Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virux F-1/Virut: Suspected infection


  • This topic is locked This topic is locked
4 replies to this topic

#1 zoezoe

zoezoe

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 15 April 2009 - 05:59 AM

I got infected with Virut a few days ago. AVG picked up the virus Virut! Heard it was pretty serious so i went to reformat the lappie. When it came back today, i ran with TrendMicro n picked up Virux F-1. DD: So i found out actually the reformater didnt reformat my D drive n there are exe files there for Virut to infect. I tried to delete manually these exe files in my D drive after tt.

I used Trendmicro again to scan n 'quarantined' all the virus. Right now when i scan using Trendmicro n Spybot, nth gets picked up. But i know this kind of virus tend to manifest after e pc is shut down. So im still afraid its not entirely removed. Ran thru DDS n got the following.

Hope this can hlp mi get rid of this headache virus once n for all.


DDS (Ver_09-03-16.01) - NTFSx86
Run by Zoe at 23:20:05.02 on 15/04/2009 Wed
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_13
AV: Trend Micro Internet Security *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
C:\Windows\system32\DRIVERS\o2flash.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskeng.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Wireless Select Switch\WLSS.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Zoe.ZOE-PC\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.sg/
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [OE] c:\program files\trend micro\internet security\tmas_oe\TMAS_OEMon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [WLSS] c:\program files\wireless select switch\WLSS.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [OE] c:\program files\trend micro\internet security\tmas_oe\TMAS_OEMon.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\zoe~1.zoe\appdata\roaming\mozilla\firefox\profiles\5mcvwd03.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

============= SERVICES / DRIVERS ===============

R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [2009-4-15 17192]
R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\drivers\tmlwf.sys [2008-8-14 145424]
R2 AERTFilters;Andrea RT Filters Service;c:\program files\realtek\audio\hda\AERTSrv.exe [2009-4-14 81920]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-4-15 1153368]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2008-8-14 50192]
R2 TmPfw;Trend Micro Personal Firewall;c:\program files\trend micro\internet security\TmPfw.exe [2009-4-15 497008]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2009-4-15 36368]
R2 TmProxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2009-4-15 677128]
R2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\drivers\tmwfp.sys [2008-8-14 256528]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-6-26 3662848]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-8-22 51288]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2008-6-12 43608]

=============== Created Last 30 ================

2009-04-15 23:15 765,952 a------- c:\windows\system32\xvidcore.dll
2009-04-15 23:15 180,224 a------- c:\windows\system32\xvidvfw.dll
2009-04-15 23:15 77,824 a------- c:\windows\system32\xvid.ax
2009-04-15 23:15 <DIR> --d----- c:\program files\Xvid
2009-04-15 21:49 410,984 a------- c:\windows\system32\deploytk.dll
2009-04-15 21:22 <DIR> --d----- c:\users\zoe.zoe-pc\Tracing
2009-04-15 21:22 <DIR> --d----- c:\program files\Microsoft
2009-04-15 21:21 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-04-15 21:21 <DIR> --d----- c:\windows\PCHEALTH
2009-04-15 21:18 <DIR> --d----- c:\program files\common files\Windows Live
2009-04-15 19:41 <DIR> --d----- c:\programdata\Spybot - Search & Destroy
2009-04-15 19:41 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-04-15 19:41 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy
2009-04-15 19:30 2,048 a------- c:\windows\system32\tzres.dll
2009-04-15 18:42 96,760 a------- c:\windows\system32\dfshim.dll
2009-04-15 18:42 282,112 a------- c:\windows\system32\mscoree.dll
2009-04-15 18:42 41,984 a------- c:\windows\system32\netfxperf.dll
2009-04-15 18:42 158,720 a------- c:\windows\system32\mscorier.dll
2009-04-15 18:42 83,968 a------- c:\windows\system32\mscories.dll
2009-04-15 18:12 <DIR> --d----- c:\program files\CCleaner
2009-04-15 17:10 1,195,512 a------- c:\windows\system32\drivers\vsapint.sys
2009-04-15 17:10 205,328 a------- c:\windows\system32\drivers\tmxpflt.sys
2009-04-15 17:10 36,368 a------- c:\windows\system32\drivers\tmpreflt.sys
2009-04-15 17:06 <DIR> --d----- c:\programdata\Trend Micro
2009-04-15 17:06 <DIR> --d----- c:\progra~2\Trend Micro
2009-04-15 17:05 <DIR> --d----- c:\program files\Trend Micro
2009-04-15 16:57 <DIR> --d----- c:\users\Zoe.ZOE-PC
2009-04-15 15:57 376 a------- c:\windows\ODBC.INI
2009-04-15 15:57 <DIR> --d----- c:\program files\Microsoft ActiveSync
2009-04-15 15:49 <DIR> --d----- c:\programdata\Uninstall
2009-04-15 15:49 <DIR> --d----- c:\progra~2\Uninstall
2009-04-15 15:49 <DIR> --d----- c:\program files\common files\SureThing Shared
2009-04-15 15:49 <DIR> --d----- c:\programdata\Sonic
2009-04-15 15:49 <DIR> --d----- c:\program files\common files\Sonic Shared
2009-04-15 15:49 <DIR> --d----- c:\program files\common files\PX Storage Engine
2009-04-15 15:48 <DIR> --d----- c:\programdata\InstallShield
2009-04-15 15:48 <DIR> --d----- c:\program files\Roxio
2009-04-15 15:45 <DIR> --d----- c:\programdata\Dell
2009-04-15 15:44 499,712 a------- c:\windows\system32\msvcp71.dll
2009-04-15 15:44 348,160 a------- c:\windows\system32\msvcr71.dll
2009-04-15 15:44 1,060,864 a------- c:\windows\system32\MFC71.dll
2009-04-15 15:44 1,047,552 a------- c:\windows\system32\MFC71u.dll
2009-04-15 15:44 89,088 a------- c:\windows\system32\atl71.dll
2009-04-15 15:01 266,240 a------- c:\windows\system32\EMSC.DLL
2009-04-15 15:01 17,192 a------- c:\windows\system32\drivers\EMSC.sys
2009-04-15 15:01 <DIR> --d----- c:\programdata\XP32
2009-04-15 15:01 <DIR> --d----- c:\programdata\Vista64
2009-04-15 15:01 <DIR> --d----- c:\programdata\Vista32
2009-04-15 15:01 <DIR> --d----- c:\progra~2\XP32
2009-04-15 15:01 <DIR> --d----- c:\progra~2\Vista64
2009-04-15 15:01 <DIR> --d----- c:\progra~2\Vista32
2009-04-15 15:01 <DIR> --d----- c:\program files\Wireless Select Switch
2009-04-15 15:01 <DIR> --d----- c:\windows\Downloaded Installations
2009-04-15 13:32 428,544 a------- c:\windows\system32\EncDec.dll
2009-04-15 13:32 293,376 a------- c:\windows\system32\psisdecd.dll
2009-04-15 13:32 217,088 a------- c:\windows\system32\psisrndr.ax
2009-04-15 13:32 177,664 a------- c:\windows\system32\mpg2splt.ax
2009-04-15 13:32 80,896 a------- c:\windows\system32\MSNP.ax
2009-04-15 13:32 57,856 a------- c:\windows\system32\MSDvbNP.ax
2009-04-15 13:27 12,240,896 a------- c:\windows\system32\NlsLexicons0007.dll
2009-04-15 13:27 2,644,480 a------- c:\windows\system32\NlsLexicons0009.dll
2009-04-15 13:27 801,280 a------- c:\windows\system32\NaturalLanguage6.dll
2009-04-15 13:24 7,680 a------- c:\windows\system32\spwmp.dll
2009-04-15 13:24 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-04-15 13:24 4,096 a------- c:\windows\system32\msdxm.ocx
2009-04-15 13:24 4,096 a------- c:\windows\system32\dxmasf.dll
2009-04-15 13:21 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-04-15 13:21 1,695,744 a------- c:\windows\system32\gameux.dll
2009-04-15 13:21 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-04-15 13:19 712,704 a------- c:\windows\system32\WindowsCodecs.dll
2009-04-15 13:19 425,472 a------- c:\windows\system32\PhotoMetadataHandler.dll
2009-04-15 13:19 347,136 a------- c:\windows\system32\WindowsCodecsExt.dll
2009-04-15 13:18 2,868,736 a------- c:\windows\system32\mf.dll
2009-04-15 13:18 996,352 a------- c:\windows\system32\WMNetMgr.dll
2009-04-15 13:18 94,720 a------- c:\windows\system32\logagent.exe
2009-04-15 13:16 988,216 a------- c:\windows\system32\winload.exe
2009-04-15 13:16 615,992 a------- c:\windows\system32\ci.dll
2009-04-15 13:16 19,000 a------- c:\windows\system32\kd1394.dll
2009-04-15 13:16 927,288 a------- c:\windows\system32\winresume.exe
2009-04-15 13:16 378,368 a------- c:\windows\system32\srcore.dll
2009-04-15 13:16 318,464 a------- c:\windows\system32\rstrui.exe
2009-04-15 13:16 46,592 a------- c:\windows\system32\setbcdlocale.dll
2009-04-15 13:16 40,960 a------- c:\windows\system32\srclient.dll
2009-04-15 13:16 14,848 a------- c:\windows\system32\srdelayed.exe
2009-04-15 13:16 6,656 a------- c:\windows\system32\kbd106n.dll
2009-04-15 13:16 1,314,816 a------- c:\windows\system32\quartz.dll
2009-04-15 13:13 212,480 a------- c:\windows\system32\drivers\mrxsmb10.sys
2009-04-15 13:13 1,191,936 a------- c:\windows\system32\msxml3.dll
2009-04-15 13:13 738,304 a------- c:\windows\system32\inetcomm.dll
2009-04-15 13:13 268,288 a------- c:\windows\system32\schannel.dll
2009-04-15 13:13 625,152 a------- c:\windows\system32\drivers\dxgkrnl.sys
2009-04-15 13:13 565,248 a------- c:\windows\system32\emdmgmt.dll
2009-04-15 13:13 148,480 a------- c:\windows\system32\drivers\nwifi.sys
2009-04-15 13:13 45,056 a------- c:\windows\system32\dataclen.dll
2009-04-15 13:13 36,864 a------- c:\windows\system32\cdd.dll
2009-04-15 13:11 147,456 a------- c:\windows\system32\Faultrep.dll
2009-04-15 13:11 125,952 a------- c:\windows\system32\wersvc.dll
2009-04-15 11:41 1,524,736 a------- c:\windows\system32\wucltux.dll
2009-04-15 11:41 83,456 a------- c:\windows\system32\wudriver.dll
2009-04-15 11:41 162,064 a------- c:\windows\system32\wuwebv.dll
2009-04-15 11:41 31,232 a------- c:\windows\system32\wuapp.exe
2009-04-15 11:32 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-04-15 11:30 48,193 a------- c:\programdata\nvModes.dat
2009-04-15 11:30 48,193 a------- c:\progra~2\nvModes.dat
2009-04-15 11:30 <DIR> --d----- c:\programdata\NVIDIA
2009-04-15 11:25 1,108,512 a------- c:\windows\system32\nvcpluir.dll
2009-04-15 11:25 797,216 a------- c:\windows\system32\nvcplui.exe
2009-04-15 11:25 420,384 a------- c:\windows\system32\nvcpl.cpl
2009-04-15 11:24 453,152 a------- c:\windows\system32\nvudisp.exe
2009-04-15 11:24 9,085 a------- c:\windows\system32\nvdisp.nvu
2009-04-15 11:24 453,152 a------- c:\windows\system32\NVUNINST.EXE
2009-04-14 15:25 135,680 a------- c:\windows\system32\drivers\Rtlh86.sys
2009-04-14 15:25 10,240 a------- c:\windows\system32\RtNicProp32.dll
2009-04-14 15:24 53,248 a----r-- c:\windows\system32\CSVer.dll
2009-04-14 15:23 553 -----r-- c:\windows\USetup.iss
2009-04-14 15:23 <DIR> --d----- c:\windows\system32\RTCOM
2009-04-14 15:23 339,968 a------- c:\windows\system32\SRSTSXT.dll
2009-04-14 15:23 135,168 a------- c:\windows\system32\SRSWOW.dll
2009-04-14 15:22 551,456 a------- c:\windows\system32\RTSndMgr.cpl
2009-04-14 15:22 2,257,568 a------- c:\windows\system32\drivers\RTKVHDA.sys
2009-04-14 15:22 956,960 a------- c:\windows\system32\RtkPgExt.dll
2009-04-14 15:22 322,080 a------- c:\windows\system32\RtkApoApi.dll
2009-04-14 15:22 44,064 a------- c:\windows\system32\RtkCoInst.dll
2009-04-14 15:22 44,032 a------- c:\windows\system32\ppChain.dll
2009-04-14 15:22 47,104 a------- c:\windows\system32\ctppld.dll
2009-04-14 15:22 141,312 a------- c:\windows\system32\AERTACap.dll
2009-04-14 15:22 60,416 a------- c:\windows\system32\AERTARen.dll
2009-04-14 15:22 528,384 -----r-- c:\windows\RtlExUpd.dll
2009-04-14 15:18 <DIR> --d----- c:\windows\system32\SDA
2009-04-14 15:18 <DIR> --d----- c:\program files\O2Micro Flash Memory Card Driver
2009-04-14 15:18 <DIR> --dsh--- c:\windows\Installer
2009-04-14 15:14 319,456 a------- c:\windows\system32\difxapi.dll
2009-04-14 15:13 <DIR> --d----- C:\Intel
2009-04-14 15:13 324,120 a------- c:\windows\system32\drivers\iaStor.sys
2009-04-14 08:03 <DIR> --d----- c:\windows\Panther
2009-04-14 08:03 24 a---hr-- c:\windows\dell_version
2009-04-14 08:03 <DIR> --d----- c:\windows\system32\OEM
2009-04-13 17:25 319,456 a------- c:\windows\DIFxAPI.dll
2009-04-13 17:25 2,389,024 a------- c:\windows\system32\RtkAPO.dll
2009-04-13 17:25 497,152 a------- c:\windows\system32\CTAPO32.dll
2009-04-13 17:25 67,072 a------- c:\windows\system32\DaisyWrp.dll
2009-04-13 17:25 <DIR> --d----- c:\program files\Realtek
2009-04-13 17:25 <DIR> --d-h--- c:\program files\Temp
2009-04-02 16:21 <DIR> --d-h--- C:\$AVG8.VAULT$

==================== Find3M ====================

2009-04-15 20:17 665,600 a------- c:\windows\inf\drvindex.dat
2009-04-15 20:17 86,016 a------- c:\windows\inf\infstrng.dat
2009-04-15 20:17 86,016 a------- c:\windows\inf\infstor.dat
2009-04-15 20:17 51,200 a------- c:\windows\inf\infpub.dat
2009-04-03 07:08 50,192 a------- c:\windows\system32\drivers\tmactmon.sys
2009-04-03 07:08 50,192 a------- c:\windows\system32\drivers\tmevtmgr.sys
2009-04-03 07:08 153,104 a------- c:\windows\system32\drivers\tmcomm.sys
2009-03-17 11:38 40,960 a------- c:\windows\apppatch\apihex86.dll
2009-03-17 11:38 13,824 a------- c:\windows\system32\apilogen.dll
2009-03-17 11:38 24,064 a------- c:\windows\system32\amxread.dll
2009-03-04 07:12 80,400 a------- c:\windows\system32\drivers\tmtdi.sys
2009-03-04 07:12 256,528 a------- c:\windows\system32\drivers\tmwfp.sys
2009-03-04 07:12 145,424 a------- c:\windows\system32\drivers\tmlwf.sys
2009-03-03 12:46 3,599,328 a------- c:\windows\system32\ntkrnlpa.exe
2009-03-03 12:46 3,547,632 a------- c:\windows\system32\ntoskrnl.exe
2009-03-03 12:40 827,392 a------- c:\windows\system32\wininet.dll
2009-03-03 12:39 183,296 a------- c:\windows\system32\sdohlp.dll
2009-03-03 12:39 551,424 a------- c:\windows\system32\rpcss.dll
2009-03-03 12:39 26,112 a------- c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 12:37 78,336 a------- c:\windows\system32\ieencode.dll
2009-03-03 12:37 98,304 a------- c:\windows\system32\iasrecst.dll
2009-03-03 12:37 54,784 a------- c:\windows\system32\iasads.dll
2009-03-03 12:37 44,032 a------- c:\windows\system32\iasdatastore.dll
2009-03-03 11:04 666,624 a------- c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 10:38 17,408 a------- c:\windows\system32\iashost.exe
2009-03-03 10:28 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-02-13 16:49 72,704 a------- c:\windows\system32\secur32.dll
2009-02-13 16:49 1,255,936 a------- c:\windows\system32\lsasrv.dll
2009-02-09 11:10 2,033,152 a------- c:\windows\system32\win32k.sys
2009-02-06 18:52 49,504 a------- c:\windows\system32\sirenacm.dll
2008-01-21 10:43 174 a--sh--- c:\program files\desktop.ini
2006-11-02 20:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 20:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 20:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 20:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 17:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 17:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 17:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 17:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 23:20:40.88 ===============

Attached Files


Edited by zoezoe, 15 April 2009 - 10:24 AM.


BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:09:38 PM

Posted 29 April 2009 - 10:42 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 zoezoe

zoezoe
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 29 April 2009 - 02:16 PM

DDS (Ver_09-03-16.01) - NTFSx86
Run by Zoe at 3:12:18.96 on 30/04/2009 Thu
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_13
AV: Trend Micro Internet Security *On-access scanning disabled* (Updated)

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\rundll32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
C:\Windows\system32\CTsvcCDA.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DRIVERS\o2flash.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\Wireless Select Switch\WLSS.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\vsnp2uvc.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\notepad.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Zoe.ZOE-PC\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.sg/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [OE] c:\program files\trend micro\internet security\tmas_oe\TMAS_OEMon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Creative Detector] c:\program files\creative\mediasource\detector\CTDetect.exe /R
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [WLSS] c:\program files\wireless select switch\WLSS.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [snp2uvc] c:\windows\vsnp2uvc.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
dRun: [OE] c:\program files\trend micro\internet security\tmas_oe\TMAS_OEMon.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

================= FIREFOX ===================

FF - ProfilePath - c:\users\zoe~1.zoe\appdata\roaming\mozilla\firefox\profiles\5mcvwd03.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

============= SERVICES / DRIVERS ===============

R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [2009-4-15 17192]
R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\drivers\tmlwf.sys [2008-8-14 145424]
R2 AERTFilters;Andrea RT Filters Service;c:\program files\realtek\audio\hda\AERTSrv.exe [2009-4-14 81920]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-4-15 1153368]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2008-8-14 50192]
R2 TmPfw;Trend Micro Personal Firewall;c:\program files\trend micro\internet security\TmPfw.exe [2009-4-15 497008]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2009-4-15 36368]
R2 TmProxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2009-4-15 677128]
R2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\drivers\tmwfp.sys [2008-8-14 256528]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-6-26 3662848]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-8-22 51288]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2008-6-12 43608]

=============== Created Last 30 ================

2009-04-28 12:20 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-04-28 12:19 647,872 -------- c:\windows\system32\Mscomct2.ocx
2009-04-28 12:19 41,984 -------- c:\windows\Ctregrun.exe
2009-04-28 12:18 183 a------- c:\windows\setuplog
2009-04-28 12:16 25,088 -------- c:\windows\system32\CTSVCCTL.EXE
2009-04-28 12:16 44,032 -------- c:\windows\system32\CTSVCCDA.EXE
2009-04-28 12:11 <DIR> --d----- c:\program files\Creative
2009-04-28 01:57 <DIR> --d----- c:\users\zoe.zoe-pc\{37a7e72c-7afa-42d7-9173-69ecd0809dc3}
2009-04-28 01:17 <DIR> --d----- c:\users\zoe~1.zoe\appdata\roaming\DriverCure
2009-04-28 01:16 <DIR> --d----- c:\programdata\ParetoLogic
2009-04-28 01:16 <DIR> --d----- c:\programdata\DriverCure
2009-04-28 01:16 <DIR> --d----- c:\program files\common files\ParetoLogic
2009-04-28 01:16 <DIR> --d----- c:\progra~2\ParetoLogic
2009-04-28 01:16 <DIR> --d----- c:\progra~2\DriverCure
2009-04-28 00:48 <DIR> --d----- c:\programdata\Roxio
2009-04-27 22:18 <DIR> --d----- c:\program files\VideoLAN
2009-04-24 15:34 <DIR> --d----- c:\programdata\Lavasoft
2009-04-22 02:26 59,464 a------- c:\users\zoe~1.zoe\appdata\roaming\GDIPFONTCACHEV1.DAT
2009-04-20 10:06 <DIR> --d----- c:\windows\system32\Service
2009-04-16 17:49 611 a------- c:\windows\bcmwl.log.2
2009-04-16 17:26 <DIR> --d----- c:\program files\Granado Espada
2009-04-16 10:23 <DIR> --d----- c:\windows\system32\Dell
2009-04-16 10:23 <DIR> --d----- c:\program files\Dell
2009-04-16 10:20 611 a------- c:\windows\bcmwl.log.1
2009-04-16 09:33 94,208 a------- c:\windows\amcap.exe
2009-04-16 09:33 569,344 a------- c:\windows\vsnp2uvc.exe
2009-04-16 09:33 15,497 a------- c:\windows\snp2uvc.ini
2009-04-16 09:33 13,022 a------- c:\windows\snp2uvc.src
2009-04-16 09:33 9,599,872 a------- c:\windows\system32\drivers\snp2uvc.sys
2009-04-16 09:33 299,008 a------- c:\windows\system32\vsnp2uvc.dll
2009-04-16 09:33 81,920 a------- c:\windows\system32\rsnp2uvc.dll
2009-04-16 09:33 53,248 a------- c:\windows\system32\csnp2uvc.dll
2009-04-16 09:33 27,904 a------- c:\windows\system32\drivers\sncduvc.sys
2009-04-16 09:33 <DIR> --d----- c:\program files\common files\snp2uvc
2009-04-16 00:25 <DIR> --d----- c:\programdata\Adobe
2009-04-15 23:15 765,952 a------- c:\windows\system32\xvidcore.dll
2009-04-15 23:15 180,224 a------- c:\windows\system32\xvidvfw.dll
2009-04-15 23:15 77,824 a------- c:\windows\system32\xvid.ax
2009-04-15 23:15 <DIR> --d----- c:\program files\Xvid
2009-04-15 21:49 410,984 a------- c:\windows\system32\deploytk.dll
2009-04-15 21:22 <DIR> --d----- c:\users\zoe.zoe-pc\Tracing
2009-04-15 21:22 <DIR> --d----- c:\program files\Microsoft
2009-04-15 21:21 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-04-15 21:21 <DIR> --d----- c:\windows\PCHEALTH
2009-04-15 21:18 <DIR> --d----- c:\program files\common files\Windows Live
2009-04-15 19:41 <DIR> --d----- c:\programdata\Spybot - Search & Destroy
2009-04-15 19:41 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-04-15 19:41 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy
2009-04-15 19:30 2,048 a------- c:\windows\system32\tzres.dll
2009-04-15 18:42 96,760 a------- c:\windows\system32\dfshim.dll
2009-04-15 18:42 282,112 a------- c:\windows\system32\mscoree.dll
2009-04-15 18:42 41,984 a------- c:\windows\system32\netfxperf.dll
2009-04-15 18:42 158,720 a------- c:\windows\system32\mscorier.dll
2009-04-15 18:42 83,968 a------- c:\windows\system32\mscories.dll
2009-04-15 18:12 <DIR> --d----- c:\program files\CCleaner
2009-04-15 17:10 1,195,512 a------- c:\windows\system32\drivers\vsapint.sys
2009-04-15 17:10 205,328 a------- c:\windows\system32\drivers\tmxpflt.sys
2009-04-15 17:10 36,368 a------- c:\windows\system32\drivers\tmpreflt.sys
2009-04-15 17:06 <DIR> --d----- c:\programdata\Trend Micro
2009-04-15 17:06 <DIR> --d----- c:\progra~2\Trend Micro
2009-04-15 17:05 <DIR> --d----- c:\program files\Trend Micro
2009-04-15 16:57 <DIR> --d----- c:\users\Zoe.ZOE-PC
2009-04-15 15:57 376 a------- c:\windows\ODBC.INI
2009-04-15 15:57 <DIR> --d----- c:\program files\Microsoft ActiveSync
2009-04-15 15:49 <DIR> --d----- c:\programdata\Uninstall
2009-04-15 15:49 <DIR> --d----- c:\progra~2\Uninstall
2009-04-15 15:49 <DIR> --d----- c:\program files\common files\SureThing Shared
2009-04-15 15:49 <DIR> --d----- c:\programdata\Sonic
2009-04-15 15:49 <DIR> --d----- c:\program files\common files\Sonic Shared
2009-04-15 15:49 <DIR> --d----- c:\program files\common files\PX Storage Engine
2009-04-15 15:48 <DIR> --d----- c:\programdata\InstallShield
2009-04-15 15:48 <DIR> --d----- c:\program files\Roxio
2009-04-15 15:45 <DIR> --d----- c:\programdata\Dell
2009-04-15 15:44 499,712 a------- c:\windows\system32\msvcp71.dll
2009-04-15 15:44 348,160 a------- c:\windows\system32\msvcr71.dll
2009-04-15 15:44 1,060,864 a------- c:\windows\system32\MFC71.dll
2009-04-15 15:44 1,047,552 a------- c:\windows\system32\MFC71u.dll
2009-04-15 15:44 89,088 a------- c:\windows\system32\atl71.dll
2009-04-15 15:01 266,240 a------- c:\windows\system32\EMSC.DLL
2009-04-15 15:01 17,192 a------- c:\windows\system32\drivers\EMSC.sys
2009-04-15 15:01 <DIR> --d----- c:\programdata\XP32
2009-04-15 15:01 <DIR> --d----- c:\programdata\Vista64
2009-04-15 15:01 <DIR> --d----- c:\programdata\Vista32
2009-04-15 15:01 <DIR> --d----- c:\progra~2\XP32
2009-04-15 15:01 <DIR> --d----- c:\progra~2\Vista64
2009-04-15 15:01 <DIR> --d----- c:\progra~2\Vista32
2009-04-15 15:01 <DIR> --d----- c:\program files\Wireless Select Switch
2009-04-15 15:01 <DIR> --d----- c:\windows\Downloaded Installations
2009-04-15 13:32 428,544 a------- c:\windows\system32\EncDec.dll
2009-04-15 13:32 293,376 a------- c:\windows\system32\psisdecd.dll
2009-04-15 13:32 217,088 a------- c:\windows\system32\psisrndr.ax
2009-04-15 13:32 177,664 a------- c:\windows\system32\mpg2splt.ax
2009-04-15 13:32 80,896 a------- c:\windows\system32\MSNP.ax
2009-04-15 13:32 57,856 a------- c:\windows\system32\MSDvbNP.ax
2009-04-15 13:27 12,240,896 a------- c:\windows\system32\NlsLexicons0007.dll
2009-04-15 13:27 2,644,480 a------- c:\windows\system32\NlsLexicons0009.dll
2009-04-15 13:27 801,280 a------- c:\windows\system32\NaturalLanguage6.dll
2009-04-15 13:24 7,680 a------- c:\windows\system32\spwmp.dll
2009-04-15 13:24 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-04-15 13:24 4,096 a------- c:\windows\system32\msdxm.ocx
2009-04-15 13:24 4,096 a------- c:\windows\system32\dxmasf.dll
2009-04-15 13:21 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-04-15 13:21 1,695,744 a------- c:\windows\system32\gameux.dll
2009-04-15 13:21 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-04-15 13:19 712,704 a------- c:\windows\system32\WindowsCodecs.dll
2009-04-15 13:19 425,472 a------- c:\windows\system32\PhotoMetadataHandler.dll
2009-04-15 13:19 347,136 a------- c:\windows\system32\WindowsCodecsExt.dll
2009-04-15 13:18 2,868,736 a------- c:\windows\system32\mf.dll
2009-04-15 13:18 996,352 a------- c:\windows\system32\WMNetMgr.dll
2009-04-15 13:18 94,720 a------- c:\windows\system32\logagent.exe
2009-04-15 13:16 988,216 a------- c:\windows\system32\winload.exe
2009-04-15 13:16 615,992 a------- c:\windows\system32\ci.dll
2009-04-15 13:16 19,000 a------- c:\windows\system32\kd1394.dll
2009-04-15 13:16 927,288 a------- c:\windows\system32\winresume.exe
2009-04-15 13:16 378,368 a------- c:\windows\system32\srcore.dll
2009-04-15 13:16 318,464 a------- c:\windows\system32\rstrui.exe
2009-04-15 13:16 46,592 a------- c:\windows\system32\setbcdlocale.dll
2009-04-15 13:16 40,960 a------- c:\windows\system32\srclient.dll
2009-04-15 13:16 14,848 a------- c:\windows\system32\srdelayed.exe
2009-04-15 13:16 6,656 a------- c:\windows\system32\kbd106n.dll
2009-04-15 13:16 1,314,816 a------- c:\windows\system32\quartz.dll
2009-04-15 13:13 212,480 a------- c:\windows\system32\drivers\mrxsmb10.sys
2009-04-15 13:13 1,191,936 a------- c:\windows\system32\msxml3.dll
2009-04-15 13:13 738,304 a------- c:\windows\system32\inetcomm.dll
2009-04-15 13:13 268,288 a------- c:\windows\system32\schannel.dll
2009-04-15 13:13 625,152 a------- c:\windows\system32\drivers\dxgkrnl.sys
2009-04-15 13:13 565,248 a------- c:\windows\system32\emdmgmt.dll
2009-04-15 13:13 148,480 a------- c:\windows\system32\drivers\nwifi.sys
2009-04-15 13:13 45,056 a------- c:\windows\system32\dataclen.dll
2009-04-15 13:13 36,864 a------- c:\windows\system32\cdd.dll
2009-04-15 13:11 147,456 a------- c:\windows\system32\Faultrep.dll
2009-04-15 13:11 125,952 a------- c:\windows\system32\wersvc.dll
2009-04-15 11:41 1,524,736 a------- c:\windows\system32\wucltux.dll
2009-04-15 11:41 83,456 a------- c:\windows\system32\wudriver.dll
2009-04-15 11:41 162,064 a------- c:\windows\system32\wuwebv.dll
2009-04-15 11:41 31,232 a------- c:\windows\system32\wuapp.exe
2009-04-15 11:32 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-04-15 11:30 48,193 a------- c:\programdata\nvModes.dat
2009-04-15 11:30 48,193 a------- c:\progra~2\nvModes.dat
2009-04-15 11:30 <DIR> --d----- c:\programdata\NVIDIA
2009-04-15 11:25 1,108,512 a------- c:\windows\system32\nvcpluir.dll
2009-04-15 11:25 797,216 a------- c:\windows\system32\nvcplui.exe
2009-04-15 11:25 420,384 a------- c:\windows\system32\nvcpl.cpl
2009-04-15 11:24 453,152 a------- c:\windows\system32\nvudisp.exe
2009-04-15 11:24 9,085 a------- c:\windows\system32\nvdisp.nvu
2009-04-15 11:24 453,152 a------- c:\windows\system32\NVUNINST.EXE
2009-04-14 15:25 135,680 a------- c:\windows\system32\drivers\Rtlh86.sys
2009-04-14 15:25 10,240 a------- c:\windows\system32\RtNicProp32.dll
2009-04-14 15:24 53,248 a------- c:\windows\system32\CSVer.dll
2009-04-14 15:23 553 -----r-- c:\windows\USetup.iss
2009-04-14 15:23 <DIR> --d----- c:\windows\system32\RTCOM
2009-04-14 15:23 339,968 a------- c:\windows\system32\SRSTSXT.dll
2009-04-14 15:23 135,168 a------- c:\windows\system32\SRSWOW.dll
2009-04-14 15:22 551,456 a------- c:\windows\system32\RTSndMgr.cpl
2009-04-14 15:22 2,257,568 a------- c:\windows\system32\drivers\RTKVHDA.sys
2009-04-14 15:22 956,960 a------- c:\windows\system32\RtkPgExt.dll
2009-04-14 15:22 322,080 a------- c:\windows\system32\RtkApoApi.dll
2009-04-14 15:22 44,064 a------- c:\windows\system32\RtkCoInst.dll
2009-04-14 15:22 44,032 a------- c:\windows\system32\ppChain.dll
2009-04-14 15:22 47,104 a------- c:\windows\system32\ctppld.dll
2009-04-14 15:22 141,312 a------- c:\windows\system32\AERTACap.dll
2009-04-14 15:22 60,416 a------- c:\windows\system32\AERTARen.dll
2009-04-14 15:22 528,384 -----r-- c:\windows\RtlExUpd.dll
2009-04-14 15:18 <DIR> --d----- c:\windows\system32\SDA
2009-04-14 15:18 <DIR> --d----- c:\program files\O2Micro Flash Memory Card Driver
2009-04-14 15:18 <DIR> --dsh--- c:\windows\Installer
2009-04-14 15:14 319,456 a------- c:\windows\system32\difxapi.dll
2009-04-14 15:13 <DIR> --d----- C:\Intel
2009-04-14 15:13 324,120 a------- c:\windows\system32\drivers\iaStor.sys
2009-04-14 08:03 <DIR> --d----- c:\windows\Panther
2009-04-14 08:03 24 a---hr-- c:\windows\dell_version
2009-04-14 08:03 <DIR> --d----- c:\windows\system32\OEM
2009-04-13 17:25 319,456 a------- c:\windows\DIFxAPI.dll
2009-04-13 17:25 2,389,024 a------- c:\windows\system32\RtkAPO.dll
2009-04-13 17:25 497,152 a------- c:\windows\system32\CTAPO32.dll
2009-04-13 17:25 67,072 a------- c:\windows\system32\DaisyWrp.dll
2009-04-13 17:25 <DIR> --d----- c:\program files\Realtek
2009-04-13 17:25 <DIR> --d-h--- c:\program files\Temp
2009-04-02 16:21 <DIR> --d-h--- C:\$AVG8.VAULT$

==================== Find3M ====================

2009-04-16 17:50 86,016 a------- c:\windows\inf\infstrng.dat
2009-04-16 17:50 51,200 a------- c:\windows\inf\infpub.dat
2009-04-16 10:19 86,016 a------- c:\windows\inf\infstor.dat
2009-04-15 20:17 665,600 a------- c:\windows\inf\drvindex.dat
2009-04-03 07:08 50,192 a------- c:\windows\system32\drivers\tmactmon.sys
2009-04-03 07:08 50,192 a------- c:\windows\system32\drivers\tmevtmgr.sys
2009-04-03 07:08 153,104 a------- c:\windows\system32\drivers\tmcomm.sys
2009-03-17 11:38 40,960 a------- c:\windows\apppatch\apihex86.dll
2009-03-17 11:38 13,824 a------- c:\windows\system32\apilogen.dll
2009-03-17 11:38 24,064 a------- c:\windows\system32\amxread.dll
2009-03-04 07:12 80,400 a------- c:\windows\system32\drivers\tmtdi.sys
2009-03-04 07:12 256,528 a------- c:\windows\system32\drivers\tmwfp.sys
2009-03-04 07:12 145,424 a------- c:\windows\system32\drivers\tmlwf.sys
2009-03-03 12:46 3,599,328 a------- c:\windows\system32\ntkrnlpa.exe
2009-03-03 12:46 3,547,632 a------- c:\windows\system32\ntoskrnl.exe
2009-03-03 12:40 827,392 a------- c:\windows\system32\wininet.dll
2009-03-03 12:39 183,296 a------- c:\windows\system32\sdohlp.dll
2009-03-03 12:39 551,424 a------- c:\windows\system32\rpcss.dll
2009-03-03 12:39 26,112 a------- c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 12:37 78,336 a------- c:\windows\system32\ieencode.dll
2009-03-03 12:37 98,304 a------- c:\windows\system32\iasrecst.dll
2009-03-03 12:37 54,784 a------- c:\windows\system32\iasads.dll
2009-03-03 12:37 44,032 a------- c:\windows\system32\iasdatastore.dll
2009-03-03 11:04 666,624 a------- c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 10:38 17,408 a------- c:\windows\system32\iashost.exe
2009-03-03 10:28 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-02-13 16:49 72,704 a------- c:\windows\system32\secur32.dll
2009-02-13 16:49 1,255,936 a------- c:\windows\system32\lsasrv.dll
2009-02-09 11:10 2,033,152 a------- c:\windows\system32\win32k.sys
2009-02-06 18:52 49,504 a------- c:\windows\system32\sirenacm.dll
2008-01-21 10:43 174 a--sh--- c:\program files\desktop.ini
2006-11-02 20:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 20:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 20:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 20:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 17:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 17:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 17:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 17:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 3:12:43.22 ===============

Attached Files



#4 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:04:38 AM

Posted 01 May 2009 - 06:50 PM

Hi,

Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Read the requirements and privacy statement then click on the Accept button.
  • The program will launch and start to download the latest definition files.
  • You will be prompted to install an application from Kaspersky. Click Run
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
  • Spyware, Adware, Dialers, and other potentially dangerous programs
    Archives
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • Click on Save Report As....
  • Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Save this report to a convenient place.
  • Copy and paste that information & a fresh dds.txt log into your topic.
  • The scan will take a while so be patient and let it run. As it scans your machine very deeply it could take hours to complete, Kaspersky suggests running it during a time of low activity.
If you need a tutorial, see here

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#5 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:04:38 AM

Posted 09 May 2009 - 12:34 PM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact a Staff member. Include the address of this thread in your request. This applies only to the original topic starter. Should you have a new issue, please start a New Topic.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users