Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Backdoor.bot, among other things...


  • This topic is locked This topic is locked
2 replies to this topic

#1 RealityEclipse1

RealityEclipse1

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:16 PM

Posted 07 February 2009 - 12:06 PM

Hello bleepingcomputer staff. First I would like to thank this site for the great information I've found on my own through your forums while trying to deal with this problem myself. Now on to the issues I'm currently having with my PC. About 3 days ago it became very apparent that this computer was having trojan issues. At the time I had Spyware Doctor and Registry Mechanic for cleaning purposes. At the end of the initial day I thought Spyware Doc had taken care of it, but the infection only got progressively worse on following days. Normally I would just wipe the hard drive and reinstall the OS, but I'm trying to find a different solution so as to not have to back up a ton of data with no where to put it. These trojans have cut off my internet access, causing my tcp-ip settings to show as "windows ip configuration" when trying ipconfig. I have run the winsock fix utility to restore it, but eventually it keeps getting disconnected and I have to run the utility again. Internet explorer currently will not display any images, as in all the options on this page as I'm typing just show the little square with the red square, green circle, and blue triangle inside. I thought the trojans may have infected my java, and that could be the issue. I deleted all versions of java on my computer using RevoUninstaller to make sure I cleared everything out, then redownloaded the latest java and went to install it. I then recieved a message saying "The system administrator has set policies to prevent this installation." I'm an MCP so I know a thing or 2 about group policy, so using gpedit I checked to make sure everything was how it should be. Everything was still set to default, so I even went so far as to change the policies to allow in the corresponding areas, but even while logged on as administrator java, and then a few spyware removal tools later, all came back with the same message. I eventually got around it using the "run as" option after saving the installers to the hard drive, and then running the program as administrator worked. I have already run numerous tools trying to fix the poor PC, everything from Malwarebytes to Dr Web, and when run they all find various trojans and attempt to remove them, and most of the time, most of them don't show up on the next scan. The really pesky ones that I can't seem to get rid of are Backdoor.bot, and Trojan.agent. Malwarebytes consistently finds both, and Doctor Web also, but neither seem to be able to remove them as they keep showing up, and system processes keep being affected. The last thing I've really noticed in the last few days is when I boot the computer to normal mode to scan there after getting everything I can in safe mode, Windows is very slow to boot up, but while boot up is slow, shutting down is immensely worse and can take upwards of 10 minutes. Included is the dds log as requested in your posting policies. Any help to not have to reformat would be much appreciated. Thank you!


DDS (Ver_09-02-01.01) - NTFSx86 NETWORK
Run by Administrator at 11:33:39.68 on 2009-02-07
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1680 [GMT -5:00]

AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated)
AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Spyware Doctor\pctsAuxs.exe
D:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr
C:\WINDOWS\System32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: NoExplorer - No File
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [sHotKey] "c:\program files\sony\shotkey\sHotKey.exe"
mRun: [ezShieldProtector for Px] c:\windows\system32\ezSP_Px.exe
mRun: [ZTgServerSwitch] "c:\program files\support.com\client\bin\tgcmd.exe" /server
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [VAIO Recovery] c:\windows\sonysys\vaio recovery\PartSeal.exe
mRun: [DVDTray] c:\program files\ahead\odd toolkit\DVDTray.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [CTHelper] CTHELPER.EXE
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [ISTray] "d:\program files\spyware doctor\pctsTray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRunOnce: [SetDefaultMidi] MIDIDEF.EXE
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\micros~1\office11\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/common/asusTek_sys_ctrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} - hxxp://aolsvc.aol.com/onlinegames/free-trial-mystery-pi-the-lottery-ticket/SpinTopGamesLauncher.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Notify: AtiExtEvent - Ati2evxx.dll
SEH: AVG Anti-Spyware 7.5: {57b86673-276a-48b2-bae7-c6dbb3020eb8} - CShellExecuteHookImpl Object

================= FIREFOX ===================

FF - ProfilePath -
FF - HiddenExtension: XUL Cache: {8A6F1E5F-F5CA-4038-A74B-3686D7055C39} - c:\documents and settings\bryan\local settings\application data\{8A6F1E5F-F5CA-4038-A74B-3686D7055C39}

============= SERVICES / DRIVERS ===============

R0 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2008-11-20 40840]
R0 rhfmglqc;rhfmglqc;c:\windows\system32\drivers\rhfmglqc.sys [2009-2-4 33920]
R0 SonyLSM;LED State Service;c:\windows\system32\drivers\SonyLSM.sys [2003-9-16 4736]
R1 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2008-11-20 66952]
R1 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2008-11-20 81288]
R1 pctfw2;pctfw2;c:\windows\system32\drivers\pctfw2.sys [2008-11-20 160792]
R2 sdAuxService;PC Tools Auxiliary Service;d:\program files\spyware doctor\pctsAuxs.exe [2008-11-20 356920]
R2 sdCoreService;PC Tools Security Service;d:\program files\spyware doctor\pctsSvc.exe [2008-11-20 1079176]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-4 97928]
S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-2-4 26824]
S1 ethpkfxo;ethpkfxo;c:\windows\system32\drivers\ethpkfxo.sys [2009-2-4 137600]
S1 synsend;synsend;\??\c:\windows\system32\drivers\synsenddrv.sys --> c:\windows\system32\drivers\synsenddrv.sys [?]
S2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-4 76040]
S2 jzvpunnd;jzvpunnd;c:\windows\system32\drivers\pfsrzcvpyofzv.sys [2009-2-4 30848]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-2-4 170640]
S2 mrtRate;mrtRate; [x]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-12-22 45132]
S3 antsrhql;antsrhql;\??\c:\windows\system32\drivers\antsrhql.sys --> c:\windows\system32\drivers\antsrhql.sys [?]
S3 ATICDSDr;ATICDSDr;\??\c:\docume~1\admini~1\locals~1\temp\aticdsdr.sys --> c:\docume~1\admini~1\locals~1\temp\ATICDSDr.sys [?]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2008-8-21 99352]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2008-8-21 99352]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2008-8-21 555032]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2008-8-21 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2008-8-21 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2008-8-21 100888]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2008-8-21 566296]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2008-8-21 566296]
S3 drdooaxe;drdooaxe;\??\c:\windows\system32\drivers\drdooaxe.sys --> c:\windows\system32\drivers\drdooaxe.sys [?]
S3 dvarjnvz;dvarjnvz;\??\c:\windows\system32\drivers\dvarjnvz.sys --> c:\windows\system32\drivers\dvarjnvz.sys [?]
S3 fixdnlgp;fixdnlgp;\??\c:\windows\system32\drivers\fixdnlgp.sys --> c:\windows\system32\drivers\fixdnlgp.sys [?]
S3 hocgukag;hocgukag;\??\c:\windows\system32\drivers\hocgukag.sys --> c:\windows\system32\drivers\hocgukag.sys [?]
S3 javeddzj;javeddzj;\??\c:\windows\system32\drivers\javeddzj.sys --> c:\windows\system32\drivers\javeddzj.sys [?]
S3 jmlyvgkl;jmlyvgkl;\??\c:\windows\system32\drivers\jmlyvgkl.sys --> c:\windows\system32\drivers\jmlyvgkl.sys [?]
S3 jwhleoyw;jwhleoyw;\??\c:\windows\system32\drivers\jwhleoyw.sys --> c:\windows\system32\drivers\jwhleoyw.sys [?]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-2-4 15504]
S3 mmiximgv;mmiximgv;\??\c:\windows\system32\drivers\mmiximgv.sys --> c:\windows\system32\drivers\mmiximgv.sys [?]
S3 ndrvgeec;ndrvgeec;\??\c:\windows\system32\drivers\ndrvgeec.sys --> c:\windows\system32\drivers\ndrvgeec.sys [?]
S3 ntrbyxux;ntrbyxux;\??\c:\windows\system32\drivers\ntrbyxux.sys --> c:\windows\system32\drivers\ntrbyxux.sys [?]
S3 pdjysjuu;pdjysjuu;\??\c:\windows\system32\drivers\pdjysjuu.sys --> c:\windows\system32\drivers\pdjysjuu.sys [?]
S3 pnveywpz;pnveywpz;\??\c:\windows\system32\drivers\pnveywpz.sys --> c:\windows\system32\drivers\pnveywpz.sys [?]
S3 qaszmzfo;qaszmzfo;\??\c:\windows\system32\drivers\qaszmzfo.sys --> c:\windows\system32\drivers\qaszmzfo.sys [?]
S3 qfjvgdfi;qfjvgdfi;\??\c:\windows\system32\drivers\qfjvgdfi.sys --> c:\windows\system32\drivers\qfjvgdfi.sys [?]
S3 qtrezxis;qtrezxis;\??\c:\windows\system32\drivers\qtrezxis.sys --> c:\windows\system32\drivers\qtrezxis.sys [?]
S3 rafzshhc;rafzshhc;\??\c:\windows\system32\drivers\rafzshhc.sys --> c:\windows\system32\drivers\rafzshhc.sys [?]
S3 rbdvmbet;rbdvmbet;\??\c:\windows\system32\drivers\rbdvmbet.sys --> c:\windows\system32\drivers\rbdvmbet.sys [?]
S3 rjobumki;rjobumki;\??\c:\windows\system32\drivers\rjobumki.sys --> c:\windows\system32\drivers\rjobumki.sys [?]
S3 rmeygayb;rmeygayb;\??\c:\windows\system32\drivers\rmeygayb.sys --> c:\windows\system32\drivers\rmeygayb.sys [?]
S3 rqqaoqdp;rqqaoqdp;\??\c:\windows\system32\drivers\rqqaoqdp.sys --> c:\windows\system32\drivers\rqqaoqdp.sys [?]
S3 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S3 scjekpsj;scjekpsj;\??\c:\windows\system32\drivers\scjekpsj.sys --> c:\windows\system32\drivers\scjekpsj.sys [?]
S3 sngtvbhr;sngtvbhr;\??\c:\windows\system32\drivers\sngtvbhr.sys --> c:\windows\system32\drivers\sngtvbhr.sys [?]
S3 tlcjlaka;tlcjlaka;\??\c:\windows\system32\drivers\tlcjlaka.sys --> c:\windows\system32\drivers\tlcjlaka.sys [?]
S3 uwjnnbif;uwjnnbif;\??\c:\windows\system32\drivers\uwjnnbif.sys --> c:\windows\system32\drivers\uwjnnbif.sys [?]
S3 uyzxaldk;uyzxaldk;\??\c:\windows\system32\drivers\uyzxaldk.sys --> c:\windows\system32\drivers\uyzxaldk.sys [?]
S3 xbyjmjsg;xbyjmjsg;\??\c:\windows\system32\drivers\xbyjmjsg.sys --> c:\windows\system32\drivers\xbyjmjsg.sys [?]
S3 ygaynmdf;ygaynmdf;\??\c:\windows\system32\drivers\ygaynmdf.sys --> c:\windows\system32\drivers\ygaynmdf.sys [?]
S3 yzzvijam;yzzvijam;\??\c:\windows\system32\drivers\yzzvijam.sys --> c:\windows\system32\drivers\yzzvijam.sys [?]

=============== Created Last 30 ================

2009-02-07 10:51 73,728 ac------ c:\windows\system32\javacpl.cpl
2009-02-07 09:36 0 ac------ c:\windows\system32\REN74.tmp
2009-02-07 09:36 0 ac------ c:\windows\system32\REN73.tmp
2009-02-07 09:36 0 ac------ c:\windows\system32\REN72.tmp
2009-02-07 08:55 307,200 ac---r-- c:\windows\system32\atiiiexx.dll
2009-02-07 08:55 368,640 ac---r-- c:\windows\system32\ATIDEMGX.dll
2009-02-07 08:55 7,167 ac---r-- c:\windows\system32\atifglpf.xml
2009-02-07 08:55 887,724 ac---r-- c:\windows\system32\ativva6x.dat
2009-02-07 08:55 3,107,788 ac---r-- c:\windows\system32\ativva5x.dat
2009-02-07 08:55 3,107,788 ac---r-- c:\windows\system32\ativvaxx.dat
2009-02-07 08:55 165,782 ac---r-- c:\windows\system32\atiicdxx.dat
2009-02-07 08:43 53,248 ac------ c:\windows\system32\CSVer.dll
2009-02-07 08:42 <DIR> -cd----- C:\Intel
2009-02-07 08:09 <DIR> -cd----- C:\ATI
2009-02-06 05:48 0 ac------ c:\windows\system32\24.tmp
2009-02-06 05:21 3,380 ac------ c:\windows\system32\tmp.reg
2009-02-06 03:19 67,585 ac------ c:\windows\system32\25.tmp
2009-02-06 03:19 162,948 ac------ c:\windows\system32\23.tmp
2009-02-06 03:19 168 ac------ c:\windows\system32\20.tmp
2009-02-06 03:15 66,890 ac------ c:\windows\system32\22.tmp
2009-02-06 03:15 67,585 ac------ c:\windows\system32\21.tmp
2009-02-06 03:12 162,948 ac------ c:\windows\system32\1F.tmp
2009-02-06 03:12 168 ac------ c:\windows\system32\1E.tmp
2009-02-06 03:06 84,453 ac------ c:\windows\system32\1D.tmp
2009-02-06 03:03 27,408 ac------ c:\windows\system32\BMXBkpCtrlState-{00000003-00000000-0000000A-00001102-00000004-00541102}.rfx
2009-02-06 03:03 11,564 ac------ c:\windows\system32\DVCState-{00000003-00000000-0000000A-00001102-00000004-00541102}.rfx
2009-02-06 03:01 3,162,278 ac------ c:\windows\{00000003-00000000-0000000A-00001102-00000004-00541102}.BAK
2009-02-06 02:56 3,162,278 ac------ c:\windows\{00000003-00000000-0000000A-00001102-00000004-00541102}.CDF
2009-02-06 02:54 444,952 ac------ c:\windows\system32\wrap_oal.dll
2009-02-06 02:35 21,504 ac------ c:\windows\system32\drivers\hidserv.dll
2009-02-06 02:35 1,421,384 ac------ c:\windows\system32\wdfcoinstaller01005.dll
2009-02-06 02:35 18,504 ac------ c:\windows\system32\drivers\nuidfltr.sys
2009-02-06 02:34 31,048 ac------ c:\windows\system32\drivers\point32.sys
2009-02-06 02:34 <DIR> -cd----- c:\program files\Microsoft IntelliPoint
2009-02-06 02:14 67,585 ac------ c:\windows\system32\1C.tmp
2009-02-06 02:14 23,553 ac------ c:\windows\system32\1B.tmp
2009-02-06 02:13 1,686,016 ac------ c:\windows\system32\clinetsuitex6.ocx
2009-02-06 02:11 163,908 ac------ c:\windows\system32\1A.tmp
2009-02-06 02:11 168 ac------ c:\windows\system32\19.tmp
2009-02-05 04:40 33,351 ac------ c:\windows\system32\drivers\str.sys
2009-02-05 00:29 <DIR> --dsh--- C:\found.000
2009-02-05 00:08 179,200 ac------ c:\windows\SWREG.exe
2009-02-05 00:08 115,712 ac------ c:\windows\sed.exe
2009-02-05 00:07 406,016 ac------ c:\windows\system32\CF18147.exe
2009-02-04 23:56 <DIR> -cd----- c:\docume~1\admini~1\applic~1\Palo Alto Software
2009-02-04 23:48 <DIR> -cd----- c:\docume~1\admini~1\applic~1\Drag'n Drop CD+DVD
2009-02-04 23:09 <DIR> -cd-h--- c:\windows\system32\GroupPolicy
2009-02-04 21:44 <DIR> -cd----- c:\documents and settings\administrator\DoctorWeb
2009-02-04 20:47 10,520 ac------ c:\windows\system32\avgrsstx.dll
2009-02-04 20:47 76,040 ac------ c:\windows\system32\drivers\avgtdix.sys
2009-02-04 20:47 97,928 ac------ c:\windows\system32\drivers\avgldx86.sys
2009-02-04 20:47 <DIR> -cd----- c:\windows\system32\drivers\Avg
2009-02-04 20:47 <DIR> -cd----- c:\program files\AVG
2009-02-04 18:20 <DIR> -cd----- c:\program files\Malwarebytes' Anti-Malware
2009-02-04 18:20 44 ac------ c:\windows\system32\17.tmp
2009-02-04 18:13 32,256 ac--h--- c:\documents and settings\administrator\udjvv.exe
2009-02-04 18:13 44 ac------ c:\windows\system32\16.tmp
2009-02-04 18:08 <DIR> -cd----- c:\docume~1\admini~1\applic~1\Malwarebytes
2009-02-04 18:08 15,504 ac------ c:\windows\system32\drivers\mbam.sys
2009-02-04 18:08 38,496 ac------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-04 18:08 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-02-04 17:51 32,256 ac--h--- c:\documents and settings\administrator\lqi.exe
2009-02-04 17:51 44 ac------ c:\windows\system32\18.tmp
2009-02-04 17:50 32,256 ac--h--- c:\documents and settings\administrator\amil.exe
2009-02-04 17:50 44 ac------ c:\windows\system32\15.tmp
2009-02-04 17:43 33,920 ac------ c:\windows\system32\drivers\rhfmglqc.sys
2009-02-04 17:39 44 ac------ c:\windows\system32\14.tmp
2009-02-04 17:13 <DIR> -cd----- c:\docume~1\admini~1\applic~1\BitTorrent
2009-02-04 17:09 32,256 ac--h--- c:\documents and settings\administrator\fdnfo.exe
2009-02-04 17:09 164,100 ac------ c:\windows\system32\13.tmp
2009-02-04 17:09 88 ac------ c:\windows\system32\12.tmp
2009-02-04 16:58 32,256 ac--h--- c:\documents and settings\administrator\pnvoce.exe
2009-02-04 16:58 164,100 ac------ c:\windows\system32\11.tmp
2009-02-04 16:58 88 ac------ c:\windows\system32\10.tmp
2009-02-04 16:28 32,256 ac--h--- c:\documents and settings\administrator\viy.exe
2009-02-04 16:27 32,256 ac--h--- c:\documents and settings\administrator\xykklr.exe
2009-02-04 16:21 66,560 -c--h--- c:\windows\system32\secupdat.dat
2009-02-04 05:03 137,600 ac------ c:\windows\system32\drivers\ethpkfxo.sys
2009-02-04 05:02 30,848 ac------ c:\windows\system32\drivers\pfsrzcvpyofzv.sys
2009-02-04 03:22 64,000 ac------ c:\windows\winsock32.exe
2009-02-04 02:34 133,120 ac------ c:\windows\ojagiseyite.dll
2009-02-04 02:14 39,936 ac------ C:\mlevsfdk.exe
2009-02-04 02:14 2 ac------ C:\-2005045395
2009-02-02 21:39 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\Palo Alto Software
2009-02-02 21:37 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\PAS
2009-02-02 21:26 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\DAEMON Tools Lite
2009-02-02 21:21 717,296 ac------ c:\windows\system32\drivers\sptd.sys
2009-01-28 21:36 <DIR> -cd-h--- c:\windows\PIF
2009-01-27 19:45 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\SpinTop Games
2009-01-17 08:54 54,156 ac--h--- c:\windows\QTFont.qfn
2009-01-17 08:54 1,409 ac------ c:\windows\QTFont.for

==================== Find3M ====================

2009-02-07 10:51 410,984 ac------ c:\windows\system32\deploytk.dll
2009-02-06 02:54 109,080 ac------ c:\windows\system32\OpenAL32.dll
2009-02-04 05:03 182,656 ac------ c:\windows\system32\drivers\ndis.sys
2008-12-11 05:57 333,952 ac------ c:\windows\system32\drivers\srv.sys
2008-11-29 18:02 107,888 ac------ c:\windows\system32\CmdLineExt.dll
2008-09-16 16:25 2,516 ac-sh--- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
2008-09-16 16:25 88 -c-shr-- c:\docume~1\alluse~1\applic~1\EBC6BB60C0.sys
2008-09-05 06:25 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090520080906\index.dat

============= FINISH: 11:34:27.89 ===============

BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:08:16 PM

Posted 19 February 2009 - 11:44 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:08:16 PM

Posted 23 February 2009 - 10:15 AM

Due to the lack of feedback This Topic is closed.

Should you need it reopened, please contact a Forum Moderator. Include the address of this thread in your request.

If you have a new issue, please start a New Topic.

This applies only to the original poster. Everyone else please begin a New Topic.

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users