSX.EXE
D:\Program Files\Logitech\Video\LogiTray.exe
D:\windows\system32\ctfmon.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
D:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
D:\Program Files\McAfee Security Scan\3.0.199\SSScheduler.exe
D:\Program Files\Logitech\Video\FxSvr2.exe
D:\windows\System32\alg.exe
D:\windows\system32\NOTEPAD.EXE
D:\windows\Explorer.EXE
D:\Documents and Settings\Chris\Desktop\dds.scr
D:\windows\System32\svchost.exe -k netsvcs
D:\windows\system32\svchost.exe -k NetworkService
D:\windows\system32\svchost.exe -k LocalService
D:\windows\system32\svchost.exe -k LocalService
D:\windows\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uLocal Page = c:\windows\system32\blank.htm
uWindow Title = Windows Internet Explorer provided by MSN & Bing
BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
uRun: [ctfmon.exe] d:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] d:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [LogitechSoftwareUpdate] "d:\program files\logitech\video\ManifestEngine.exe" boot
uRun: [TomTomHOME.exe] "d:\program files\tomtom home 2\TomTomHOMERunner.exe" -s
uRun: [AutoStartNPSAgent] d:\program files\samsung\samsung new pc studio\NPSAgent.exe
mRun: [ASUS Update Checker] d:\program files\asus\asusupdate\updatechecker\UpdateChecker.exe
mRun: [IgfxTray] d:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] d:\windows\system32\hkcmd.exe
mRun: [Persistence] d:\windows\system32\igfxpers.exe
mRun: [HDAudDeck] d:\program files\via\viaudioi\hdadeck\HDeck.exe 1
mRun: [lxdnmon.exe] "d:\program files\lexmark 2600 series\lxdnmon.exe"
mRun: [LVCOMSX] d:\windows\system32\LVCOMSX.EXE
mRun: [LogitechVideoRepair] d:\program files\logitech\video\ISStart.exe
mRun: [LogitechVideoTray] d:\program files\logitech\video\LogiTray.exe
mRun: [MSC] "d:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [COMODO] d:\program files\comodo\comodo livepcsupport\CLPSLA.exe
IE: Google Sidewiki... - d:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe
Trusted Zone: microsoft.com\windowsupdate
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6452314A-1DE2-4B96-A178-9B15AE70979A} : NameServer = 156.154.70.22,156.154.71.22
TCP: Interfaces\{6452314A-1DE2-4B96-A178-9B15AE70979A} : DhcpNameServer = 192.168.1.1
Notify: !SASWinLogon - d:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - d:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R? Cleaner_Validator;COMODO System - Cleaner Service
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? CXAVSAUD;Conexant DVBT 2388x Audio Capture
R? DYUEMPP;DYUEMPP
R? gupdate;Google Update Service (gupdate)
R? gupdatem;Google Update Service (gupdatem)
R? ITUOMOFLIVREJHH;ITUOMOFLIVREJHH
R? IZXZTS;IZXZTS
R? KUKKJPUHPRISF;KUKKJPUHPRISF
R? McComponentHostService;McAfee Security Scan Component Host Service
R? MpKslb48fe2ae;MpKslb48fe2ae
R? PORTMON;PORTMON
R? V;V
R? WinRM;Windows Remote Management (WS-Management)
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
R? XKCXAB;XKCXAB
R? YRQLY;YRQLY
R? ZN;ZN
S? CFRMD;CFRMD
S? CFRPD;CFRPD
S? CLPSLS;COMODO livePCsupport Service
S? FsUsbExDisk;FsUsbExDisk
S? FsUsbExService;FsUsbExService
S? lxdn_device;lxdn_device
S? lxdnCATSCustConnectService;lxdnCATSCustConnectService
S? MpFilter;Microsoft Malware Protection Driver
S? MpKsl405e3a58;MpKsl405e3a58
S? MpKsl668e48da;MpKsl668e48da
S? MpKsle45e305b;MpKsle45e305b
S? SASDIFSV;SASDIFSV
S? SASKUTIL;SASKUTIL
S? VIAHdAudAddService;VIA High Definition Audio Driver Service
.
=============== File Associations ===============
.
