|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Virus/Trojan/Spyware Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help. |
 |
|
|
LinkBack | Thread Tools |
08-15-2009, 01:43 AM
|
#1 (permalink) |
|
Registered User
Join Date: Aug 2009
Posts: 5
OS: Win Xp
|
Malware\Virus - Gmer even freezes
This is from another thread which I started in the xp forum:
Hi, long time reader (whenever my PC fails), but new member as I need serious help. My PC got infected with spyware (Brastia.exe and aag.exe) causing my system to have problems. I downloaded Malwarebytes and cleaned them which was great. Next my PC wouldnt always start, it would stall on the login screen and remain blanked. On the occasion I could get in it would give me an error regarding dmaupd32.exe. I therefore cleared prefetch hoping that would help but I still had the problem. I then scanned with Spyware Doctor which again was good and cleared other bits and pieces but same problem. I finished by using Windows cleanup and downloaded Perfect Optimizer. With this I only ran a check but a serial was needed to make it run so I did not make any changes with this. On returning from work and leaving windows to scan, I restarted the PC only for it to continuously give a blue screen error. I tried to log in with settings last known to work but eventually after logging it it would eventually crash again. Safe mode works BUT safe mode with networking does not. Does that mean its a network issue? I have disabled all startup programs and services (not the Microsoft ones) but i keep getting a blue screen. I have also noticed I dont always get the same error code. The ones Ive googled also come back with anything. I have tried uninstalling Spyware doctor and Optimizer in safe mode but with no luck. Also, no system restore points are available as it says I have none! I have the original windows disk but it doesnt give the option to repair windows only reinstall. I can get through to recovery console and have run chkdsk which didnt help. I am going to check the event log when I get home tonight to shed any more light on the situation. Although I should be able to back up some bits in safe mode I dont want to have to reinstall windows. If error codes or the event log are needed I can post them here later hopefully. Thanks for ANY help!! Since that post: In addition to this I have the error codes: 1001 10005 7001 7026 6006 6005 6009 4609 In device manager it had a red x by a network card so ive uninstalled that. I have followed the guide on what is needed here. DDS was fine but gmer freezes. I left it on all night last night in the hope it would unfreeze but with no luck. It freezes at different points but in particular when it got to a file called something like inf/other. Here is the DDS report: DDS (Ver_09-07-30.01) - NTFSx86 MINIMAL Run by James Ledger at 20:15:48.09 on 14/08/2009 Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_05 Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.1535.1255 [GMT 1:00] AV: Sunbelt VIPRE *On-access scanning disabled* (Outdated) {964FCE60-0B18-4D30-ADD6-EB178909041C} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\system32\svchost.exe -k netsvcs C:\WINDOWS\Explorer.EXE C:\Documents and Settings\James Ledger\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = about:blank uInternet Settings,ProxyOverride = *.local uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll BHO: Download_Bho Class: {a986e409-30cc-4185-89bb-ab212c104524} - c:\program files\ppliveva\DownloaderManager.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k mRunOnce: [Malwarebytes Anti-Malware (reboot)] "c:\any\flump.exe" /runcleanupscript IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {95B3F550-91C4-4627-BCC4-521288C52977} - d:\pplive\PPLive.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1147434417426 DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Notify: AtiExtEvent - Ati2evxx.dll AppInit_DLLs: c:\windows\system32\winuid.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\jamesl~1\applic~1\mozilla\firefox\profiles\v8eqnkic.default\ FF - prefs.js: browser.search.selectedEngine - eBay.co.uk FF - prefs.js: browser.startup.homepage - about:blank FF - plugin: c:\documents and settings\james ledger\application data\mozilla\firefox\profiles\v8eqnkic.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll FF - plugin: c:\documents and settings\james ledger\application data\mozilla\plugins\npPxPlay.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdbplug.dll FF - plugin: c:\windows\system32\dnaml\npdbplug.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} ============= SERVICES / DRIVERS =============== R1 zjxthtyjdmve7;zjxthtyjdmve7.sys;c:\windows\system32\drivers\zjxthtyjdmve7.sys [2009-8-13 40192] S0 NVStrap;NVStrap;c:\windows\system32\drivers\NVStrap.sys [2006-7-12 3712] S2 ekfwg;ekfwg;c:\windows\system32\drivers\koopt.sys --> c:\windows\system32\drivers\koopt.sys [?] S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-4-30 32512] S3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2007-12-25 22144] S3 MOSUMAC;USB-Ethernet Driver;c:\windows\system32\drivers\MOSUMAC.SYS [2006-5-12 27002] S3 musbehco;musbehco;c:\docume~1\jamesl~1\locals~1\temp\musbehco.sys [2004-10-28 15872] S3 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [2009-5-1 36928] S3 SIUSBXP;SIUSBXP;c:\windows\system32\drivers\SiUSBXp.sys [2009-4-22 14848] S4 DNADownloader;DNADownloader;c:\program files\gamespot\DownloadManager_Win32.exe [2007-7-10 729088] =============== Created Last 30 ================ 2009-08-13 21:12 40,960 a------- c:\windows\system32\18.tmp 2009-08-13 21:12 40,192 a------- c:\windows\system32\drivers\zjxthtyjdmve7.sys 2009-08-13 21:12 35,328 a------- c:\windows\system32\16.tmp 2009-08-13 21:12 17,920 a------- c:\windows\system32\15.tmp 2009-08-13 21:12 172 a------- c:\windows\system32\14.tmp 2009-08-13 20:12 40,192 a------- c:\windows\system32\drivers\ztyndpbiwnysv7.sys 2009-08-13 20:12 35,328 a------- c:\windows\system32\12.tmp 2009-08-13 20:12 17,920 a------- c:\windows\system32\11.tmp 2009-08-13 20:12 172 a------- c:\windows\system32\10.tmp 2009-08-13 19:58 40,192 a------- c:\windows\system32\drivers\zxecwnafyiuib5.sys 2009-08-13 19:53 40,192 a------- c:\windows\system32\drivers\zrsspslgtyp9.sys 2009-08-13 18:47 40,192 a------- c:\windows\system32\drivers\zuhwulywgdon3.sys 2009-08-13 18:46 359,808 a------- c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL 2009-08-13 18:41 54,156 a---h--- c:\windows\QTFont.qfn 2009-08-13 18:41 1,409 a------- c:\windows\QTFont.for 2009-08-12 17:48 <DIR> --d----- c:\docume~1\jamesl~1\applic~1\Malwarebytes 2009-08-11 23:17 <DIR> --d----- c:\program files\ESET 2009-08-11 23:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Sunbelt 2009-08-11 23:03 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-11 23:03 19,096 a------- c:\windows\system32\drivers\mbam.sys 2009-08-11 23:03 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes 2009-08-11 23:03 <DIR> --d----- C:\any 2009-08-11 22:39 1,830 a------- c:\windows\system32\work.info 2009-08-11 22:33 16,652 a------- c:\windows\system32\lfss ==================== Find3M ==================== 2009-08-13 18:46 359,808 a------- c:\windows\system32\drivers\TCPIP.SYS 2008-06-12 21:56 22,328 a------- c:\docume~1\jamesl~1\applic~1\PnkBstrK.sys 2006-08-19 21:01 1 a------- c:\documents and settings\james ledger\SI.bin ============= FINISH: 20:17:35.62 =============== I have also attached the "Attach" file but have no ark file as explained. Thankyou for your help. If there is anyway around the freezing in gmer please let me know also. |
|
     
|
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
08-18-2009, 12:23 AM
|
#2 (permalink) |
|
Registered User
Join Date: Aug 2009
Posts: 5
OS: Win Xp
|
Re: Malware\Virus - Gmer even freezes
Hi,
Its very nearly been 72 hours so.... Bump! If someone could at least verify whether this is hardware or a software issue that would be a start. Ive also been able to finally run Gmer so I have added the new attach file with ark.log. Please can someone shed some light! Thanks! |
|
|
|
|
| Thread Tools | |
|
|
