T4.. whatever virus

system · August 15, 2012, 11:12pm

Okay, so i googled one of these 3 urls that were being blocked by avast. It took me to a thread on this forum. I followed what was said to the person whos problems seemed to by exactly like mine. I’m up to the point where i have completed my combo fix, its contents are below. I will continue to run farbar after i post this. Thanks guys. You do some great work.

system · August 15, 2012, 11:14pm

Well, i guess my log is longer than the 10k character max? I’m not sure how to post

system · August 15, 2012, 11:15pm

http://forum.avast.com/index.php?topic=103027.0

This is the thread i was looking off of

Also, for some reason, there is no right click option on the tdsskiller report. I dont know how to copy it to here.

Farbar Service Scanner Version: 06-08-2012
Ran by User (administrator) on 15-08-2012 at 18:20:26
Running from “C:\Documents and Settings\User\My Documents\Downloads”
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal

Internet Services:

Connection Status:

Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:

Firewall Disabled Policy:

System Restore:

System Restore Disabled Policy:

Security Center:

Windows Update:

Windows Autoupdate Disabled Policy:

File Check:

C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:

aswTdi(10) Gpc(4) IPSec(6) irda(3) NetBT(7) PSched(8) Tcpip(5) WSIMD(9)
0x0B0000000600000001000000020000000300000004000000050000000B0000000A000000070000000800000009000000
IpSec Tag value is correct.

**** End of log ****

system · August 15, 2012, 11:30pm

http://forum.avast.com/index.php?topic=53253.0

Please attach OTL, Extras, and aswMBR logs in your next post and essexboy or Jeffce will assist you.

DavidR · August 15, 2012, 11:32pm

Log files can be attached (it is easier) using the Attachments and other options link, see image, click to expand.

Regardless of what might be seen in another topic everything in it is unique, so shouldn’t be followed, follow the instructions in this topic - http://forum.avast.com/index.php?topic=53253.0 for information on Logs to assist in cleaning malware. Use the information about getting and using the tools and attach the logs here, not in the LOGS topic.

system · August 16, 2012, 12:04am

I blue screened and crashed during the mbr scan…

system · August 16, 2012, 12:28am

ran another

DavidR · August 16, 2012, 1:30am

There may be some delay due to differing time zones and availability of the volunteer malware removal specialists.

system · August 16, 2012, 2:20am

hopefully i didnt come of as such a jackass that they ignored me

essexboy · August 16, 2012, 5:25pm

Hi sorry you were missed… Could you attach the combofix log please, also the TDSSKiller log will be at C:\TDSSKiller date time. Also what are your current problems

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF

:OTL DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\fbxxx.sys -- (vfjgwhj) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.