Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

XP Antispyware virus - continued problems after removal


  • This topic is locked This topic is locked
2 replies to this topic

#1 bellerd

bellerd

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 22 January 2009 - 12:52 PM

A couple of months back, our computer became infected with the XP Antispyware virus. I downloaded McAfee through Comcast, and thought I had it fixed. The problem didn't go away, so I downloaded Malwarebytes Anti-Malware and ran it, and everything seemed to be corrected. Shortly after, "something" started hijacking my internet connection, disabling McAfee, and uninstalling the Virus Scanner component. I would have to uninstall McAfee, update Malwarebytes, run it, and then redownload and install McAfee, lock down the firewall, and rescan. Malwarebytes keeps finding 'kwave.sys' and 'mrxdavv.sys' after McAfee goes haywire, and says it will delete after reboot. The computer reboots, I check and the files are gone, but not long after, the whole thing starts over. I can't even get McAfee to complete a virus scan, since it appears whatever is causing the problems in the first place is corrupting McAfee. Also, there are times when the hard drive starts spiking out at 100% CPU usage, and I have to shut down from the box, since I get no response from Task Manager or CTRL ALT DEL. Then there is an End Program box which displays something about SUNKIST. NOTIFYICONDATA.hWnd is not resonding. I'm about ready to throw this computer through a plate glass window!!! Below are the log files requested. ANY help is greatly appreciated and needed!

Thanks!
Deanne


DDS (Ver_09-01-19.01) - NTFSx86
Run by Owner at 11:31:34.25 on Thu 01/22/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.39 [GMT -6:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\LTMSG.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP Wireless Multimedia Keyboard and Mouse\KMaestro.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Creative\MediaSource5\CTDetctu.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\alg.exe
svchost.exe C:\WINDOWS\TEMP\VRT10.tmp
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\dds.scr
C:\WINDOWS\System32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.comcast.net/a/
uDefault_Page_URL = hxxp://qus10.hpwis.com/
uDefault_Search_URL = hxxp://srch-qus10.hpwis.com/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://qus10.hpwis.com/
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mSearch Bar = hxxp://srch-qus10.hpwis.com/
uInternet Settings,ProxyOverride = localhost
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\twext.exe,
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: Yahoo! Companion: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\ycomp5_5_7_0.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB: Comcast Toolbar: {4e7bd74f-2b8d-469e-93be-be2df4d9ae29} - c:\progra~1\comcas~1\COMCAS~1.DLL
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [RecordNow!]
uRun: [LDM] c:\program files\logitech\desktop messenger\8876480\program\BackWeb-8876480.exe
uRun: [Creative Detector] "c:\program files\creative\mediasource\detector\CTDetect.exe" /R
uRun: [CTSyncU.exe] "c:\program files\creative\sync manager unicode\CTSyncU.exe"
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Creative Detector U] "c:\program files\creative\mediasource5\CTDetctu.exe" /R
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [HPHUPD05] c:\program files\hp\{45b6180b-dcab-4093-8ee8-6164457517f0}\hphupd05.exe
mRun: [HPHmon05] c:\windows\system32\hphmon05.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [VTTimer] VTTimer.exe
mRun: [LTMSG] LTMSG.exe 7
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
mRun: [Sunkist2k] c:\program files\multimedia card reader\shwicon2k.exe
mRun: [AdaptecDirectCD] c:\program files\adaptec\easy cd creator 5\directcd\DirectCD.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_05\bin\jusched.exe"
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
mRun: [CTCheck] c:\program files\creative\creative zen\zen media explorer\CTCheck.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [BtcMaestro] "c:\program files\hp wireless multimedia keyboard and mouse\KMaestro.exe"
mRun: [OrderPro] c:\windows\system32\head-22-10-7.exe
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [McAfee Backup] c:\program files\mcafee\mbk\McAfeeDataBackup.exe
mRun: [MBkLogOnHook] c:\program files\mcafee\mbk\LogOnHook.exe
dRun: [reader_s] c:\windows\system32\config\systemprofile\reader_s.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\bjstat~1.lnk - c:\documents and settings\owner\cnmss Canon PIXMA iP3000 (Local).exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LDMConf.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nkbmon~1.lnk - c:\program files\nikon\pictureproject\NkbMonitor.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
Trusted Zone: download.com\www
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1149811315181
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install3.0/installer.exe
DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5461/mcfscan.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxsrvc.dll
AppInit_DLLs: ????????????? karna.dat
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: HQfpxqGt - {60DA5D88-CA70-F722-BD8B-C9907A033196} - c:\windows\system32\hvbhy.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

============= SERVICES / DRIVERS ===============

R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [2005-3-6 10240]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-1-21 201320]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-1-21 695624]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-1-21 79304]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-1-21 35240]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-1-21 40488]
R4 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-1-21 359248]
R4 McShield;McAfee Real-time Scanner;c:\program files\mcafee\virusscan\Mcshield.exe [2009-1-21 144704]
S0 Wingy54;Wingy54;c:\windows\system32\drivers\wingy54.sys --> c:\windows\system32\drivers\Wingy54.sys [?]
S0 Winit38;Winit38;c:\windows\system32\drivers\winit38.sys --> c:\windows\system32\drivers\Winit38.sys [?]
S1 ethrojvj;ethrojvj;c:\windows\system32\drivers\ethrojvj.sys [2008-12-12 135264]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-1-21 33832]
S3 restore;restore;\??\c:\windows\system32\drivers\restore.sys --> c:\windows\system32\drivers\restore.sys [?]

============== File Associations ===============

regfile=regedit.exe "%1" %*
scrfile="%1" %*

=============== Created Last 30 ================

2009-01-22 10:53 <DIR> --d----- c:\program files\Trend Micro
2009-01-21 17:18 <DIR> --dsh--- c:\windows\system32\twain_32
2009-01-21 13:02 6,419 a------- c:\windows\system32\Config.MPF
2009-01-21 13:01 143,360 a------- c:\windows\system32\dunzip32.dll
2009-01-21 12:57 33,832 a------- c:\windows\system32\drivers\mferkdk.sys
2009-01-21 12:57 201,320 a------- c:\windows\system32\drivers\mfehidk.sys
2009-01-21 12:57 79,304 a------- c:\windows\system32\drivers\mfeavfk.sys
2009-01-21 12:57 40,488 a------- c:\windows\system32\drivers\mfesmfk.sys
2009-01-21 12:57 35,240 a------- c:\windows\system32\drivers\mfebopk.sys
2009-01-21 12:57 113,952 a------- c:\windows\system32\drivers\Mpfp.sys
2009-01-21 12:56 <DIR> --d----- c:\program files\McAfee.com
2009-01-21 12:56 <DIR> --d----- c:\program files\common files\McAfee
2009-01-21 12:56 <DIR> --d----- c:\program files\McAfee
2009-01-10 09:10 <DIR> --d----- c:\program files\CDKnet

==================== Find3M ====================

2009-01-22 08:34 152,064 a----r-- c:\windows\system32\twext.exe
2009-01-14 16:11 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 16:11 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-04 16:05 13,824 a------- c:\documents and settings\owner\cnmss Canon PIXMA iP3000 (Local).exe
2008-12-31 14:51 28,672 a------- c:\windows\system32\reader_s.tmp
2008-12-12 21:44 26,112 a------- c:\windows\system32\xpsp1hfm.exe
2008-12-12 21:44 30,720 ac------ c:\windows\system32\xcopy.exe
2008-12-12 21:44 32,256 a------- c:\windows\system32\wupdmgr.exe
2008-12-12 21:44 146,432 a------- c:\windows\system32\WudfHost.exe
2008-12-12 21:44 114,688 ac------ c:\windows\system32\wscript.exe
2008-12-12 21:44 13,824 ac------ c:\windows\system32\wscntfy.exe
2008-12-12 21:44 5,632 ac------ c:\windows\system32\write.exe
2008-12-12 21:44 32,256 ac------ c:\windows\system32\wpnpinst.exe
2008-12-12 21:44 17,408 a------- c:\windows\system32\wpdshextautoplay.exe
2008-12-12 21:44 32,256 ac------ c:\windows\system32\wpabaln.exe
2008-12-12 21:42 50,176 a------- c:\windows\system32\utilman.exe
2008-12-12 21:41 135,680 a------- c:\windows\system32\taskmgr.exe
2008-12-12 21:40 11,776 ac------ c:\windows\system32\spnpinst.exe
2008-12-12 21:39 77,312 ac------ c:\windows\system32\sdbinst.exe
2008-12-12 21:38 3,584 ac------ c:\windows\system32\regedt32.exe
2008-12-12 21:37 33,280 ac------ c:\windows\system32\ping6.exe
2008-12-12 21:36 36,864 ac------ c:\windows\system32\netstat.exe
2008-12-12 21:35 123,392 ac------ c:\windows\system32\mplay32.exe
2008-12-12 21:34 23,552 ac------ c:\windows\system32\ipxroute.exe
2008-12-12 21:33 14,848 ac------ c:\windows\system32\help.exe
2008-12-12 21:33 39,424 ac------ c:\windows\system32\grpconv.exe
2008-12-12 21:33 267,776 ac------ c:\windows\system32\fxssvc.exe
2008-12-12 21:31 17,920 ac------ c:\windows\system32\dvdupgrd.exe
2008-12-12 21:30 98,304 a------- c:\windows\system32\cscript.exe
2008-12-12 21:29 4,608 ac------ c:\windows\system32\bootok.exe
2008-12-12 21:29 71,680 ac------ c:\windows\system32\blastcln.exe
2008-12-12 21:29 14,336 ac------ c:\windows\system32\auditusr.exe
2008-12-12 21:29 11,264 ac------ c:\windows\system32\attrib.exe
2008-12-12 21:29 11,264 ac------ c:\windows\system32\atmadm.exe
2008-12-12 21:29 65,536 ac------ c:\windows\system32\Ati2mdxx.exe
2008-12-12 21:29 25,088 ac------ c:\windows\system32\at.exe
2008-12-12 21:29 19,456 ac------ c:\windows\system32\arp.exe
2008-12-12 21:29 98,304 ac------ c:\windows\system32\ahui.exe
2008-12-12 21:29 4,096 ac------ c:\windows\system32\actmovie.exe
2008-12-12 21:29 183,808 a------- c:\windows\system32\accwiz.exe
2008-12-12 21:18 150,528 ac------ c:\windows\pchealth\uploadlb\binaries\uploadm.exe
2008-12-12 21:18 3,072 ac------ c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\presario\xphnarp4en\plugin\bin\jsharpde\pchealthde.exe
2008-12-12 21:18 307,200 ac------ c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\presario\xphnarp4en\plugin\bin\pchnotify.exe
2008-12-12 21:18 159,744 ac------ c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\presario\xphnarp4en\plugin\bin\PCHButton.exe
2008-12-12 21:18 139,264 ac------ c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\presario\xphnarp4en\plugin\bin\ContentUpdater.exe
2008-12-12 21:17 35,328 ac------ c:\windows\pchealth\helpctr\binaries\notiflag.exe
2008-12-12 21:17 158,208 ac------ c:\windows\pchealth\helpctr\binaries\msconfig.exe
2008-12-12 21:17 18,944 ac------ c:\windows\pchealth\helpctr\binaries\hscupd.exe
2008-12-12 21:17 743,936 a------- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2008-12-12 21:17 99,840 ac------ c:\windows\pchealth\helpctr\binaries\HelpHost.exe
2008-12-12 21:17 768,512 ac------ c:\windows\pchealth\helpctr\binaries\helpctr.exe
2008-12-12 21:08 52,808 ac------ c:\windows\help\sbsi\training\usersid.exe
2008-12-12 21:08 233,472 ac------ c:\windows\help\sbsi\training\ounins32_s.exe
2008-12-12 21:08 1,077,248 a------- c:\windows\help\sbsi\training\orun32.exe
2008-12-12 20:56 283,648 ac------ c:\windows\winhlp32.exe
2008-12-12 20:56 153,088 a------- c:\windows\UNWISE.EXE
2008-12-12 20:56 86,016 ac------ c:\windows\unvise32qt.exe
2008-12-12 20:56 57,344 ac------ c:\windows\uneng.exe
2008-12-12 20:56 25,600 ac------ c:\windows\twunk_32.exe
2008-12-12 20:56 15,360 ac------ c:\windows\TASKMAN.EXE
2008-12-12 20:56 32,768 ac------ c:\windows\slrundll.exe
2008-12-12 20:56 146,432 ac------ c:\windows\regedit.exe
2008-12-12 20:56 33,792 ac------ c:\windows\Q330994.exe
2008-12-12 20:56 33,792 ac------ c:\windows\oeuninst.exe
2008-12-12 20:56 69,120 a------- c:\windows\notepad.exe
2008-12-12 20:55 45,056 ac------ c:\windows\NCUNINST.EXe
2008-12-12 20:55 33,280 ac------ c:\windows\muninst.exe
2008-12-12 20:55 19,968 a------- c:\windows\LOGI_MWX.EXE
2008-12-12 20:55 306,688 a------- c:\windows\IsUninst.exe
2008-12-12 20:55 33,792 ac------ c:\windows\ieuninst.exe
2008-12-12 20:55 10,752 a------- c:\windows\hh.exe
2008-12-12 20:55 118,784 ac------ c:\windows\dsdxirmv.exe
2008-12-12 20:55 53,248 a------- c:\windows\Ctregrun.exe
2008-12-12 20:55 90,112 a----r-- c:\windows\bwUnin-6.2.3.66L.exe
2008-12-12 20:55 86,876 ac---r-- c:\windows\bwUnin-6.1.4.61-8876480L.exe
2008-12-12 16:39 50,176 a------- c:\windows\ALCXMNTR.EXE
2008-12-12 16:39 483,328 a------- c:\windows\system32\hphmon05.exe
2008-12-12 16:39 40,960 a------- c:\windows\ltmsg.exe
2008-12-12 16:39 44,544 a------- c:\windows\system32\alg.exe
2008-12-12 16:39 413,696 a------- c:\windows\system32\ati2evxx.exe
2008-12-12 16:39 54,784 a------- c:\windows\system32\drivers\CDAC11BA.EXE
2008-12-12 16:39 44,032 a------- c:\windows\system32\CTSVCCDA.EXE
2008-12-12 12:30 14,848 a------- c:\windows\system32\3E.tmp
2008-12-12 08:26 182,912 a------- c:\windows\system32\drivers\ndis.sys
2008-12-12 08:26 135,264 a------- c:\windows\system32\drivers\ethrojvj.sys
2008-12-09 17:41 36,133 a------- c:\windows\system32\edl.dat
2008-12-01 13:04 8,336 a------- c:\windows\system32\drivers\sunkfiltp.sys
2007-02-08 12:03 471,992 ac------ c:\docume~1\owner\applic~1\GDIPFONTCACHEV1.DAT
2005-08-30 16:05 32 ac---r-- c:\documents and settings\all users\hash.dat

============= FINISH: 11:32:32.32 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:26 PM

Posted 01 February 2009 - 10:08 AM

Hi Deanne

Forums have been very busy and that's why response didn't come until now. If you still need help post a fresh DDS log, please.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#3 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:26 PM

Posted 06 February 2009 - 01:56 PM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact a Staff member. Include the address of this thread in your request. This applies only to the original topic starter. Should you have a new issue, please start a New Topic.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users