1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

TDSS malware virus

Discussion in 'Virus & Other Malware Removal' started by russelb923, Apr 7, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. russelb923

    russelb923 Thread Starter

    Joined:
    Apr 7, 2010
    Messages:
    55
    Hi there, My computer has recently been infected with the "Rootkit.Win32.TDSS.d" virus. At first my internet browser would get redirected and i thought nothing of it and then it got worse, now Mozilla will not work after type any website. I now have to use Safari web browser. Little things here and there freeze up but i know this is the least of the damage that this malware virus can do to my computer. Ive seen many solutions to it and only tried a few as ive realized everyones computer is probably infected in a different way and following everyone elses solutions may not help. If anyone can guide me through a step-by-step solution to get rid of this virus please let me know.

    PS: I use Kaspersky Anti Virus, which i now know cannot get rid of it, only detects it.
    Also, Ive tried TDSSKiller which found it and may have deleted some of the infected files but not all of it.

    Help before it gets worse! Thanks in advance.

    -Russel
     
  2. russelb923

    russelb923 Thread Starter

    Joined:
    Apr 7, 2010
    Messages:
    55
  3. russelb923

    russelb923 Thread Starter

    Joined:
    Apr 7, 2010
    Messages:
    55
    bump. someone help
     
  4. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    Please download DDS from either of these links

    LINK 1
    LINK 2

    and save it to your desktop.
    • Disable any script blocking protection
    • Double click dds.pif to run the tool.
    • When done, two DDS.txt's will open.
    • Save both reports to your desktop.
    ---------------------------------------------------
    Please include the contents of the following in your next reply:

    DDS.txt
    Attach.txt.


    NEXT


    [​IMG]
    Download GMER Rootkit Scanner from here or here.
    • Extract the contents of the zipped file to desktop.
    • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
    • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

      [​IMG]
      Click the image to enlarge it
    • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
      • IAT/EAT
      • Drives/Partition other than Systemdrive (typically C:\)
      • Show All (don't miss this one)
    • Then click the Scan button & wait for it to finish.
    • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
    • Save it where you can easily find it, such as your desktop, and post it in your next reply.

    **Caution**
    Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
     
  5. russelb923

    russelb923 Thread Starter

    Joined:
    Apr 7, 2010
    Messages:
    55
    DDS scan results:

    "DDS.txt":


    DDS (Ver_10-03-17.01) - NTFSx86
    Run by Admin at 22:41:52.50 on Sun 04/11/2010
    Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1236 [GMT -4:00]

    AV: Kaspersky Anti-Virus *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    C:\WINDOWS\system32\svchost -k rpcss
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\CSHelper.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\WINDOWS\system32\KADxMain.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
    C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
    C:\Program Files\Microsoft Office Ultimate 2007\Office12\GrooveMonitor.exe
    C:\Program Files\Search Settings\SearchSettings.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Steam\Steam.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Safari\Safari.exe
    C:\Documents and Settings\Admin\Desktop\dds.com
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://search.mywebsearch.com/mywebsearch/default.jhtml?ptnrS=ZQfox000&ptb=TMKfGN5LE4om04yDhnxLng
    uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
    uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2071206
    uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
    uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2071206
    mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
    uURLSearchHooks: SearchSettings Class: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\search settings\kb127\SearchSettings.dll
    mURLSearchHooks: SearchSettings Class: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\search settings\kb127\SearchSettings.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
    BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky anti-virus 2009\ievkbd.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office ultimate 2007\office12\GrooveShellExtensions.dll
    BHO: Updater For My.Freeze.com Toolbar: {c26cd490-5f01-41e3-b150-eb29f19da056} - c:\program files\myfreezetoolbar\auxi\myfreezetoolbAu.dll
    BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: SearchSettings Class: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\search settings\kb127\SearchSettings.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll
    TB: {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No File
    uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
    uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
    uRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe"
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
    mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
    mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
    mRun: [KADxMain] c:\windows\system32\KADxMain.exe
    mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
    mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
    mRun: [<NO NAME>]
    mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
    mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe"
    mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
    mRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
    mRun: [Lexmark X6100 Series] "c:\program files\lexmark x6100 series\lxbfbmgr.exe"
    mRun: [GrooveMonitor] "c:\program files\microsoft office ultimate 2007\office12\GrooveMonitor.exe"
    mRun: [SearchSettings] c:\program files\search settings\SearchSettings.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 2009\avp.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [Aliqoruzifuloruz] rundll32.exe "c:\windows\iqacejoxodokake.dll",Startup
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
    IE: &Download All with FlashGet - c:\program files\flashget\jc_all.htm
    IE: &Download with &DAP - c:\program files\download accelerator\dapextie.htm
    IE: &Download with FlashGet - c:\program files\flashget\jc_link.htm
    IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZQfox000
    IE: Download &all with DAP - c:\program files\download accelerator\dapextie2.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\mi8a79~1\office12\EXCEL.EXE/3000
    IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
    IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky anti-virus 2009\SCIEPlgn.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi8a79~1\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi8a79~1\office12\REFIEBAR.DLL
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
    DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
    DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1203691876593
    DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office ultimate 2007\office12\GrooveSystemServices.dll
    Name-Space Handler: FTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} -
    Name-Space Handler: HTTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} -
    Notify: igfxcui - igfxdev.dll
    Notify: klogon - c:\windows\system32\klogon.dll
    Notify: WBSrv - c:\program files\windowblinds\wbsrv.dll
    AppInit_DLLs: c:\progra~1\google\google~2\goec62~1.dll,wbsys.dll c:\progra~1\google\google~2\goec62~1.dll,c:\progra~1\kasper~2\kasper~1\mzvkbd3.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office ultimate 2007\office12\GrooveShellExtensions.dll
    LSA: Notification Packages = scecli w4SPALOD.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\admin\applic~1\mozilla\firefox\profiles\o7jxw9r4.default\
    FF - prefs.js: browser.search.selectedEngine - YouTube
    FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
    FF - prefs.js: keyword.URL - hxxp://www.greatsearchnow.com/greatsearch.aspx?category=web&Toolbar_Id={45F61C87-7817-54E7-1991-103585E876C6}&query=
    FF - plugin: c:\program files\mozilla firefox\plugins\npCopysafe35.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: XULRunner: {1ABF3D76-9DB2-4398-BB88-2634FEEB8773} - c:\documents and settings\admin\local settings\application data\{1ABF3D76-9DB2-4398-BB88-2634FEEB8773}
    FF - HiddenExtension: XULRunner: {217AA5CC-85F1-484F-94E2-C10A0D57A28A} - c:\documents and settings\networkservice\local settings\application data\{217aa5cc-85f1-484f-94e2-c10a0d57a28a}\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

    ============= SERVICES / DRIVERS ===============

    R0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2008-7-21 121872]
    R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-1-29 33808]
    R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2009-4-22 226832]
    R2 AVP;Kaspersky Anti-Virus;c:\program files\kaspersky lab\kaspersky anti-virus 2009\avp.exe [2008-11-11 208616]
    R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2009-3-23 192512]
    R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-4-30 24592]
    S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-12-6 29744]

    =============== Created Last 30 ================

    2010-04-09 00:09:57 11264 ----a-w- C:\U.exe
    2010-04-06 02:58:59 1924976 ----a-w- C:\install_flash_player.exe
    2010-04-04 18:57:54 0 d-----w- C:\video_output
    2010-04-04 18:51:46 28672 ----a-w- c:\windows\system32\AVEQT.dll
    2010-04-04 18:51:46 258048 ----a-w- c:\windows\system32\GplMpgDec.ax
    2010-04-04 18:51:46 129024 ----a-w- c:\windows\system32\AVERM.dll
    2010-04-04 18:51:44 0 d-----w- c:\program files\Allok 3GP PSP MP4 iPod Video Converter
    2010-04-04 08:37:47 120 ----a-w- c:\windows\Isominubesid.dat
    2010-04-04 08:37:47 0 ----a-w- c:\windows\Dpocewus.bin
    2010-04-04 08:34:49 31916 ----a-w- c:\windows\system32\drivers\svchost.exe

    ==================== Find3M ====================

    2010-04-11 20:58:57 802848 --sha-w- c:\windows\system32\drivers\fidbox2.dat
    2010-04-11 20:58:57 3824 --sha-w- c:\windows\system32\drivers\fidbox2.idx
    2010-04-11 20:58:57 3057184 --sha-w- c:\windows\system32\drivers\fidbox.dat
    2010-04-11 20:58:57 24964 --sha-w- c:\windows\system32\drivers\fidbox.idx
    2010-04-06 05:03:14 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
    2010-01-21 16:03:36 69036 ---ha-w- c:\windows\system32\mlfcache.dat
    2007-12-27 21:52:10 3743542 ----a-w- c:\program files\daemon_20tools_204[1].9.rar
    2007-12-25 01:37:36 287240 ----a-w- c:\program files\DirectX10.exe
    2007-12-25 01:22:09 707624 ----a-w- c:\program files\WindowsXP-KB936357-v2-x86-ENU.exe
    2008-10-07 17:46:17 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008100720081008\index.dat

    ============= FINISH: 22:44:16.45 ===============


    ZIP'd "attach.txt":

    file://localhost/C:/Documents%20and%20Settings/Admin/Desktop/DDSattach.zip
     
  6. russelb923

    russelb923 Thread Starter

    Joined:
    Apr 7, 2010
    Messages:
    55
  7. russelb923

    russelb923 Thread Starter

    Joined:
    Apr 7, 2010
    Messages:
    55
    unless you wanted me to just post the contents of attach.txt here i can.. but the program told me to zip the file first and then post it on the forums. whats the reason for that?
     
  8. russelb923

    russelb923 Thread Starter

    Joined:
    Apr 7, 2010
    Messages:
    55
    the gmer scan has been running for over 3 hours now idk if thats normal or not. also took many manual reboots to finally get the scan past scanning the system files as it froze up everytime before that. im using a different computer now as i dont want to interrupt the scan but just thought i should mention the screen went into screen saver mode many random times and also went black without any responsiveness of the touchpad for a while until i brought up task manager. dont know if those are bad signs or not as i just want to keep you informed. thank you though for replying and helping me
     
  9. russelb923

    russelb923 Thread Starter

    Joined:
    Apr 7, 2010
    Messages:
    55
    GMER scan will not complete.. either the screen just goes out and i have to reboot, or it freezes up. it was scanning a folder "C:/classes/CLSID/(random number sequences)" for a long time and seemed as if it were just repeating scan of that folder over and over. sorry for the many posts just trying to keep you updated i know these things take a while to research. if theres anything other than GMER we could use let me know what i can do. thanks!
     
  10. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    Hi,

    try unchecking the box beside "files" as well...

    try running it in safe mode....

    make sure your security programs are disabled and all other programs closed.
     
  11. russelb923

    russelb923 Thread Starter

    Joined:
    Apr 7, 2010
    Messages:
    55
    ok so i have unchecked:
    sections
    IAT/EAT
    files
    show all


    ill report back with results soon
     
  12. russelb923

    russelb923 Thread Starter

    Joined:
    Apr 7, 2010
    Messages:
    55
    well seems as though the scan finished but GMER froze up when i tried to save the log. i can try the scan again if you'd like, it didnt take much time this time around. thanks
     
  13. russelb923

    russelb923 Thread Starter

    Joined:
    Apr 7, 2010
    Messages:
    55
    i wil try running in safemode, forgot to try that. sorry lol
     
  14. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    If you haven't re-run it already leave the "sections" checked
     
  15. russelb923

    russelb923 Thread Starter

    Joined:
    Apr 7, 2010
    Messages:
    55
    well the scan does run in safe mode but unfortunately since it has poor screen resolution in safe mode it cuts off the "copy" and "save.." buttons but yet leaves the "ok" and "cancel" buttons visible. so i had no way of saving it even dragging the window up didnt help. any other ideas..?
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/915468

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice