BOO/TDSS.M

Page 2 of 2 Previous  1, 2

View previous topic View next topic Go down

Re: BOO/TDSS.M

Post by fairydraik on 11th May 2011, 10:48 pm

Looks like things went well! The process that kept popping back that was also named inthe CFscript is gone for good, now, as wella s some of the others. Firefox still doens't detect itself as my default browser, and some of the wierd virus processes were still running. Additionally, I'm still getting the wierd popup whenever I go into task manager like an older version of XP (I get the same thing on the comps at my school) and the shutdown menu is still the old shutdown menu. It's also now re-detecting the Windows Updates.

Edit: AND Avira is no longer popping up with a billion virus notifications, even though it came on when CF rebooted the computer.

ComboFix 11-05-11.01 - Miranda Rian 05/11/2011 18:22:25.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1571 [GMT -4]
Running from: c:\documents and settings\Miranda Rian\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Miranda Rian\Desktop\CFscript.txt
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
FILE ::
"c:\windows\Ffavunoli.bin"
"c:\windows\system32\msywgahg.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Nelwyn Rian\Local Settings\Application Data\{3BACD646-8F03-493E-AE54-2FD3A84F1F4A}
c:\documents and settings\Nelwyn Rian\Local Settings\Application Data\{3BACD646-8F03-493E-AE54-2FD3A84F1F4A}\chrome.manifest
c:\documents and settings\Nelwyn Rian\Local Settings\Application Data\{3BACD646-8F03-493E-AE54-2FD3A84F1F4A}\chrome\content\_cfg.js
c:\documents and settings\Nelwyn Rian\Local Settings\Application Data\{3BACD646-8F03-493E-AE54-2FD3A84F1F4A}\chrome\content\overlay.xul
c:\documents and settings\Nelwyn Rian\Local Settings\Application Data\{3BACD646-8F03-493E-AE54-2FD3A84F1F4A}\install.rdf
c:\windows\Ffavunoli.bin
c:\windows\system32\msywgahg.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_Network_Adapter_Events
-------\Service_Network Adapter Events
.
.
((((((((((((((((((((((((( Files Created from 2011-04-11 to 2011-05-11 )))))))))))))))))))))))))))))))
.
.
2011-05-07 15:05 . 2011-05-07 15:05 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2011-05-07 14:36 . 2010-02-10 16:42 303176 ----a-w- c:\windows\system32\BeTwinServiceXP.exe
2011-05-07 14:36 . 2010-02-10 16:42 33208 ----a-w- c:\windows\system32\drivers\BETWINKF.sys
2011-05-07 14:36 . 2010-02-10 16:42 81984 ----a-w- c:\windows\system32\BeTwinAudio.dll
2011-05-07 14:36 . 2006-03-17 03:35 249856 ----a-w- c:\windows\system32\SlsApi.dll
2011-05-07 14:36 . 2010-02-10 16:42 15040 ----a-w- c:\windows\system32\drivers\BeTwinSystem.sys
2011-05-07 14:36 . 2010-02-10 16:42 33336 ----a-w- c:\windows\system32\drivers\BETWINMF.sys
2011-05-07 14:36 . 2010-02-10 16:42 25656 ----a-w- c:\windows\system32\drivers\BETWINVF.sys
2011-05-07 14:36 . 2003-06-27 06:08 8704 ----a-w- c:\windows\system32\xtgina.dll
2011-05-04 17:27 . 2011-05-04 17:28 -------- d-----w- c:\documents and settings\Administrator
2011-04-30 08:51 . 2011-04-30 08:51 -------- d-----w- c:\program files\Combined Community Codec Pack
2011-04-30 00:08 . 2011-04-30 00:08 -------- d-----w- c:\program files\Matroska Pack
2011-04-19 00:35 . 2011-04-19 00:35 -------- d-----w- c:\program files\iPod
2011-04-19 00:34 . 2011-04-19 00:35 -------- d-----w- c:\program files\iTunes
2011-04-19 00:30 . 2011-04-19 00:30 -------- d-----w- c:\program files\Bonjour
2011-04-17 23:51 . 2011-04-17 23:51 45056 ----a-r- c:\documents and settings\Miranda Rian\Application Data\Microsoft\Installer\{1DED5EFD-410A-48DB-909A-2B2022BB50D2}\Nethergate.exe1_1DED5EFD410A48DB909A2B2022BB50D2.exe
2011-04-17 23:51 . 2011-04-17 23:51 45056 ----a-r- c:\documents and settings\Miranda Rian\Application Data\Microsoft\Installer\{1DED5EFD-410A-48DB-909A-2B2022BB50D2}\Nethergate.exe_1DED5EFD410A48DB909A2B2022BB50D2.exe
2011-04-14 07:39 . 2011-04-14 07:39 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-04-14 07:39 . 2011-04-14 07:39 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2011-04-13 23:53 . 2011-04-13 23:54 -------- d-----w- c:\program files\Help
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-06 20:20 . 2011-04-06 20:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 20:20 . 2011-04-06 20:20 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 20:20 . 2011-04-06 20:20 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 20:20 . 2011-04-06 20:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-01 05:11 . 2009-12-28 16:52 4333280 ----a-w- c:\windows\system32\drivers\lvuvc.sys
2011-04-01 05:10 . 2009-12-28 16:52 539232 ----a-w- c:\windows\system32\LVUI2RC.dll
2011-04-01 05:10 . 2009-12-28 16:52 543328 ----a-w- c:\windows\system32\LVUI2.dll
2011-04-01 05:09 . 2009-12-28 16:52 291424 ----a-w- c:\windows\system32\drivers\lvrs.sys
2011-04-01 05:08 . 2011-04-01 05:08 195168 ----a-w- c:\windows\system32\lvci13251014.dll
2011-04-01 05:08 . 2009-12-28 16:52 301664 ----a-w- c:\windows\system32\lvcodec2.dll
2011-04-01 05:07 . 2010-05-14 21:56 10877272 ----a-w- c:\windows\system32\LogiDPP.dll
2011-04-01 05:07 . 2010-05-14 21:56 102744 ----a-w- c:\windows\system32\LogiDPPApp.exe
2011-04-01 05:06 . 2010-05-14 21:55 331608 ----a-w- c:\windows\system32\DevManagerCore.dll
2011-04-01 04:56 . 2009-12-28 16:52 39318 ----a-w- c:\windows\system32\Repository.reg
2011-03-23 03:58 . 2011-03-23 03:58 14168 ----a-w- c:\windows\system32\drivers\iKeyLFT2.dll
2011-03-19 17:46 . 2010-04-10 19:29 137656 -c--a-w- c:\windows\system32\drivers\avipbb.sys
2010-03-09 16:11 . 2010-03-09 15:58 939139876 ----a-w- c:\program files\FEZsetup_2010-02-26.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2010-06-01 5252408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-02-21 143360]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"WheelMouse"="c:\progra~1\A4Tech\Mouse\Amoumain.exe" [2004-09-01 147456]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-04 281768]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-03-02 190808]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-08 1753192]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Rhapsody\\rhapsody.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:*:Disabled:Blizzard Downloader
"6112:TCP"= 6112:TCP:*:Disabled:Blizzard Downloader
"12933:TCP"= 12933:TCP:BitComet 12933 TCP
"12933:UDP"= 12933:UDP:BitComet 12933 UDP
"1035:TCP"= 1035:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 sptd;sptd;c:\windows\SYSTEM32\DRIVERS\sptd.sys [6/5/2009 9:04 PM 691696]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/4/2004 6:00 AM 14336]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [4/10/2010 3:29 PM 136360]
R2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [4/1/2011 1:11 AM 428640]
S0 BeTwinVideo;BeTwinVideo;c:\windows\SYSTEM32\DRIVERS\BETWINVF.sys [5/7/2011 10:36 AM 25656]
S1 BeTwinSystem;BeTwinSystem;c:\windows\SYSTEM32\DRIVERS\BeTwinSystem.sys [5/7/2011 10:36 AM 15040]
S3 BeTwinKeyboard;BeTwinKeyboard;c:\windows\SYSTEM32\DRIVERS\BETWINKF.sys [5/7/2011 10:36 AM 33208]
S3 BeTwinMouse;BeTwinMouse;c:\windows\SYSTEM32\DRIVERS\BETWINMF.sys [5/7/2011 10:36 AM 33336]
S3 dump_wmimmc;dump_wmimmc;\??\f:\the chronicles of spellborn\bin\client\GameGuard\dump_wmimmc.sys --> f:\the chronicles of spellborn\bin\client\GameGuard\dump_wmimmc.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 XDva285;XDva285;\??\c:\windows\system32\XDva285.sys --> c:\windows\system32\XDva285.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
IE: Open with WordPerfect - c:\program files\Corel\WordPerfect Office X4\Programs\WPLauncher.hta
FF - ProfilePath - c:\documents and settings\Miranda Rian\Application Data\Mozilla\Firefox\Profiles\ouel5a2r.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Athena: {405e2f6c-b9b8-4515-a69c-e375d7156c86} - %profile%\extensions\{405e2f6c-b9b8-4515-a69c-e375d7156c86}
FF - Ext: Malware Search: {27c60876-b5c9-4335-b4f3-52b26782220c} - %profile%\extensions\{27c60876-b5c9-4335-b4f3-52b26782220c}
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
user_pref(security.warn_viewing_mixed,false);
user_pref(security.warn_viewing_mixed.show_once,false);
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
user_pref(security.warn_submit_insecure,false);
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-05-11 18:35
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(716)
c:\windows\system32\xtgina.dll
c:\windows\system32\WINSCARD.DLL
.
- - - - - - - > 'explorer.exe'(3328)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.EXE
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2011-05-11 18:41:07 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-11 22:41
ComboFix2.txt 2011-05-11 20:51
ComboFix3.txt 2010-08-06 23:36
.
Pre-Run: 16,238,682,112 bytes free
Post-Run: 16,246,935,552 bytes free
.
- - End Of File - - B2DB1E34A92746580085EA38888686AA

fairydraik
Intermediate
Intermediate

Posts Posts : 194
Joined Joined : 2009-10-31
Gender Gender : Female
OS OS : Windows XP
Protection Protection : Avira Antivir
Points Points : 27826
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDSS.M

Post by Belahzur on 11th May 2011, 10:56 pm

Hello.

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: BOO/TDSS.M

Post by fairydraik on 12th May 2011, 12:19 am

The ESET is still scanning, but I was looking at one of my 1TB drives and I found two folders taht weren't there before, and that for some reason all the hidden files and folders were viewable. I hid them again, but the folders I hadn't seen before were still there; "Autorun" with a hidden file that looked like it was from the maker of my drive, and RECYCLER which had a recycle bin and a lot of folders with long names, all hidden. Just in the main thing, there was a hidden folder called "System Volume Information". Are any of these significant?

fairydraik
Intermediate
Intermediate

Posts Posts : 194
Joined Joined : 2009-10-31
Gender Gender : Female
OS OS : Windows XP
Protection Protection : Avira Antivir
Points Points : 27826
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDSS.M

Post by fairydraik on 12th May 2011, 1:08 am

Alright. There was an option to delete quarantined files, but I didn't know if you wanted me to do that or not. Here's the log:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=4e4f00c2723e7e478cda74894cc30a30
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-05-12 01:05:55
# local_time=2011-05-11 09:05:55 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1797 16775125 100 93 0 41563877 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=139255
# found=5
# cleaned=5
# scan_time=5580
C:\Qoobox\Quarantine\C\WINDOWS\iyocusura.dll.vir a variant of Win32/Kryptik.NKL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\TDPLAP.dll.vir a variant of Win32/Kryptik.NIA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2\A0005245.dll a variant of Win32/Kryptik.NKL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2\A0005251.dll a variant of Win32/Kryptik.NIA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\SYSTEM32\xtgina.dll Win32/RDPdoor.AA trojan (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

fairydraik
Intermediate
Intermediate

Posts Posts : 194
Joined Joined : 2009-10-31
Gender Gender : Female
OS OS : Windows XP
Protection Protection : Avira Antivir
Points Points : 27826
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDSS.M

Post by Belahzur on 12th May 2011, 9:10 am

Hmm, things should be running a little better now, ESET found a file I didn't catch.

Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: BOO/TDSS.M

Post by fairydraik on 13th May 2011, 12:32 am

Hey there. I did want to warn you beforehand that I do have uTorrent.

I know you discourage the use of uTorrent and other P2P software; I've seen the warning and I know the risks, so, yeah. I might remove it after this, or I might not. I don't know.

However, if there's any other recommendations you have for streamlining these programs, or if there's any potential spyware or whatever on here, please let me know.

Also, all my symptoms seem to be pretty much gone, but I don't know if the virus is completely gone. Is there anything to make sure it's not lurking on one of my drives waiting to take back over?

Also, becaue Mom asked, Akamai is part of one of my MMOs.

µTorrent
7-Zip 4.65
A4Tech iWheelWorks 7.64
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.4
Adobe Shockwave Player 11.5
Akamai NetSession Interface
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Control Panel
ATI Display Driver
Audacity 1.2.6
Avira AntiVir Personal - Free Antivirus
Best Buy Digital Music Store
Blaine's Custom Blends (Translucency and Compositing)
Blaine's Custom Speed Effects
Blender (remove only)
Bonjour
CameraHelperMsi
Celtx (2.9)
Chuzzle Deluxe
Clouded Horizons Character Creation Utility
Combined Community Codec Pack 2010-10-10
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
Critical Update for Windows Media Player 11 (KB959772)
Diablo II
Diamond Mine Deluxe 1.81y
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
DJ OldGames Package: Dungeon Hack
Dungeon Siege
erLT
ESET Online Scanner v3
GIMP 2.6.11
Haali Media Splitter
Hellfire
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) 537EP V9x DF PCI Modem
Intel(R) Matrix Storage Manager
Internet Explorer Default Page
iTunes
Java DB 10.4.2.1
Java(TM) 6 Update 17
Java(TM) SE Development Kit 6 Update 17
Jewel Quest - The Sleepless Star
Junk Mail filter update
Logitech Webcam Software
Logitech Webcam Software Driver Package
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS VideoEffects
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Macromedia Flash Player
Malwarebytes' Anti-Malware
Matroska Pack
Matroska Pack - Lazy Man's MKV 0.9.9
Messenger Plus! 5
Messenger Plus! Live
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Professional
Microsoft Office Word Viewer 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Search Enhancement Pack
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft WinUsb 1.0
Microsoft XNA Framework Redistributable 2.0
Mozilla Firefox (3.6.17)
MSVCRT
MSXML 4.0
MSXML 4.0
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nancy Drew: Treasure in the Royal Tower
Nethergate
NVIDIA Drivers
NVIDIA nView Desktop Manager
NVIDIA PhysX
Police Quest Collection
PowerDVD 5.3
Project64 1.6
Python 2.6.6
QuickTime
RadLight Ogg Media DirectShow filter (remove only)
RGSS-RTP Standard
Rhapsody
Rhapsody Player Engine
RPG Maker VX RTP
RPG Maker XP
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Sierra Utilities
Skype Toolbars
Skype™ 5.1
Sonic MyDVD
Sonic RecordNow!
Sonic Update Manager
Sound Blaster Live! 24-bit
Space Quest Collection
Steam
StepMania (remove only)
Tetris Worlds
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB2362765)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.4053
Vegas Movie Studio HD Platinum 10.0
WildTangent Games
Winamp
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
Yahoo! Messenger

fairydraik
Intermediate
Intermediate

Posts Posts : 194
Joined Joined : 2009-10-31
Gender Gender : Female
OS OS : Windows XP
Protection Protection : Avira Antivir
Points Points : 27826
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDSS.M

Post by fairydraik on 13th May 2011, 11:03 am

Avira popped up with a notification, a junk .dll in "System Volume Information"?

Edit: I had Avira scan while I was at school, it popped up with a shiton of stuff that it quarantined. I deleted everything,b ut I wonder if my computer is really as clean as it appears to be?

fairydraik
Intermediate
Intermediate

Posts Posts : 194
Joined Joined : 2009-10-31
Gender Gender : Female
OS OS : Windows XP
Protection Protection : Avira Antivir
Points Points : 27826
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDSS.M

Post by Belahzur on 13th May 2011, 8:40 pm

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Adobe Reader 9.4.4
    Java(TM) 6 Update 17
    Java(TM) SE Development Kit 6 Update 17

Updating Java:

  • Download the latest version of [You must be registered and logged in to see this link.].
  • Click the "Download JRE" button to the right.
  • In the Window that opens, select your platform, check the "agree" box, and click Continue.
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Then from your desktop double-click on jre-6u25-windows-i586.exe that you downloaded to install the newest version.

Then download and install [You must be registered and logged in to see this link.]

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: BOO/TDSS.M

Post by fairydraik on 14th May 2011, 1:57 am

Gotta go and actually install the Java update, but everything seems okay. Other than that one mass find/deletion, Avira hasn't popped up with any real notices or anything; still, that one thing spooked me. Is there anything we can do to be sure that it's completely, completely gone?

fairydraik
Intermediate
Intermediate

Posts Posts : 194
Joined Joined : 2009-10-31
Gender Gender : Female
OS OS : Windows XP
Protection Protection : Avira Antivir
Points Points : 27826
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDSS.M

Post by fairydraik on 14th May 2011, 1:58 am

If it helps, here is the log from that run.

Avira AntiVir Personal
Report file date: Friday, May 13, 2011 12:00

Scanning for 2725385 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : D94LZ971

Version information:
BUILD.DAT : 10.0.0.648 31823 Bytes 4/1/2011 18:36:00
AVSCAN.EXE : 10.0.4.2 442024 Bytes 4/29/2011 20:19:59
AVSCAN.DLL : 10.0.3.0 46440 Bytes 5/2/2010 21:26:51
LUKE.DLL : 10.0.3.2 104296 Bytes 12/17/2010 17:35:56
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 03:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 13:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 17:35:53
VBASE002.VDF : 7.11.3.0 1950720 Bytes 2/9/2011 02:42:36
VBASE003.VDF : 7.11.5.225 1980416 Bytes 4/7/2011 06:29:58
VBASE004.VDF : 7.11.5.226 2048 Bytes 4/7/2011 06:29:58
VBASE005.VDF : 7.11.5.227 2048 Bytes 4/7/2011 06:29:58
VBASE006.VDF : 7.11.5.228 2048 Bytes 4/7/2011 06:29:59
VBASE007.VDF : 7.11.5.229 2048 Bytes 4/7/2011 06:29:59
VBASE008.VDF : 7.11.5.230 2048 Bytes 4/7/2011 06:29:59
VBASE009.VDF : 7.11.5.231 2048 Bytes 4/7/2011 06:29:59
VBASE010.VDF : 7.11.5.232 2048 Bytes 4/7/2011 06:29:59
VBASE011.VDF : 7.11.5.233 2048 Bytes 4/7/2011 06:29:59
VBASE012.VDF : 7.11.5.234 2048 Bytes 4/7/2011 06:29:59
VBASE013.VDF : 7.11.6.28 158208 Bytes 4/11/2011 20:48:35
VBASE014.VDF : 7.11.6.74 116224 Bytes 4/13/2011 13:24:14
VBASE015.VDF : 7.11.6.113 137728 Bytes 4/14/2011 13:24:18
VBASE016.VDF : 7.11.6.150 146944 Bytes 4/18/2011 23:05:57
VBASE017.VDF : 7.11.6.192 138240 Bytes 4/20/2011 17:56:27
VBASE018.VDF : 7.11.6.237 156160 Bytes 4/22/2011 17:56:28
VBASE019.VDF : 7.11.7.45 427520 Bytes 4/27/2011 20:19:59
VBASE020.VDF : 7.11.7.64 192000 Bytes 4/28/2011 20:19:59
VBASE021.VDF : 7.11.7.97 182272 Bytes 5/2/2011 00:45:52
VBASE022.VDF : 7.11.7.127 467968 Bytes 5/4/2011 14:30:00
VBASE023.VDF : 7.11.7.183 185856 Bytes 5/9/2011 22:08:07
VBASE024.VDF : 7.11.7.218 133120 Bytes 5/11/2011 00:19:08
VBASE025.VDF : 7.11.7.234 139776 Bytes 5/11/2011 00:19:13
VBASE026.VDF : 7.11.7.235 2048 Bytes 5/11/2011 00:19:13
VBASE027.VDF : 7.11.7.236 2048 Bytes 5/11/2011 00:19:13
VBASE028.VDF : 7.11.7.237 2048 Bytes 5/11/2011 00:19:14
VBASE029.VDF : 7.11.7.238 2048 Bytes 5/11/2011 00:19:14
VBASE030.VDF : 7.11.7.239 2048 Bytes 5/11/2011 00:19:14
VBASE031.VDF : 7.11.7.254 68608 Bytes 5/12/2011 00:19:17
Engineversion : 8.2.4.228
AEVDF.DLL : 8.1.2.1 106868 Bytes 7/29/2010 18:18:59
AESCRIPT.DLL : 8.1.3.61 1253754 Bytes 5/7/2011 14:30:40
AESCN.DLL : 8.1.7.2 127349 Bytes 11/24/2010 02:10:37
AESBX.DLL : 8.1.3.2 254324 Bytes 11/24/2010 02:10:55
AERDL.DLL : 8.1.9.9 639347 Bytes 3/26/2011 06:05:57
AEPACK.DLL : 8.2.6.0 549237 Bytes 4/9/2011 06:30:09
AEOFFICE.DLL : 8.1.1.22 205178 Bytes 5/7/2011 14:30:34
AEHEUR.DLL : 8.1.2.113 3494263 Bytes 5/7/2011 14:30:31
AEHELP.DLL : 8.1.16.1 246134 Bytes 2/5/2011 17:20:51
AEGEN.DLL : 8.1.5.4 397684 Bytes 4/4/2011 20:14:53
AEEMU.DLL : 8.1.3.0 393589 Bytes 11/24/2010 02:09:34
AECORE.DLL : 8.1.20.2 196982 Bytes 4/9/2011 06:30:03
AEBB.DLL : 8.1.1.0 53618 Bytes 5/2/2010 21:26:50
AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 16:03:38
AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 16:03:35
AVREP.DLL : 10.0.0.9 174120 Bytes 4/29/2011 20:20:00
AVREG.DLL : 10.0.3.2 53096 Bytes 11/4/2010 06:14:38
AVSCPLR.DLL : 10.0.4.2 84840 Bytes 4/29/2011 20:19:59
AVARKT.DLL : 10.0.22.6 231784 Bytes 12/17/2010 17:35:55
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 13:53:30
SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 16:57:58
AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 19:38:56
NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 18:41:00
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 17:10:20
RCTEXT.DLL : 10.0.58.0 97128 Bytes 11/4/2010 06:14:36

Configuration settings for the scan:
Jobname.............................: Local Hard Disks
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\alldiscs.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, F:, I:, J:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Friday, May 13, 2011 12:00

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'YAHOOM~1.EXE' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'COCIManager.exe' - '1' Module(s) have been scanned
Scan process 'CameraHelperShell.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'DTLite.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'DivXUpdate.exe' - '1' Module(s) have been scanned
Scan process 'RUNDLL32.EXE' - '1' Module(s) have been scanned
Scan process 'LWS.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'Amoumain.exe' - '1' Module(s) have been scanned
Scan process 'ISUSPM.exe' - '1' Module(s) have been scanned
Scan process 'Iaanotif.exe' - '1' Module(s) have been scanned
Scan process 'MsPMSPSv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'tcpsvcs.exe' - '1' Module(s) have been scanned
Scan process 'SeaPort.exe' - '1' Module(s) have been scanned
Scan process 'Iaantmon.exe' - '1' Module(s) have been scanned
Scan process 'CTsvcCDA.EXE' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'UMVPFSrv.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Master boot sector HD3
[INFO] No virus was found!
Master boot sector HD4
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'F:\'
[INFO] No virus was found!
Boot sector 'I:\'
[INFO] No virus was found!
Boot sector 'J:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '1824' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\22\7e479456-392c61ab
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/Agent.KA Java virus
--> netbeans/PHP.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.KA Java virus
--> plugin/Commander.class
[DETECTION] Contains recognition pattern of the JAVA/Pesc.K Java virus
--> plugin/Console.class
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.BQ Java virus
--> plugin/Syntax.class
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.BS Java virus
C:\Qoobox\Quarantine\C\Documents and Settings\Miranda Rian\Application Data\Sun\ixokfmgyl68.dll.vir
[DETECTION] Is the TR/Drop.FrauDrop.xxux.1 Trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Miranda Rian\Start Menu\Programs\Startup\rarliw32.exe.vir
[DETECTION] Is the TR/Dldr.Bredolab.AC.3 Trojan
C:\Qoobox\Quarantine\C\Recycle.Bin\Recycle.Bin.exe.vir
[DETECTION] Is the TR/Spy.SpyEyes.gzh.1 Trojan
C:\Qoobox\Quarantine\C\WINDOWS\Glivua.exe.vir
[DETECTION] Is the TR/Dldr.Renos.PG.100 Trojan
C:\Qoobox\Quarantine\C\WINDOWS\Glivub.exe.vir
[DETECTION] Is the TR/Dldr.Renos.PG.100 Trojan
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\6to4v32.dll.vir
[DETECTION] Is the TR/Wimpixo.E.72 Trojan
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\itlnfw32.dll.vir
[DETECTION] Is the TR/Sasfis.2.3 Trojan
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\itlpfw32.dll.vir
[DETECTION] Is the TR/Agent.Delf.RQO.13 Trojan
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\msywgahg.exe.vir
[DETECTION] Is the TR/Antavmu.lfu Trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2\A0005242.exe
[DETECTION] Is the TR/Spy.SpyEyes.gzh.1 Trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2\A0005243.exe
[DETECTION] Is the TR/Dldr.Renos.PG.100 Trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2\A0005244.exe
[DETECTION] Is the TR/Dldr.Renos.PG.100 Trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2\A0005246.dll
[DETECTION] Is the TR/Wimpixo.E.72 Trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2\A0005247.dll
[DETECTION] Is the TR/Sasfis.2.3 Trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2\A0005248.dll
[DETECTION] Is the TR/Agent.Delf.RQO.13 Trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2\A0005442.exe
[DETECTION] Is the TR/Antavmu.lfu Trojan
Begin scan in 'F:\'
Begin scan in 'I:\'
Begin scan in 'J:\'

Beginning disinfection:
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2\A0005442.exe
[DETECTION] Is the TR/Antavmu.lfu Trojan
[NOTE] The file was moved to the quarantine directory under the name '4e54259a.qua'.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2\A0005248.dll
[DETECTION] Is the TR/Agent.Delf.RQO.13 Trojan
[NOTE] The file was moved to the quarantine directory under the name '56c30a3d.qua'.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2\A0005247.dll
[DETECTION] Is the TR/Sasfis.2.3 Trojan
[NOTE] The file was moved to the quarantine directory under the name '049c50d5.qua'.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2\A0005246.dll
[DETECTION] Is the TR/Wimpixo.E.72 Trojan
[NOTE] The file was moved to the quarantine directory under the name '62ab1f17.qua'.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2\A0005244.exe
[DETECTION] Is the TR/Dldr.Renos.PG.100 Trojan
[NOTE] The file was moved to the quarantine directory under the name '272f3229.qua'.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2\A0005243.exe
[DETECTION] Is the TR/Dldr.Renos.PG.100 Trojan
[NOTE] The file was moved to the quarantine directory under the name '58340048.qua'.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2\A0005242.exe
[DETECTION] Is the TR/Spy.SpyEyes.gzh.1 Trojan
[NOTE] The file was moved to the quarantine directory under the name '148c2c02.qua'.
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\msywgahg.exe.vir
[DETECTION] Is the TR/Antavmu.lfu Trojan
[NOTE] The file was moved to the quarantine directory under the name '6b2f6c1f.qua'.
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\itlpfw32.dll.vir
[DETECTION] Is the TR/Agent.Delf.RQO.13 Trojan
[NOTE] The file was moved to the quarantine directory under the name '460a4350.qua'.
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\itlnfw32.dll.vir
[DETECTION] Is the TR/Sasfis.2.3 Trojan
[NOTE] The file was moved to the quarantine directory under the name '5f6278ca.qua'.
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\6to4v32.dll.vir
[DETECTION] Is the TR/Wimpixo.E.72 Trojan
[NOTE] The file was moved to the quarantine directory under the name '333b54fa.qua'.
C:\Qoobox\Quarantine\C\WINDOWS\Glivub.exe.vir
[DETECTION] Is the TR/Dldr.Renos.PG.100 Trojan
[NOTE] The file was moved to the quarantine directory under the name '42886d67.qua'.
C:\Qoobox\Quarantine\C\WINDOWS\Glivua.exe.vir
[DETECTION] Is the TR/Dldr.Renos.PG.100 Trojan
[NOTE] The file was moved to the quarantine directory under the name '4c925da0.qua'.
C:\Qoobox\Quarantine\C\Recycle.Bin\Recycle.Bin.exe.vir
[DETECTION] Is the TR/Spy.SpyEyes.gzh.1 Trojan
[NOTE] The file was moved to the quarantine directory under the name '09bd24fb.qua'.
C:\Qoobox\Quarantine\C\Documents and Settings\Miranda Rian\Start Menu\Programs\Startup\rarliw32.exe.vir
[DETECTION] Is the TR/Dldr.Bredolab.AC.3 Trojan
[NOTE] The file was moved to the quarantine directory under the name '00b9205c.qua'.
C:\Qoobox\Quarantine\C\Documents and Settings\Miranda Rian\Application Data\Sun\ixokfmgyl68.dll.vir
[DETECTION] Is the TR/Drop.FrauDrop.xxux.1 Trojan
[NOTE] The file was moved to the quarantine directory under the name '58fb392c.qua'.
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\22\7e479456-392c61ab
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.BS Java virus
[NOTE] The file was moved to the quarantine directory under the name '743240f5.qua'.


End of the scan: Friday, May 13, 2011 15:05
Used time: 1:32:53 Hour(s)

The scan has been done completely.

22489 Scanned directories
562414 Files were scanned
20 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
17 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
562394 Files not concerned
10352 Archives were scanned
0 Warnings
17 Notes


fairydraik
Intermediate
Intermediate

Posts Posts : 194
Joined Joined : 2009-10-31
Gender Gender : Female
OS OS : Windows XP
Protection Protection : Avira Antivir
Points Points : 27826
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDSS.M

Post by Belahzur on 14th May 2011, 3:50 pm

Avira only found Combofix quarantine and Java cache, we'll take care of that and a few other things now.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.


To clear your Java Cache.

Click Start > Control Panel.
In the Control Panel, double-click the "Java" icon in the control panel. The Java Control Panel then appears.
Under the header "Temporary Internet Files", select the "Settings" button.

Don't change any of the settings, then click "Delete Files".



Next, the Delete Temporary Files dialog box appears.
Make sure both boxes are ticked, and hit the OK button.

Everything should be fine now.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: BOO/TDSS.M

Post by fairydraik on 14th May 2011, 8:27 pm

Thanks so much, Belahzur.

Um, do you know if it's okay for me to eitehr restart or pick back up my training? As the school year draws to a close, I've found myself with a lot more free time on my hands a nd a little bit wiser than I was when I started.

If the answer is no, I'm perfectly okay with that.

fairydraik
Intermediate
Intermediate

Posts Posts : 194
Joined Joined : 2009-10-31
Gender Gender : Female
OS OS : Windows XP
Protection Protection : Avira Antivir
Points Points : 27826
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDSS.M

Post by Belahzur on 15th May 2011, 3:16 pm

You can pick up where you left off if you want.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: BOO/TDSS.M

Post by fairydraik on 15th May 2011, 7:29 pm

Thank you so much Big Grin

When I finally get a job, you can be sure you'll be getting at least one donation from me. You've been nothing but a help. So, yeah, thanks ^^

fairydraik
Intermediate
Intermediate

Posts Posts : 194
Joined Joined : 2009-10-31
Gender Gender : Female
OS OS : Windows XP
Protection Protection : Avira Antivir
Points Points : 27826
# Likes # Likes : 0

View user profile

Back to top Go down

Page 2 of 2 Previous  1, 2

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum