Jump to content

gitar27

Members
  • Posts

    2
  • Joined

  • Last visited

Reputation

0 Neutral
  1. I saw in the instructions to post again if there wasn't a reply after a couple days; just wanted to make sure I hadn't left out anything. I understand the staff is busy and appreciate any help once someone has a chance to look at it. thanks!
  2. Hello, I think my machine may have been infected recently and I haven't had any luck figuring out the problems so far. The symptoms I've seen are: - The computer crashes without warning; it just locks up to all mouse/keyboard input and starts beeping, and I have to power the machine off to restart it. The amount of uptime varies, from ~10 minutes to about an hour so far. - The disk access light is flashing constantly while the computer is on, even when I'm not doing anything. - Firefox freezes at "Loading..." when it starts up and will no longer load. Other browsers (Chrome, IE) are still working so far. I was able to run Firefox in safe mode, though. So far I have tried the following steps: - ran MBAM without detecting any problems; log appended below - ran DeFogger to disable CD-ROM emulation - no errors; log appended below - ran DDS - DDS.txt is appended below; attach.txt is included in the attached zip file - ran GMER - the computer blue-screened in the middle of this process; should I try to run it again, maybe try to run it from safe mode? thanks for any advice! ---- contents of the MBAM log: Malwarebytes' Anti-Malware 1.44 Database version: 3750 Windows 5.1.2600 Service Pack 3 Internet Explorer 6.0.2900.5512 2/17/2010 8:55:46 AM mbam-log-2010-02-17 (08-55-46).txt Scan type: Quick Scan Objects scanned: 130324 Time elapsed: 4 minute(s), 3 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ---- contents of defogger_disable.log: defogger_disable by jpshortstuff (29.01.10.1) Log created at 09:00 on 17/02/2010 (Daniel) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- ---- contents of DDS.txt: DDS (Ver_09-12-01.01) - NTFSx86 Run by Daniel at 9:01:49.85 on Wed 02/17/2010 Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_17 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1586 [GMT -5:00] ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\stsystra.exe C:\Program Files\Java\jre6\bin\jusched.exe svchost.exe C:\Program Files\FolderSize\FolderSizeSvc.exe C:\Program Files\LogMeIn Hamachi\hamachi-2.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Documents and Settings\Daniel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Daniel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Daniel\Desktop\dds.scr ============== Pseudo HJT Report =============== uStarts Page = hxxp://cnn.com/ BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll uRun: [Google Update] "c:\documents and settings\daniel\local settings\application data\google\update\GoogleUpdate.exe" /c mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay mRun: [sigmatelSysTrayApp] stsystra.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000 IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} - hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://wbi.sas.com/dana-cached/setup/JuniperSetupSP1.cab Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\daniel\applic~1\mozilla\firefox\profiles\219zabqo.default\ FF - prefs.js: browser.startup.homepage - hxxp://cnn.com FF - component: c:\documents and settings\daniel\application data\mozilla\firefox\profiles\219zabqo.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen. dll FF - plugin: c:\documents and settings\daniel\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\program files\mozilla firefox\plugins\nppopcaploader.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- FF - user.js: capability.policy.policynames - localfilelinks FF - user.js: capability.policy.localfilelinks.sites - hxxp://s1.travian.com http://s2.travian.com http://s3.travian.com http://s4.travian.com http://s5.travian.com http://s6.travian.com http://s7.travian.com http://s8.travian.com http://s9.travian.com http://s10.travian.com http://speed.travian.com http://s1.travian.us http://s2.travian.us http://s3.travian.us http://s4.travian.us http://s5.travian.us http://s6.travian.us http://s7.travian.us http://s8.travian.us http://s9.travian.us http://s10.travian.us http://speed.travian.us http://s1.travian.co.uk http://s2.travian.co.uk http://s3.travian.co.uk http://s4.travian.co.uk http://s5.travian.co.uk http://s6.travian.co.uk http://s7.travian.co.uk http://s8.travian.co.uk http://s9.travian.co.uk http://s10.travian.co.uk http://speed.travian.co.uk FF - user.js: capability.policy.localfilelinks.checkloaduri.enabled - allAccessc:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); ============= SERVICES / DRIVERS =============== R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-1-9 64288] R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2009-10-29 1074568] S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-12-2 1181328] =============== Created Last 30 ================ 2010-02-17 14:00:21 0 ----a-w- c:\documents and settings\daniel\defogger_reenable 2010-02-17 07:06:28 0 d-----w- c:\windows\system32\LogFiles 2010-02-17 06:45:49 98816 ----a-w- c:\windows\sed.exe 2010-02-17 06:45:49 77312 ----a-w- c:\windows\MBR.exe 2010-02-17 06:45:49 261632 ----a-w- c:\windows\PEV.exe 2010-02-17 06:45:49 161792 ----a-w- c:\windows\SWREG.exe 2010-02-06 14:15:38 0 d-----w- c:\program files\gzip 2010-02-05 23:35:58 120 ----a-w- c:\windows\Vficazeti.dat 2010-02-05 23:35:58 0 ----a-w- c:\windows\Qsagada.bin 2010-02-04 02:50:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-02-04 02:50:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-01-24 22:16:57 0 d-----w- c:\program files\wtvclient ==================== Find3M ==================== 2010-01-24 22:11:32 122639 ----a-w- c:\windows\War3Unin.dat 2010-01-04 03:38:22 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-12-31 16:50:03 353792 ----a-w- c:\windows\system32\drivers\srv.sys 2009-12-24 06:34:40 1060864 ----a-w- c:\windows\system32\MFC71.dll 2009-12-22 05:21:05 667136 ------w- c:\windows\system32\wininet.dll 2009-12-22 05:20:58 81920 ----a-w- c:\windows\system32\ieencode.dll 2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe 2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll 2009-12-08 19:26:15 2145280 ------w- c:\windows\system32\ntoskrnl.exe 2009-12-08 18:43:51 2023936 ------w- c:\windows\system32\ntkrnlpa.exe 2009-12-02 13:19:04 15880 ----a-w- c:\windows\system32\lsdelete.exe 2009-11-27 17:11:44 17920 ----a-w- c:\windows\system32\msyuv.dll 2009-11-27 17:11:44 1291776 ----a-w- c:\windows\system32\quartz.dll 2009-11-27 16:07:35 8704 ----a-w- c:\windows\system32\tsbyuv.dll 2009-11-27 16:07:35 28672 ----a-w- c:\windows\system32\msvidc32.dll 2009-11-27 16:07:34 84992 ----a-w- c:\windows\system32\avifil32.dll 2009-11-27 16:07:34 48128 ----a-w- c:\windows\system32\iyuv_32.dll 2009-11-27 16:07:34 11264 ----a-w- c:\windows\system32\msrle32.dll ============= FINISH: 9:02:13.87 =============== ---- Attach.zip
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.