Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TR/Vundo.GDQ infection, alsoTR/Dldr.Small.ahzh


  • Please log in to reply
3 replies to this topic

#1 jeff610

jeff610

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:36 AM

Posted 31 December 2008 - 09:37 AM

Background...I have run SDfix but with only temporary results. Getting constant attack which pops up Avira warnings.


DDS (Version 1.1.0) - NTFSx86
Run by Wong Family at 9:22:58.23 on Wed 12/31/2008
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1982.1044 [GMT -5:00]

AV: Norton AntiVirus *On-access scanning enabled* (Outdated)
AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated)
FW: Norton AntiVirus *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\ANYCOM\Bluetooth-USB\bin\btwdins.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\acs.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Autodesk\Data Management Server 2009\Server\Webserver\Connectivity.EDMWS.Server.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\National Instruments\NI-DAQ\HWConfig\nidevmon.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\lkads.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Belkin\PCI F5D7000\Wireless Utility\Belkinwcui.exe
C:\Program Files\National Instruments\MAX\nimxs.exe
C:\WINDOWS\system32\nipalsm.exe
C:\Program Files\ANYCOM\Bluetooth-USB\BTTray.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\PSIService.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
C:\WINDOWS\system32\nipalsm.exe
C:\Program Files\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Documents and Settings\Wong Family\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://yahoo.sbc.com/dsl
uSearch Page = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
uSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
mDefault_Page_URL = hxxp://global.acer.com
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://www.ntius.com/faqs.htm
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn1\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn1\yt.dll
BHO: NoExplorer - No File
BHO: {1ac1ca78-1e29-4df4-990a-0f9ed1f3a1a1} - c:\windows\system32\tuvutULc.dll
BHO: {1CA098DC-433B-4FAA-A9DF-262FE87A66C8} - No File
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - No File
BHO: {71e30959-6259-4334-94b5-b68f356897ec} - c:\windows\system32\ljJYrRjJ.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {8a7a6706-d542-4757-994e-3ab6d096ebc4} - No File
BHO: {4a3de02a-00e9-95ba-afb4-35daaa976099}: {990679aa-ad53-4bfa-ab59-9e00a20ed3a4} - c:\windows\system32\yedrgz.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: {c2cb037f-7cac-4186-acac-7de791652eb9} - No File
BHO: Neopets: {cd292324-974f-4224-d074-caca427aa030} - c:\progra~1\neopets\toolbar\Toolbar.dll
BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn1\yt.dll
TB: Neopets: {cd292324-974f-4224-d074-caca427aa030} - c:\progra~1\neopets\toolbar\Toolbar.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AIM] c:\program files\aim\aim.exe -cnetwait.odl
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [prunnet] "c:\windows\system32\prunnet.exe"
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [LaunchApp] Alaunch
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [ntiMUI] c:\program files\newtech infosystems\nti cd & dvd-maker 7\ntiMUI.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [SMSERIAL] sm56hlpr.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [BJCFD] c:\program files\broadjump\client foundation\CFD.exe
mRun: [YBrowser] c:\progra~1\yahoo!\browser\ybrwicon.exe
mRun: [Motive SmartBridge] c:\progra~1\sbcsel~1\smartb~1\MotiveSB.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\program files\norton antivirus\osCheck.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [niDevMon] c:\program files\national instruments\ni-daq\hwconfig\nidevmon.exe
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [<NO NAME>]
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\at&tse~1.lnk - c:\program files\sbc self support tool\bin\matcli.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\belkin~1.lnk - c:\program files\belkin\pci f5d7000\wireless utility\Belkinwcui.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\anycom\bluetooth-usb\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodaks~1.lnk - c:\program files\kodak\kodak software updater\7288971\program\Kodak Software Updater.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ymetray.lnk - c:\program files\yahoo!\yahoo! music jukebox\ymetray.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\anycom\bluetooth-usb\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\anycom\bluetooth-usb\btsendto_ie.htm
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\anycom\bluetooth-usb\btsendto_ie.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: turbotax.com
AppInit_DLLs: yedrgz.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\tuvutULc

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\wongfa~1\applic~1\mozilla\firefox\profiles\ftga4qss.default\
FF - prefs.js: browser.startup.homepage - cnn.com
FF - plugin: c:\program files\mozilla firefox\plugins\NPLV80Win32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPLV82Win32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nplv85win32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nplv86win32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\yahoo!\shared\npYState.dll

============= SERVICES / DRIVERS ===============

R0 nipbcfk;National Instruments Class Upper Filter Driver;c:\windows\system32\drivers\nipbcfk.sys [2007-7-10 15448]
R1 avgio;avgio;\??\c:\program files\avira\antivir personaledition classic\avgio.sys [2008-12-25 11840]
R2 aawservice;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" [2008-5-12 611664]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler;"c:\program files\avira\antivir personaledition classic\sched.exe" [2008-12-25 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard;"c:\program files\avira\antivir personaledition classic\avguard.exe" [2008-12-25 151297]
R2 ccSetMgr;Symantec Settings Manager;"c:\program files\common files\symantec shared\ccSvcHst.exe" /h ccCommon [2007-8-25 149864]
R2 LiveUpdate Notice;LiveUpdate Notice;"c:\program files\common files\symantec shared\ccSvcHst.exe" /h ccCommon [2007-8-25 149864]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 ni488enumsvc;NI-488.2 Enumeration Service;c:\windows\system32\nipalsm.exe [2007-2-16 12696]
R2 nidevldu;NI Device Loader;c:\windows\system32\nipalsm.exe [2007-2-16 12696]
R2 niLXIDiscovery;National Instruments LXI Discovery Service;"c:\program files\ivi foundation\visa\winnt\nivisa\niLxiDiscovery.exe" [2008-6-20 129144]
R2 nimDNSResponder;National Instruments mDNS Responder Service;"c:\program files\national instruments\shared\mdns responder\nimdnsResponder.exe" [2008-6-18 192112]
R2 nipxirmk;nipxirmk;\??\c:\windows\system32\drivers\nipxirmkl.sys [2008-6-24 11344]
R2 NiViPxiK;NI-VISA PXI Driver;c:\windows\system32\drivers\NiViPxiKl.sys [2008-6-20 11360]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\viewpoint\common\ViewpointService.exe" [2007-2-28 24652]
R3 avgntflt;avgntflt;\??\c:\program files\avira\antivir personaledition classic\avgntflt.sys [2008-12-25 52032]
R3 BLKWGD;Belkin Wireless G Desktop Card Service;c:\windows\system32\drivers\BLKWGD.sys [2008-6-22 463872]
R3 ccEvtMgr;Symantec Event Manager;"c:\program files\common files\symantec shared\ccSvcHst.exe" /h ccCommon [2007-8-25 149864]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2008-9-2 99376]
R3 NAVENG;NAVENG;\??\c:\progra~1\common~1\symant~1\virusd~1\20081113.004\NAVENG.SYS [2008-11-13 89104]
R3 NAVEX15;NAVEX15;\??\c:\progra~1\common~1\symant~1\virusd~1\20081113.004\NAVEX15.SYS [2008-11-13 876112]
R3 nidimk;nidimk;\??\c:\windows\system32\drivers\nidimkl.sys [2008-6-13 11360]
R3 nimru2k;nimru2k;\??\c:\windows\system32\drivers\nimru2kl.sys [2008-6-13 11360]
R3 nimstsk;nimstsk;\??\c:\windows\system32\drivers\nimstskl.sys [2008-7-23 11360]
R3 nixsrk;nixsrk;\??\c:\windows\system32\drivers\nixsrkl.sys [2008-7-31 11336]
R3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2007-11-14 1251720]
R3 wlanndi5;wlanndi5 NDIS Protocol Driver;\??\c:\windows\system32\wlanndi5.SYS [2004-4-21 16384]
S3 COH_Mon;COH_Mon;\??\c:\windows\system32\drivers\COH_Mon.sys [2007-5-29 23888]
S3 lvalarmk;lvalarmk;\??\c:\windows\system32\drivers\lvalarmk.sys [2008-6-23 20104]
S3 ni1006k;NI PXI-1006 Chassis Pilot;\??\c:\windows\system32\drivers\ni1006k.sys [2008-6-25 26192]
S3 ni1045k;NI PXI-1045 Chassis Pilot;\??\c:\windows\system32\drivers\ni1045kl.sys [2008-6-25 11344]
S3 ni1065k;NI PXIe-1065 Chassis Pilot;\??\c:\windows\system32\drivers\ni1065k.sys [2008-6-25 22608]
S3 ni488lock;NI-488.2 Locking Service;\??\c:\windows\system32\drivers\ni488lock.sys [2007-2-26 16672]
S3 nicdrk;nicdrk;\??\c:\windows\system32\drivers\nicdrkl.sys [2008-7-24 11352]
S3 nicsrk;nicsrk;\??\c:\windows\system32\drivers\nicsrkl.sys [2008-7-31 11336]
S3 nidmxfk;nidmxfk;\??\c:\windows\system32\drivers\nidmxfkl.sys [2008-8-1 11336]
S3 nidsark;nidsark;\??\c:\windows\system32\drivers\nidsarkl.sys [2008-7-25 11344]
S3 niemrk;niemrk;\??\c:\windows\system32\drivers\niemrkl.sys [2008-7-31 11336]
S3 niesrk;niesrk;\??\c:\windows\system32\drivers\niesrkl.sys [2008-7-31 11336]
S3 nifslk;nifslk;\??\c:\windows\system32\drivers\nifslkl.sys [2008-7-29 11352]
S3 nimsdrk;nimsdrk;\??\c:\windows\system32\drivers\nimsdrkl.sys [2008-7-23 11392]
S3 nimslk;nimslk;\??\c:\windows\system32\drivers\nimslk.dll [2007-4-4 14464]
S3 nimsrlk;nimsrlk;\??\c:\windows\system32\drivers\nimsrlk.dll [2007-4-4 151683]
S3 nimxpk;nimxpk;\??\c:\windows\system32\drivers\nimxpkl.sys [2008-7-23 11368]
S3 ninshsdk;ninshsdk;\??\c:\windows\system32\drivers\ninshsdkl.sys [2008-7-30 11360]
S3 nipalfwedl;nipalfwedl;c:\windows\system32\drivers\nipalfwedl.sys [2008-6-13 11904]
S3 nipalusbedl;nipalusbedl;c:\windows\system32\drivers\nipalusbedl.sys [2008-6-13 11896]
S3 nipxigpk;NI PXI Generic Chassis Pilot;\??\c:\windows\system32\drivers\nipxigpk.sys [2008-6-24 20568]
S3 niscdk;niscdk;\??\c:\windows\system32\drivers\niscdkl.sys [2008-7-30 11376]
S3 nisdigk;nisdigk;\??\c:\windows\system32\drivers\nisdigkl.sys [2008-8-7 11352]
S3 nisftk;nisftk;\??\c:\windows\system32\drivers\nisftkl.sys [2008-7-30 11344]
S3 nispdk;nispdk;\??\c:\windows\system32\drivers\nispdkl.sys [2008-7-30 11376]
S3 nissrk;nissrk;\??\c:\windows\system32\drivers\nissrkl.sys [2008-7-31 11336]
S3 nistc2k;nistc2k;\??\c:\windows\system32\drivers\nistc2kl.sys [2008-7-25 11312]
S3 nistcrk;nistcrk;\??\c:\windows\system32\drivers\nistcrkl.sys [2008-7-25 11360]
S3 niswdk;niswdk;\??\c:\windows\system32\drivers\niswdkl.sys [2008-7-28 11336]
S3 nitiork;nitiork;\??\c:\windows\system32\drivers\nitiorkl.sys [2008-7-24 11360]
S3 niufurk;niufurk;\??\c:\windows\system32\drivers\niufurkl.sys [2008-7-31 11368]
S3 NiViFWK;NI-VISA FireWire Driver;c:\windows\system32\drivers\NiViFWKl.sys [2008-6-20 11384]
S3 NiViPciK;NI-VISA PCI Driver;c:\windows\system32\drivers\NiViPciKl.sys [2008-6-20 11360]
S3 niwfrk;niwfrk;\??\c:\windows\system32\drivers\niwfrkl.sys [2008-7-31 11336]
S3 usb6xxxk;usb6xxxk;\??\c:\windows\system32\drivers\usb6xxxkl.sys []
S3 USBTINSP;TI-Nspire™ Handheld Device Driver;c:\windows\system32\drivers\tinspusb.sys [2008-1-26 119808]

=============== Created Last 30 ================

2008-12-30 10:37 102,912 a------- c:\windows\system32\yedrgz.dll
2008-12-30 10:37 102,912 a------- c:\windows\system32\nadwghoi.dll
2008-12-30 10:31 1,307,934 a--sh--- c:\windows\system32\ydeptvek.ini
2008-12-29 10:21 103,936 a------- c:\windows\system32\lyxhun.dll
2008-12-29 10:21 103,936 a------- c:\windows\system32\yjdxlksk.dll
2008-12-29 10:18 1,307,934 a--sh--- c:\windows\system32\faoonxpn.ini
2008-12-28 22:04 <DIR> --d----- C:\My PSP Files
2008-12-28 10:08 1,309,556 a--sh--- c:\windows\system32\vghntqkv.ini
2008-12-28 10:05 103,936 a------- c:\windows\system32\tctpjg.dll
2008-12-28 10:05 103,936 a------- c:\windows\system32\axvubejy.dll
2008-12-27 10:04 1,308,269 a--sh--- c:\windows\system32\qxmqnper.ini
2008-12-27 09:58 103,936 a------- c:\windows\system32\jawfwt.dll
2008-12-27 09:58 103,936 a------- c:\windows\system32\gdgarddt.dll
2008-12-26 22:57 1,299,082 a--sh--- c:\windows\system32\lixtlhih.ini
2008-12-26 22:54 103,424 a------- c:\windows\system32\delqyk.dll
2008-12-26 22:54 103,424 a------- c:\windows\system32\prfywjux.dll
2008-12-26 09:29 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-25 23:30 <DIR> --d----- c:\windows\ERUNT
2008-12-25 23:26 <DIR> --d----- c:\windows\pss
2008-12-25 23:25 <DIR> --d----- C:\SDFix
2008-12-25 22:55 1,745,930 a--sh--- c:\windows\system32\aymtheul.ini
2008-12-25 22:55 68,096 a------- c:\windows\system32\luehtmya.dll
2008-12-25 22:52 103,424 a------- c:\windows\system32\otzzvt.dll
2008-12-25 22:52 103,424 a------- c:\windows\system32\nbyffglb.dll
2008-12-25 22:46 752,400 a--sh--- c:\windows\system32\cLUtuvut.ini2
2008-12-25 22:46 0 a--sh--- c:\windows\system32\cLUtuvut.ini
2008-12-25 22:46 236,032 a------- c:\windows\system32\tuvutULc.dll
2008-12-25 22:45 45,056 a------- c:\windows\system32\yayaYsro.dll
2008-12-25 21:53 <DIR> --d----- c:\program files\Avira
2008-12-25 21:53 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2008-12-25 21:00 134,656 a------- c:\windows\system32\kzwcbw.VIR
2008-12-25 21:00 134,656 a------- c:\windows\system32\wdvpymbi.dll
2008-12-25 20:57 52,224 a------- c:\windows\system32\fccyvsPh.dll
2008-12-25 20:57 1,661,209 a--sh--- c:\windows\system32\jbksnhxw.ini
2008-12-25 20:57 85,504 a------- c:\windows\system32\wxhnskbj.VIR
2008-12-25 20:54 920,981 a--sh--- c:\windows\system32\JjRrYJjl.ini2
2008-12-25 20:54 920,981 a--sh--- c:\windows\system32\JjRrYJjl.ini
2008-12-25 20:54 294,400 a------- c:\windows\system32\ljJYrRjJ.VIR
2008-12-18 16:04 <DIR> --d----- c:\docume~1\alluse~1\applic~1\acccore
2008-12-14 20:38 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Musicnotes

==================== Find3M ====================

2020-12-17 16:15 2,672 a--sh--- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
2020-12-17 16:14 88 ---shr-- c:\docume~1\alluse~1\applic~1\2E50606D93.sys
2008-12-28 20:21 1,682 a--sh--- c:\windows\system32\KGyGaAvL.sys
2008-12-12 12:27 3,067,392 a------- c:\windows\system32\dllcache\mshtml.dll
2008-10-24 06:10 453,632 a------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 08:01 283,648 a------- c:\windows\system32\gdi32.dll
2008-10-23 08:01 283,648 a------- c:\windows\system32\dllcache\gdi32.dll
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-10-15 11:57 332,800 a------- c:\windows\system32\dllcache\netapi32.dll
2008-10-15 09:18 18,432 a------- c:\windows\system32\dllcache\iedw.exe
2008-10-03 05:15 247,326 a------- c:\windows\system32\strmdll.dll
2008-10-03 05:15 247,326 a------- c:\windows\system32\dllcache\strmdll.dll

============= FINISH: 9:25:55.60 ===============

Attached Files


Edited by jeff610, 31 December 2008 - 02:40 PM.


BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:02:36 PM

Posted 05 January 2009 - 03:20 AM

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DO NOT mouseclick combofix's window while its running. That may cause it to stall

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 jeff610

jeff610
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:36 AM

Posted 11 January 2009 - 10:10 AM

Thank you for the reply. Sorry for the delayed response. I am out of town frequently. Will be able to run your instructions later today.

#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:02:36 PM

Posted 12 January 2009 - 01:56 AM

Will wait for the logs :thumbsup:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users