Jump to content

Help with malware


Recommended Posts

  • Replies 166
  • Created
  • Last Reply

Top Posters In This Topic

Hello ,

And :( My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.

-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.

Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

  • Please download OTL from one of the following mirrors:

    [*]Save it to your desktop.

    [*]Double click on the otlDesktopIcon.png icon on your desktop.

    [*]Click the "Scan All Users" checkbox.

    [*]Push the Quick Scan button.

    [*]Two reports will open, copy and paste them in a reply here:

    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download Rootkit Unhooker and save it to your Desktop

  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop

Copy the entire contents of the report and paste it in a reply here.

Note - you may get this warning it is ok, just ignore: "Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

-------------------------------------------------------------

In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply

  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • RKU log

Thanks and again sorry for the delay.

Link to post
Share on other sites

Okay sorry i had school also right now i have no internet using a clean computer and USB to transfer.

My OTL log is too long so can i just attach it

RKUnhookerLE Report:

RkU Version: 3.8.388.590, Type LE (SR2)

==============================================

OS Name: Windows XP

Version 5.1.2600 (Service Pack 2)

Number of processors #1

==============================================

>Drivers

==============================================

0xF5E08000 C:\WINDOWS\system32\drivers\ALCXWDM.SYS 2318336 bytes (Realtek Semiconductor Corp., Realtek AC'97 Audio Driver (WDM))

0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2058368 bytes (Microsoft Corporation, NT Kernel & System)

0x804D7000 PnpManager 2058368 bytes

0x804D7000 RAW 2058368 bytes

0x804D7000 WMIxWDM 2058368 bytes

0xBF800000 Win32k 1851392 bytes

0xBF800000 C:\WINDOWS\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Multi-User Win32 Driver)

0xF5C8B000 C:\WINDOWS\system32\DRIVERS\AGRSM.sys 1269760 bytes (Agere Systems, SoftModem Device Driver)

0xBF012000 C:\WINDOWS\System32\SiSGRV.dll 1236992 bytes (Silicon Integrated Systems Corporation, SiS Compatible Super VGA Driver)

0xF73B5000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)

0xF2678000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 503808 bytes (Microsoft Corporation, WDF Dynamic)

0xF2727000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 454656 bytes (Microsoft Corporation, Windows NT SMB Minirdr)

0xF2938000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 360448 bytes (Microsoft Corporation, TCP/IP Protocol Driver)

0xF203A000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)

0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)

0xF6075000 C:\WINDOWS\system32\DRIVERS\sisgrp.sys 266240 bytes (Silicon Integrated Systems Corporation, SiS Compatible Super VGA Driver)

0xF28C6000 C:\WINDOWS\System32\Drivers\avgtdix.sys 237568 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)

0xF2900000 C:\WINDOWS\system32\DRIVERS\tcpip6.sys 229376 bytes (Microsoft Corporation, IPv6 driver)

0xF26F3000 C:\WINDOWS\System32\Drivers\avgldx86.sys 212992 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)

0xF5BE3000 C:\WINDOWS\system32\DRIVERS\update.sys 212992 bytes (Microsoft Corporation, Update Driver)

0xF750D000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)

0xF7388000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)

0xF2796000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)

0xF21F9000 C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys 163840 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Driver.)

0xF2855000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)

0xF5DE4000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))

0xF25A1000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 143360 bytes (Microsoft Corporation, Fast FAT File System Driver)

0xF74A2000 fasttx2k.sys 143360 bytes (Promise Technology, Inc., Promise FastTrak Series Driver for WindowsXP)

0xF603E000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)

0xF5DC1000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 143360 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)

0xF2833000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)

0xF2811000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)

0xF28A5000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 135168 bytes (Microsoft Corporation, IP Network Address Translator)

0x806CE000 ACPI_HAL 131968 bytes

0x806CE000 C:\WINDOWS\system32\hal.dll 131968 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)

0xF746B000 fltMgr.sys 126976 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)

0xF74DD000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)

0xF736D000 Mup.sys 110592 bytes (Microsoft Corporation, Multiple UNC Provider driver)

0xF74C5000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)

0xF2589000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes

0xF748A000 C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)

0xF7442000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)

0xF5C17000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))

0xF1F35000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)

0xF25C4000 C:\WINDOWS\system32\drivers\Mkd2Nadr.sys 81920 bytes (AhnLab, Inc., MyKeyDefense USB Keyboard Filter Driver)

0xF5C77000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)

0xF6061000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)

0xF2990000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)

0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)

0xF7459000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)

0xF74FC000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)

0xF2279000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)

0xF782C000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)

0xF783C000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)

0xF775C000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)

0xF781C000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)

0xF764C000 ohci1394.sys 61440 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)

0xF77FC000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)

0xF20B9000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)

0xF6C1E000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)

0xF77CC000 C:\WINDOWS\system32\DRIVERS\AmdK8.sys 57344 bytes (Advanced Micro Devices, AMD Processor Driver)

0xF765C000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 53248 bytes (Microsoft Corporation, 1394 Bus Device Driver)

0xF77EC000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 53248 bytes (Microsoft Corporation, SCSI CD-ROM Driver)

0xF769C000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)

0xF6C8E000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)

0xF767C000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)

0xF779C000 C:\WINDOWS\System32\Drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)

0xF76DC000 avgrkx86.sys 49152 bytes (AVG Technologies CZ, s.r.o., AVG Anti-Rootkit Driver)

0xF76CC000 gagp30kx.sys 49152 bytes (Microsoft Corporation, MS Generic AGPv3.0 Filter for K8/9 Processor Platforms)

0xF6C6E000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)

0xF77DC000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)

0xF766C000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)

0xF6C7E000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)

0xF2459000 C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys 40960 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Filter Driver.)

0xF24A9000 C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys 40960 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Loader Driver.)

0xF6C2E000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)

0xF76AC000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)

0xF76BC000 SISAGPX.sys 40960 bytes (Silicon Integrated Systems Corporation, SiS AGPv3.5 Filter)

0xF6C5E000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)

0xF76EC000 AVGIDSxx.sys 36864 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Helper Driver.)

0xF768C000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)

0xF778C000 C:\WINDOWS\System32\Drivers\Fips.SYS 36864 bytes (Microsoft Corporation, FIPS Crypto Driver)

0xF77AC000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)

0xF763C000 isapnp.sys 36864 bytes

0xF773C000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)

0xF776C000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)

0xF20D9000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)

0xF774C000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)

0xF7984000 C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 32768 bytes (Microsoft Corporation, IPv6 Windows Firewall Driver)

0xF79BC000 C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys 32768 bytes (Logitech, Inc., Logitech HID Filter Driver.)

0xF79EC000 C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys 32768 bytes (Logitech, Inc., Logitech Mouse Filter Driver.)

0xF78F4000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)

0xF797C000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)

0xF7A44000 C:\WINDOWS\system32\DRIVERS\sisnic.sys 32768 bytes (SiS Corporation, SiS PCI Fast Ethernet Adapter Driver)

0xF79A4000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)

0xF7964000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)

0xF78BC000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)

0xF7A3C000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 28672 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)

0xF798C000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)

0xF79AC000 C:\WINDOWS\System32\Drivers\avgmfx86.sys 24576 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)

0xF7A2C000 C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)

0xF792C000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)

0xF79B4000 C:\WINDOWS\System32\Drivers\LUsbFilt.Sys 24576 bytes (Logitech, Inc., Logitech USB Filter Driver.)

0xF7934000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)

0xF7994000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)

0xF796C000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)

0xF79FC000 C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys 20480 bytes (-, -)

0xF7974000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)

0xF78C4000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)

0xF79CC000 C:\WINDOWS\System32\Drivers\PCASp50.sys 20480 bytes (Printing Communications Assoc., Inc. (PCAUSA), PCAUSA NDIS 5.0 SPR Protocol Driver)

0xF791C000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)

0xF7924000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)

0xF7914000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)

0xF7A34000 C:\WINDOWS\system32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)

0xF79C4000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)

0xF7B24000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)

0xF7ADC000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)

0xF2515000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)

0xF7AC4000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)

0xF7331000 C:\WINDOWS\system32\DRIVERS\tunmp.sys 16384 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)

0xF7A4C000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)

0xF7335000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)

0xF7B14000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)

0xF7B20000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)

0xF7AD4000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)

0xF7AF0000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)

0xF7B10000 C:\WINDOWS\system32\DRIVERS\srvkp.sys 12288 bytes (Silicon Integrated Systems Corporation, SiS VGA Driver Manager)

0xF7BA4000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)

0xF7BAE000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes

0xF7BA2000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)

0xF7B3C000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)

0xF7B9A000 C:\WINDOWS\system32\DRIVERS\loop.sys 8192 bytes (Microsoft Corporation, Loopback Network Driver)

0xF7BA6000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)

0xF7BA8000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)

0xF7B9C000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)

0xF7BA0000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)

0xF7B3E000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)

0xF7CEC000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)

0xF7D7D000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)

0xF7C37000 C:\WINDOWS\System32\Drivers\LBeepKE.sys 4096 bytes (Logitech, Inc., Logitech Consumer Control Filter Driver.)

0xF7D4D000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)

0xF7C04000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)

0xF7D83000 C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys 4096 bytes (TuneUp Software, TuneUp Utilities Driver)

==============================================

>Stealth

==============================================

OTL.Txt

Extras.Txt

Link to post
Share on other sites

Hello again,

COMBOFIX

---------------

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Link to post
Share on other sites

Hi, please do the following:

CF-SCRIPT

-------------

We need to execute a CF-script.

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:

AtJob::

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

UPDATE XP

--------------

Your Microsoft Windows installation is out of date. Using unpatched Windows systems on the Internet is a security risk to everyone. When there are insecure computers connected to the Internet, malware spreads faster and more extensively, distributed denial-of-service attacks are easier to launch, and spammers have more platforms from which to send e-mail. Whenever a security problem in its software is found, Microsoft will usually create a patch for it. After the patch is installed, attackers can't use the vulnerability to install malicious software on your computer. Keeping up-to-date with all these security patches will help prevent malware from reinfecting your machine. If you are not sure how to do this, see How to use Microsoft Update.

For additional information, be sure to read "Windows Xp Service Pack 3 (sp3) Information".

Then go here to check for & install updates to Microsoft applications.

Note: The update process uses ActiveX, so you will need to use Internet Explorer for it, and allow the ActiveX control that it wants to install.

Please reboot and repeat the update process until there are no more updates to install.

If updates are still not working, try to download Service Pack 3 manually.

Link to post
Share on other sites

Hi, not updating to Service Pack 3 will cause more problems than updating.

For the internet problem, please post me a new OTL log so I can have a look at some settings. How are you connectin to the internet and what appears to be the problem?

Link to post
Share on other sites

Looks like there might be a rootkit onboard that so far has been able not to show up on any scanners....

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Link to post
Share on other sites

Please run the following custom scan.

OTL

-----

  1. Please download OTL from one of the following mirrors:

[*]Save it to your desktop.

[*]Double click on the otlDesktopIcon.png icon on your desktop.

[*]Copy and Paste the following code into the customFix.png textbox. Do not include the word "Code"

/md5start
isapnp.sys
/md5stop

[*]Push runscanbutton.png

[*]A report will open. Copy and Paste that report in your next reply.

Click Start > Run, type services.msc and press enter. Scroll down to DHCP client and make sure it is set to Automatic and Started. If not, start it and let me know what happens.

Link to post
Share on other sites

Click Start > Run, type cmd and press enter.

Type net start dhcp client and press enter. Let me know what comes back.

You can Click Start > Network Connections > Show all connections, right click on the MS Loopback adapter, select status, click Properties and then uncheck show icon in notification area when connected.

Link to post
Share on other sites

Hi again,

Please right click on your Internet Connection icon in the System Tray and select Status. In the Status window click the Options button.

Look under "this connection uses the following items" and highlight Internet Protocol (TCP/IP). Click Properties.

On the General tab, make sure "Obtain an IP address automatically" and "Obtain DNS server address automatically" are both ticked.

On the Alternate Configuration tab, make sure "Automatic private IP address" is ticked.

Click OK to exit the Properties and OK to exit the other windows as well.

Now, click Start > Run and type cmd in the runbox.

A command window will open. Type ipconfig /flushdns and press enter.

Please run Notepad (start > All Programs > Accessories > Notepad) and copy and paste the text in the code box into a new file:

@echo off
(ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print) >>Log1.txt
start notepad Log1.txt
del %0

Go to the File menu at the top of the Notepad and select Save as.

Select save in: desktop

Fill in File name: test.bat

Save as type: All file types (*.*)

Click save.

Close the Notepad.

Locate and double-click tast.bat on the desktop.

A notepad opens, copy and paste the content it (log1.txt) to your reply.

Link to post
Share on other sites

log1:

Windows IP Configuration

Host Name . . . . . . . . . . . . : Hp

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : hsd1.ca.comcast.net.

Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Microsoft Loopback Adapter

Physical Address. . . . . . . . . : 02-00-4C-4F-4F-50

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes

Link-local IPv6 Address . . . . . : fe80::88d9:3db1:d2ef:56ac%15(Preferred)

IPv4 Address. . . . . . . . . . . : 63.251.217.2(Preferred)

Subnet Mask . . . . . . . . . . . : 255.255.255.0

IPv4 Address. . . . . . . . . . . : 63.251.217.3(Preferred)

Subnet Mask . . . . . . . . . . . : 255.255.255.0

IPv4 Address. . . . . . . . . . . : 63.251.217.4(Preferred)

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . :

DHCPv6 IAID . . . . . . . . . . . : 402784332

DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-9E-2A-EB-90-E6-BA-EC-30-B8

DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1

fec0:0:0:ffff::2%1

fec0:0:0:ffff::3%1

NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : hsd1.ca.comcast.net.

Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller

Physical Address. . . . . . . . . : 90-E6-BA-EC-30-B8

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

Link-local IPv6 Address . . . . . : fe80::74ec:bff7:61bc:34e1%11(Preferred)

IPv4 Address. . . . . . . . . . . : 192.168.1.103(Preferred)

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Lease Obtained. . . . . . . . . . : Thursday, October 14, 2010 12:56:56 PM

Lease Expires . . . . . . . . . . : Friday, October 15, 2010 1:36:44 PM

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DHCPv6 IAID . . . . . . . . . . . : 234890776

DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-9E-2A-EB-90-E6-BA-EC-30-B8

DNS Servers . . . . . . . . . . . : 68.87.76.182

68.87.78.134

192.168.1.1

68.87.76.182

68.87.78.134

NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.hsd1.ca.comcast.net.:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Microsoft ISATAP Adapter

Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{738A3553-B513-4044-9062-BD492FF9495E}:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2

Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes

Tunnel adapter 6TO4 Adapter:

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Microsoft 6to4 Adapter

Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes

IPv6 Address. . . . . . . . . . . : 2002:3ffb:d902::3ffb:d902(Preferred)

IPv6 Address. . . . . . . . . . . : 2002:3ffb:d903::3ffb:d903(Preferred)

IPv6 Address. . . . . . . . . . . : 2002:3ffb:d904::3ffb:d904(Preferred)

Default Gateway . . . . . . . . . : 2002:c058:6301::c058:6301

DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1

fec0:0:0:ffff::2%1

fec0:0:0:ffff::3%1

NetBIOS over Tcpip. . . . . . . . : Disabled

DNS request timed out.

timeout was 2 seconds.

Server: UnKnown

Address: 68.87.76.182

Name: google.com

Addresses: 74.125.19.147

74.125.19.103

74.125.19.104

74.125.19.99

Server: cns.sanjose.ca.sanfran.comcast.net

Address: 68.87.76.182

Name: yahoo.com

Addresses: 69.147.125.65

72.30.2.43

98.137.149.56

209.191.122.70

67.195.160.76

Pinging google.com [74.125.19.104] with 32 bytes of data:

Reply from 74.125.19.104: bytes=32 time=14ms TTL=55

Reply from 74.125.19.104: bytes=32 time=14ms TTL=55

Ping statistics for 74.125.19.104:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 14ms, Maximum = 14ms, Average = 14ms

Pinging yahoo.com [69.147.125.65] with 32 bytes of data:

Reply from 69.147.125.65: bytes=32 time=89ms TTL=49

Reply from 69.147.125.65: bytes=32 time=96ms TTL=49

Ping statistics for 69.147.125.65:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 89ms, Maximum = 96ms, Average = 92ms

===========================================================================

Interface List

15...02 00 4c 4f 4f 50 ......Microsoft Loopback Adapter

11...90 e6 ba ec 30 b8 ......Realtek PCIe GBE Family Controller

1...........................Software Loopback Interface 1

12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter

13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface

14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2

16...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter

===========================================================================

IPv4 Route Table

===========================================================================

Active Routes:

Network Destination Netmask Gateway Interface Metric

0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.103 20

63.251.217.0 255.255.255.0 On-link 63.251.217.2 286

63.251.217.2 255.255.255.255 On-link 63.251.217.2 286

63.251.217.3 255.255.255.255 On-link 63.251.217.2 286

63.251.217.4 255.255.255.255 On-link 63.251.217.2 286

63.251.217.255 255.255.255.255 On-link 63.251.217.2 286

127.0.0.0 255.0.0.0 On-link 127.0.0.1 306

127.0.0.1 255.255.255.255 On-link 127.0.0.1 306

127.255.255.255 255.255.255.255 On-link 127.0.0.1 306

192.168.1.0 255.255.255.0 On-link 192.168.1.103 276

192.168.1.103 255.255.255.255 On-link 192.168.1.103 276

192.168.1.255 255.255.255.255 On-link 192.168.1.103 276

224.0.0.0 240.0.0.0 On-link 127.0.0.1 306

224.0.0.0 240.0.0.0 On-link 192.168.1.103 276

224.0.0.0 240.0.0.0 On-link 63.251.217.2 286

255.255.255.255 255.255.255.255 On-link 127.0.0.1 306

255.255.255.255 255.255.255.255 On-link 192.168.1.103 276

255.255.255.255 255.255.255.255 On-link 63.251.217.2 286

===========================================================================

Persistent Routes:

None

IPv6 Route Table

===========================================================================

Active Routes:

If Metric Network Destination Gateway

16 1140 ::/0 2002:c058:6301::c058:6301

1 306 ::1/128 On-link

16 1040 2002::/16 On-link

16 296 2002:3ffb:d902::3ffb:d902/128

On-link

16 296 2002:3ffb:d903::3ffb:d903/128

On-link

16 296 2002:3ffb:d904::3ffb:d904/128

On-link

11 276 fe80::/64 On-link

15 286 fe80::/64 On-link

11 276 fe80::74ec:bff7:61bc:34e1/128

On-link

15 286 fe80::88d9:3db1:d2ef:56ac/128

On-link

1 306 ff00::/8 On-link

11 276 ff00::/8 On-link

15 286 ff00::/8 On-link

===========================================================================

Persistent Routes:

None

Link to post
Share on other sites

Sorry the above one was the clean computer i accidently clicked and thought it was the other infected computer

Heres the right log:

Windows IP Configuration

An internal error occurred: The operation completed successfully.

Please contact Microsoft Product Support Services for further help.

Additional information: Unable to open registry key for tcpip.

Server: UnKnown

Address: 127.0.0.1

Server: UnKnown

Address: 127.0.0.1

Ping request could not find host google.com. Please check the name and try again.

Ping request could not find host yahoo.com. Please check the name and try again.

===========================================================================

Interface List

0x1 ........................... MS TCP Loopback interface

0x2 ...02 00 4c 4f 4f 50 ...... Microsoft Loopback Adapter

0x10004 ...00 13 d4 16 c8 e7 ...... SiS 900-Based PCI Fast Ethernet Adapter

===========================================================================

===========================================================================

Active Routes:

Network Destination Netmask Gateway Interface Metric

127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1

203.116.196.0 255.255.255.0 203.116.196.8 203.116.196.8 30

203.116.196.8 255.255.255.255 127.0.0.1 127.0.0.1 30

203.116.196.255 255.255.255.255 203.116.196.8 203.116.196.8 30

203.188.239.0 255.255.255.0 203.188.239.82 203.116.196.8 30

203.188.239.82 255.255.255.255 127.0.0.1 127.0.0.1 30

203.188.239.255 255.255.255.255 203.188.239.82 203.116.196.8 30

224.0.0.0 240.0.0.0 203.116.196.8 203.116.196.8 30

255.255.255.255 255.255.255.255 203.116.196.8 203.116.196.8 1

255.255.255.255 255.255.255.255 203.188.239.82 10004 1

===========================================================================

Persistent Routes:

None

Link to post
Share on other sites

Interesting, that gives us at least a clue as to where to look.

Please run the following custom scan.

OTL

-----

  1. Please download OTL from one of the following mirrors:

[*]Save it to your desktop.

[*]Double click on the otlDesktopIcon.png icon on your desktop.

[*]Copy and Paste the following code into the customFix.png textbox. Do not include the word "Code"

/md5start
tcpip.sys
/md5stop
hklm\system\currentcontrolset\services\tcpip

[*]Click the NONE button and then Push runscanbutton.png

[*]A report will open. Copy and Paste that report in your next reply.

Link to post
Share on other sites

Today i opened my computer and the dots were gone, but it doesn't have those highlighted and cannot access internet

OTL logfile created on: 10/15/2010 8:16:31 PM - Run 4

OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Compaq_Owner\Desktop

Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

895.00 Mb Total Physical Memory | 211.00 Mb Available Physical Memory | 24.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 81.00% Paging File free

Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 180.31 Gb Total Space | 100.52 Gb Free Space | 55.75% Space Free | Partition Type: NTFS

Drive D: | 5.99 Gb Total Space | 1.45 Gb Free Space | 24.23% Space Free | Partition Type: FAT32

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: STANLEY

Current User Name: Compaq_Owner

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Custom Scans ==========

< MD5 for: TCPIP.SYS >

[2008/06/20 03:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\system32\dllcache\tcpip.sys

[2008/06/20 03:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\system32\drivers\tcpip.sys

[2005/05/25 12:07:12 | 000,359,936 | ---- | M] (Microsoft Corporation) MD5=63FDFEA54EB53DE2D863EE454937CE1E -- C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys

[2007/10/30 09:53:32 | 000,360,832 | ---- | M] (Microsoft Corporation) MD5=64798ECFA43D78C7178375FCDD16D8C8 -- C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys

[2008/06/20 03:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys

[2008/04/13 12:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys

[2008/04/13 12:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\tcpip.sys

[2008/06/20 04:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys

[2008/06/20 04:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys

[2006/04/20 05:18:35 | 000,360,576 | ---- | M] (Microsoft Corporation) MD5=B2220C618B42A2212A59D91EBD6FC4B4 -- C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys

< hklm\system\currentcontrolset\services\tcpip >

"Type" = 1

"Start" = 1

"ErrorControl" = 1

"Tag" = 3

"ImagePath" = system32\DRIVERS\tcpip.sys -- [2008/06/20 03:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation)

"DisplayName" = TCP/IP Protocol Driver

"Group" = PNP_TDI

"DependOnService" = IPSec [binary data]

"DependOnGroup" = [binary data]

"Description" = TCP/IP Protocol Driver

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\Linkage]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\Parameters]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\Performance]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\Security]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\ServiceProvider]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\Enum]

< End of report >

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.