.txt=ATWE.txt
.
=============== Created Last 30 ================
.
2011-06-02 15:33:30 28752 ----a-w- d:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{ed85de84-fb49-41ab-959f-889f50628514}\MpKsl668e48da.sys
2011-06-02 15:30:41 28752 ----a-w- d:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{ed85de84-fb49-41ab-959f-889f50628514}\MpKsl405e3a58.sys
2011-06-02 15:28:28 28752 ----a-w- d:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{ed85de84-fb49-41ab-959f-889f50628514}\MpKsle45e305b.sys
2011-06-02 01:50:03 66218 ----a-w- d:\windows\cscmondump.bin
2011-06-01 17:27:00 56400 ----a-w- d:\windows\system32\drivers\tmrkb.sys
2011-06-01 17:23:33 -------- d--h--w- d:\documents and settings\all users.windows\application data\Common Files
2011-06-01 17:23:33 -------- d-----w- d:\documents and settings\all users.windows\application data\MFAData
2011-05-31 08:16:44 28752 ----a-w- d:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{ed85de84-fb49-41ab-959f-889f50628514}\MpKslb48fe2ae.sys
2011-05-30 21:49:19 -------- d-----w- d:\documents and settings\chris\local settings\application data\Comodo
2011-05-30 21:47:19 -------- d-----w- d:\program files\COMODO
2011-05-30 21:46:34 1700352 ----a-w- d:\windows\system32\gdiplus.dll
2011-05-30 21:06:01 6962000 ------w- d:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-05-30 21:05:42 6962000 ------w- d:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{ed85de84-fb49-41ab-959f-889f50628514}\mpengine.dll
2011-05-28 08:13:39 919552 ----a-w- d:\windows\system32\wininet.new
2011-05-28 00:06:04 2 --shatr- d:\windows\winstart.bat
2011-05-28 00:06:00 -------- d-----w- d:\program files\UnHackMe
2011-05-26 19:37:58 -------- d-----w- d:\documents and settings\chris\local settings\application data\Opera
2011-05-26 19:14:54 222080 ------w- d:\windows\system32\MpSigStub.exe
2011-05-26 19:13:38 -------- d-----w- d:\program files\Microsoft Security Client
2011-05-26 07:35:34 39984 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys
2011-05-25 17:18:34 14920 ----a-w- d:\windows\system32\drivers\sscdmdfl.sys
2011-05-25 17:18:34 132424 ----a-w- d:\windows\system32\drivers\sscdmdm.sys
2011-05-25 17:18:34 12616 ----a-w- d:\windows\system32\drivers\sscdcmnt.sys
2011-05-25 17:18:34 12616 ----a-w- d:\windows\system32\drivers\sscdcm.sys
2011-05-25 17:18:34 12488 ----a-w- d:\windows\system32\drivers\sscdwhnt.sys
2011-05-25 17:18:34 12488 ----a-w- d:\windows\system32\drivers\sscdwh.sys
2011-05-25 17:18:34 110280 ----a-w- d:\windows\system32\drivers\sscdserd.sys
2011-05-25 17:18:34 104648 ----a-w- d:\windows\system32\drivers\sscdbus.sys
2011-05-25 17:18:28 -------- d-----w- d:\documents and settings\all users.windows\application data\Samsung
2011-05-25 17:18:11 36608 ----a-w- d:\windows\system32\FsUsbExDisk.Sys
2011-05-25 17:18:11 238952 ----a-w- d:\windows\system32\FsUsbExService.Exe
2011-05-25 17:18:11 110592 ----a-w- d:\windows\system32\FsUsbExDevice.Dll
2011-05-25 17:17:59 -------- d-----w- d:\documents and settings\chris\application data\Samsung
2011-05-25 17:17:41 -------- d-----w- d:\program files\MarkAny
2011-05-25 17:16:35 -------- d-----w- d:\documents and settings\chris\local settings\application data\Downloaded Installations
2011-05-14 19:54:37 -------- d-----w- d:\documents and settings\all users.windows\application data\TomTom
2011-05-14 19:51:47 -------- d-----w- d:\documents and settings\chris\local settings\application data\TomTom
