Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

log file from runscanner


  • This topic is locked This topic is locked
5 replies to this topic

#1 fluffball

fluffball

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:12:57 PM

Posted 13 February 2009 - 10:28 PM

Hi, after trying a wide array of antivirus/scanning programs on my computer with a possible TDDS infection i finally got one that worked, thanks to boopme.
I tried to follow the prep guide but was unable to get DDS to run. I'm not ssure whether i should re-explain the symptoms/ what i have already tried to do but i mentioned them in the thread before this http://www.bleepingcomputer.com/forums/t/201505/firewall-security-center-and-malwarebytes-disabled/
I'm pretty sure it's useful if i mention that, yes, i have downloaded hijackthis however when i click it, it doesn't open (in safe or normal mode) just in case someone tells me to use it.

Runscanner logfile

* = signed file
- = file not found

General info
------------
Computer name : DAVID
Creation time : 14/02/2009 2:15:53 PM
Hosts <> 127.0.0.1 : 1
Hosts file location : %SystemRoot%\System32\drivers\etc
IE version : 7.0.5730.11
OS : Microsoft Windows XP
OS Build : 2600
OS SP : Service Pack 2
RunScanner Version : 1.8.0.0
User Language : English (United States)
User rights : Administrator
Windows folder : C:\WINDOWS

Running processes
-----------------
* C:\Program Files\Common Files\AOL\1209865623\ee\AOLSoftware.exe (AOL LLC)
* C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (AOL LLC)
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.)
* C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
* C:\WINDOWS\system32\csrss.exe (Microsoft Corporation)
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe (D-Link)
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\FlashMute\FlashMute.exe
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
C:\Program Files\GetGo Software\GetGo Download Manager\GetGoDM.exe (GetGo Software)
* C:\Documents and Settings\DavidD\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
* C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
* C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
* C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
* C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
* C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
* C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
* C:\WINDOWS\system32\lsass.exe (Microsoft Corporation)
* C:\Program Files\MSN Messenger\MsnMsgr.Exe (Microsoft Corporation)
* C:\Nexon\Mabinogi\npkcmsvc.exe (INCA Internet Co., Ltd.)
* C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
* C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
* C:\Runscanner\RunScanner.exe\RunScanner.exe (Runscanner.net)
* C:\WINDOWS\system32\services.exe (Microsoft Corporation)
C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation)
* C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
* C:\WINDOWS\system32\winlogon.exe (Microsoft Corporation)
* c:\windows\System32\smss.exe (Microsoft Corporation)
C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)
* C:\Program Files\Xfire\xfire.exe (Xfire Inc.)
* C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe (Yahoo! Inc.)

Unrated items
-------------
002 C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Alpha Networks Inc.)
002 C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
002 C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
002 C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe (D-Link)
002 C:\Program Files\Dell\Media Experience\DMXLauncher.exe
002 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
002 * C:\Program Files\Common Files\AOL\1209865623\ee\AOLSoftware.exe (AOL LLC)
002 C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
002 C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
002 C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
002 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe (InstallShield Software Corporation)
002 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
002 C:\WINDOWS\system32\dumprep.exe (Microsoft Corporation)
002 * C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
002 C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
002 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe (Sony Ericsson Mobile Communications AB)
002 C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
002 * C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
003 C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
003 C:\Program Files\FlashMute\FlashMute.exe
003 C:\Program Files\GetGo Software\GetGo Download Manager\GetGoDM.exe (GetGo Software)
003 * C:\Documents and Settings\DavidD\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
003 * C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
003 * C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE (Yahoo! Inc.)
004 * C:\Program Files\Xfire\xfire.exe (Xfire Inc.)
005 C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
005 C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
008 C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
009 C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
010 * C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (AOL Connectivity Service)
010 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Mobile Device)
010 C:\WINDOWS\System32\alg.exe (Application Layer Gateway Service)
010 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (ASP.NET State Service)
010 C:\WINDOWS\system32\dllhost.exe (COM+ System Application)
010 C:\WINDOWS\system32\msdtc.exe (Distributed Transaction Coordinator)
010 C:\WINDOWS\system32\dlbtcoms.exe (dlbt_device)
010 C:\WINDOWS\system32\fxssvc.exe (Fax)
010 C:\Program Files\Hotspot Shield\bin\openvpnas.exe (Hotspot Shield Service)
010 C:\WINDOWS\system32\imapi.exe (IMAPI CD-Burning COM Service)
010 C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (InstallDriver Table Manager)
010 C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe (Intel NCS NetService)
010 C:\WINDOWS\System32\dmadmin.exe (Logical Disk Manager Administrative Service)
010 C:\WINDOWS\system32\dllhost.exe (MS Software Shadow Copy Provider)
010 C:\WINDOWS\system32\mnmsrvc.exe (NetMeeting Remote Desktop Sharing)
010 * C:\Nexon\Mabinogi\npkcmsvc.exe (npkcmsvc)
010 C:\WINDOWS\system32\smlogsvc.exe (Performance Logs and Alerts)
010 C:\WINDOWS\system32\spoolsv.exe (Print Spooler)
010 C:\WINDOWS\system32\rsvp.exe (QoS RSVP)
010 C:\WINDOWS\system32\sessmgr.exe (Remote Desktop Help Session Manager)
010 C:\WINDOWS\system32\locator.exe (Remote Procedure Call (RPC) Locator)
010 C:\WINDOWS\System32\SCardSvr.exe (Smart Card)
010 C:\WINDOWS\System32\ups.exe (Uninterruptible Power Supply)
010 C:\WINDOWS\System32\vssvc.exe (Volume Shadow Copy)
010 C:\WINDOWS\wanmpsvc.exe (WAN Miniport (ATW) Service)
010 C:\WINDOWS\system32\msiexec.exe (Windows Installer)
010 C:\Program Files\Windows Media Player\WMPNetwk.exe (Windows Media Player Network Sharing Service)
010 C:\WINDOWS\system32\wbem\wmiapsrv.exe (WMI Performance Adapter)
011 C:\WINDOWS\system32\ANIO.SYS (ANIO Service)
011 C:\WINDOWS\system32\drivers\drvmcdb.sys (drvmcdb)
011 C:\WINDOWS\system32\drivers\drvnddm.sys (drvnddm)
011 C:\WINDOWS\system32\drivers\ethvhxar.sys (ethvhxar)
011 C:\WINDOWS\system32\Drivers\iqvw32.sys (Nal Service )
011 C:\Nexon\Maplestory56LOL\npkcrypt.sys (npkcrypt)
011 C:\WINDOWS\system32\DRIVERS\nuvaud2.sys (NUVision II Audio Service)
011 C:\WINDOWS\system32\DRIVERS\nuvvid2.sys (NUVision Video Service)
011 C:\WINDOWS\system32\drivers\pfc.sys (Padus ASPI Shell)
011 * C:\WINDOWS\system32\drivers\pavboot.sys (pavboot)
011 C:\WINDOWS\System32\Drivers\PxHelp20.sys (PxHelp20)
011 C:\WINDOWS\system32\DRIVERS\ndisio.sys (Service)
011 C:\WINDOWS\system32\drivers\sscdbhk5.sys (sscdbhk5)
011 C:\WINDOWS\system32\drivers\ssrtln.sys (ssrtln)
011 C:\WINDOWS\system32\DRIVERS\tapvpn.sys (TAP VPN Adapter)
011 C:\WINDOWS\system32\dla\tfsnboio.sys (tfsnboio)
011 C:\WINDOWS\system32\dla\tfsncofs.sys (tfsncofs)
011 C:\WINDOWS\system32\dla\tfsndrct.sys (tfsndrct)
011 C:\WINDOWS\system32\dla\tfsndres.sys (tfsndres)
011 C:\WINDOWS\system32\dla\tfsnifs.sys (tfsnifs)
011 C:\WINDOWS\system32\dla\tfsnopio.sys (tfsnopio)
011 C:\WINDOWS\system32\dla\tfsnpool.sys (tfsnpool)
011 C:\WINDOWS\system32\dla\tfsnudf.sys (tfsnudf)
011 C:\WINDOWS\system32\dla\tfsnudfa.sys (tfsnudfa)
030 C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
030 C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
030 C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
031 C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) {E1D2BF42-A96B-11d1-9C6B-0000F875AC61}
031 C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) {E1D2BF42-A96B-11d1-9C6B-0000F875AC61}
031 C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) {CD00020A-8B95-11D1-82DB-00C04FB1625D}
031 C:\Program Files\Microsoft ActiveSync\aatp.dll (Microsoft Corporation) {d7b95390-b1c5-11d0-b111-0080c712fe82}
031 C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) {E1D2BF40-A96B-11d1-9C6B-0000F875AC61}
032 C:\WINDOWS\system32\rdpclip.exe (Microsoft Corporation)
033 C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
034 C:\WINDOWS\Explorer.exe (Microsoft Corporation)
035 C:\Program Files\Outlook Express\setup50.exe (Microsoft Corporation) {7790769C-0471-11d2-AF11-00C04FA35D02}
035 C:\WINDOWS\system32\ieudinit.exe (Microsoft Corporation) <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}
035 C:\WINDOWS\system32\ie4uinit.exe (Microsoft Corporation) {89820200-ECBD-11cf-8B85-00AA005B4383}
035 C:\WINDOWS\system32\ie4uinit.exe (Microsoft Corporation) >{26923b43-4d38-484f-9b9e-de460746276c}
035 C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1113\iuhi32.exe {18B0E5C0-4FCB-11CF-AAX5-004016608512}
035 C:\WINDOWS\system32\mscories.dll (Microsoft Corporation) {89B4C1CD-B018-4511-B0A1-5476DBF70820}
035 C:\Program Files\Outlook Express\setup50.exe (Microsoft Corporation) {44BBA840-CC51-11CF-AAFA-00AA00B6015C}
035 C:\WINDOWS\inf\unregmp2.exe (Microsoft Corporation) >{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
035 C:\WINDOWS\system32\shmgrate.exe (Microsoft Corporation) >{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
035 C:\WINDOWS\system32\regsvr32.exe (Microsoft Corporation) {2C7339CF-2B09-4501-B3F3-F3508C9228ED}
035 C:\WINDOWS\system32\regsvr32.exe (Microsoft Corporation) {89820200-ECBD-11cf-8B85-00AA005B4340}
041 C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-au\msntb.dll (Microsoft Corporation) {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
041 * C:\Program Files\GetGo Software\GetGo Download Manager\GGToolBand.dll (GetGo Software) {075BBE29-FEC0-404a-A459-FF58713616FA}
041 * C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) {724d43a0-0d85-11d4-9908-00400523e39a}
042 C:\WINDOWS\bdoscandel.exe {85d1f590-48f4-11d9-9669-0800200c9a66}
042 C:\Program Files\GetGo Software\GetGo Download Manager\GetGoDM.exe (GetGo Software) {01A13E40-2F55-4397-B39B-7851BCFB8008}
042 C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) {FB5F1910-F110-11d2-BB9E-00C04F795683}
045 C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-au\msntb.dll (Microsoft Corporation) {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
045 * C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) {724D43A0-0D85-11D4-9908-00400523E39A}
047 Zone: objects.aol.com : *.objects.aol.com
061 C:\PROGRA~1\COMMON~1\aolshare\shell\au\shellext.dll (America Online, Inc.) {9856D77A-1F66-4fa9-A39A-4A476DE8D594}
061 C:\Program Files\NVIDIA Corporation\DDS Thumbnail Viewer\ddsView.dll {3B52CC4A-19E9-43F5-A626-F89267A5E43F}
061 C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions) {5CA3D70E-1895-11CF-8E15-001234567890}
061 C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) {1D2680C9-0E2A-469d-B787-065558BC7D43}
061 C:\Program Files\Real\RealPlayer\rpshell.dll (RealNetworks, Inc.) {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}
061 C:\Program Files\Sony Ericsson\Mobile2\File Manager\fmgrgui.dll (Sony Ericsson Mobile Communications AB) {A5110426-177D-4e08-AB3F-785F10B4439C}
061 C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL (Microsoft Corporation) {BDEADF00-C265-11D0-BCED-00A0C90AB50F}
061 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
061 * C:\Program Files\Yahoo!\Common\YMMAPI.dll (Yahoo! Inc.) {5464D816-CF16-4784-B9F3-75C0DB52B499}
062 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll (Adobe Systems, Inc.) {F9DB5320-233E-11D1-9F84-707F02C10627}
066 C:\WINDOWS\system32\logonui.exe (Microsoft Corporation)
100 Default_Page_URL HKCU : http://www.dell.com/ap/ap/en/gen/default.htm
100 SearchUrl HKCU : http://home.microsoft.com/access/autosearch.asp?p=%s
104 * C:\WINDOWS\Downloaded Program Files\msgrchkr.dll (Microsoft Corporation) {00B71CFB-6864-4346-A978-C0A14556272C}
104 C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll (Microsoft Corporation) {14B87622-7E19-4EA8-93B3-97215F77A6BC}
104 * C:\WINDOWS\Downloaded Program Files\minesweeper.dll (Microsoft Corporation) {2917297F-F02B-4B9D-81DF-494B6333150B}
104 C:\WINDOWS\DOWNLO~1\oscan82.ocx (BitDefender) {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}
104 * C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll (Microsoft Corporation) {8E0D4DE5-3180-4024-A327-4DFAD1796A8D}
104 C:\WINDOWS\Downloaded Program Files\ZIntro.ocx (Microsoft Corporation) {B8BE5E93-A60C-4D26-A2DC-220313175592}
104 C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll (JavaSoft / Sun Microsystems, Inc.) {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}
104 * C:\WINDOWS\Downloaded Program Files\solitaireshowdown.dll (Microsoft Corporation) {F6BF0D00-0B2A-4A75-BF7B-F385591623AF}
105 &Down&load &Link& Us&ing Ge&tGo : C:\Program Files\GetGo Software\GetGo Download Manager\GGCatch.htm
105 &Down&load All &Links& Us&ing Ge&tGo : C:\Program Files\GetGo Software\GetGo Download Manager\GGCatchAll.htm
105 &GetGo Toolbar Search : res://C:\Program Files\GetGo Software\GetGo Download Manager\GGToolBand.dll/MENUSEARCH.HTM
105 Customize Menu : file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
105 E&xport to Microsoft Excel : res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
105 Fill Forms : file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
105 RoboForm Toolbar : file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
105 Save Forms : file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
146 C:\WINDOWS\system32\cmd.exe (Microsoft Corporation)
148 C:\WINDOWS\system32\ntvdm.exe (Microsoft Corporation)
170 {d07437a2-b2f5-11dc-928c-00038a000015} : F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1113\iuhi32.exe
170 {d07437a3-b2f5-11dc-928c-00038a000015} : G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1113\iuhi32.exe
173 * C:\Program Files\BreakPoint Software\Hex Workshop v5\hwext.dll (BreakPoint Software, Inc.) {DB34D5DC-D41A-482E-A5EF-8FA0F88761DA}
173 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
173 * C:\Program Files\Yahoo!\Common\YMMAPI.dll (Yahoo! Inc.) {5464D816-CF16-4784-B9F3-75C0DB52B499}
211 C:\WINDOWS\system32\cleanmgr.exe (Microsoft Corporation)
213 C:\WINDOWS\system32\Magnify.exe (Microsoft Corporation)
214 C:\WINDOWS\system32\Narrator.exe (Microsoft Corporation)
215 C:\WINDOWS\system32\osk.exe (Microsoft Corporation)
220 * C:\Program Files\BreakPoint Software\Hex Workshop v5\hwext.dll (BreakPoint Software, Inc.) {DB34D5DC-D41A-482E-A5EF-8FA0F88761DA}
221 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
221 * C:\Program Files\Yahoo!\Common\YMMAPI.dll (Yahoo! Inc.) {5464D816-CF16-4784-B9F3-75C0DB52B499}
225 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
225 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
227 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
231 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll (Adobe Systems, Inc.) PDF Column Info
251 C:\Program Files\Sony Ericsson\Mobile2\File Manager\fmgrgui.dll (Sony Ericsson Mobile Communications AB) {A5110426-177D-4e08-AB3F-785F10B4439C}
251 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}

Missing files
-------------
011 C:\WINDOWS\system32\drivers\Abiosdsk.sys
011 C:\WINDOWS\system32\drivers\Atdisk.sys
011 C:\WINDOWS\system32\drivers\bvrp_pci.sys
011 C:\WINDOWS\system32\drivers\Changer.sys
011 C:\WINDOWS\system32\drivers\EagleNT.sys
011 C:\Documents and Settings\DavidD\Desktop\MoonlightEngine1148\IlvMoney1148.sys
011 C:\WINDOWS\system32\drivers\lbrtfdc.sys
011 C:\WINDOWS\system32\drivers\PCIDump.sys
011 C:\WINDOWS\system32\drivers\PDCOMP.sys
011 C:\WINDOWS\system32\drivers\PDFRAME.sys
011 C:\WINDOWS\system32\drivers\PDRELI.sys
011 C:\WINDOWS\system32\drivers\PDRFRAME.sys
011 C:\Documents and Settings\DavidD\Desktop\Dspider0_v57\Dspider0 v57\ksysdrv.sys
011 c:\windows\system32\drivers\senekaylksrrvk.sys
011 C:\WINDOWS\system32\drivers\Simbad.sys
011 C:\WINDOWS\system32\drivers\WDICA.sys
033 C:\Documents and Settings\DavidD\tqn.exe \s
041 C:\PROGRA~1\habbobar\habbobar.dll
042 C:\Documents and Settings\DavidD\Start Menu\Programs\IMVU\Run IMVU.lnk
045 C:\PROGRA~1\habbobar\habbobar.dll
061 deskpan.dll
067 5192.dll
176 C:\Program Files\Borland\Delphi7\Bin\bordbg70.exe

Edited by fluffball, 14 February 2009 - 12:01 AM.


BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:57 PM

Posted 22 February 2009 - 03:55 PM

Hi fluffball,

Welcome to BC HijackThis forum and sorry for the delay. I am farbar. I am going to assist you with your problem.

Please refrain from making any changes to your system (updating Windows, installing applications, removing files, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult.


One or more of the identified infections is a backdoor trojan.

A backdoor Trojan can allow an attacker to gain control of the system, log keystrokes, steal passwords, access personal data, send malevolent outgoing traffic, and close the security warning messages displayed by some anti-virus and security programs.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the Operating System. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still try to clean this machine but I can't guarantee that it will be 100% secure afterwards. If you decide to remove the infection please go on with the following steps.


Removal Instructions
  • Please download OTViewIt by OldTimer.
  • Save it to your desktop. You can download it using the working computer and transfer it to the problem computer. There is possiblity the flash drive you have been using has is infected. We will examine it and the working computer later on.
  • Double click on the OTViewIt icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Set File age to 60 days.
  • Click Run Scan button.
  • Two reports will open, copy and paste them to your reply:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
You might want to save this page on your favorites, so you can find it again when you return.


[*]Tell me if you have run other tools than already mentioned in the thread. And please update me on the current condition of your computer.
[/list]

#3 fluffball

fluffball
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:12:57 PM

Posted 23 February 2009 - 01:59 AM

Thankyou for your reply farbar. I decided to reformat the system, since my computer is full of cluttered junk like old assignments, games i never play and so on. Going to start afresh. Is there a tutorial of some sort you can reccomend to help?
Anyway, by the time you might be able to reply i'll probably have attempted anyway. I'll keep you posted (in case somehow the virus is still there after the reformat).

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:57 PM

Posted 23 February 2009 - 02:12 AM

Good decision. You can try this:

Windows XP Clean Install

You may also open a topic at technical Windows XP sub-forums to get further Guidance on that. By reformatting the virus can't be there any more.

Let me know you have read this then I can close the topic.

#5 fluffball

fluffball
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:12:57 PM

Posted 23 February 2009 - 06:32 AM

Thanks Farbar. I have reformatted it and now i'm just dealing with drivers and utilites (ugh the pain!). I'm just stumped at getting the wireless to work. Guess i'll post in XP. Thankyou for your helpful advice :thumbup2:

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:57 PM

Posted 23 February 2009 - 09:57 AM

You are welcome fluffball.

It a question of installing the right driver and eventually configuration of the router if you have a router.

Just one last advise: First update windows before installing an antivirus and not the other way around.

This thread is now closed. If you have a new issue in the future please start a new topic.

Good luck!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users