Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus/Worm taking over my computer!!


  • This topic is locked This topic is locked
4 replies to this topic

#1 amcardwell

amcardwell

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:14 PM

Posted 08 July 2011 - 01:13 PM

Hi! Very recently I found that I have become infected with some kind of malware. It started sometime yesterday or the day before.

*EDIT: I would post the name of the virus, if I knew what it was.*

First, my system started to hang sometime last night within an hour of start-up. After rebooting a couple of times, out of frustration I did a quick virus scan using N360. Once the scan starts, the system semi-completely freezes up; I am still able to move the mouse and position windows, but taskbar and keyboard are shot. So I download MBAM... installs fine, and shuts itself down shortly after starting any scan. Spybot S&D installs, but doesnt open. HiJackThis doesn't start. GMER quits after starting the scan. The only thing that works right now is DDS. I even tried running a mbam scan using the command prompt, but gives me an "Access Denied" error, even when running as Admin. Note that I tried renaming all of the anti's executables, to no avail. Here is my DDS log:

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_25
Run by Administrator at 13:44:26 on 2011-07-08
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2493 [GMT -4:00]
.
AV: Norton 360 *Enabled/Updated* {A5F1BC7C-EA33-4247-961C-0217208396C4}
FW: Norton 360 *Enabled*
.
============== Running Processes ===============
.
"\\.\globalroot\Device\svchost.exe\svchost.exe"
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\_Adam's Smallware\Off-Helper\Off-Helper Service.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\_Adam's Smallware\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroDist.exe
C:\Program Files\_Adam's Smallware\Unlocker\UnlockerAssistant.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe
C:\Program Files\_Adam's Smallware\Off-Helper\Off-Helper Configuration.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\_Adam's Smallware\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\_adam's smallware\flashget\jccatch.dll
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.6\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: RoboForm BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: QTTabBar AutoLoader: {d2bf470e-ed1c-487f-a777-2bd8835eb6ce} - mscoree.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\_adam's smallware\flashget\getflash.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll
TB: {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No File
TB: QTTabBar: {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - mscoree.dll
TB: QTTab Standard Buttons: {d2bf470e-ed1c-487f-a666-2bd8835eb6ce} - mscoree.dll
{555d4d79-4bd2-4094-a395-cfc534424a05}
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\program files\norton 360\osCheck.exe"
mRun: [UnlockerAssistant] "c:\program files\_adam's smallware\unlocker\UnlockerAssistant.exe" -H
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [WinNT] c:\documents and settings\adam\application data\resources.exe
mRun: [SetDefPrt] c:\program files\brother\brmfl05c\BrStDvPt.exe
mRun: [ControlCenter2.0] c:\program files\brother\controlcenter2\brctrcen.exe /autorun
mRun: [MacDrive 8 application] "c:\program files\mediafour\macdrive 8\MacDrive.exe"
mRun: [Getting started with MacDrive 8] "c:\program files\mediafour\macdrive 8\MDGetStarted.exe" /auto
mRun: [Hobbyist Software On-Off Helper] "c:\program files\_adam's smallware\off-helper\Off-Helper Configuration.exe" /startup
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\_adam's smallware\malwarebytes' anti-malware\mbamgui.exe" /starttray
mExplorerRun: [Windows Host] c:\documents and settings\adam\application data\firefox.exe
mExplorerRun: [WinNT] c:\documents and settings\adam\application data\resources.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F4C} - c:\program files\siber systems\ai roboform\RoboFormComOptions.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F4D} - c:\program files\siber systems\ai roboform\RoboFormComSync.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F4E} - c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F50} - c:\program files\siber systems\ai roboform\RoboFormComPasswordGenerator.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F51} - c:\program files\siber systems\ai roboform\RoboFormComTaskBarIcon.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F52} - c:\program files\siber systems\ai roboform\RoboFormComSetFields.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F53} - c:\program files\siber systems\ai roboform\RoboFormComResetFields.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F54} - c:\program files\siber systems\ai roboform\RoboFormComClearFields.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F55} - c:\program files\siber systems\ai roboform\RoboFormComLogoff.html
IE: {45DB34C3-955C-11D3-ABEF-444553540001} - c:\program files\siber systems\ai roboform\RoboFormComEditIdent.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\_adam's smallware\flashget\FlashGet.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {705EC6D4-B138-4079-A307-EF13E4889A82} - hxxps://remote.officemax.com/CACHE/sdesktop/install/binaries/instweb.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
TCP: DhcpNameServer = 68.87.68.166 68.87.74.166
TCP: Interfaces\{CFA23D12-30A0-49DF-B47F-19C288F13862} : DhcpNameServer = 68.87.68.166 68.87.74.166
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\adam's smallware\coreftp\pftpns.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {4F8A4BB5-0EBD-E5CB-9ECB-CEB5F1AF0A7A} - c:\documents and settings\adam\application data\autorun.exe
mASetup: {5DCBDBFE-DBCC-ED67-DCD8-CEDF0CCB98AF} - c:\documents and settings\adam\application data\svchost.exe
mASetup: {5DEDACDB-143A-E6EA-3E4D-ABFDEB69CB5F} - c:\documents and settings\adam\application data\resources.exe
mASetup: {CD12DC44-D4FE-FCDB-2ABA-ABA0BEA2EDAE} - c:\documents and settings\adam\application data\svchost.exe
mASetup: {F3EEADCE-3DCE-CDE8-4EC6-DC93FBAB90A8} - c:\documents and settings\adam\application data\firefox.exe
Hosts: 74.208.10.249 gs.apple.com
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R0 MDFSYSNT;MacDrive file system driver;c:\windows\system32\drivers\MDFSYSNT.SYS [2009-9-3 259176]
R0 MDPMGRNT;MacDrive partition driver;c:\windows\system32\drivers\MDPMGRNT.SYS [2009-7-31 27488]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-2-18 149352]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-2-18 149352]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-2-18 149352]
R2 MacDrive8Service;MacDrive 8 service;c:\program files\mediafour\macdrive 8\MacDrive8Service.exe [2009-9-3 192512]
R2 MBAMService;MBAMService;c:\program files\_adam's smallware\malwarebytes' anti-malware\mbamservice.exe [2011-7-8 366640]
R2 Off-Helper;Off-Helper;c:\program files\_adam's smallware\off-helper\Off-Helper Service.exe [2011-6-25 6656]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-7-7 105592]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-7-8 22712]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20110707.003\NAVENG.SYS [2011-7-7 86008]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20110707.003\NAVEX15.SYS [2011-7-7 1542392]
S2 PS3 Media Server;PS3 Media Server;"c:\program files\ps3 media server\win32\service\wrapper.exe" -s "c:\program files\ps3 media server\win32\service\wrapper.conf" --> c:\program files\ps3 media server\win32\service\wrapper.exe [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-7-1 1691480]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-12 23888]
S3 FLASHSYS;FLASHSYS;c:\program files\msi\live update 4\lu4\FlashSys.sys [2010-7-1 9216]
S3 OlyCamComm;OLYMPUS USB Communication Device;c:\windows\system32\drivers\OlyCamComm.sys [2011-1-14 21648]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 radpms;Driver for RADPMS Device;c:\windows\system32\drivers\radpms.sys --> c:\windows\system32\drivers\radpms.sys [?]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2010-11-3 1245064]
.
=============== Created Last 30 ================
.
2011-07-08 17:43:40 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Apple Computer
2011-07-08 17:43:14 -------- d-----w- c:\documents and settings\administrator\application data\Symantec
2011-07-08 17:25:27 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Adobe
2011-07-08 16:42:39 711728 ----a-w- c:\windows\isRS-000.tmp
2011-07-08 16:05:26 -------- d-----w- c:\documents and settings\administrator\application data\Malwarebytes
2011-07-08 16:04:23 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Microsoft Help
2011-07-08 15:56:41 -------- d-----w- c:\windows\pss
2011-07-08 15:54:09 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-08 15:54:08 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-07-08 15:54:04 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-08 15:37:43 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2011-07-08 14:01:59 -------- d-sh--w- c:\documents and settings\administrator\IETldCache
2011-07-08 14:01:31 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Microsoft
2011-07-07 01:51:25 -------- d-----w- c:\program files\DAudioK
2011-07-07 01:51:03 -------- d-----w- c:\program files\AviSynth 2.5
2011-07-07 01:45:27 -------- d-----w- c:\program files\Illustrate
2011-07-07 00:21:57 -------- d-----w- c:\program files\MAXON
2011-07-07 00:16:04 25984 ----a-w- c:\windows\system32\drivers\1278023469.sys
2011-07-06 20:09:40 -------- d--h--w- C:\.TemporaryItems
2011-06-29 21:24:39 -------- d-----w- c:\program files\Comcast
2011-06-29 21:22:57 -------- d-----w- c:\program files\common files\SupportSoft
2011-06-28 20:13:28 -------- d-----w- c:\program files\Prismatic Software
2011-06-28 14:59:09 258352 ----a-w- c:\windows\system32\unicows.dll
2011-06-28 14:59:08 6144 ----a-w- c:\windows\system32\ff_acm.acm
2011-06-27 16:28:01 -------- d-----w- c:\program files\iPod
2011-06-27 16:27:59 -------- d-----w- c:\program files\iTunes
2011-06-27 16:03:09 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-06-27 16:03:09 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-06-25 22:40:34 -------- d-----w- c:\documents and settings\all users\application data\Hobbyist Software
2011-06-25 03:35:21 -------- d-----w- c:\program files\Abyssmedia
2011-06-24 20:00:02 -------- d-----w- c:\documents and settings\all users\application data\ALM
2011-06-24 19:46:39 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-06-24 19:46:39 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2011-06-24 18:13:06 -------- d-----w- c:\program files\Adobe Download Assistant
2011-06-23 03:34:32 229752 ----a-w- c:\windows\system32\SpoonUninstall.exe
2011-06-22 23:22:29 -------- d-----w- c:\documents and settings\all users\application data\WindSolutions
2011-06-22 22:48:20 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin8.dll
2011-06-22 22:48:20 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin7.dll
2011-06-22 22:48:20 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin8.dll
2011-06-22 22:48:20 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2011-06-22 22:47:17 -------- d-----w- c:\program files\Bonjour
2011-06-22 21:45:32 -------- d-----w- c:\program files\common files\Mediafour
2011-06-22 21:45:32 -------- d-----w- c:\documents and settings\all users\application data\Mediafour
2011-06-22 21:45:22 -------- d-----w- c:\program files\Mediafour
2011-06-22 21:34:59 444776 ----a-w- c:\windows\system32\d3dx10_36.dll
2011-06-22 21:33:27 -------- d--h--w- c:\windows\msdownld.tmp
2011-06-22 21:30:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-06-22 21:30:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-06-22 21:30:02 180224 ----a-w- c:\windows\system32\QTCF.dll
2011-06-21 17:37:51 -------- d-----w- c:\program files\VideoStream
2011-06-20 20:05:55 -------- d-----w- c:\program files\AVS4YOU
2011-06-20 20:05:17 10833920 ----a-w- c:\windows\system32\libmfxsw32.dll
2011-06-20 20:05:16 10915840 ----a-w- c:\windows\system32\libmfxhw32.dll
2011-06-20 20:05:09 24576 ----a-w- c:\windows\system32\msxml3a.dll
2011-06-20 20:05:09 -------- d-----w- c:\program files\common files\AVSMedia
2011-06-20 20:05:09 -------- d-----w- c:\documents and settings\all users\application data\AVS4YOU
2011-06-20 18:53:11 421888 ----a-w- c:\windows\system32\ac3filter.acm
2011-06-20 18:02:46 43904 -c--a-w- c:\windows\system32\dllcache\sbp2port.sys
2011-06-20 18:02:46 43904 ----a-w- c:\windows\system32\drivers\sbp2port.sys
2011-06-20 02:29:39 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2011-06-19 20:47:31 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-19 20:41:26 -------- d-----w- c:\documents and settings\all users\application data\Brother
2011-06-19 20:34:30 -------- d-----w- c:\program files\Brother
2011-06-19 17:51:59 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-06-19 17:51:59 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-06-19 17:51:59 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-06-19 17:51:59 1850328 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-06-19 17:51:59 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-06-19 17:51:58 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-06-18 01:08:01 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2011-06-18 01:08:01 21504 ----a-w- c:\windows\system32\hidserv.dll
.
==================== Find3M ====================
.
2011-05-29 23:39:36 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-29 23:39:35 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-02 15:30:48 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:23:45 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11:11 43520 ------w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11:11 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01:22 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys
.
============= FINISH: 13:45:01.98 ===============