2011-05-14 19:51:47 -------- d-----w- d:\documents and settings\chris\application data\TomTom
2011-05-11 02:36:28 -------- d-----w- d:\documents and settings\chris\local settings\application data\Logitech-LS
2011-05-10 18:14:04 60032 -c--a-w- d:\windows\system32\dllcache\usbaudio.sys
2011-05-10 18:14:04 60032 ----a-w- d:\windows\system32\drivers\USBAUDIO.sys
2011-05-10 18:13:40 106496 ----a-r- d:\windows\system32\lvcoinst.dll
2011-05-10 18:13:39 22016 ----a-r- d:\windows\system32\drivers\LVUSBSta.sys
2011-05-10 18:13:37 372736 ----a-r- d:\windows\system32\LVUI2RC.dll
2011-05-10 18:13:35 204800 ----a-r- d:\windows\system32\LVUI2.dll
2011-05-10 18:13:33 204800 ----a-r- d:\windows\system32\lvcodec2.dll
2011-05-10 18:13:28 2180096 ----a-r- d:\windows\system32\drivers\lvsvf2.sys
2011-05-10 18:13:28 1317152 ----a-r- d:\windows\system32\drivers\lvcm.sys
2011-05-10 18:08:35 -------- d-----w- d:\program files\common files\FotoWire
2011-05-10 18:08:35 -------- d-----w- d:\documents and settings\chris\application data\FotoWire
2011-05-10 18:07:28 53248 ----a-r- d:\windows\system32\InstMed.exe
2011-05-10 18:04:19 192512 ----a-w- d:\program files\common files\installshield\professional\runtime\09\01\intel32\iuser.dll
2011-05-10 18:04:18 729088 ----a-w- d:\program files\common files\installshield\professional\runtime\09\01\intel32\iKernel.dll
2011-05-10 18:04:18 69715 ----a-w- d:\program files\common files\installshield\professional\runtime\09\01\intel32\ctor.dll
2011-05-10 18:04:18 5632 ----a-w- d:\program files\common files\installshield\professional\runtime\09\01\intel32\DotNetInstaller.exe
2011-05-10 18:04:18 266240 ----a-w- d:\program files\common files\installshield\professional\runtime\09\01\intel32\iscript.dll
2011-05-10 18:04:14 188548 ----a-w- d:\program files\common files\installshield\professional\runtime\09\01\intel32\iGdi.dll
2011-05-10 18:04:13 311428 ----a-w- d:\program files\common files\installshield\professional\runtime\09\01\intel32\setup.dll
2011-05-05 06:23:07 -------- d-----w- d:\program files\Free Script Editor
2011-05-04 17:50:28 -------- d-----w- d:\documents and settings\chris\local settings\application data\ApplicationHistory
2011-05-03 18:58:34 274288 ----a-w- d:\windows\system32\mucltui.dll
2011-05-03 18:58:34 215920 ----a-w- d:\windows\system32\muweb.dll
2011-05-03 18:58:34 16736 ----a-w- d:\windows\system32\mucltui.dll.mui
.
==================== Find3M ====================
.
2011-06-02 07:51:23 16896 ----a-w- d:\windows\system32\tsshutdn.exe
2011-04-27 04:29:06 15360 ----a-w- d:\windows\system32\ctfmon.exe
2011-04-03 09:17:37 472808 ----a-w- d:\windows\system32\deployJava1.dll
2011-03-25 13:33:27 5018 --sha-w- d:\windows\system32\KGyGaAvL.sys
2011-03-16 01:14:16 190032 ----a-w- d:\windows\system32\drivers\tmcomm.sys
2011-03-12 01:28:15 588800 ----a-w- d:\windows\system32\autochk.exe
2011-03-11 14:10:38 471552 ----a-w- d:\windows\apppatch\aclayers.dll
2011-03-07 05:33:50 692736 ----a-w- d:\windows\system32\inetcomm.dll
.
============= FINISH: 11:31:20.40 ===============

EDIT: Posts merged ~Budapest

Edited by Budapest, 03 June 2011 - 04:07 PM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:34 AM

Posted 11 June 2011 - 07:35 AM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:34 AM

Posted 15 June 2011 - 06:01 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users