BleepingComputer.com: Unknown virus; weird symptoms

Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Forum Guidelines

Posted Image Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Posted Image Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.


Posted Image DO NOT RUN ComboFix unless requested to.


Posted Image Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


Posted Image When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Posted Image Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

Unknown virus; weird symptoms Don't have a clue what's going on.

#1 User is offline   JGagne 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 24
  • Joined: 03-July 09

Posted 07 July 2009 - 09:32 AM

Received assistance here: http://www.bleepingcomputer.com/forums/topic238543.html after the log here was posted. Said topic is now closed. ~ OB

Hello all, I have some sort of virus or something on my laptop running Vista, and have no clue what it is or how to get it off my computer. Many antivirus programs I run seem to freeze at a specific file: C:\Windows\System32\Config\Software. Notably Malware Bytes, Software Doctor, BitDefender. I've had the virus since July 2nd, and I got it from downloading a malicious file. As for symptoms, here's what I'm seeing:
- some slowdowns (some minor, some more important)
- computer freezes every once in a while; only way to fix = manually turn off laptop
- can't uninstall programs in Control Panel (there's no Uninstall button beside the program list
- can't burn files to a DVD (I try formatting dvd using Windows, but nothing happens)
- google often redirects me to a wrong site when I search for something
- explorer.exe kept crashing, but I fixed that a while ago
- a folder C:\RECYCLER\ was created by the virus, but I can't find it :S
- i've had about 2 BSOD; last one was caused by WinFl32.sys
- that's all i can think of for now, but their might be an extra symptom or 2..

Now for the DDS.txt log:

DDS (Ver_09-06-26.01) - NTFSx86
Run by User at 17:35:33.26 on 06/07/2009
Internet Explorer: 8.0.6001.18783 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6001.1.1252.2.1033.18.2813.1635 [GMT -4:00]

AV: BitDefender Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
SP: BitDefender Antispyware *enabled* (Updated) {8B2012EC-32D4-494F-BC03-832DB3BDF911}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k NetworkService
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Windows\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Program Files\Spyware Doctor\pctsGui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\User\Desktop\dds.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2009\IEToolbar.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [OnScreenDisplay] c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [SpeedBitVideoAccelerator] "c:\program files\speedbit video accelerator\VideoAccelerator.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2009\bdagent.exe"
mRun: [BitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2009\IEShow.exe"
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
AppInit_DLLs: avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\4a4ha8ci.default\
FF - component: c:\program files\mozilla firefox\components\FFComm.dll
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - component: c:\users\user\appdata\roaming\mozilla\firefox\profiles\4a4ha8ci.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}\components\nstidy.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R0 Amddfltr;Amd Disk Lower Filter Driver;c:\windows\system32\drivers\Amddfltr.sys [2008-7-28 15416]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-7-5 130936]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-9 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-9 108552]
R1 hwinterface;hwinterface;c:\windows\system32\drivers\hwinterface.sys [2009-5-26 3026]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-5-15 176128]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-6-29 906520]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-6-29 298776]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-9-18 111112]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-5-27 193840]
R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2008-1-23 52736]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\Arrakis3.exe [2009-1-20 172032]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
S4 AESTFilters;AESTFilters;c:\windows\system32\driverstore\filerepository\stwrt.inf_f691e717\AEstSrv.exe [2008-7-28 73728]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]

=============== Created Last 30 ================

2009-07-06 16:53 691 a------- c:\users\user\appdata\roaming\GetValue.vbs
2009-07-06 16:53 35 a------- c:\users\user\appdata\roaming\SetValue.bat
2009-07-06 15:46 5,450 a------- c:\windows\system32\tmp.reg
2009-07-05 23:02 121 a------- c:\windows\bdagent.INI
2009-07-05 13:32 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-07-05 13:31 130,936 a------- c:\windows\system32\drivers\PCTCore.sys
2009-07-05 13:31 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-07-05 13:31 <DIR> --d----- c:\program files\common files\PC Tools
2009-07-05 13:31 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-07-05 13:31 <DIR> --d----- c:\programdata\PC Tools
2009-07-05 13:31 <DIR> --d----- c:\program files\Spyware Doctor
2009-07-05 13:31 <DIR> --d----- c:\progra~2\PC Tools
2009-07-05 12:58 <DIR> --d----- c:\programdata\Kaspersky Lab Setup Files
2009-07-05 12:58 <DIR> --d----- c:\progra~2\Kaspersky Lab Setup Files
2009-07-05 09:18 <DIR> --d----- c:\program files\RegSpy
2009-07-04 17:17 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-04 17:17 <DIR> --d----- c:\programdata\Malwarebytes
2009-07-04 17:17 <DIR> --d----- c:\progra~2\Malwarebytes
2009-07-04 17:17 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-04 17:17 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-04 08:50 <DIR> --d----- C:\DVDVideoSoft
2009-07-03 17:25 81,984 a------- c:\windows\system32\bdod.bin
2009-07-03 17:17 850 a------- c:\windows\system32\ProductTweaks.xml
2009-07-03 17:17 385 a------- c:\windows\system32\user_gensett.xml
2009-07-03 17:10 <DIR> --d----- c:\users\user\appdata\roaming\BitDefender
2009-07-03 17:09 <DIR> --d----- c:\programdata\BitDefender
2009-07-03 17:09 <DIR> --d----- c:\program files\BitDefender
2009-07-03 17:09 <DIR> --d----- c:\progra~2\BitDefender
2009-07-03 17:08 <DIR> --d----- c:\program files\common files\BitDefender
2009-07-03 15:37 2,927,104 a------- c:\windows\WinExplore.exe
2009-07-03 15:13 <DIR> --d----- C:\VundoFix Backups
2009-07-03 12:31 <DIR> --d----- C:\New Folder
2009-07-03 10:18 <DIR> --d----- C:\HijackThis
2009-07-02 23:03 <DIR> --d----- c:\program files\Trend Micro
2009-07-02 22:42 <DIR> --d----- c:\program files\CleanUp!
2009-07-02 22:15 <DIR> --d----- c:\users\user\appdata\roaming\Uniblue
2009-07-02 22:11 <DIR> --d----- c:\programdata\SecTaskMan
2009-07-02 22:11 <DIR> --d----- c:\progra~2\SecTaskMan
2009-07-02 22:11 <DIR> --d----- c:\program files\Security Task Manager
2009-07-02 15:22 <DIR> --d----- c:\program files\Pure Networks
2009-07-02 15:21 <DIR> --d----- c:\programdata\webex
2009-07-02 15:21 <DIR> --d----- c:\progra~2\webex
2009-07-02 15:19 24,880 a------- c:\windows\system32\drivers\pnarp.sys
2009-07-02 15:19 26,416 a------- c:\windows\system32\drivers\purendis.sys
2009-07-02 15:17 <DIR> --d----- c:\programdata\Pure Networks
2009-07-02 15:17 <DIR> --d----- c:\progra~2\Pure Networks
2009-07-02 13:17 1,638,912 a------- c:\windows\system32\mshtml.tlb
2009-07-02 13:17 71,680 a------- c:\windows\system32\iesetup.dll
2009-07-02 13:17 915,456 a------- c:\windows\system32\wininet.dll
2009-07-02 13:17 1,469,440 a------- c:\windows\system32\inetcpl.cpl
2009-07-02 12:03 1,753,088 a------- c:\windows\system32\ExGrid.dll
2009-07-02 12:03 <DIR> --d----- c:\program files\common files\eSellerate
2009-07-02 12:03 <DIR> --d----- c:\program files\AnswersThatWork
2009-06-30 23:54 102,400 a------- c:\windows\system32\tsccvid.dll
2009-06-29 22:26 <DIR> --d----- c:\program files\DivX
2009-06-29 16:50 <DIR> --d----- c:\program files\New Folder
2009-06-29 08:37 <DIR> --d----- c:\programdata\AVG Security Toolbar
2009-06-29 08:37 <DIR> --d----- c:\progra~2\AVG Security Toolbar
2009-06-27 23:49 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-06-27 23:47 <DIR> --dsh--- c:\windows\ftpcache
2009-06-27 22:30 <DIR> --d----- c:\windows\system32\URTTEMP
2009-06-27 22:28 22,328 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-06-27 22:28 22,328 a------- c:\users\user\appdata\roaming\PnkBstrK.sys
2009-06-27 22:28 103,736 a------- c:\windows\system32\PnkBstrB.exe
2009-06-27 22:28 669,184 a------- c:\windows\system32\pbsvc.exe
2009-06-27 22:28 66,872 a------- c:\windows\system32\PnkBstrA.exe
2009-06-27 22:24 <DIR> --d----- c:\programdata\Media Center Programs
2009-06-27 22:24 <DIR> --d----- c:\progra~2\Media Center Programs
2009-06-27 20:50 <DIR> --d----- c:\programdata\DAEMON Tools Lite
2009-06-27 20:50 <DIR> --d----- c:\progra~2\DAEMON Tools Lite
2009-06-27 20:50 <DIR> --d----- c:\program files\DAEMON Tools Toolbar
2009-06-27 20:50 <DIR> --d----- c:\program files\DAEMON Tools Lite
2009-06-27 20:37 116,736 a------- c:\windows\system32\drivers\mcdbus.sys
2009-06-27 20:05 <DIR> --d----- c:\program files\MagicISO
2009-06-26 08:32 <DIR> --d----- c:\programdata\ATI
2009-06-25 00:38 1,196,032 a------- c:\windows\RtkUpd.exe
2009-06-25 00:38 2,172,416 a------- c:\windows\system32\RtkHDMI.dll
2009-06-25 00:38 694,784 a------- c:\windows\system32\RHDMIExt.dll
2009-06-25 00:38 143,328 a------- c:\windows\system32\drivers\RtHDMIV.sys
2009-06-25 00:37 42 a------- c:\windows\system32\DriverChecker.lie
2009-06-25 00:00 <DIR> --d----- C:\ATI
2009-06-24 23:56 <DIR> --d----- c:\program files\PC Drivers HeadQuarters
2009-06-23 10:57 2,297,552 a------- c:\windows\system32\d3dx9_26.dll
2009-06-23 01:58 <DIR> --d----- c:\users\user\appdata\roaming\Autodesk
2009-06-23 01:55 <DIR> --d----- c:\programdata\Big Fish Games
2009-06-23 01:55 <DIR> --d----- c:\progra~2\Big Fish Games
2009-06-23 01:53 <DIR> --d----- c:\programdata\Trymedia
2009-06-23 01:53 <DIR> --d----- c:\progra~2\Trymedia
2009-06-23 01:52 <DIR> --d----- c:\program files\Peggle
2009-06-23 01:51 <DIR> --d----- c:\programdata\FLEXnet
2009-06-23 01:45 <DIR> --d----- c:\program files\common files\Macrovision Shared
2009-06-23 01:43 <DIR> --d----- c:\program files\common files\Autodesk Shared
2009-06-23 01:41 <DIR> --d----- c:\programdata\Autodesk
2009-06-23 01:38 <DIR> --d----- c:\program files\Autodesk
2009-06-23 01:38 509,448 a------- c:\windows\system32\XAudio2_2.dll
2009-06-23 01:38 68,616 a------- c:\windows\system32\XAPOFX1_1.dll
2009-06-23 01:38 238,088 a------- c:\windows\system32\xactengine3_2.dll
2009-06-23 01:38 1,493,528 a------- c:\windows\system32\D3DCompiler_39.dll
2009-06-23 01:38 467,984 a------- c:\windows\system32\d3dx10_39.dll
2009-06-23 01:38 3,851,784 a------- c:\windows\system32\D3DX9_39.dll
2009-06-23 00:51 <DIR> --d----- c:\programdata\PopCap Games
2009-06-23 00:51 <DIR> --d----- c:\program files\PopCap Games
2009-06-23 00:51 <DIR> --d----- c:\progra~2\PopCap Games
2009-06-22 14:42 721,904 a------- c:\windows\system32\drivers\sptd.sys
2009-06-22 14:42 <DIR> --d----- c:\users\user\appdata\roaming\DAEMON Tools Lite
2009-06-21 23:06 <DIR> --d----- C:\C++ Without Fear
2009-06-20 23:34 <DIR> --d----- C:\C++ 3D Buzz
2009-06-14 22:38 428,544 a------- c:\windows\system32\EncDec.dll
2009-06-14 22:38 293,376 a------- c:\windows\system32\psisdecd.dll
2009-06-14 22:38 217,088 a------- c:\windows\system32\psisrndr.ax
2009-06-14 22:38 177,664 a------- c:\windows\system32\mpg2splt.ax
2009-06-14 22:38 80,896 a------- c:\windows\system32\MSNP.ax
2009-06-13 09:35 1,900,184 a------- c:\programdata\shs_setup_4056-345359.exe
2009-06-13 09:35 1,900,184 a------- c:\progra~2\shs_setup_4056-345359.exe
2009-06-12 18:36 <DIR> --d----- c:\programdata\Adobe Systems
2009-06-12 18:28 <DIR> --d----- c:\program files\common files\Adobe Systems Shared
2009-06-09 19:17 2,033,152 a------- c:\windows\system32\win32k.sys
2009-06-09 19:17 636,928 a------- c:\windows\system32\localspl.dll
2009-06-09 19:17 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-06-07 11:32 <DIR> --d----- C:\C#Programs

==================== Find3M ====================

2009-07-04 21:06 8,224 a------- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-07-03 14:22 747,544 a------- c:\windows\system32\perfh00C.dat
2009-07-03 14:22 156,842 a------- c:\windows\system32\perfc00C.dat
2009-07-02 15:20 51,200 a------- c:\windows\inf\infpub.dat
2009-07-02 15:20 143,360 a------- c:\windows\inf\infstrng.dat
2009-07-02 15:20 86,016 a------- c:\windows\inf\infstor.dat
2009-06-29 08:34 327,688 a------- c:\windows\system32\drivers\avgldx86.sys
2009-06-29 08:34 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-06-12 15:37 129,864 a---h--- c:\windows\system32\mlfcache.dat
2009-06-02 11:17 75,776 a------- c:\windows\system32\WS2Fix.exe
2009-05-26 11:50 3,026 a------- c:\windows\system32\drivers\hwinterface.sys
2009-05-24 22:45 17,408 a------- C:\psapi.dll
2009-05-24 22:34 737,280 a------- c:\windows\iun6002.exe
2009-05-16 00:01 4,933,632 a------- c:\windows\system32\drivers\atikmdag.sys
2009-05-15 23:24 442,368 a------- c:\windows\system32\ATIDEMGX.dll
2009-05-15 23:24 335,872 a------- c:\windows\system32\atieclxx.exe
2009-05-15 23:23 176,128 a------- c:\windows\system32\atiesrxx.exe
2009-05-15 23:22 159,744 a------- c:\windows\system32\atitmmxx.dll
2009-05-15 23:22 356,352 a------- c:\windows\system32\atipdlxx.dll
2009-05-15 23:22 278,528 a------- c:\windows\system32\Oemdspif.dll
2009-05-15 23:22 11,776 a------- c:\windows\system32\atimuixx.dll
2009-05-15 23:22 43,520 a------- c:\windows\system32\ati2edxx.dll
2009-05-15 23:19 2,411,008 a------- c:\windows\system32\atidxx32.dll
2009-05-15 23:08 3,064,832 a------- c:\windows\system32\atiumdag.dll
2009-05-15 22:53 2,847,744 a------- c:\windows\system32\atiumdva.dll
2009-05-15 22:42 51,712 a------- c:\windows\system32\atimpc32.dll
2009-05-15 22:42 51,712 a------- c:\windows\system32\amdpcom32.dll
2009-05-15 22:41 172,032 a------- c:\windows\system32\atiadlxx.dll
2009-05-15 22:40 11,376,640 a------- c:\windows\system32\atioglxx.dll
2009-05-15 22:27 53,248 a------- c:\windows\system32\drivers\ati2erec.dll
2009-05-15 22:00 53,248 a------- c:\windows\system32\aticalrt.dll
2009-05-15 22:00 53,248 a------- c:\windows\system32\aticalcl.dll
2009-05-15 21:59 3,174,400 a------- c:\windows\system32\aticaldd.dll
2009-05-10 15:24 34 a------- c:\users\user\jagex_runescape_preferences.dat
2009-05-05 15:33 118,784 a------- c:\windows\system32\atibtmon.exe
2009-04-23 15:04 189,051 a------- c:\windows\system32\atiicdxx.dat
2009-04-14 22:42 2,134,016 a------- c:\windows\system32\python26.dll
2008-08-31 15:54 665,600 a------- c:\windows\inf\drvindex.dat
2008-05-27 21:42 340,236 a------- c:\windows\inf\perflib\040c\perfi.dat
2008-05-27 21:42 340,236 a------- c:\windows\inf\perflib\040c\perfh.dat
2008-05-27 21:42 37,390 a------- c:\windows\inf\perflib\040c\perfd.dat
2008-05-27 21:42 37,390 a------- c:\windows\inf\perflib\040c\perfc.dat
2008-01-20 22:43 174 a--sh--- c:\program files\desktop.ini
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2009-03-22 11:32 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-03-22 11:32 32,768 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-03-22 11:32 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2009-01-03 23:52 1,004 a--sh--- c:\windows\system32\sys_drv.dat

============= FINISH: 17:37:51.08 ===============

Thanks in advance for all help, and I'll try my best to help you help me :thumbup2:

Attached File(s)


This post has been edited by Orange Blossom: 09 July 2009 - 05:40 PM

#2 User is offline   Galadriel 

  • Bleepin Elf
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 2,696
  • Joined: 11-November 04
  • Gender:Female
  • Location:Missouri, USA

Posted 13 July 2009 - 02:00 PM

Hello JGagne,

You have posted a hijackthis log here and you are already receiving assistance.

Please refrain from asking for help from others while you are being instructed by someone helping you with a hijackthis log elsewhere. Any modifications you make can result in system changes which may not show it the log you already posted. Further, following advice outside of that post may cause confusion for the Helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer. If you had posted your log here, similar rules would apply. We would ask that you refrain from asking for help elsewhere.

If you followed any other advice already, please ensure you inform the HJT Helper when they respond to assist you with your log. This will help them know what has been done and they probably will ask for an updated log.

To avoid confusion, I am closing this topic. If you still need assistance after your log has been reviewed and you have been cleared, please start a new topic. If you have any questions, please PM me or another moderator.

Thanks for your cooperation.

Credit to Quietman7 for the above
I cemna prestar aen. Han mathon ne nen. Han mathon ne chae. A han noston ne 'wilith. - Galadriel
'The avatar is changed; I can feel it in the water, I can feel it in the earth, I can smell it in the air.'
Phear teh ceiling cat, for he is roofkittehd! - Basement Cat

I'm a Bleeping Folder, are you? - Join BC in the fight against diseases - Click here
Become a BleepingComputer fan: Facebook

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users