Jump to content

help plz

Charles W

By Charles W
in Resolved Malware Removal Logs

 Share

Recommended Posts

Charles W

Charles W

Posted
Posted

i was on the internet the other day and visited some site (i forget which one), but there was a popup that said firefox update recommended, and i usually trust firefox, and this one looked legit, but when i executed it, i knew i made a mistake, and i think thats the problem. anyway, i now have ads pop up every five minutes or so (even if i have no internet), and when i run mbam, it scans for about 3 minutes and then my computer restarts without warning. i ran hijackthis and heres my log. any help would be appreciated. thanks!

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 5:34:14 PM, on 12/9/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\savedump.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\ltmoh\Ltmoh.exe

C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Canon\MyPrinter\BJMyPrt.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Charles\My Documents\Downloads\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Java

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Hello Charles W! Welcome to Malwarebytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Follow my instructions step by step if there is a problem somewhere, stop and tell me.
  • Stay with the thread until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install or uninstall any software or hardware, while work on.
  • Keep me informed about any changes.

Step 1

Please, open HiJackThis and select Do a system scan only.

Check the following entries:

O4 - HKCU\..\Run: [JP595IR86O] C:\DOCUME~1\Charles\LOCALS~1\Temp\Wdl.exe

Then, close all open windows except that of HijackThis, and select Fix Checked.

Step 2

  • Launch Malwarebytes' Anti-Malware
  • Go to "Update" tab and select "Check for Updates". If an update is found, it will download and install the latest version.
  • Go to "Scanner" tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Step 3

Also, I would like you to generate a "Add/Remove Software list" log using the HijackThis application. Here is how you can do this:

To get an Uninstall List from HijackThis:

  • Open HijackThis, click Config, click Misc Tools
  • Click "Open Uninstall Manager"
  • Click "Save List" (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.

In your next reply, please include these log(s):

  1. Malwarebytes' Anti-Malware log
  2. Add or Remove Programs list
  3. a new fresh HiJackThis log

Link to post
Share on other sites
Charles W

Charles W

Posted
  • Author
Posted

Hi, thanks for the reply! I removed the thing using hijackthis as you asked, but when I ran MBAM, it ran for a minute or so, but a message popped up saying:

Run time error '6':

Overflow

I tried running MBAM again, but got the same results. MBAM closed immediately without finishing the scan or leaving a log file. But I have the uninstall list as well as the new hijackthis log:

Uninstall List:

7-Zip 4.65

Adobe AIR

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 6.0

Adobe Shockwave Player 11.5

Agere Systems AC'97 Modem

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ATI - 3nAe?N

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Step 1

Going over your logs I noticed that you have BitTorrent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smorgasbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.

I would recommend that you uninstall BitTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.

Step 2

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, change it to Cure and then click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • Click the Report button and copy/paste the contents of it into your next reply

Note:It will also create a log in the C:\ directory.

Link to post
Share on other sites
Charles W

Charles W

Posted
  • Author
Posted

Hi, I got rid of BitTorrent and ran TDSSKiller. Here's the log. It said nothing was found:

2010/12/10 19:31:46.0940 TDSS rootkit removing tool 2.4.11.0 Dec 8 2010 14:46:40

2010/12/10 19:31:46.0940 ================================================================================

2010/12/10 19:31:46.0940 SystemInfo:

2010/12/10 19:31:46.0940

2010/12/10 19:31:46.0940 OS Version: 5.1.2600 ServicePack: 2.0

2010/12/10 19:31:46.0940 Product type: Workstation

2010/12/10 19:31:46.0940 ComputerName: ACER-IZH1HI2TKI

2010/12/10 19:31:47.0020 UserName: Charles

2010/12/10 19:31:47.0020 Windows directory: C:\WINDOWS

2010/12/10 19:31:47.0020 System windows directory: C:\WINDOWS

2010/12/10 19:31:47.0020 Processor architecture: Intel x86

2010/12/10 19:31:47.0020 Number of processors: 1

2010/12/10 19:31:47.0020 Page size: 0x1000

2010/12/10 19:31:47.0020 Boot type: Normal boot

2010/12/10 19:31:47.0020 ================================================================================

2010/12/10 19:31:48.0623 Initialize success

2010/12/10 19:32:39.0686 ================================================================================

2010/12/10 19:32:39.0686 Scan started

2010/12/10 19:32:39.0686 Mode: Manual;

2010/12/10 19:32:39.0686 ================================================================================

2010/12/10 19:32:41.0679 ACPI (2e76d0847098458b6f6776323d36a6fa) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/12/10 19:32:41.0889 ACPIEC (619410be0b33801f0fa0ad994b153cb4) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

2010/12/10 19:32:42.0260 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys

2010/12/10 19:32:42.0480 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys

2010/12/10 19:32:42.0881 AgereSoftModem (5a2a96b15fa7e766d0fd1ac08eff2acb) C:\WINDOWS\system32\DRIVERS\AGRSM.sys

2010/12/10 19:32:43.0201 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys

2010/12/10 19:32:44.0032 ALCXSENS (fbbcb95f677cbaa924140b6ea2d9a97b) C:\WINDOWS\system32\drivers\ALCXSENS.SYS

2010/12/10 19:32:44.0383 ALCXWDM (391344370018a87a6c478ab76c7a47a8) C:\WINDOWS\system32\drivers\ALCXWDM.SYS

2010/12/10 19:32:44.0903 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2010/12/10 19:32:45.0604 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/12/10 19:32:45.0855 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys

2010/12/10 19:32:46.0436 ati2mtag (8303b347a02ed4bbf94e5682a6d22619) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

2010/12/10 19:32:46.0676 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2010/12/10 19:32:46.0876 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2010/12/10 19:32:47.0607 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2010/12/10 19:32:47.0948 BTWUSB (faf0c0e706a0d45f6efbc1503daf914d) C:\WINDOWS\system32\Drivers\btwusb.sys

2010/12/10 19:32:48.0158 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2010/12/10 19:32:48.0469 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2010/12/10 19:32:48.0659 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys

2010/12/10 19:32:48.0799 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/12/10 19:32:49.0210 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

2010/12/10 19:32:49.0570 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys

2010/12/10 19:32:50.0471 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys

2010/12/10 19:32:50.0752 DKbFltr (581bba11019d7f5b13ce00f618dad09b) C:\WINDOWS\system32\Drivers\DKbFltr.sys

2010/12/10 19:32:50.0922 dmboot (48fa74a11fc3da495b9b546d640f8950) C:\WINDOWS\system32\drivers\dmboot.sys

2010/12/10 19:32:51.0172 dmio (b99078c1719a26bfe2ca9aa2a50e0b10) C:\WINDOWS\system32\drivers\dmio.sys

2010/12/10 19:32:51.0313 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2010/12/10 19:32:51.0523 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys

2010/12/10 19:32:51.0944 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys

2010/12/10 19:32:52.0524 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys

2010/12/10 19:32:52.0735 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys

2010/12/10 19:32:52.0885 Fips (baac25464472a8112e7703e7eb38f603) C:\WINDOWS\system32\drivers\Fips.sys

2010/12/10 19:32:53.0065 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys

2010/12/10 19:32:53.0316 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\drivers\fltmgr.sys

2010/12/10 19:32:53.0456 FsVga (10a80a866a41490a43fdcccfeef0dce4) C:\WINDOWS\system32\DRIVERS\fsvga.sys

2010/12/10 19:32:53.0626 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/12/10 19:32:53.0736 Ftdisk (de92525813b461317e95221a2a0d49ca) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/12/10 19:32:53.0956 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2010/12/10 19:32:54.0087 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/12/10 19:32:54.0297 gv3 (ee916090b49976d06a220c4a21e5d302) C:\WINDOWS\system32\DRIVERS\gv3.sys

2010/12/10 19:32:55.0288 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2010/12/10 19:32:55.0709 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys

2010/12/10 19:32:56.0320 i8042prt (5f07dcfd005e94d54d99d881cef962cc) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2010/12/10 19:32:56.0560 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys

2010/12/10 19:32:56.0981 IntelIde (abbd1814791a011613ca1395e1344b7e) C:\WINDOWS\system32\DRIVERS\intelide.sys

2010/12/10 19:32:57.0151 intelppm (00273ace71b53cf8c006ed6574feeeb4) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2010/12/10 19:32:57.0451 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys

2010/12/10 19:32:57.0562 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2010/12/10 19:32:57.0782 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2010/12/10 19:32:57.0962 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/12/10 19:32:58.0193 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2010/12/10 19:32:58.0393 irda (86c204836feec22510d434982d4221b8) C:\WINDOWS\system32\DRIVERS\irda.sys

2010/12/10 19:32:58.0643 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys

2010/12/10 19:32:58.0874 isapnp (691914b157afb302d6831484d8e0d9d3) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/12/10 19:32:59.0124 Kbdclass (8ccdd51821bbacd3dba1afa5e7c4d756) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/12/10 19:32:59.0354 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys

2010/12/10 19:32:59.0514 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys

2010/12/10 19:33:00.0386 MBAMSwissArmy (e74dc2f3f9675a6025a4aa020edd4341) C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2010/12/10 19:33:00.0626 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2010/12/10 19:33:00.0816 Modem (746a1a3d73a648c57398c9cb8af315ed) C:\WINDOWS\system32\drivers\Modem.sys

2010/12/10 19:33:00.0977 Mouclass (c145c60f25efe006b9a22a046ce5883f) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/12/10 19:33:01.0187 mouhid (44cacbcea57a1a1dc44f1454d033178c) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2010/12/10 19:33:01.0457 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys

2010/12/10 19:33:01.0818 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/12/10 19:33:01.0988 MRxSmb (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/12/10 19:33:02.0188 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys

2010/12/10 19:33:02.0369 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2010/12/10 19:33:02.0579 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2010/12/10 19:33:02.0709 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys

2010/12/10 19:33:02.0919 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/12/10 19:33:03.0150 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys

2010/12/10 19:33:03.0340 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys

2010/12/10 19:33:03.0510 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/12/10 19:33:03.0650 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/12/10 19:33:03.0821 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/12/10 19:33:03.0931 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys

2010/12/10 19:33:04.0091 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys

2010/12/10 19:33:04.0221 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys

2010/12/10 19:33:04.0462 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2010/12/10 19:33:04.0692 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys

2010/12/10 19:33:04.0822 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys

2010/12/10 19:33:05.0112 NTIDrvr (15a72d5b8f0b6a718207f14bd5ebb8ff) C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys

2010/12/10 19:33:05.0253 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2010/12/10 19:33:05.0423 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/12/10 19:33:05.0543 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/12/10 19:33:05.0773 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2010/12/10 19:33:06.0054 Parport (25e7306d56ddd7177f8197a008961757) C:\WINDOWS\system32\DRIVERS\parport.sys

2010/12/10 19:33:06.0234 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys

2010/12/10 19:33:06.0354 ParVdm (3d531ced44f72ef076ff795c001aa9f8) C:\WINDOWS\system32\drivers\ParVdm.sys

2010/12/10 19:33:06.0625 PCI (ada684c2be7064411d092efdc090faa3) C:\WINDOWS\system32\DRIVERS\pci.sys

2010/12/10 19:33:07.0105 PCIIde (ac2184c04a60148445a6a7d31c1e8c4f) C:\WINDOWS\system32\DRIVERS\pciide.sys

2010/12/10 19:33:07.0286 Pcmcia (59f94f258b7935b4d921ba5b9b01d0aa) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

2010/12/10 19:33:08.0728 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/12/10 19:33:08.0828 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys

2010/12/10 19:33:08.0878 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2010/12/10 19:33:09.0749 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/12/10 19:33:09.0990 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys

2010/12/10 19:33:10.0070 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/12/10 19:33:10.0190 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/12/10 19:33:10.0270 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2010/12/10 19:33:10.0490 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/12/10 19:33:10.0580 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2010/12/10 19:33:10.0811 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys

2010/12/10 19:33:11.0021 redbook (8bf05f5f9408a097f86113829def844b) C:\WINDOWS\system32\DRIVERS\redbook.sys

2010/12/10 19:33:11.0301 RTL8023 (31c3ebb3a71fe56b8109bfb4ed20ae69) C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys

2010/12/10 19:33:11.0542 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/12/10 19:33:11.0652 Serial (58670ee2faf94fd65d19bb3e7927b485) C:\WINDOWS\system32\drivers\Serial.sys

2010/12/10 19:33:11.0822 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys

2010/12/10 19:33:12.0243 SMCIRDA (707647a1aa0edb6cbef61b0c75c28ed3) C:\WINDOWS\system32\DRIVERS\smcirda.sys

2010/12/10 19:33:12.0623 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys

2010/12/10 19:33:12.0794 sr (272f4bba833ef3553734eb02d6164f2b) C:\WINDOWS\system32\DRIVERS\sr.sys

2010/12/10 19:33:12.0934 Srv (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys

2010/12/10 19:33:13.0114 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys

2010/12/10 19:33:13.0284 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys

2010/12/10 19:33:14.0246 SynTP (ed85f3cf8e5eb581df32b1cd07b072a2) C:\WINDOWS\system32\DRIVERS\SynTP.sys

2010/12/10 19:33:14.0376 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys

2010/12/10 19:33:14.0726 Tcpip (9f4b36614a0fc234525ba224957de55c) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/12/10 19:33:15.0047 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys

2010/12/10 19:33:15.0257 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys

2010/12/10 19:33:15.0507 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys

2010/12/10 19:33:16.0108 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys

2010/12/10 19:33:16.0599 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys

2010/12/10 19:33:16.0869 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\WINDOWS\system32\Drivers\usbaapl.sys

2010/12/10 19:33:17.0130 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2010/12/10 19:33:17.0370 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2010/12/10 19:33:17.0641 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/12/10 19:33:17.0901 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2010/12/10 19:33:18.0181 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2010/12/10 19:33:18.0402 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2010/12/10 19:33:18.0662 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2010/12/10 19:33:18.0902 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys

2010/12/10 19:33:19.0333 VolSnap (a3105e8b54eab87a0ad0031aa02084b3) C:\WINDOWS\system32\drivers\VolSnap.sys

2010/12/10 19:33:19.0713 w22n51 (b6cb2cce557ce57c72c3d31e701e6e39) C:\WINDOWS\system32\DRIVERS\w22n51.sys

2010/12/10 19:33:20.0284 w70n51 (10540531217a1f5a14892cb62524a9cd) C:\WINDOWS\system32\DRIVERS\w70n51.sys

2010/12/10 19:33:20.0715 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/12/10 19:33:21.0166 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys

2010/12/10 19:33:21.0676 ================================================================================

2010/12/10 19:33:21.0676 Scan finished

2010/12/10 19:33:21.0676 ================================================================================

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

**Note: If you need more detailed information, please visit the web page of ComboFix in BleepingComputer. **

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.

Please download ComboFix from

Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

  1. If you are using Firefox, make sure that your download settings are as follows:
    • Open Tools -> Options -> Main tab
    • Set to Always ask me where to Save the files.

[*]During the download, rename Combofix to Combo-Fix as follows:

CF_download_FF.gif

CF_download_rename.gif

[*]It is important you rename Combofix during the download, but not after.

[*]Please do not rename Combofix to other names, but only to the one indicated.

[*]Close any open browsers.

[*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause unpredictable results.
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    -----------------------------------------------------------


  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

-----------------------------------------------------------

[*]Double click on combo-Fix.exe & follow the prompts.

[*]When finished, it will produce a report for you.

[*]Please post the C:\Combo-Fix.txt for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

Link to post
Share on other sites
Charles W

Charles W

Posted
  • Author
Posted

Hi, I saved combofix to my desktop as Combo-Fix, but when I ran it, it wanted to install some Microsoft thing. I looked at the bleepingcomputer site and it said it was fine, so I clicked yes, but then the script said invalid argument. At first, I ignored it and went on with the scan, but it sat there for 30 minutes without doing anything (i read that there were supposed to be 34 steps for the scan, and i didn't want to waste 18+hours waiting). am i doing something wrong? should i continue to wait? Thanks.

Link to post
Share on other sites
Charles W

Charles W

Posted
  • Author
Posted

it didn't work with Combo-Fix.com either. first, it said something about the back-up files failing or something, and then it couldn't download the thing from microsoft. afterwards, when it started to scan, it sat there for about 15 minutes and then froze until i restarted the computer.

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Once OTL has completed its first scan it will save notepad copies of the scans in the folder that OTL was started from. Unless set to produce an Extras log it will only produce OTL.txt in subsequent scans.

A copy of an OTL fix log is saved in a text file at

  • :\_OTL\Moved Files
    • in most cases this will be C:\_OTL\Moved Files

Link to post
Share on other sites
Charles W

Charles W

Posted
  • Author
Posted

Hi, here are the logfiles:

OTL logfile created on: 12/12/2010 5:01:21 PM - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Charles\??

Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000409 | Country: ?? | Language: ENU | Date Format: M/d/yyyy

255.00 Mb Total Physical Memory | 95.00 Mb Available Physical Memory | 37.00% Memory free

619.00 Mb Paging File | 352.00 Mb Available in Paging File | 57.00% Paging File free

Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files

Drive C: | 27.47 Gb Total Space | 18.12 Gb Free Space | 65.97% Space Free | Partition Type: FAT32

Drive D: | 9.76 Gb Total Space | 8.39 Gb Free Space | 85.97% Space Free | Partition Type: FAT32

Computer Name: ACER-IZH1HI2TKI | User Name: Charles | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Charles\??\OTL.exe (OldTimer Tools)

PRC - C:\Documents and Settings\Charles\Local Settings\Temp\Wdl.exe ()

PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)

PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)

PRC - C:\Program Files\Launch Manager\CPLBCL53.EXE (Dritek System Inc.)

PRC - C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Charles\??\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\SynTPFcs.dll (Synaptics, Inc.)

========== Win32 Services (SafeList) ==========

SRV - (PEVSystemStart) -- C:\Combo-Fix3058C\PEV.cfx File not found

SRV - (HidServ) -- C:\windows\System32\hidserv.dll File not found

SRV - (AppMgmt) -- C:\windows\System32\appmgmts.dll File not found

SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

========== Driver Services (SafeList) ==========

DRV - (EagleNT) -- C:\windows\System32\drivers\EagleNT.sys File not found

DRV - (w22n51) Intel® -- C:\WINDOWS\system32\drivers\w22n51.sys (Intel

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

  • Run OTL.exe
  • Under Custom Scans/Fixes post the following script:

:files
C:\FOUND.000
C:\Documents and Settings\Charles\??\*.tmp
C:\windows\System32\*.tmp files
C:\windows\*.tmp
C:\windows\tasks\xtjkmkb.job
C:\windows\Wfeboa.exe

:Commands
[purity]
[emptytemp]

  • Then click the Run Fix button at the top
  • Let the program run unhindered,when it is done it will say "Fix Complete press ok to open log"
  • Please post that log in your next reply.

Link to post
Share on other sites
Charles W

Charles W

Posted
  • Author
Posted

Hi, for some reason, Safe Mode doesn't work for me. When I try it, the screen goes black, but now, I can't even get to the boot selection page. The computer just shows the acer logo and goes black. My mom took it to a technician to try to salvage the files onto a cd, and I'll reinstall the hard drive using a recovery disk. Do you think that's okay? Thanks.

Link to post
Share on other sites
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.