Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Many random problems can't remove viruses


  • Please log in to reply

#1
lady_jodie

lady_jodie

    Member

  • Member
  • PipPip
  • 70 posts
I am trying to fix a problem on yet another laptop. I know it has a problem but all the scans I have run are finding nothing. I have run Avast Internet Security, MBAM,Super Antispyware.

The biggest issues are a delay in typed content appearing on the screen, extreme slowness in starting programs, difficulty surfing the net. I have also seen my desktop wallpaper disappear and my quick lauch toolbar being gone.

I triled to run gmer but after running for a few seconds it would encounter an error and stop. I tried to OLT but it froze up after a few minutes and stopped responding.

I did finally get Gmer to run. The scan report is at the end of this post.

Here is my MBAM log and the Kaspersy log:
Malwarebytes' Anti-Malware 1.44
Database version: 3772
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/21/2010 5:35:48 PM
mbam-log-2010-02-21 (17-35-48).txt

Scan type: Quick Scan
Objects scanned: 117505
Time elapsed: 9 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Monday, February 22, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, February 22, 2010 05:29:48
Records in database: 3616983
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Objects scanned: 93063
Threats found: 4
Infected objects found: 14
Suspicious objects found: 0
Scan duration: 02:52:39


File name / Threat / Threats count
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\Quarantine\0A6C0000\4AED5D40.VBN Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\Quarantine\0AC40000\4AFE8359.VBN Infected: Trojan.JS.Iframe.eu 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\Quarantine\0AC40001\4AFE838D.VBN Infected: Trojan.JS.Iframe.eu 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\Quarantine\0AC40002\4AFE8399.VBN Infected: Trojan.JS.Iframe.eu 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\Quarantine\0AC40003\4AFE83A6.VBN Infected: Trojan.JS.Iframe.eu 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\Quarantine\0AC40004\4AFE83DB.VBN Infected: Trojan.JS.Iframe.eu 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\Quarantine\0AC40006\4AFE83F6.VBN Infected: Trojan.JS.Iframe.eu 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\Quarantine\0AC40007\4AFE8402.VBN Infected: Trojan.JS.Iframe.eu 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\Quarantine\0AC40008\4AFE840F.VBN Infected: Trojan.JS.Iframe.eu 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\Quarantine\0AC40009\4AFE841C.VBN Infected: Trojan.JS.Iframe.eu 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\Quarantine\0AC4000A\4AFE842A.VBN Infected: Trojan.JS.Iframe.eu 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\Quarantine\0AC4000B\4AFE8437.VBN Infected: Trojan.JS.Iframe.eu 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\Quarantine\0B7C0000\4B7FFA48.VBN Infected: Exploit.JS.Pdfka.asd 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\Quarantine\0BB00000\4BB521E9.VBN Infected: Trojan-Downloader.HTML.FraudLoad.a 1

Selected area has been scanned.


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-21 19:44:39
Windows 5.1.2600 Service Pack 3
Running: 0s2vq803.exe; Driver: C:\DOCUME~1\VERNON~1\LOCALS~1\Temp\uxtdypog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwClose [0xB0AC95AD]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwCreateEvent [0xB0AB39B4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwCreateEventPair [0xB0AB3A38]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwCreateIoCompletion [0xB0AB3BD4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwCreateKey [0xB0AC8F61]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwCreateMutant [0xB0AB38B0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwCreateSection [0xB0AB3AB4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwCreateSemaphore [0xB0AB3932]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwCreateTimer [0xB0AB3B54]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwDeleteKey [0xB0AC9C73]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwDeleteValueKey [0xB0AC9D7A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwDuplicateObject [0xB0AB43B6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwEnumerateKey [0xB0AC9ADE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwEnumerateValueKey [0xB0AC9949]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwLoadDriver [0xB0AB1D8C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwOpenEvent [0xB0AB39FA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwOpenEventPair [0xB0AB3A76]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwOpenIoCompletion [0xB0AB3C16]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwOpenKey [0xB0AC92BD]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwOpenMutant [0xB0AB38F4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwOpenProcess [0xB0AB419A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwOpenSection [0xB0AB3B0A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwOpenSemaphore [0xB0AB3976]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwOpenThread [0xB0AB42A8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwOpenTimer [0xB0AB3B96]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwQueryKey [0xB0AC97C4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwQueryObject [0xB0AB28AC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwQueryValueKey [0xB0AC9616]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRenameKey [0xB0AF8198]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwReplyWaitReceivePort [0xB0AB455E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwReplyWaitReceivePortEx [0xB0AB40A2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwRestoreKey [0xB0AC85FC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwSetSystemInformation [0xB0AB1DFA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xB0AF7E50]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwShutdownSystem [0xB0AB1F36]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xB0B044FE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswFW.SYS (avast! Filtering TDI driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp aswFW.SYS (avast! Filtering TDI driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\[email protected] 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\[email protected] 40
Reg HKLM\SOFTWARE\Classes\CLSID\{91EC4B89-4AF2-1685-8B077627C8A43419}\{2EE609D8-52A7-5ABD-6D921F70AFC106D5}\{F0CB3253-4F19-C88D-A2C81B3BBC751916}
Reg HKLM\SOFTWARE\Classes\CLSID\{91EC4B89-4AF2-1685-8B077627C8A43419}\{2EE609D8-52A7-5ABD-6D921F70AFC106D5}\{F0CB3253-4F19-C88D-A2C81B3BBC751916}@1D1OWFM6WKF6TLM3S2BGKKUUDG1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DAB5C844-BE4A-29F4-AD8FABA4C17947A0}\{6913C59A-116F-5212-1A8157F10917C9CC}\{8C3FE3F0-4F1D-5A94-937677A4B6D15CAE}
Reg HKLM\SOFTWARE\Classes\CLSID\{DAB5C844-BE4A-29F4-AD8FABA4C17947A0}\{6913C59A-116F-5212-1A8157F10917C9CC}\{8C3FE3F0-4F1D-5A94-937677A4B6D15CAE}@{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1 0x01 0x00 0x01 0x00 ...

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 01: copy of MBR
Disk \Device\Harddisk0\DR0 sector 02: copy of MBR
Disk \Device\Harddisk0\DR0 sector 03: copy of MBR
Disk \Device\Harddisk0\DR0 sector 04: copy of MBR
Disk \Device\Harddisk0\DR0 sector 05: copy of MBR
Disk \Device\Harddisk0\DR0 sector 06: copy of MBR
Disk \Device\Harddisk0\DR0 sector 07: copy of MBR
Disk \Device\Harddisk0\DR0 sector 08: copy of MBR
Disk \Device\Harddisk0\DR0 sector 09: copy of MBR
Disk \Device\Harddisk0\DR0 sector 10: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 11: copy of MBR
Disk \Device\Harddisk0\DR0 sector 12: copy of MBR
Disk \Device\Harddisk0\DR0 sector 13: copy of MBR
Disk \Device\Harddisk0\DR0 sector 14: copy of MBR
Disk \Device\Harddisk0\DR0 sector 15: copy of MBR
Disk \Device\Harddisk0\DR0 sector 16: copy of MBR
Disk \Device\Harddisk0\DR0 sector 17: copy of MBR
Disk \Device\Harddisk0\DR0 sector 18: copy of MBR
Disk \Device\Harddisk0\DR0 sector 19: copy of MBR
Disk \Device\Harddisk0\DR0 sector 20: copy of MBR
Disk \Device\Harddisk0\DR0 sector 21: copy of MBR
Disk \Device\Harddisk0\DR0 sector 22: copy of MBR
Disk \Device\Harddisk0\DR0 sector 23: copy of MBR
Disk \Device\Harddisk0\DR0 sector 24: copy of MBR
Disk \Device\Harddisk0\DR0 sector 25: copy of MBR
Disk \Device\Harddisk0\DR0 sector 26: copy of MBR
Disk \Device\Harddisk0\DR0 sector 27: copy of MBR
Disk \Device\Harddisk0\DR0 sector 28: copy of MBR
Disk \Device\Harddisk0\DR0 sector 29: copy of MBR
Disk \Device\Harddisk0\DR0 sector 30: copy of MBR
Disk \Device\Harddisk0\DR0 sector 31: copy of MBR
Disk \Device\Harddisk0\DR0 sector 32: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 33: copy of MBR
Disk \Device\Harddisk0\DR0 sector 34: copy of MBR
Disk \Device\Harddisk0\DR0 sector 35: copy of MBR
Disk \Device\Harddisk0\DR0 sector 36: copy of MBR
Disk \Device\Harddisk0\DR0 sector 37: copy of MBR
Disk \Device\Harddisk0\DR0 sector 38: copy of MBR
Disk \Device\Harddisk0\DR0 sector 39: copy of MBR
Disk \Device\Harddisk0\DR0 sector 40: copy of MBR
Disk \Device\Harddisk0\DR0 sector 41: copy of MBR
Disk \Device\Harddisk0\DR0 sector 42: copy of MBR
Disk \Device\Harddisk0\DR0 sector 43: copy of MBR
Disk \Device\Harddisk0\DR0 sector 44: copy of MBR
Disk \Device\Harddisk0\DR0 sector 45: copy of MBR
Disk \Device\Harddisk0\DR0 sector 46: copy of MBR
Disk \Device\Harddisk0\DR0 sector 47: copy of MBR
Disk \Device\Harddisk0\DR0 sector 48: copy of MBR
Disk \Device\Harddisk0\DR0 sector 49: copy of MBR
Disk \Device\Harddisk0\DR0 sector 50: copy of MBR
Disk \Device\Harddisk0\DR0 sector 51: copy of MBR
Disk \Device\Harddisk0\DR0 sector 52: copy of MBR
Disk \Device\Harddisk0\DR0 sector 53: copy of MBR
Disk \Device\Harddisk0\DR0 sector 54: copy of MBR
Disk \Device\Harddisk0\DR0 sector 55: copy of MBR
Disk \Device\Harddisk0\DR0 sector 56: copy of MBR
Disk \Device\Harddisk0\DR0 sector 57: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 58: copy of MBR
Disk \Device\Harddisk0\DR0 sector 59: copy of MBR
Disk \Device\Harddisk0\DR0 sector 60: copy of MBR
Disk \Device\Harddisk0\DR0 sector 61: copy of MBR
Disk \Device\Harddisk0\DR0 sector 62: copy of MBR
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior; copy of MBR

---- EOF - GMER 1.0.15 ----

Edited by lady_jodie, 22 February 2010 - 12:56 PM.

  • 0

Advertisements


#2
lady_jodie

lady_jodie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 70 posts
I was finally able to run gmer and a Kasperksy online scan. I added the resulsts to my main post.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP