Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware Help for a Friend

Started by lascassidy , Jun 24 2010 10:07 AM

  • Please log in to reply

#1
lascassidy
Posted 24 June 2010 - 10:07 AM

lascassidy

    New Member

  • Member
  • Pip
  • 4 posts
Hello-

My friend asked me to post this on her behalf as she is unable to access the internet due to some malware. As you can see, she has already tried suggestions and fixes from this site. I hope you are able to help her.

I will post her log files as replies as they are 'too long' for this form.

Thanks for any help.

Linda



Malware is preventing me from posting to the forum
Dell laptop winxp, avg antirus. guides
followed, fixes attempted, logs included

I keep getting IEs "page cannot be displayed" when I try to post this

hi. I tried not to post. By reading your guides and uses your tools I attempted
to resolve the issue. Looks like I need your help. I'm sorry to use your time, I
really appreciate the help! I have backed up my registry with ERUNT. I created a
new restore point. I ran avg and tfc (reboot included) I used GooredFix. I used
TDSSKiller. At this point I was bluescreened to death, even in safe mode. I
opted to "boot w/ last good configuration"
I repeated above adding in OTL and GMER, using TDSSKiller last... same thing,
death even in safe mode. At this point I have rebooted, run ERUNT, created new
restore point, run TFC, run MBAM (nothing found), run AVG (nothing detected),
run OTL. at this point GMER causes system failure. I'll keep trying and get a
GMER log just as soon as i can. Thanks! I'm adding the logs below
My most recent actions: retried tdsskiller. it attempted to reboot, reboot
failed. manual reboot attempted, failed. manual reboot into safe mode failed.
manual reboot to las good configuration. ran a mcafee removal tool, created a
new sys restore point, ran ERUNT, ran TFC w/ reboot. after reboot, new system
restore point (redundant, but this point has mcafee completely cleared), reran
ERUNT, ran mbam (newest log is the one I'll include here) then ran OTL and saved
log (no extras log this time? so I'll include the extras from the previous scan)
  • 0

Advertisements

#2
lascassidy
Posted 24 June 2010 - 10:08 AM

lascassidy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
MBAM log:
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3930

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/21/2010 2:34:31 PM
mbam-log-2010-06-21 (14-34-31).txt

Scan type: Quick scan
Objects scanned: 99578
Time elapsed: 7 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



OTL log
OTL logfile created on: 6/21/2010 2:38:06 PM - Run 2
OTL by OldTimer - Version 3.2.6.1 Folder = C:\Documents and
Settings\Pat\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type =
NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format:
M/d/yyyy

1,014.00 Mb Total Physical Memory | 530.00 Mb Available Physical Memory | 52.00%
Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program
Files
Drive C: | 139.24 Gb Total Space | 10.57 Gb Free Space | 7.59% Space Free |
Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PAT
Current User Name: Pat
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
  • 0

#3
lascassidy
Posted 24 June 2010 - 10:09 AM

lascassidy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
========== Processes (SafeList) ==========

PRC - [2010/06/21 10:11:08 | 000,574,464 | ---- | M] (OldTimer Tools) --
C:\Documents and Settings\Pat\Desktop\OTL.exe
PRC - [2010/03/21 02:52:53 | 002,046,816 | ---- | M] (AVG Technologies CZ,
s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2010/03/12 12:42:28 | 000,486,680 | ---- | M] (AVG Technologies CZ,
s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2010/03/12 12:42:25 | 000,693,016 | ---- | M] (AVG Technologies CZ,
s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2010/03/12 12:42:05 | 000,595,736 | ---- | M] (AVG Technologies CZ,
s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2010/03/12 12:41:51 | 000,297,752 | ---- | M] (AVG Technologies CZ,
s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2010/03/12 12:41:39 | 000,908,056 | ---- | M] (AVG Technologies CZ,
s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2010/03/12 12:41:36 | 000,832,792 | ---- | M] (AVG Technologies CZ,
s.r.o.) -- C:\Program Files\AVG\AVG8\avgam.exe
PRC - [2010/01/19 07:57:44 | 002,743,104 | ---- | M] (ALWIL Software) --
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2009/06/03 15:46:38 | 000,206,064 | ---- | M] (SupportSoft, Inc.) --
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/06/03 15:46:38 | 000,201,968 | ---- | M] (SupportSoft, Inc.) --
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/05/11 17:11:24 | 000,024,576 | ---- | M] (Creative Technology Ltd.)
-- C:\WINDOWS\OA012Mon.exe
PRC - [2009/03/31 17:03:46 | 000,251,176 | ---- | M] (Dell) -- C:\Program
Files\WSED\WSED.exe
PRC - [2009/02/23 10:03:06 | 000,320,808 | ---- | M] (Compal Electronics, Inc)
-- C:\Program Files\CapsLKNotify\CapsLKNotify.exe
PRC - [2008/12/04 17:03:00 | 000,226,640 | ---- | M] (Microsoft Corp.) --
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/11/04 22:47:38 | 000,623,912 | ---- | M] (Dell) -- C:\Program
Files\Battery Meter\BTMeter.exe
PRC - [2008/05/26 23:19:14 | 000,123,904 | ---- | M] (Microsoft Corporation) --
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) --
C:\WINDOWS\explorer.exe
PRC - [2007/01/30 00:39:34 | 001,432,064 | ---- | M] (Phoenix Labs) --
C:\Program Files\PeerGuardian2\pg2.exe


========== Modules (SafeList) ==========

MOD - [2010/06/21 10:11:08 | 000,574,464 | ---- | M] (OldTimer Tools) --
C:\Documents and Settings\Pat\Desktop\OTL.exe
MOD - [2008/04/14 08:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) --
C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/03/12 12:41:51 | 000,297,752 | ---- | M] (AVG Technologies CZ,
s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2010/03/12 12:41:39 | 000,908,056 | ---- | M] (AVG Technologies CZ,
s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2010/01/19 07:57:41 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand
| Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web
Scanner)
SRV - [2010/01/19 07:57:41 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand
| Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast!
Mail Scanner)
SRV - [2010/01/19 07:57:41 | 000,040,384 | ---- | M] (ALWIL Software) [Auto |
Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast!
Antivirus)
SRV - [2009/06/03 15:46:38 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto |
Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe --
(sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2008/12/04 17:03:00 | 000,226,640 | ---- | M] (Microsoft Corp.) [Auto |
Running] -- C:\Program Files\Microsoft\Search Enhancement
Pack\SeaPort\SeaPort.exe -- (SeaPort)


========== Driver Services (SafeList) ==========

DRV - [2010/03/12 12:42:27 | 000,027,784 | ---- | M] (AVG Technologies CZ,
s.r.o.) [File_System | System | Running] --
C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/12 12:42:26 | 000,335,240 | ---- | M] (AVG Technologies CZ,
s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys
-- (AvgLdx86)
DRV - [2010/03/10 14:16:22 | 000,012,552 | ---- | M] (AVG Technologies CZ,
s.r.o.) [File_System | Boot | Running] --
C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2010/03/10 14:16:21 | 000,108,552 | ---- | M] (AVG Technologies CZ,
s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys
-- (AvgTdiX)
DRV - [2010/01/19 09:13:58 | 000,162,640 | ---- | M] (ALWIL Software) [Kernel |
System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/01/19 07:46:52 | 000,046,544 | ---- | M] (ALWIL Software) [Kernel |
System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/01/19 07:43:40 | 000,023,248 | ---- | M] (ALWIL Software) [Kernel |
On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/01/19 07:43:12 | 000,100,304 | ---- | M] (ALWIL Software)
[File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys --
(aswMon2)
DRV - [2010/01/19 07:42:57 | 000,019,024 | ---- | M] (ALWIL Software)
[File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys --
(aswFsBlk)
DRV - [2010/01/19 07:42:40 | 000,028,240 | ---- | M] (ALWIL Software) [Kernel |
System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/05/11 17:11:18 | 000,133,632 | ---- | M] (Creative Technology Ltd.)
[Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OA012Ufd.sys --
(OA012Ufd)
DRV - [2009/05/11 17:11:16 | 000,272,032 | ---- | M] (Creative Technology Ltd.)
[Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OA012Vid.sys --
(OA012Vid)
DRV - [2009/05/11 17:11:14 | 000,135,168 | ---- | M] (Creative Technology Ltd.)
[Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OA012Afx.sys --
(OA012Afx)
DRV - [2009/03/15 18:49:28 | 000,208,304 | ---- | M] (Synaptics Incorporated)
[Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys --
(SynTP)
DRV - [2009/03/15 18:48:00 | 000,162,816 | ---- | M] (Realtek Semiconductor
Corp.) [Kernel | On_Demand | Running] --
C:\WINDOWS\system32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/03/15 18:44:18 | 000,120,064 | ---- | M] (Realtek Semiconductor
Corporation ) [Kernel | On_Demand | Running] --
C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/03/15 17:32:18 | 005,032,448 | ---- | M] (Realtek Semiconductor
Corp.) [Kernel | On_Demand | Running] --
C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for
Realtek HD Audio (WDM)
DRV - [2009/03/15 17:32:08 | 001,389,056 | ---- | M] (Creative Technology Ltd.)
[Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys --
(Monfilt)
DRV - [2009/03/15 17:31:54 | 001,684,736 | ---- | M] (Creative) [Kernel |
On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009/03/12 12:36:38 | 000,143,840 | ---- | M] (Creative Technology Ltd.)
[Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CtClsFlt.sys --
(CtClsFlt)
DRV - [2009/02/15 17:34:40 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel
| On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2009/01/06 19:53:14 | 001,391,104 | ---- | M] (Broadcom Corporation)
[Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS --
(BCM43XX)
DRV - [2008/11/04 21:24:58 | 000,014,248 | ---- | M] (Windows ® Codename
Longhorn DDK provider) [Kernel | Boot | Running] --
C:\WINDOWS\system32\DRIVERS\EMSC.SYS -- (EMSC)
DRV - [2008/04/14 08:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices,
Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys --
(amdagp)
DRV - [2008/04/14 08:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems
Corporation) [Kernel | Disabled | Stopped] --
C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/14 08:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003
DDK provider) [Kernel | On_Demand | Running] --
C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/01/30 00:16:42 | 000,006,144 | ---- | M] () [Kernel | On_Demand |
Running] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter)
DRV - [2001/08/17 22:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel |
Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 22:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel |
Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 22:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel |
Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 22:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel |
Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 22:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.)
[Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys --
(symc810)
DRV - [2001/08/17 21:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.)
[Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys --
(ultra)
DRV - [2001/08/17 21:52:20 | 000,045,312 | ---- | M] (QLogic Corporation)
[Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys --
(ql12160)
DRV - [2001/08/17 21:52:20 | 000,040,320 | ---- | M] (QLogic Corporation)
[Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys --
(ql1080)
DRV - [2001/08/17 21:52:18 | 000,049,024 | ---- | M] (QLogic Corporation)
[Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys --
(ql1280)
DRV - [2001/08/17 21:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel
| Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 21:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.)
[Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys --
(mraid35x)
DRV - [2001/08/17 21:52:00 | 000,026,496 | ---- | M] (Advanced System Products,
Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys --
(asc)
DRV - [2001/08/17 21:51:58 | 000,014,848 | ---- | M] (Advanced System Products,
Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys
-- (asc3550)
DRV - [2001/08/17 21:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.)
[Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys --
(AliIde)
DRV - [2001/08/17 21:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.)
[Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys --
(CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL =
http://g.msn.com/USCON/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
http://search.msn.com/sphome.aspx
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page =
http://g.msn.com/USCON/1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://www.live.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.co...=en&source=iglk
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings:
"ProxyEnable" = 0
  • 0

#4
lascassidy
Posted 24 June 2010 - 10:10 AM

lascassidy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
There are lots more log files from her, if you need them posted, I will be happy to do so.

Linda
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP