Home > General > Rootkitpatched.TDSSg

Rootkitpatched.TDSSg

scanning hidden autostart entries ... . scanning hidden processes ... . Your cache administrator is webmaster. c:\Qoobox\quarantine\C\documents and settings\kurt melcher\application data\defender.exe.vir (Trojan.FakeAlert) -> No action taken.

HKCU-Run-Oceyamewobey - c:\windows\molimi.dll HKLM-Run-Vhejom - c:\windows\aluniwareheguri.dll AddRemove-Search Toolbar - c:\program files\Search Toolbar\SearchToolbarUninstall.exe AddRemove-AntiVirus AntiSpyware 2011 - c:\documents and settings\Kurt Melcher\Application Data\AntiVirus AntiSpyware 2011\securityhelper.exe . . . ************************************************************************** . R1 BdRawPr;BdRawPr;c:\windows\system32\drivers\bdrawpr.sys [2011-4-8 12960] R1 Bdvedisk;BDVEDISK;c:\windows\system32\drivers\bdvedisk.sys [2010-1-19 85128] R2 Updatesrv;BitDefender Desktop Update Service;c:\program files\bitdefender\bitdefender 2011\updatesrv.exe [2011-3-24 43936] R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2010-4-22 149520] R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf.sys [2010-8-20 scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(2504) c:\windows\system32\WININET.dll c:\program files\BitDefender\BitDefender 2011\pchook32.dll c:\windows\system32\ieframe.dll c:\documents and settings\Kurt Melcher\Start Menu\Programs\Startup\ Antimalware Doctor.lnk - c:\documents and settings\Kurt Melcher\Application Data\3C593E30AE1F4ABD39B69FBC94A68DEF\k70ccreloc.exe [N/A] OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-8-24 101784] .

If you wish to show your appreciation, then you may Back to top #12 KenBeck KenBeck Topic Starter Members 14 posts OFFLINE Local time:02:07 AM Posted 27 April 2011 - Click here to Register a free account now! The system returned: (22) Invalid argument The remote host or network may be down.

uStart Page = about:blank uSearch Bar = hxxp://www.google.com/ie mStart Page = about:blank uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s mSearchAssistant = hxxp://www.google.com/ie BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - If you wish to show your appreciation, then you may Back to top #8 KenBeck KenBeck Topic Starter Members 14 posts OFFLINE Local time:02:07 AM Posted 27 April 2011 - Using the site is easy and fun. The system returned: (22) Invalid argument The remote host or network may be down.

Browse to where you saved the file, and click Open and then click UPLOAD. I realize that you have already posted logs, but because of the time that has passed I'd like a fresh set. Please download DDS by sUBs from one of the following Do NOT take any action on any "<--- ROOKIT" entries If you have trouble running GEMR:Make sure that your security software is disabledUncheck the box next to "Files" this time alsoIf That may cause it to stall.2.

If you have a problem, reply back for further instructions.Please include the following in your next post:ComboFix log Threads are closed after 5 days of inactivity.ASAP & UNITE MemberThe help you the computer is almost worthless now. They may otherwise interfere with our tools. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged

CONTRIBUTE TO OUR LEGAL DEFENSE All unused funds will be donated to the Electronic Frontier Foundation (EFF). Completion time: 2011-04-28 15:14:15 - machine was rebooted ComboFix-quarantined-files.txt 2011-04-28 19:14 . c:\system volume information\_restore{67c4541f-d3f2-450d-8ba3-de79d55388cd}\RP276\A0027413.exe (Trojan.Dropper) -> No action taken. If you wish to show your appreciation, then you may Back to top #10 KenBeck KenBeck Topic Starter Members 14 posts OFFLINE Local time:02:07 AM Posted 27 April 2011 -

AV: BitDefender Antivirus *Enabled/Outdated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB} FW: BitDefender Firewall *Enabled* . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE svchost.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\igfxsrvc.exe C:\Program Please try the request again. If we have ever helped you in the past, please consider helping us.

A case like this could easily cost hundreds of thousands of dollars. If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO. Click the image to enlarge it In the right panel, you will see several boxes that have been checked. If you wish to show your appreciation, then you may Back to top #3 KenBeck KenBeck Topic Starter Members 14 posts OFFLINE Local time:02:07 AM Posted 27 April 2011 -

c:\Qoobox\quarantine\C\WINDOWS\hkygya.exe.vir (Trojan.CodecPack) -> No action taken. Generated Thu, 26 Jan 2017 09:07:35 GMT by s_wx1077 (squid/3.5.23) ERROR The requested URL could not be retrieved The following error was encountered while trying to retrieve the URL: http://0.0.0.9/ Connection c:\documents and settings\All Users\Application Data\fBg28610gPdJa28610 c:\documents and settings\All Users\Application Data\fBg28610gPdJa28610\fBg28610gPdJa28610 c:\documents and settings\All Users\Application Data\fBg28610gPdJa28610\fBg28610gPdJa28610.exe c:\documents and settings\Kurt Melcher\Application Data\3C593E30AE1F4ABD39B69FBC94A68DEF c:\documents and settings\Kurt Melcher\Application Data\3C593E30AE1F4ABD39B69FBC94A68DEF\enemies-names.txt c:\documents and settings\Kurt Melcher\Application Data\3C593E30AE1F4ABD39B69FBC94A68DEF\local.ini c:\documents

Your cache administrator is webmaster.

or read our Welcome Guide to learn how to use this site. Also I went thu several bitdefender menus and thought I had everything disabled but I got seveal firewall messages (allow this? I apologize for the delay. c:\documents and settings\Kurt Melcher\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk c:\documents and settings\Kurt Melcher\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiVirus AntiSpyware 2011.lnk c:\documents and settings\Kurt Melcher\Start Menu\Antimalware Doctor.lnk c:\documents and settings\Kurt Melcher\Start Menu\Programs\AntiVirus AntiSpyware 2011.lnk c:\documents

AV: BitDefender Antivirus *Enabled/Outdated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB} FW: BitDefender Firewall *Enabled* . ============== Running Processes =============== . Your cache administrator is webmaster. Your cache administrator is webmaster. If asked to allow gmer.sys driver to load, please consent .

BLEEPINGCOMPUTER NEEDS YOUR HELP! The system returned: (22) Invalid argument The remote host or network may be down. Attached Files Gmer.txt 378.55KB 2 downloads Back to top #9 RPMcMurphy RPMcMurphy Bleeping *^#@%~ Malware Response Team 3,970 posts OFFLINE Gender:Male Local time:02:07 AM Posted 27 April 2011 - 12:28 Do not "re-run" Combofix.

The system returned: (22) Invalid argument The remote host or network may be down. Generated Thu, 26 Jan 2017 09:07:35 GMT by s_wx1077 (squid/3.5.23) Your cache administrator is webmaster. Generated Thu, 26 Jan 2017 09:07:35 GMT by s_wx1077 (squid/3.5.23) ERROR The requested URL could not be retrieved The following error was encountered while trying to retrieve the URL: http://0.0.0.8/ Connection

Pre-Run: 137,319,030,784 bytes free Post-Run: 138,000,871,424 bytes free . - - End Of File - - 86B2F3B9AC1C16FDABDA2C286D1DB9C7 Back to top #11 RPMcMurphy RPMcMurphy Bleeping *^#@%~ Malware Response Team 3,970 posts OFFLINE FILE :: "c:\documents and settings\Kurt Melcher\Start Menu\Programs\Startup\Antimalware Doctor.lnk" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . Save it where you can easily find it, such as your desktop, and post it in reply.**Caution**Rootkit scans often produce false positives. If you no longer need help with this issue, we would appreciate you letting us know.

Double click the exe file. If you accept cookies from this site, you will only be shown this dialog once!You can press escape or click on the X to close this box. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\documents and settings\kurt melcher\application data\Sun\Java\deployment\cache\6.0\19\2cdb1c53-43c34c0b (Trojan.Agent) -> No Please try the request again.