Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Worried, please help


  • This topic is locked This topic is locked
17 replies to this topic

#1 Andy20

Andy20

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:04 PM

Posted 25 June 2011 - 01:18 PM

Ok so today I came online, found out some of the websites I go on have had the password reset.. Facebook, Hotmail and Myspace. I changed them... They got reset again so I restarted my computer and a windows programme came up, said it had deleted a trojanbot virus or something like that, I can't remember what it was called now :(

I thought the problem has gone, reset all my passwords again to make sure... an hour later they get reset again so the problem is still there it seems. What was odd as well.. I was talking on msn to some friends and whoever or whatever was on my PC was randomly typing smiley faces during the convo, it was bizarre, never had that problem with any virus in the 8 years that I have been using the internet. It sounds like a hacker/keylogger virus, the random faces on msn have stopped since windows supposedly deleted the bot virus but my passwords on websites are still being tampered with and reset.

Also it seems to be extremely clever, when I went back on msn after I thought I had deleted it... I had a message come through to my hotmail that I had requested to reset my myspace password when I hadn't at that time... So I knew something wasn't right but 10 minutes later someone or something had deleted that password reset request from my inbox on hotmail, like it didn't want me to know it had done it :blink:

How will I be able to get rid of every trace of this and know for sure it's gone from my system?

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:04 AM

Posted 25 June 2011 - 03:16 PM

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

===================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 Andy20

Andy20
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:04 PM

Posted 25 June 2011 - 03:54 PM

Thanks broni, ran the security check, these are the results...


Results of screen317's Security Check version 0.99.7
Windows Vista Service Pack 1 (UAC is enabled)
Out of date service pack!!
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
AVG Free 8.5
Norton Internet Security
Norton 360
McAfee Security Scan Plus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
HijackThis 2.0.2
Java™ 6 Update 21
Out of date Java installed!
Adobe Flash Player 10.0.45.2
Adobe Reader 8.1.0
Out of date Adobe Reader installed!
Mozilla Firefox (3.0.19) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
AVG avgwdsvc.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
``````````End of Log````````````

I ran malware bytes earlier and it didn't find anything.

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:04 AM

Posted 25 June 2011 - 03:56 PM

We have some work to do up there, but MBAM log first...

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 Andy20

Andy20
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:04 PM

Posted 25 June 2011 - 04:01 PM

Ok, that may take a while because I ran a full scan earlier and it took 3 hours! Lol.

Sorry, just realised I can get the log from earlier!



alwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6944

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.19088

25/06/2011 19:02:49
mbam-log-2011-06-25 (19-02-49).txt

Scan type: Full scan (C:\|)
Objects scanned: 461608
Time elapsed: 2 hour(s), 44 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\program files\windows live\messenger\msimg32.dll (PUP.FunWebProducts) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files\windows live\messenger\msimg32.dll (PUP.FunWebProducts) -> Delete on reboot.

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:04 AM

Posted 25 June 2011 - 05:12 PM

Couple more scans....to make sure...

Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can download, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

=============================================================================

Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#7 Andy20

Andy20
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:04 PM

Posted 25 June 2011 - 08:53 PM

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6001 (Service Pack 1)
Number of processors #4
==============================================
>Drivers
==============================================
0x90E00000 C:\Windows\system32\DRIVERS\nvlddmkm.sys 10461184 bytes (NVIDIA Corporation, NVIDIA Windows Kernel Mode Driver, Version 266.58 )
0x8384C000 C:\Windows\system32\ntkrnlpa.exe 3903488 bytes (Microsoft Corporation, NT Kernel & System)
0x8384C000 PnpManager 3903488 bytes
0x8384C000 RAW 3903488 bytes
0x8384C000 WMIxWDM 3903488 bytes
0x9C490000 Win32k 2109440 bytes
0x9C490000 C:\Windows\System32\win32k.sys 2109440 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8C20D000 C:\Windows\System32\Drivers\Ntfs.sys 1110016 bytes (Microsoft Corporation, NT File System Driver)
0x8BE77000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x80683000 PCI_PNP8808 995328 bytes
0x80683000 C:\Windows\System32\Drivers\spps.sys 995328 bytes
0x80683000 sptd 995328 bytes
0x8C000000 C:\Windows\System32\drivers\tcpip.sys 954368 bytes (Microsoft Corporation, TCP/IP Driver)
0x804C2000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0xAE202000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x9FA02000 C:\Windows\system32\drivers\spsys.sys 716800 bytes (Microsoft Corporation, security processor)
0xA5AD4000 C:\Windows\system32\drivers\hardlock.sys 696320 bytes (Aladdin Knowledge Systems Ltd., Hardlock Device Driver for Windows NT)
0x9180B000 C:\Windows\System32\drivers\dxgkrnl.sys 651264 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x91E06000 C:\Windows\system32\DRIVERS\RTL8192su.sys 634880 bytes (Realtek Semiconductor Corporation , Realtek RTL8192S USB NDIS Driver)
0x8BE06000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x80604000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0x9240D000 C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys 458752 bytes (Symantec Corporation, SPBBC Driver)
0x9FB08000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x80408000 C:\Windows\system32\mcupdate_GenuineIntel.dll 393216 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x9250C000 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 385024 bytes (Symantec Corporation, Symantec Eraser Control Driver)
0x92587000 C:\Windows\System32\Drivers\avgldx86.sys 331776 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)
0xA5A85000 C:\Windows\System32\DRIVERS\srv.sys 323584 bytes (Microsoft Corporation, Server driver)
0x83E4E000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x924C3000 C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20100915.004\IDSvix86.sys 299008 bytes (Symantec Corporation, IDS Core Driver)
0x91F4E000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x805B0000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x80481000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x83F4B000 C:\Windows\system32\drivers\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x91C4E000 C:\Windows\system32\drivers\HdAudio.sys 258048 bytes (Microsoft Corporation, High Definition Audio Function Driver)
0x8C14A000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x9247D000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x8BFAD000 C:\Windows\system32\drivers\NETIO.SYS 237568 bytes (Microsoft Corporation, Network I/O Subsystem)
0x918C6000 C:\Windows\System32\Drivers\ah7tcnre.SYS 233472 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0xA5A0C000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x83F9C000 C:\Windows\system32\drivers\PCTCore.sys 233472 bytes (PC Tools, PC Tools KDS Core Driver)
0x8C324000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x91C09000 C:\Windows\system32\DRIVERS\usbhub.sys 212992 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x83819000 ACPI_HAL 208896 bytes
0x83819000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x807A5000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x91F1C000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x91908000 C:\Windows\system32\DRIVERS\msiscsi.sys 188416 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x91C8D000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x91D7B000 C:\Windows\System32\Drivers\SYMTDI.SYS 180224 bytes (Symantec Corporation, Network Dispatch Driver)
0x8BF82000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x919D0000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0x9FAC1000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0xA5B7E000 C:\Windows\System32\Drivers\fastfat.SYS 163840 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xA5A5D000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x8C391000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x83E09000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x8077F000 C:\Windows\System32\Drivers\SCSIPORT.SYS 155648 bytes (Microsoft Corporation, SCSI Port Driver)
0x91CBA000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x91EA1000 C:\Windows\system32\Drivers\SYMEVENT.SYS 151552 bytes (Symantec Corporation, Symantec Event Library)
0x91963000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x91DA7000 C:\Windows\system32\drivers\sp_rsdrv2.sys 143360 bytes (-, -)
0x83ED8000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0x91D12000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x9FBC8000 C:\Windows\system32\drivers\mrxdav.sys 131072 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x83FDE000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x83F0F000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x91DE0000 C:\Windows\System32\Drivers\dump_nvstor32.sys 122880 bytes
0x83F2D000 C:\Windows\system32\drivers\nvstor32.sys 122880 bytes (NVIDIA Corporation, NVIDIA® nForce™ Sata Performance Driver)
0x9FB7D000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x8C0E9000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x8C1D8000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x83EBD000 C:\Windows\system32\drivers\nvraid.sys 110592 bytes (NVIDIA Corporation, NVIDIA® nForce™ RAID Driver)
0x91F03000 C:\Windows\System32\Drivers\avgtdix.sys 102400 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)
0x9FB9A000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x8C197000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xA5A45000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x9256A000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x91941000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x91DCA000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x91F9F000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x91ED9000 C:\Windows\System32\Drivers\SYMFW.SYS 90112 bytes (Symantec Corporation, Firewall Filter Driver)
0x91D65000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0x9FBB3000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x919A9000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0xAE2F6000 C:\Windows\system32\DRIVERS\WUDFRd.sys 86016 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector)
0x91995000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x91EEF000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x8C122000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
0x9FAF5000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x91FD2000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x8C1AF000 C:\Windows\system32\DRIVERS\HDAudBus.sys 73728 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x925D8000 C:\Windows\system32\DRIVERS\USBSTOR.SYS 73728 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xAE30B000 C:\Windows\system32\DRIVERS\WUDFPf.sys 73728 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x8C3B8000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x91C3D000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x80468000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x83F8C000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x9FAB1000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x83EAD000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x919BE000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x8C36F000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
0x8C3D2000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x8C381000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x83E30000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x91986000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x918B7000 C:\Windows\system32\DRIVERS\Rtlh86.sys 61440 bytes (Realtek Corporation, Realtek 8101/8168/8169 NDIS6 32-bit Driver)
0x8C188000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x83E3F000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x9C6D0000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x805A2000 C:\Windows\System32\drivers\ldkl.sys 57344 bytes
0x91FBE000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x91D4E000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x83E9F000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x83EF9000 C:\Windows\System32\drivers\sfsync03.sys 57344 bytes (Protection Technology, StarForce Protection Synchronization Driver)
0x80675000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x925EC000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x91ECC000 C:\Windows\System32\Drivers\SYMNDISV.SYS 53248 bytes (Symantec Corporation, NDIS Filter Driver)
0x8C1CB000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x918AA000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0xAE2EA000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x91D06000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8C200000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x8C135000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x91D43000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x91958000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x91936000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x8C3E9000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x91800000 C:\Windows\system32\drivers\WmXlCore.sys 45056 bytes (Logitech Inc., Logitech WingMan Translation Driver)
0x92400000 C:\Windows\System32\Drivers\dump_diskdump.sys 40960 bytes
0x91FEF000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8C1C1000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x9FAEB000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x924B9000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0xAE2E0000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x91FE5000 C:\Windows\System32\Drivers\SRTSPX.SYS 40960 bytes (Symantec Corporation, Symantec AutoProtect)
0x8C140000 C:\Windows\system32\DRIVERS\usbohci.sys 40960 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0xAE333000 C:\Windows\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0x8C3C9000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0xAE31D000 C:\Windows\system32\FsUsbExDisk.SYS 36864 bytes
0x91CDF000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x83FD5000 C:\Windows\System32\Drivers\PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0x91D5C000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x91FB5000 C:\Windows\system32\DRIVERS\SymIMv.sys 36864 bytes (Symantec Corporation, NDIS 6.0 Filter Driver for Windows Vista)
0x9C6B0000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8C3F4000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x918FF000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x80776000 C:\Windows\System32\Drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x91F96000 C:\Windows\system32\drivers\ws2ifsl.sys 36864 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0x83F07000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x80479000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x9FB75000 C:\Windows\system32\drivers\CO_Mon.sys 32768 bytes (Symantec Corporation, Behavior Blocker v2007.1 WDM driver (2007.1.1.99))
0x80400000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x807D7000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x91D33000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x91D3B000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8C367000 C:\Windows\System32\drivers\sfhlp02.sys 32768 bytes (Protection Technology, StarForce Protection Helper Driver)
0x8C35D000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x8C31C000 C:\Windows\system32\drivers\wd.sys 32768 bytes (Microsoft Corporation, Microsoft Watchdog Timer Driver)
0x91CEF000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x91CFF000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x91CE8000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x83E98000 C:\Windows\system32\drivers\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x92581000 C:\Windows\System32\Drivers\avgmfx86.sys 24576 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)
0x91FCC000 C:\Windows\System32\Drivers\StarOpen.SYS 24576 bytes
0xAE326000 C:\Windows\system32\drivers\mbam.sys 16384 bytes (Malwarebytes Corporation, Malwarebytes' Anti-Malware)
0x91EC6000 C:\Windows\System32\Drivers\SYMREDRV.SYS 16384 bytes (Symantec Corporation, Redirector Filter Driver)
0x919FA000 C:\Windows\system32\drivers\WmBEnum.sys 16384 bytes (Logitech Inc., Logitech WingMan Virtual Bus Enumerator Driver)
0x8C37E000 C:\Windows\System32\Drivers\GEARAspiWDM.sys 12288 bytes (GEAR Software Inc., CD DVD Filter)
0x917FA000 C:\Windows\System32\Drivers\nvBridge.kmd 8192 bytes (NVIDIA Corporation, NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 266.58 )
0x8C365000 C:\Windows\system32\speedfan.sys 8192 bytes (Windows ® 2000 DDK provider, SpeedFan Device Driver)
0x919CE000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x91ECA000 C:\Windows\System32\Drivers\SYMDNS.SYS 8192 bytes (Symantec Corporation, DNS Filter Driver)
0x925EA000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0x8C390000 C:\Windows\system32\giveio.sys 4096 bytes
0x8679E1F8 unknown_irp_handler 3592 bytes
0x8BCAC1F8 unknown_irp_handler 3592 bytes
0x88F1F1F8 unknown_irp_handler 3592 bytes
0x8679C1F8 unknown_irp_handler 3592 bytes
0x88F541F8 unknown_irp_handler 3592 bytes
0x88DEF1F8 unknown_irp_handler 3592 bytes
0x88F501F8 unknown_irp_handler 3592 bytes
0x8679A1F8 unknown_irp_handler 3592 bytes
0x8679D1F8 unknown_irp_handler 3592 bytes
0x88DF01F8 unknown_irp_handler 3592 bytes
0x8AD47500 unknown_irp_handler 2816 bytes
0x8A6CD500 unknown_irp_handler 2816 bytes
0x8A6D2500 unknown_irp_handler 2816 bytes
0x8AF53500 unknown_irp_handler 2816 bytes
0x8A6DC500 unknown_irp_handler 2816 bytes
==============================================
>Stealth
==============================================
WARNING: File locked for read access [C:\Windows\system32\drivers\sptd.sys]


ESET scan results...

C:\Program Files\Application Updater\ApplicationUpdater.exe probably a variant of Win32/Adware.Toolbar.Dealio application cleaned by deleting - quarantined
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe a variant of Win32/Adware.Toolbar.Dealio application cleaned by deleting - quarantined
C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll probably a variant of Win32/Adware.Toolbar.Dealio application cleaned by deleting - quarantined
C:\Program Files\YouTube Downloader Toolbar\IE\4.4\youtubedownloaderToolbarIE.dll a variant of Win32/Adware.Toolbar.Dealio application cleaned by deleting - quarantined
C:\Users\Andy\AppData\Local\Temp\jar_cache3445202217180867440.tmp Java/Agent.BL trojan deleted - quarantined
C:\Users\Andy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\35ace28a-773ff0ba probably a variant of Win32/Agent.LMMBFXF trojan cleaned by deleting - quarantined
C:\Users\Andy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\2fc1f1cd-3ea41009 multiple threats deleted - quarantined
C:\Users\Andy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\56e5934d-3be188d0 multiple threats deleted - quarantined
C:\Users\Andy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\6aa5851-32f184c3 multiple threats deleted - quarantined
C:\Users\Andy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\15585d14-1e476df1 probably a variant of Win32/Agent.RPSVWU trojan cleaned by deleting - quarantined
C:\Users\Andy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\3f3af9d7-136a6f89 multiple threats deleted - quarantined
C:\Users\Andy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\4ff6a7d8-2e4cedc1 Java/TrojanDownloader.OpenStream.NCA trojan deleted - quarantined
C:\Users\Andy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\52e875da-7a146a34 multiple threats deleted - quarantined
C:\Users\Andy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\5974e79e-5a5ccc65 probably a variant of Java/Agent.BR trojan deleted - quarantined
C:\Users\Andy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\30feb821-3074d402 multiple threats deleted - quarantined
C:\Users\Andy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\3cb543ea-5fe8b8b4 a variant of Java/TrojanDownloader.OpenStream.NBF trojan deleted - quarantined
C:\Users\Andy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\551baceb-5380900e multiple threats deleted - quarantined
C:\Users\Andy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\775a696b-12d17387 Java/TrojanDownloader.OpenStream.NCA trojan deleted - quarantined
C:\Users\Andy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\42cc9baf-146db81f multiple threats deleted - quarantined
C:\Users\Andy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\31d40331-7adc6bc4 multiple threats deleted - quarantined
C:\Users\Andy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\739d2831-759db7a7 multiple threats deleted - quarantined
C:\Users\Andy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\555c00b2-1d919804 a variant of Java/Rowindal.A trojan deleted - quarantined
C:\Users\Andy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\16802533-112e4bbc a variant of Java/TrojanDownloader.OpenStream.NBF trojan deleted - quarantined
C:\Users\Andy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\31bba1f4-5c851fbd Java/TrojanDownloader.Agent.NBL trojan deleted - quarantined
C:\Users\Andy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\482bd086-4a2560c5 probably a variant of Java/TrojanDownloader.Agent.LQ trojan deleted - quarantined

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:04 AM

Posted 25 June 2011 - 10:53 PM

Very well :)

=====================================================

Now, you're running two AV programs, AVG and Norton.
One of them has to go.
If AVG, use AVG Remover: http://www.avg.com/us-en/utilities
If Norton, use this tool: http://us.norton.com/support/kb/web_view.jsp?wv_type=public_web&docurl=20080710133834EN

======================================================

You can also safely uninstall McAfee Security Scan Plus, typical foistware.

======================================================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.

============================================================.

Uninstall your outdated Firefox version.
Install current 5.0 version.

============================================================

Update Adobe Reader

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

=============================================================

Make sure, Windows updates are current, including Service Pack 2 installation and updating Internet Explorer to version 9.


Let me know, when you're done.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#9 Andy20

Andy20
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:04 PM

Posted 27 June 2011 - 03:28 PM

Ok, I have deleted Norton because it had expired anyway, updated Java, just about to update Firefox, Adobe reader, Windows service pack and IE.

I have a quick question though in the meantime... How clever can a keylogger bot be? When I was on MSN a few days ago when I first noticed my passwords were being changed... The bot seemed to be typing random faces to my friends while I was on MSn and talking to them. Also it was closing MSN convos occasionally too. I seem I have deleted all the nasties from my PC now(Or so I thought), I have reset my passwords AGAIN on Facebook, Hotmail etc... Didn't have any more password changes all day today but just got an email on Hotmail that I requested to reset my Facebook password 10 minutes ago. NO I didn't :angry: :angry:

Who the heck is doing that? I'm sure it's not anyone I know, it has to be that virus/keylogger and whoever is behind it. I'm worried because I don't want to go into internet banking at the moment incase they steal my details. How will I know that this idiot and his keylogger/bot DEFINITELY doesn't have any trace left in my system?

Edited by Andy20, 27 June 2011 - 03:29 PM.


#10 Andy20

Andy20
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:04 PM

Posted 27 June 2011 - 03:45 PM

Whoever it is has just reset my Hotmail password again too, I'm getting very annoyed with them now, if it is a bot doing it then it must be a clever one because they have got past an image verification procedure and also my security question :angry:

Also how the heck did they delete the Facebook password reset request that I saw in my indox 20 minutes ago? I have just changed my password, logged back into it... All the other emails are there but they have deliberately deleted that Facebook reset request. It has to be a human doing that surely?

Edited by Andy20, 27 June 2011 - 03:47 PM.


#11 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:04 AM

Posted 27 June 2011 - 05:16 PM

OK, be aware, that any online account can be hacked from the outside, not necessarily involving your computer.
Your computer appears to be clean.

If you wish to do some higher level checking....

...you will need help from the malware removal team. I would like you to start a new thread and post a DDS log HERE and include a link to this thread. Please make sure that you read the information about getting started before you start your thread.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient. Help is on the way!

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#12 Andy20

Andy20
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:04 PM

Posted 27 June 2011 - 05:58 PM

Ok thank you for your help, that DDS link on that page isn't working :( Anywhere else i can download it from?

#13 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:04 AM

Posted 27 June 2011 - 06:08 PM

It works fine for me.
What happens?

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#14 Andy20

Andy20
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:04 PM

Posted 27 June 2011 - 06:20 PM

Sorry, it's working now, i'm not sure why it wasn't working when I tried before. This virus issue is confusing me, I closed my Facebook account for the time being so it couldn't post any more spam from my profile but someone changed it again and re-activated it, seems like a keylogger but it looks like my computer is clean, never had a problem with stolen passwords in 7 years of being on the internet, this is the first time. :blink:

#15 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:04 AM

Posted 27 June 2011 - 06:26 PM

Very well :)
Good luck there!

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users