Let me know if there is anything else you need. Thanks in advance for all you do!

-Adam

Can anyone help me?

EDIT: Please be patient. There are over 280 unanswered topics in this forum at present and the current average wait time to receive help is 9 days. ~Budapest

Edited by Budapest, 11 July 2011 - 05:47 PM.


BC AdBot (Login to Remove)

 


#2 rigacci

rigacci

    Fiorentino


  • Members
  • 2,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:14 PM

Posted 23 July 2011 - 08:54 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Please take note:

  • If you have since resolved the original problem you were having, we would appreciate you letting us know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.
  • If you have already posted a DDS log, please do so again, as your situation may have changed.
  • Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log



Thanks and again sorry for the delay.

DR

#3 amcardwell

amcardwell
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:14 PM

Posted 27 July 2011 - 10:21 AM

Ragicci,

Thank you for your reply! I am sorry about my impatience... I haven't posted on this site for a while, and it seems I forgot how busy you all are. I will keep this in mind next time I post.

Anyway, I did fix the problem. It seems it was a rogue trojan after all. To fix it, I downloaded a boot disc iso (Hirens) and ran "MiniXP" to boot up my machine. This allowed me to run the built-in Avira Antivirus program to kill the trojan and its friends. I also ran SpyBot S&D. After that I was able to boot windows normally, AND I was able to run my anti's without the trojan killing them. I ran a full norton scan and a full MBAM scan, twice. Everything seems to be good now! I may still have the scan logs from Avira... if you would like me to post them for future reference, I would be happy to oblige. Thanks again!

Adam

#4 rigacci

rigacci

    Fiorentino


  • Members
  • 2,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:14 PM

Posted 28 July 2011 - 07:55 AM

Not a problem! The logs are not needed now.

But great work getting clean!

DR

#5 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:01:14 AM

Posted 28 July 2011 - 08:17 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users