Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

HELP!!! W32.Crypt

This is a discussion on HELP!!! W32.Crypt within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hello, I had/ve this virus/root-kit. I've tried everything that worked with other infections I've had before, but alas no luck.


 
 
Thread Tools Search this Thread
Old 03-19-2011, 08:04 PM   #1
Registered Member
 
Join Date: Mar 2011
Posts: 16
OS: xp pro svc pk 3



Hello,
I had/ve this virus/root-kit. I've tried everything that worked with other infections I've had before, but alas no luck.
Right now I would settle just to be able to wipe out my c drive and do a fresh install, but this virus/rootkit won't allow me even to do that. During the reinstall I get this BSOD error (0x0000007b, (0xF78D663C, 0Xc0000034, 0x0000000, 0x000000).
I even changed my boot configuration to the xp CD, shut the machine off, UNHOOKED my C (the os) and E Hard drives, installed another new HD and tried to install onto that HD with the same BSOD.
Other than that, and the occasional DOS attacks, and the fact that my PC wont see my disc drives, the machine runs fine.
Any help would be appreciated, like I said I am just wanting to reinstall fresh, if you could help me get there much gracious!!! Thanks again for you time!!!

DDS (Ver_11-03-05.01) - NTFSx86
Run by 1 at 20:25:51.95 on Sat 03/19/2011
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_24
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1463 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\WINDOWS\system32\dlcxcoms.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\1\My Documents\Downloads\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: ZoneAlarm Toolbar: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - c:\program files\zonealarm\tbZon1.dll
uURLSearchHooks: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\tbZone.dll
uURLSearchHooks: H - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0}: WormRadar.com IESiteBlocker.NavFilter
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\tbZone.dll
BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Somoto Toolbar: {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} - c:\program files\somototoolbar\vmntemplateX.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: ZoneAlarm Toolbar: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - c:\program files\zonealarm\tbZon1.dll
TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\tbZone.dll
TB: Somoto Toolbar: {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} - c:\program files\somototoolbar\vmntemplateX.dll
TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\1\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Spyware Doctor] c:\documents and settings\1\desktop\sdsetup.exe -min
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [ISW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"
mRun: [Google Updater] "c:\program files\google\google updater\GoogleUpdater.exe" -check_deprecation
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [RoxioDragToDisc] "c:\program files\roxio\easy media creator 7\drag to disc\DrgToDsc.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe
mRun: [36X Raid Configurer] c:\windows\system32\xRaidSetup.exe boot
mRun: [SoundMax] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [DLCXCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCXtime.dll,_RunDLLEntry@16
StartupFolder: c:\docume~1\1\startm~1\programs\startup\epsona~1.lnk - g:\common\epsonreg\EpsonReg.exe
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: aol.com\free
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: lbxfile - {56831180-F115-11d2-B6AA-00104B2B9943} - c:\program files\libronix dls\system\FileProt.dll
Handler: lbxres - {24508F1B-9E94-40EE-9759-9AF5795ADF52} - c:\program files\libronix dls\system\ResProt.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\1\applic~1\mozilla\firefox\profiles\ovzzwc08.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\checkpoint\zaforcefield\trustchecker\components\TrustCheckerMozillaPlugin.dll
FF - plugin: c:\documents and settings\1\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\1\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\1\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\1\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2166.3772\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: ZoneAlarm Security Engine: {FFB96CC1-7EB3-449D-B827-DB661701C6BB} - c:\program files\checkpoint\zaforcefield\TrustChecker
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: Screengrab: {02450954-cdd9-410f-b1da-db804e18c671} - %profile%\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
FF - Ext: WebMail Notifier: {37fa1426-b82d-11db-8314-0800200c9a66} - %profile%\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}
FF - Ext: Read It Later: isreaditlater@ideashower.com - %profile%\extensions\isreaditlater@ideashower.com
FF - Ext: Redirect Remover: {fe0258ab-4f74-43a1-8781-bcdf340f9ee9} - %profile%\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}
FF - Ext: Flash Video Downloader (Youtube Downloader): artur.dubovoy@gmail.com - %profile%\extensions\artur.dubovoy@gmail.com
FF - Ext: VTzilla: vtzilla@virustotal.com - %profile%\extensions\vtzilla@virustotal.com
.
============= SERVICES / DRIVERS ===============
.
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2011-3-19 28552]
R0 SI3114;SiI-3114 SATALink Controller;c:\windows\system32\drivers\SI3114.sys [2008-4-14 73768]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-2-28 165584]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2010-5-25 532224]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-2-28 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-2-28 40384]
R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2010-11-5 26872]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2010-11-5 488952]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2011-2-28 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2011-2-28 40384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-20 136176]
S3 AIDA32Driver;AIDA32Driver;\??\c:\documents and settings\1\desktop\aida32pe_393\aida32.sys --> c:\documents and settings\1\desktop\aida32pe_393\aida32.sys [?]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2002-8-29 14336]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
.
=============== Created Last 30 ================
.
2011-03-20 00:12:45 -------- d-----w- c:\docume~1\1\locals~1\applic~1\Secunia PSI
2011-03-19 23:57:12 -------- d-----w- c:\program files\CleanUp!
2011-03-19 23:48:41 -------- d-----w- c:\program files\Secunia
2011-03-19 21:46:03 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2011-03-19 21:45:55 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-03-19 21:45:55 -------- d-----w- c:\docume~1\1\applic~1\SUPERAntiSpyware.com
2011-03-19 16:26:17 190032 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-03-19 16:26:17 -------- d-----w- c:\documents and settings\1\log
2011-03-19 15:01:51 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2011-03-18 03:51:41 -------- d-----w- c:\docume~1\1\applic~1\Creative ASR2
2011-03-18 03:51:39 -------- d-----w- C:\Media
2011-03-16 03:09:08 143360 ----a-w- c:\windows\system32\xRaidAPI.dll
2011-03-16 03:09:07 1953792 ----a-w- c:\windows\system32\xRaidSetup.exe
2011-03-16 03:09:07 -------- d-----w- C:\RaidTool
2011-03-16 03:09:01 -------- d-----w- c:\windows\RaidTool
2011-03-16 03:02:50 53248 ----a-w- c:\windows\system32\CSVer.dll
2011-03-16 03:02:28 -------- d-----w- C:\Intel
2011-03-16 02:04:11 -------- d-----w- c:\docume~1\1\locals~1\applic~1\eSupport.com
2011-03-13 20:38:00 -------- d-----w- c:\windows\_is46
2011-03-13 03:10:39 -------- d-----w- c:\program files\Bonjour
2011-03-12 01:47:58 -------- d-----w- C:\Fraps
2011-03-08 04:02:19 -------- d-----w- c:\docume~1\1\applic~1\Ashampoo
2011-03-08 04:01:48 -------- d-----w- c:\docume~1\alluse~1\applic~1\ashampoo
2011-03-08 04:01:48 -------- d-----w- c:\docume~1\1\locals~1\applic~1\ashampoo
2011-03-08 03:21:54 -------- d-----w- c:\docume~1\1\applic~1\dtband
2011-03-08 03:21:19 -------- d-----w- c:\program files\Burn4Free Toolbar
2011-03-08 03:21:07 -------- d-----w- c:\program files\b4ficons
2011-03-05 05:29:59 81920 ----a-w- c:\windows\system32\bwplay.exe
2011-03-05 05:29:58 58280 ----a-w- c:\windows\system32\bwntsend.dll
2011-03-05 05:29:58 58280 ----a-w- c:\windows\system32\bwnthook.dll
2011-03-05 05:29:58 55808 ----a-w- c:\windows\system32\zlib1.dll
2011-03-05 05:29:58 229376 ----a-w- c:\windows\system32\ssce5532.dll
2011-03-05 05:29:58 181760 ----a-w- c:\windows\system32\patchw32.dll
2011-03-05 05:29:58 116736 ----a-w- c:\windows\system32\patchw.dll
2011-03-05 05:29:58 102400 ----a-w- c:\windows\system32\unzip32.dll
2011-03-05 05:29:56 7533568 ----a-w- c:\windows\system32\bwbits80.dll
2011-03-05 05:24:21 -------- d-----w- c:\program files\BibleWorks 8
2011-03-01 01:40:10 -------- d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2011-03-01 01:32:20 38848 ----a-w- c:\windows\avastSS.scr
2011-03-01 01:32:06 -------- d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2011-03-01 01:25:17 -------- d-----w- c:\documents and settings\all users\Immunet
2011-03-01 01:25:17 -------- d-----w- c:\docume~1\1\applic~1\Immunet
2011-03-01 01:25:02 -------- d-----w- c:\program files\Immunet Protect
2011-02-26 22:01:02 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2011-02-22 06:38:44 86016 ----a-w- c:\windows\system32\frapsvid.dll
.
==================== Find3M ====================
.
2011-03-16 03:02:00 32768 ----a-w- c:\windows\inf\UpdateUSB.exe
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-03 03:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-03 01:19:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 22:15:52 667136 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 22:15:52 61952 ----a-w- c:\windows\system32\tdc.ocx
2010-12-20 22:15:51 81920 ------w- c:\windows\system32\ieencode.dll
2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 15:30:29 369664 ------w- c:\windows\system32\html.iec
.
============= FINISH: 20:26:38.79 ===============
Attached Files
File Type: txt Attach.txt (17.6 KB, 3 views)

__________________
Saved is offline  
Old 03-21-2011, 06:14 AM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 26,411
OS: XP SP3; Win7 32/64-bit



Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

I need to see a gmer log in order to help you.

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

------------------------------------------------------

__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
Old 03-21-2011, 05:31 PM   #3
Registered Member
 
Join Date: Mar 2011
Posts: 16
OS: xp pro svc pk 3



Thanks for the reply Chemist, here is the gmer log. Thanks for all that you guys do for FREE, awesome.
Attached Files
File Type: txt gmer.txt (95.3 KB, 2 views)
__________________
Saved is offline  
Old 03-21-2011, 05:58 PM   #4
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 26,411
OS: XP SP3; Win7 32/64-bit



Hello Saved. I'm not seeing the cause of your issue in your logs.

What led you to W32.Crypt? avast!? Do you have a log? What tools have you run if any? Any logs?

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
Old 03-21-2011, 07:13 PM   #5
Registered Member
 
Join Date: Mar 2011
Posts: 16
OS: xp pro svc pk 3



Yes I am running avast right now and it said that it had captured/quarantined w32.crypt. Then the other anti-virus program that Google provides I believe it is Immunoprotect? said that it also had the virus quarantined, and it was being stored by avast.
I noticed about two weeks ago that my cable internet was grinding to a halt, which I take was a DOS attack now. Then all four of my optical drives disappeared. I tried numerous times to reload the firmware(s) to no avail. Then I tried to reload xp on my c drive (numerous times) only to be told that via BSOD that I had a virus on and/or, my HD was damaged.
Which leads me to believe (now) that I have a PCI/BIOS related Rootkit. Because I was getting the BSOD message EVEN after I had unplugged the c and e hard drives, AND installed a completely new HD to put xp on.
Does this sound about right to you? LOL. Part and parcel of being "online" today. I guess I am going to wait till the weekend, and yank my c drive and reformat it on another 'puter, while it is out I will reset my Bios via mobo, and/or reset the CMOS battery, and hopefully that will solve my issues. I am hoping I dont have a PCI rootkit.
And no I didnt keep any of those logs, though I will in the future!!! Thanks for your help.
__________________
Saved is offline  
Old 03-22-2011, 04:53 AM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 26,411
OS: XP SP3; Win7 32/64-bit



Hello again, Saved.

Please download MBRCheck.exe and save it to your desktop.
  • Double-click on MBRCheck.exe to start the tool.
  • If no MBR infection is detected, press Enter to exit...
  • If a MBR infection is detected, press n then Enter
  • Then press ENTER to exit...
  • A Notepad file named MBRCheck_date_time.txt will appear on your desktop.
  • Copy and paste the contents of MBRCheck_date_time.txt in your next reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
Old 03-22-2011, 01:10 PM   #7
Registered Member
 
Join Date: Mar 2011
Posts: 16
OS: xp pro svc pk 3



Greetings Chemist, here is the log:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000000fd

Kernel Drivers (total 145):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E5000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA0B8000 ohci1394.sys
0xBA0C8000 \WINDOWS\System32\DRIVERS\1394BUS.SYS
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xBA0D8000 MountMgr.sys
0xB9F49000 ftdisk.sys
0xBA5AC000 dmload.sys
0xB9F23000 dmio.sys
0xBA330000 PartMgr.sys
0xBA338000 pavboot.sys
0xBA0E8000 VolSnap.sys
0xB9F0B000 atapi.sys
0xBA0F8000 jraid.sys
0xB9EF3000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xB9EDE000 SI3114.sys
0xBA108000 disk.sys
0xBA118000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xB9EBE000 fltmgr.sys
0xBA4BC000 SiWinAcc.sys
0xBA128000 PxHelp20.sys
0xB9EA7000 KSecDD.sys
0xB9E1A000 Ntfs.sys
0xB9DED000 NDIS.sys
0xB9DD3000 Mup.sys
0xBA5AE000 JGOGO.sys
0xBA671000 giveio.sys
0xBA208000 \SystemRoot\System32\DRIVERS\intelppm.sys
0xB924A000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB9236000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xBA490000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xB9212000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xBA498000 \SystemRoot\System32\DRIVERS\usbehci.sys
0xB91EA000 \SystemRoot\System32\DRIVERS\HDAudBus.sys
0xB91D5000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys
0xB9163000 \SystemRoot\system32\drivers\ctaud2k.sys
0xB913F000 \SystemRoot\system32\drivers\portcls.sys
0xBA218000 \SystemRoot\system32\drivers\drmk.sys
0xB911C000 \SystemRoot\system32\drivers\ks.sys
0xB90F1000 \SystemRoot\system32\drivers\ctoss2k.sys
0xBA5F8000 \SystemRoot\system32\drivers\ctprxy2k.sys
0xBA57C000 \SystemRoot\system32\DRIVERS\gameenum.sys
0xBA228000 \SystemRoot\System32\DRIVERS\nic1394.sys
0xBA238000 \SystemRoot\System32\DRIVERS\imapi.sys
0xBA248000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xBA258000 \SystemRoot\System32\DRIVERS\redbook.sys
0xBA268000 \SystemRoot\System32\DRIVERS\serial.sys
0xBA58C000 \SystemRoot\System32\DRIVERS\serenum.sys
0xBA4A0000 \SystemRoot\System32\DRIVERS\fdc.sys
0xBA5FA000 \SystemRoot\System32\DRIVERS\ASACPI.sys
0xB90DD000 \SystemRoot\System32\DRIVERS\parport.sys
0xBA278000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xBA4A8000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xBA288000 \SystemRoot\system32\DRIVERS\L8042pr2.Sys
0xBA298000 \SystemRoot\system32\DRIVERS\LMouFlt2.Sys
0xBA4B0000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xBA774000 \SystemRoot\System32\DRIVERS\audstub.sys
0xBA5FC000 \SystemRoot\System32\Drivers\RootMdm.sys
0xBA348000 \SystemRoot\System32\Drivers\Modem.SYS
0xBA2A8000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xBA590000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xB90C6000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xBA2B8000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xBA2C8000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xBA380000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xB90B5000 \SystemRoot\System32\DRIVERS\psched.sys
0xBA2D8000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xBA388000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xBA390000 \SystemRoot\System32\DRIVERS\raspti.sys
0xBA398000 \SystemRoot\system32\DRIVERS\RimSerial.sys
0xB9085000 \SystemRoot\System32\DRIVERS\rdpdr.sys
0xBA2E8000 \SystemRoot\System32\DRIVERS\termdd.sys
0xBA5FE000 \SystemRoot\System32\DRIVERS\swenum.sys
0xB9027000 \SystemRoot\System32\DRIVERS\update.sys
0xB9DAB000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xBA308000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA318000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xBA602000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xB6E69000 \SystemRoot\system32\drivers\ADIHdAud.sys
0xB6E52000 \SystemRoot\system32\drivers\AEAudio.sys
0xB6DF2000 \SystemRoot\system32\drivers\Senfilt.sys
0xB6DA6000 \SystemRoot\system32\drivers\hap16v2k.sys
0xB6CE1000 \SystemRoot\system32\drivers\ha10kx2k.sys
0xB6CBF000 \SystemRoot\system32\drivers\emupia2k.sys
0xB6CA0000 \SystemRoot\system32\drivers\ctsfm2k.sys
0xB6C02000 \SystemRoot\system32\drivers\ctac32k.sys
0xBA3F0000 \SystemRoot\System32\DRIVERS\flpydisk.sys
0xB6BE5000 \SystemRoot\System32\Drivers\pwd_2k.SYS
0xBA666000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA7E9000 \SystemRoot\System32\Drivers\Null.SYS
0xBA668000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA418000 \SystemRoot\System32\drivers\vga.sys
0xBA66A000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA66C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xB6B7D000 \SystemRoot\System32\Drivers\cdudf_xp.SYS
0xB6B20000 \SystemRoot\System32\Drivers\DVDVRRdr_xp.SYS
0xBA420000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA428000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB6ADC000 \SystemRoot\System32\Drivers\UDFReadr.SYS
0xB6DDE000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xB6A8F000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xB6A36000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xB991F000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xB6A10000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xB69E8000 \SystemRoot\System32\DRIVERS\netbt.sys
0xB96A1000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xB6967000 \SystemRoot\System32\vsdatant.sys
0xB9691000 \SystemRoot\System32\DRIVERS\arp1394.sys
0xB691D000 \SystemRoot\System32\drivers\afd.sys
0xB9681000 \SystemRoot\System32\DRIVERS\netbios.sys
0xB68F2000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xB6882000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xB9661000 \SystemRoot\System32\Drivers\Fips.SYS
0xB685B000 \SystemRoot\System32\Drivers\aswSP.SYS
0xBA440000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xB9641000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB6843000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA5C4000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB6B4B000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA458000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA733000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBF45C000 \SystemRoot\System32\ATMFD.DLL
0xB6AC6000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xB5E0A000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xBA3E0000 \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
0xB4A6B000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xB49F7000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xB3A10000 \SystemRoot\system32\drivers\wdmaud.sys
0xB5BFA000 \SystemRoot\system32\drivers\sysaudio.sys
0xB3195000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xBA5D6000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xB2F5D000 \SystemRoot\System32\DRIVERS\srv.sys
0xB307D000 \??\C:\WINDOWS\system32\drivers\PfModNT.sys
0xBA3C0000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 42):
0 System Idle Process
4 System
720 C:\WINDOWS\system32\smss.exe
776 csrss.exe
800 C:\WINDOWS\system32\winlogon.exe
844 C:\WINDOWS\system32\services.exe
856 C:\WINDOWS\system32\lsass.exe
1028 C:\WINDOWS\system32\svchost.exe
1096 svchost.exe
1192 C:\WINDOWS\system32\svchost.exe
1312 svchost.exe
1356 svchost.exe
1408 C:\WINDOWS\system32\ZoneLabs\vsmon.exe
1756 C:\WINDOWS\explorer.exe
236 C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
288 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
628 C:\Program Files\iTunes\iTunesHelper.exe
664 C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
700 C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
768 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
820 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
904 C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
1168 C:\Program Files\Analog Devices\SoundMAX\SMax4.exe
1252 C:\WINDOWS\system32\ctfmon.exe
1000 C:\WINDOWS\system32\spoolsv.exe
2180 svchost.exe
2208 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2228 C:\Program Files\Bonjour\mDNSResponder.exe
2284 C:\WINDOWS\system32\CTSVCCDA.EXE
2492 C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
2564 C:\WINDOWS\system32\dlcxcoms.exe
2680 C:\WINDOWS\system32\svchost.exe
2708 C:\Program Files\Java\jre6\bin\jqs.exe
2824 C:\Program Files\Microsoft LifeCam\MSCamS32.exe
2880 C:\WINDOWS\system32\nvsvc32.exe
3052 C:\WINDOWS\system32\svchost.exe
3088 C:\WINDOWS\system32\MsPMSPSv.exe
3932 C:\Program Files\iPod\bin\iPodService.exe
2112 alg.exe
2476 C:\Program Files\Mozilla Firefox\firefox.exe
492 C:\Program Files\Mozilla Firefox\plugin-container.exe
580 C:\Documents and Settings\1\My Documents\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD1600JS-00NCB1, Rev: 10.02E02
PhysicalDrive2 Model Number: WDCWD2500KS-00MJB0, Rev: 02.01C03

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
232 GB \\.\PhysicalDrive2 Legit MBR code detected
SHA1: 317A49A9E93F077F2D004734D2A7B6CA7E7B9495


Done!
__________________
Saved is offline  
Old 03-22-2011, 06:34 PM   #8
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 26,411
OS: XP SP3; Win7 32/64-bit



Hello again, Saved. Still not seeing anything.

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

Go here and click 'ESET Online Scanner'.
  • If you are not using Internet Explorer, double-click esetsmartinstaller_enu.exe to install it, then click 'Run'.
  • Turn off the real-time scanner of any existing antivirus program while performing the online scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If using Internet Explorer, allow the ActiveX control to install when asked.
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Next to 'Current scan targets: Operating memory, Local drives', click the Change.. button.
  • Tick all the boxes that correspond to your external/inserted drives.
  • Click Start
  • Wait for the scan to finish, then click 'Finish'.
  • Use Notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Copy/paste that log as a reply to this topic.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
Old 03-22-2011, 09:50 PM   #9
Registered Member
 
Join Date: Mar 2011
Posts: 16
OS: xp pro svc pk 3



Greetings,
Here is that log:

C:\Documents and Settings\1\Local Settings\Temp\nsr8.tmp Win32/PrcView application cleaned by deleting - quarantined
C:\Documents and Settings\1\My Documents\Downloads\VirtumundoBeGone(2).exe Win32/PrcView application deleted - quarantined
C:\Documents and Settings\1\My Documents\Downloads\VirtumundoBeGone.exe Win32/PrcView application deleted - quarantined
E:\Utilities\Setup_FreeConverter(2).exe Win32/Adware.Toolbar.Dealio application deleted - quarantined
E:\Utilities\Setup_FreeConverter.exe Win32/Adware.Toolbar.Dealio application deleted - quarantined
L:\stuff\Utilities\Setup_FreeConverter(2).exe Win32/Adware.Toolbar.Dealio application deleted - quarantined
L:\stuff\Utilities\Setup_FreeConverter.exe Win32/Adware.Toolbar.Dealio application deleted - quarantined
L:\stuff\Utilities\unlocker1.9.0.exe Win32/Adware.ADON application deleted - quarantined
L:\stuff\Utilities\Utilities\Setup_FreeConverter(2).exe Win32/Adware.Toolbar.Dealio application deleted - quarantined
L:\stuff\Utilities\Utilities\Setup_FreeConverter.exe Win32/Adware.Toolbar.Dealio application deleted - quarantined
L:\stuff\Utilities\Utilities\unlocker1.8.9.exe Win32/Adware.ADON application deleted - quarantined

I suppose the kicker is if I can actually reinstall xp due to the damage already done to various drivers etc.
__________________
Saved is offline  
Old 03-23-2011, 04:10 AM   #10
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 26,411
OS: XP SP3; Win7 32/64-bit



Quote:
Originally Posted by Saved View Post
I guess I am going to wait till the weekend, and yank my c drive and reformat it on another 'puter, while it is out I will reset my Bios via mobo, and/or reset the CMOS battery, and hopefully that will solve my issues. I am hoping I dont have a PCI rootkit.
I don't think you do. Try the above and let me know.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
Old 03-23-2011, 04:37 AM   #11
Registered Member
 
Join Date: Mar 2011
Posts: 16
OS: xp pro svc pk 3



Greetings Chemist,
I ran that online scanner and thats in my above post, not sure what to do next.
__________________
Saved is offline  
Old 03-23-2011, 06:09 AM   #12
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 26,411
OS: XP SP3; Win7 32/64-bit



I meant this:

Quote:
yank my c drive and reformat it on another 'puter, while it is out I will reset my Bios via mobo, and/or reset the CMOS battery
I am only trained in malware removal. You might want to seek help in our Hardware Support Forum
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
Old 03-23-2011, 10:26 AM   #13
Registered Member
 
Join Date: Mar 2011
Posts: 16
OS: xp pro svc pk 3



Thanks for all the free help Chemist, may the Lord Bless you.
__________________
Saved is offline  
Old 03-23-2011, 10:35 AM   #14
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 26,411
OS: XP SP3; Win7 32/64-bit



You're welcome. I'd actually like to keep this thread open and see if you can resolve your problem. Let me know.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
Old 03-24-2011, 12:32 PM   #15
Registered Member
 
Join Date: Mar 2011
Posts: 16
OS: xp pro svc pk 3



Greetings Chemist,
This link is where I am currently at with this issue. I wont have time to go any further with it till possibly tonight or tomorrow night at the earliest. Thanks for your time again.
http://www.techsupportforum.com/foru...ed-560460.html
__________________
Saved is offline  
Old 03-24-2011, 12:41 PM   #16
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 26,411
OS: XP SP3; Win7 32/64-bit



You're welcome, and good luck. I'm following your other thread. You're in good hands there.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
Old 03-25-2011, 10:44 PM   #17
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 26,411
OS: XP SP3; Win7 32/64-bit



wrench97 is awesome, isn't he?
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
Old 03-25-2011, 10:58 PM   #18
Registered Member
 
Join Date: Mar 2011
Posts: 16
OS: xp pro svc pk 3



AMEN LOL!!!

__________________
Saved is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2


All times are GMT -7. The time now is 09:17 PM.


Copyright 2001 - 2014, Tech Support Forum

Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts