Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

virus/worm help, sluggish comp, program errors, etc


  • This topic is locked This topic is locked
5 replies to this topic

#1 bigleaguechew

bigleaguechew

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:56 PM

Posted 23 April 2009 - 08:58 PM

Hi there, I am a person who makes a good part of their living on their computer and find myself in a bit of trouble. My comp has internet explorer windows in the background going, the occasional error when opening simple programs, sluggish performance, and an inability to access sites like microsoft.com, symantec etc. i thought this might be the my doom worm but the symantic removal tool i got did not detect anything. here is a DDS log I just made. Any and all help would be greatly appreciated. -Drew


DDS (Ver_09-03-16.01) - NTFSx86
Run by Owner at 23:41:15.12 on Thu 04/23/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.171 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\3361\SVCHOST.exe -sysrun
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\dhcp\svchost.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\Program Files\Java\jre6\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\sopidkc.exe
C:\WINDOWS\system32\MAFWTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\reader_s.exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\Program Files\AIM6\aim6.exe
C:\Documents and Settings\Owner\reader_s.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\My Documents\browser downloads\dds.scr
C:\WINDOWS\System32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=presario&pf=desktop
uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=presario&pf=desktop
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=presario&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=presario&pf=desktop
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=presario&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=presario&pf=desktop
mDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=presario&pf=desktop
mSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=presario&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=presario&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=presario&pf=desktop
uInternet Settings,ProxyOverride = localhost;*.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\ntos.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton antivirus\NavShExt.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [reader_s] c:\documents and settings\owner\reader_s.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [VTTimer] VTTimer.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [Reminder] "c:\windows\creator\Remind_XP.exe"
mRun: [M-Audio Taskbar Icon] c:\windows\system32\MAFWTray.exe
mRun: [MAFWTaskbarApp] c:\windows\system32\MAFWTray.exe
mRun: [DigidesignMMERefresh] c:\program files\digidesign\drivers\MMERefresh.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [reader_s] c:\windows\system32\reader_s.exe
mRun: [THGuard] "c:\program files\trojanhunter 5.0\THGuard.exe"
mRun: [svchost.exe] "c:\windows\system32\3361\SVCHOST.exe"
mRun: [Wsikiwuhuropif] rundll32.exe "c:\windows\opamiqayoq.dll",e
mRunOnce: [svchost.exe] "c:\windows\system32\3361\SVCHOST.exe"
dRun: [svc] c:\program files\thunmail\testabd.exe
dRun: [<NO NAME>] c:\windows\temp\s6baou0365.exe
dRun: [Diagnostic Manager] c:\windows\temp\4033724412.exe
dRun: [Windows Resurections] c:\windows\temp\s6baou0365.exe
dRun: [VRT68F] c:\windows\temp\VRT68F.exe
dRun: [Java Syncro] c:\documents and settings\owner\local settings\application data\zchMiB.exe
dRun: [reader_s] c:\documents and settings\owner\reader_s.exe
dRun: [system tool] c:\windows\sysguard.exe
dPolicies-explorer: NoFolderOptions = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1240290892484
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxsrvc.dll
Notify: ramdmm - ramdmm.dll
AppInit_DLLs: c:\progra~1\thunmail\testabd.dll
LSA: Notification Packages = scecli prvmsvos.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\65bzgh1h.default\
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\real\realone player\netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprpjplug.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: XUL Cache: {B00507EA-566B-4DC2-8140-C81ADE317A2A} - c:\documents and settings\owner\local settings\application data\{B00507EA-566B-4DC2-8140-C81ADE317A2A}

============= SERVICES / DRIVERS ===============

R0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys [2009-4-21 16384]
R1 hcref08;hcref08;c:\windows\system32\drivers\hcref08.sys [2009-4-23 8320]
R1 SAVRT;SAVRT;c:\program files\norton antivirus\savrt.sys [2003-8-7 300736]
R1 SAVRTPEL;SAVRTPEL;c:\program files\norton antivirus\Savrtpel.sys [2003-8-7 35008]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2003-8-15 255136]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2003-8-15 234656]
R2 DhcpSrv;Dhcp server;c:\windows\dhcp\svchost.exe [2009-4-21 256512]
R2 msncache;msncache;c:\windows\system32\svchost.exe -k NetworkService [2004-4-29 14336]
R2 sopidkc;sopidkc Service;c:\windows\system32\sopidkc.exe [2004-2-12 194048]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-4-21 45132]
R3 MAFW;MAFW;c:\windows\system32\drivers\mafw.sys [2009-4-21 193032]
R3 navapsvc;Norton AntiVirus Auto Protect Service;c:\program files\norton antivirus\navapsvc.exe [2003-8-18 158376]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20040304.008\NAVENG.Sys [2004-4-3 67752]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20040304.008\NavEx15.Sys [2004-4-3 598632]
S1 ids6422;ids6422;c:\windows\system32\drivers\ids6422.sys --> c:\windows\system32\drivers\ids6422.sys [?]
S1 toj3291;toj3291;c:\windows\system32\drivers\toj3291.sys --> c:\windows\system32\drivers\toj3291.sys [?]
S2 mrtRate;mrtRate; [x]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2003-8-15 87200]
S3 restore;restore;\??\c:\windows\system32\drivers\restore.sys --> c:\windows\system32\drivers\restore.sys [?]
S3 SAVScan;SAVScan;c:\program files\norton antivirus\SAVScan.exe [2003-8-10 193816]

=============== Created Last 30 ================

2009-04-23 14:51 8,320 a------- c:\windows\system32\drivers\hcref08.sys
2009-04-23 12:39 300 a------- c:\windows\Anemut.dat
2009-04-23 12:39 0 a------- c:\windows\Rvofom.bin
2009-04-23 12:27 7 a------- c:\windows\system32\mmtra.bin
2009-04-23 09:40 36,352 a------- c:\windows\system32\5D.tmp
2009-04-23 09:40 44 a------- c:\windows\system32\5C.tmp
2009-04-23 04:55 10,752 a------- c:\windows\system32\iehelper.dll
2009-04-23 04:54 327,184 a------- c:\windows\sysguard.exe
2009-04-23 04:54 31,744 a------- C:\svn.exe
2009-04-23 04:54 397,824 a------- C:\FWSb.exe
2009-04-23 04:43 0 a------- c:\windows\system32\a99k.bin
2009-04-23 04:43 8,320 a------- c:\windows\system32\ramdma.sys
2009-04-23 04:43 22,875 a------- c:\windows\system32\ramdmm.dll
2009-04-22 22:44 232,448 a------- c:\windows\system32\w.exe
2009-04-22 22:44 36,864 a------- c:\windows\system32\dpcxool64.sys
2009-04-22 22:44 8 a------- c:\windows\system32\comsa32.sys
2009-04-22 22:43 15,000 a------- c:\windows\system32\hsf9ikmifj934g.dll
2009-04-22 22:36 25,856 a------- c:\windows\system32\drivers\usbprint.sys
2009-04-22 15:48 54,307 a------- c:\windows\system32\paso.el
2009-04-22 15:48 54,307 a------- c:\windows\system32\aston.mt
2009-04-22 15:48 0 a------- c:\windows\ynh.dx
2009-04-22 15:45 96 a------- c:\windows\system32\43.tmp
2009-04-22 12:07 <DIR> --d----- c:\docume~1\owner\applic~1\TrojanHunter
2009-04-22 02:17 <DIR> --d----- c:\program files\TrojanHunter 5.0
2009-04-22 01:26 38 a------- C:\31.tmp
2009-04-22 01:26 0 a------- C:\30.tmp
2009-04-22 01:26 0 a------- C:\2F.tmp
2009-04-22 01:26 0 a------- C:\2E.tmp
2009-04-22 01:26 0 a------- C:\2D.tmp
2009-04-22 01:26 0 a------- C:\2C.tmp
2009-04-22 01:26 0 a------- C:\2B.tmp
2009-04-22 01:26 0 a------- C:\2A.tmp
2009-04-22 01:26 0 a------- C:\29.tmp
2009-04-22 01:26 38 a------- C:\28.tmp
2009-04-22 01:26 52,736 a------- C:\27.tmp
2009-04-22 01:26 21,504 a------- C:\26.tmp
2009-04-22 01:21 80 a------- c:\windows\system32\6.tmp
2009-04-21 16:47 36,352 a------- c:\windows\system32\reader_s.exe
2009-04-21 16:47 36,352 a------- c:\documents and settings\owner\reader_s.exe
2009-04-21 16:47 80 a------- c:\windows\system32\E9.tmp
2009-04-21 11:55 38 a------- C:\25.tmp
2009-04-21 11:55 0 a------- C:\19.tmp
2009-04-21 11:55 0 a------- C:\18.tmp
2009-04-21 11:55 0 a------- C:\17.tmp
2009-04-21 11:55 0 a------- C:\16.tmp
2009-04-21 11:55 0 a------- C:\15.tmp
2009-04-21 11:55 0 a------- C:\14.tmp
2009-04-21 11:55 0 a------- C:\13.tmp
2009-04-21 11:55 0 a------- C:\12.tmp
2009-04-21 11:55 38 a------- C:\11.tmp
2009-04-21 11:55 52,736 a------- C:\10.tmp
2009-04-21 11:55 21,504 a------- C:\F.tmp
2009-04-21 11:50 <DIR> --dsh--- C:\found.000
2009-04-21 11:22 <DIR> --d----- c:\program files\iPod
2009-04-21 11:22 <DIR> --d----- c:\program files\iTunes
2009-04-21 11:22 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-21 11:21 <DIR> --d----- c:\program files\Bonjour
2009-04-21 03:30 <DIR> --d----- c:\docume~1\owner\applic~1\Malwarebytes
2009-04-21 03:30 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-21 03:30 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-21 03:30 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-21 03:30 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-21 03:22 43 a------- C:\~GLHTTP1.TMP
2009-04-21 03:19 <DIR> --d----- c:\program files\Yahoo!
2009-04-21 03:11 38 a------- C:\E.tmp
2009-04-21 03:11 0 a------- C:\D.tmp
2009-04-21 03:11 0 a------- C:\C.tmp
2009-04-21 03:11 0 a------- C:\B.tmp
2009-04-21 03:11 0 a------- C:\A.tmp
2009-04-21 03:11 0 a------- C:\9.tmp
2009-04-21 03:11 0 a------- C:\8.tmp
2009-04-21 03:11 0 a------- C:\7.tmp
2009-04-21 03:11 0 a------- C:\6.tmp
2009-04-21 03:11 38 a------- C:\5.tmp
2009-04-21 03:11 52,736 a------- C:\4.tmp
2009-04-21 03:11 21,504 a------- C:\3.tmp
2009-04-21 03:07 <DIR> --d----- c:\program files\LanqiEngine
2009-04-21 03:07 3 a------- c:\windows\system32\bversion.dll
2009-04-21 03:07 735,232 a------- c:\windows\system32\AdvOcr.dll
2009-04-21 03:07 94,208 a------- c:\windows\system32\TRSOCR.dll
2009-04-21 03:07 1,308 a------- c:\windows\system32\TRSOCR.ini
2009-04-21 03:07 1,308 a------- c:\windows\system32\TRSOCR.dat
2009-04-21 03:06 565,248 a------- c:\windows\system32\IPHACTION.dll
2009-04-21 03:05 38 a------- C:\24.tmp
2009-04-21 03:05 0 a------- C:\23.tmp
2009-04-21 03:05 0 a------- C:\22.tmp
2009-04-21 03:05 0 a------- C:\21.tmp
2009-04-21 03:05 0 a------- C:\20.tmp
2009-04-21 03:05 0 a------- C:\1F.tmp
2009-04-21 03:05 0 a------- C:\1E.tmp
2009-04-21 03:05 0 a------- C:\1D.tmp
2009-04-21 03:05 0 a------- C:\1C.tmp
2009-04-21 03:05 38 a------- C:\1B.tmp
2009-04-21 03:05 52,736 a------- C:\1A.tmp
2009-04-21 03:05 15,000 a------- c:\windows\system32\hsfiun3487dll
2009-04-21 02:56 0 a------- c:\windows\system32\IpSvchostF.dll
2009-04-21 02:53 54,156 a---h--- c:\windows\QTFont.qfn
2009-04-21 02:53 1,409 a------- c:\windows\QTFont.for
2009-04-21 02:17 182,912 ac------ c:\windows\system32\dllcache\ndis.sys
2009-04-21 02:13 61,440 a------- c:\windows\system32\tcpd.exe
2009-04-21 02:13 21,504 a------- c:\windows\system32\AUTMGR.EXE
2009-04-21 02:13 983,552 a------- c:\windows\system32\kernel32_check.dll
2009-04-21 02:13 172,032 a------- c:\windows\system32\tcpcon.dll
2009-04-21 02:13 10,240 a------- c:\windows\system32\Packer.dll
2009-04-21 02:13 9 a------- c:\windows\system32\iphy.dll
2009-04-21 02:13 3 a------- c:\windows\system32\fhpatch.dll
2009-04-21 02:13 0 a------- c:\windows\system32\fiplock.dll
2009-04-21 02:12 <DIR> --d----- c:\windows\system32\3361
2009-04-21 02:12 108,336 a------- c:\windows\system32\MSWINSCK.OCX
2009-04-21 02:12 <DIR> --d----- c:\windows\dhcp
2009-04-21 02:12 0 a------- c:\windows\system32\42.tmp
2009-04-21 02:12 <DIR> --d----- c:\docume~1\owner\applic~1\Digidesign
2009-04-21 02:12 80 a------- c:\windows\system32\3F.tmp
2009-04-21 02:12 <DIR> --dshr-- c:\program files\ThunMail
2009-04-21 02:11 40,960 a------- c:\windows\system32\xz.exe
2009-04-21 02:11 <DIR> --d----- C:\Digidesign Databases
2009-04-21 02:09 <DIR> --d----- c:\program files\common files\PACE Anti-Piracy
2009-04-21 02:09 <DIR> --d----- c:\docume~1\owner\applic~1\PACE Anti-Piracy
2009-04-21 02:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PACE Anti-Piracy
2009-04-21 02:04 <DIR> --d----- c:\docume~1\owner\applic~1\Ableton
2009-04-21 02:04 368,640 a------- c:\windows\system32\ReWire.dll
2009-04-21 02:04 <DIR> --d----- c:\program files\Ableton
2009-04-21 02:00 <DIR> --d----- c:\program files\InterLok
2009-04-21 02:00 16,384 a------- c:\windows\system32\drivers\DigiFilt.sys
2009-04-21 01:58 <DIR> --d----- c:\program files\Digidesign
2009-04-21 01:58 <DIR> --d----- c:\program files\common files\Digidesign
2009-04-21 01:53 <DIR> --d----- c:\windows\pss
2009-04-21 01:50 713,216 -c------ c:\windows\system32\dllcache\sxs.dll
2009-04-21 01:45 38,912 ac------ c:\windows\system32\dllcache\avc.sys
2009-04-21 01:45 38,912 a------- c:\windows\system32\drivers\avc.sys
2009-04-21 01:45 48,128 ac------ c:\windows\system32\dllcache\61883.sys
2009-04-21 01:45 48,128 a------- c:\windows\system32\drivers\61883.sys
2009-04-21 01:37 410,984 a------- c:\windows\system32\deploytk.dll
2009-04-21 01:37 73,728 a------- c:\windows\system32\javacpl.cpl
2009-04-21 01:35 <DIR> --d----- c:\program files\M-Audio
2009-04-21 01:25 221,184 a------- c:\windows\system32\wmpns.dll
2009-04-21 01:23 <DIR> --d----- c:\windows\peernet
2009-04-21 01:23 <DIR> --d----- c:\windows\provisioning
2009-04-21 01:20 <DIR> --d----- c:\windows\ServicePackFiles
2009-04-21 01:10 <DIR> --d----- c:\windows\EHome
2009-04-21 00:59 31,744 -------- c:\windows\system32\spnpinst.exe
2009-04-21 00:59 67,866 -------- c:\windows\system32\drivers\netwlan5.img
2009-04-21 00:59 7,208 -------- c:\windows\system32\secupd.sig
2009-04-21 00:59 4,569 -------- c:\windows\system32\secupd.dat
2009-04-21 00:27 <DIR> --dshr-- C:\cmdcons
2009-04-21 00:27 <DIR> --d----- c:\windows\setup.pss
2009-04-21 00:27 <DIR> --d----- c:\windows\setupupd
2009-04-21 00:24 <DIR> --d----- c:\windows\system32\PreInstall
2009-04-21 00:24 22,752 a------- c:\windows\system32\spupdsvc.exe
2009-04-21 00:24 <DIR> --d-h--- c:\windows\$hf_mig$
2009-04-21 00:23 <DIR> --d----- c:\windows\system32\bits
2009-04-21 00:21 351,232 a------- c:\windows\system32\winhttp.dll
2009-04-21 00:21 18,944 a------- c:\windows\system32\qmgrprxy.dll
2009-04-21 00:21 438,784 -------- c:\windows\system32\xpob2res.dll
2009-04-21 00:21 8,192 -------- c:\windows\system32\bitsprx2.dll
2009-04-21 00:21 7,168 -------- c:\windows\system32\bitsprx3.dll
2009-04-21 00:16 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Viewpoint
2009-04-21 00:16 <DIR> --d----- c:\program files\Viewpoint
2009-04-21 00:16 <DIR> --d----- c:\docume~1\alluse~1\applic~1\acccore
2009-04-21 00:15 31,768 a------- c:\windows\system32\wucltui.dll.mui
2009-04-21 00:15 23,576 a------- c:\windows\system32\wuaucpl.cpl.mui
2009-04-21 00:15 18,456 a------- c:\windows\system32\wuaueng.dll.mui
2009-04-21 00:15 213,528 a------- c:\windows\system32\wuaucpl.cpl
2009-04-21 00:15 23,576 a------- c:\windows\system32\wuapi.dll.mui
2009-04-21 00:15 <DIR> --d----- c:\program files\common files\AOL
2009-04-21 00:15 <DIR> --d----- c:\program files\AIM6
2009-04-21 00:15 455 a---h--- C:\IPH.PH
2009-04-21 00:05 <DIR> --ds---- c:\documents and settings\owner\UserData
2009-04-21 00:03 4,192 a--shr-- c:\windows\system32\drivers\HP_PC134A-ABA SR1130NX NA430_YC_Pres_QMXM429_E43NAheREG3_4_IKelut_SASUSTek Computer INC._V2.02_B3.07_T040609_WXH1_L409_M512_J160_7AMD_8Athlon XP 3000+_92.1_111063044_N11063065_P_Z11C1048C_K_A11063059_U11063038_G10024E48.MRK
2009-04-21 00:01 21,060 -------- c:\windows\system32\drivers\iviaspi.sys
2009-04-21 00:01 10,368 -------- c:\windows\system32\drivers\pfc.sys
2009-04-21 00:01 204,800 a------- c:\windows\system32\IVIresizeW7.dll
2009-04-21 00:01 200,704 a------- c:\windows\system32\IVIresizeA6.dll
2009-04-21 00:01 192,512 a------- c:\windows\system32\IVIresizeP6.dll
2009-04-21 00:01 192,512 a------- c:\windows\system32\IVIresizeM6.dll
2009-04-21 00:01 188,416 a------- c:\windows\system32\IVIresizePX.dll
2009-04-21 00:01 20,480 a------- c:\windows\system32\IVIresize.dll
2009-04-21 00:00 145,792 ac------ c:\windows\system32\dllcache\portcls.sys
2009-04-21 00:00 60,288 ac------ c:\windows\system32\dllcache\drmk.sys
2009-04-21 00:00 145,792 a------- c:\windows\system32\drivers\portcls.sys
2009-04-21 00:00 60,288 a------- c:\windows\system32\drivers\drmk.sys
2009-04-21 00:00 <DIR> --d----- c:\program files\ATI Technologies
2009-04-20 23:59 24,576 a------- c:\windows\system32\drivers\kbdclass.sys
2009-04-20 23:59 52,736 a------- c:\windows\system32\drivers\i8042prt.sys
2009-04-20 22:53 247 a------- c:\windows\system\hpsysdrv.dat
2009-04-20 22:51 <DIR> --d----- c:\windows\I386
2009-04-20 22:44 <DIR> --d--r-- c:\documents and settings\all users\Documents
2009-04-20 22:44 <DIR> --d--r-- c:\windows\Offline Web Pages
2009-04-20 22:43 <DIR> -cdshr-- c:\windows\system32\dllcache

==================== Find3M ====================

2009-04-21 02:17 182,912 a------- c:\windows\system32\drivers\ndis.sys
2009-04-21 01:27 81,395 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-03-19 16:32 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys

============= FINISH: 23:43:05.39 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:56 PM

Posted 24 April 2009 - 11:06 AM

Hello! :thumbup2:
My name is Sam and I will be helping you.


Hang on Drew. This looks bad.




Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

Important!
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.



Make sure that you save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 bigleaguechew

bigleaguechew
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:56 PM

Posted 25 April 2009 - 11:07 AM

Hi, I actually can't run combofix. after several attempts I still kept getting the same message that the package had been compromised and my computer may be infected with a virus that attaches itself to downloads called Virut. i got symantics conficker removal tool from a yousendit and it did not detect the worm which dissapointed me as i thought that might be a culprit. also, i now have a new user when i log in named nimda i didn't create, this is probably a sign of the nimda virus being present on my computer. lastly my comp is now almost always pegged at 100% CPU usage. good times :thumbup2:

Edited by bigleaguechew, 25 April 2009 - 12:43 PM.


#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:56 PM

Posted 25 April 2009 - 04:02 PM

Ok, let's get tricky and see if we can get Combofix to run.

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3

Posted Image


Posted Image
--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt so we can continue cleaning the system.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 bigleaguechew

bigleaguechew
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:56 PM

Posted 25 April 2009 - 04:50 PM

Thank you very much but I just decided screw it, and re-formatted the drive. Re installing the programs should be fun, ha.

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:56 PM

Posted 25 April 2009 - 04:55 PM

I understand. Thanks for letting me know. :thumbup2:


This thread will now be closed.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users