Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Recurring Win32.TDSS.rtk infection


  • This topic is locked This topic is locked
2 replies to this topic

#1 Nolat

Nolat

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:49 PM

Posted 31 May 2009 - 02:27 PM

Sometimes antivirus programs like Spybot and Malwarebytes cannot start, and when I do scan with them they often detect viruses that they cannot remove completely, requiring me to restart. Yet when I do restart the viruses remain. I have attached my MAB log as well as I think it may help.

Also, my google searches sometimes get redirected.

Here is my log:


DDS (Ver_09-05-14.01) - NTFSx86
Run by ALEX at 14:11:42.87 on Sun 05/31/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3326.2262 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Norman Security Suite *On-access scanning disabled* (Updated) {EB9EFB40-AE72-4C43-B204-0FCD0E92D5F1}
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: avast! antivirus 4.8.1335 [VPS 090530-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\Program Files\Norman\Npm\Bin\Elogsvc.exe
C:\Program Files\Norman\Ngs\Bin\Nprosec.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Norman\Npm\Bin\Zanda.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Norman\npm\bin\nvoy.exe
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\2Wire\2PortalMon.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Norman\Npm\Bin\ZLH.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\BOINC\boinctray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\ALEX\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\MagicTune Premium\GammaTray.exe
svchost.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\MagicTune Premium\MagicTune.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Norman\Npm\Bin\scheduler.exe
C:\Program Files\Norman\Npm\Bin\Njeeves.exe
C:\Program Files\Norman\Nvc\Bin\Nip.exe
C:\Program Files\Norman\Nvc\Bin\cclaw.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Documents and Settings\ALEX\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://yahoo.sbc.com/dsl
uSearch Page = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
uSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
mDefault_Page_URL = hxxp://yahoo.sbc.com/dsl
mDefault_Search_URL = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
mSearch Page = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
mStart Page = hxxp://yahoo.sbc.com/dsl
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
BHO: {a6c7b2a1-00f3-42bd-f434-00aaba2c8953} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Yahoo! Companion: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\common\ycomp5_1_6_0.dll
EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\program files\yahoo!\messenger\yhexbmes.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [ControlCenter2.0] c:\program files\brother\controlcenter2\brctrcen.exe /autorun
mRun: [2wSysTray] c:\program files\2wire\2PortalMon.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [ssbkgdupdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [setdefprt] c:\program files\brother\brmfl04a\BrStDvPt.exe
mRun: [rthdcpl] RTHDCPL.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [phime2002async] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [phime2002a] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [mspy2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [ipinsightmonitor 01] "c:\program files\sbc yahoo!\connection manager\ip insight\IPMon32.exe"
mRun: [imjpmig8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [alcmtr] ALCMTR.EXE
mRun: [adobe reader speed launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
dRun: [Diagnostic Manager] c:\windows\temp\1547843544.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\gammat~1.lnk - c:\program files\magictune premium\GammaTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ncprot~1.lnk - c:\program files\sec\natural color pro\NCProTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\status~1.lnk - c:\program files\brother\brmfcmon\BrMfcWnd.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Yahoo! Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2499216C-4BA5-11D5-BD9C-000103C116D5} - {2499216C-4BA5-11D5-BD9C-000103C116D5} - c:\program files\yahoo!\common\ylogin.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - {4C171D40-8277-11D5-AD55-00010333D0AD} - c:\program files\yahoo!\messenger\yhexbmes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=67633
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper20073151.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1230714398755
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - hxxp://download.yahoo.com/dl/installs/ymail/ymmapi.dll
DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - hxxp://download.yahoo.com/dl/installs/yab_af.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} - hxxp://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: rqRjhijg - rqRjhijg.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\alex\applic~1\mozilla\firefox\profiles\f774u656.default\
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-4-23 64160]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-5-31 28544]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-5-30 130936]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-5-31 114768]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-5-31 11608]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-1-26 325896]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-1-26 27784]
R1 NGS;Norman General Security Driver;c:\program files\norman\ngs\bin\ngs.sys [2009-5-31 22712]
R1 NPROSEC;Norman Security driver;c:\program files\norman\ngs\bin\nprosec.sys [2009-5-31 53816]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-5-26 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-5-26 72944]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-5-31 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-5-31 185089]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-5-31 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-5-31 138680]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-2-1 298776]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-5-31 55640]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1005904]
R2 Ndiskio;Ndiskio;c:\program files\norman\nse\bin\Ndiskio.sys [2009-5-31 20448]
R2 Norman ZANDA;Norman ZANDA;c:\program files\norman\npm\bin\Zanda.exe [2009-2-25 408696]
R2 NPROSECSVC;Norman Security service;c:\program files\norman\ngs\bin\nprosec.exe [2009-5-31 121912]
R2 NVOY;Norman Resource Provider;c:\program files\norman\npm\bin\nvoy.exe [2009-5-31 126008]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-1-4 24652]
R3 BCM42XX;Broadcom iLine10™ Network Adapter Driver;c:\windows\system32\drivers\bcm42xx5.sys [2008-12-6 54271]
R3 NvcMFlt;NvcMFlt;c:\windows\system32\drivers\nvcw32mf.sys [2009-5-31 19512]
R3 PbsAuDrv;PolderbitS Audio Driver;c:\windows\system32\drivers\pbsaudrv.sys [2009-5-12 110752]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-5-26 7408]
R3 Scheduler;Norman Scheduler Service;c:\program files\norman\npm\bin\scheduler.exe [2009-5-31 130104]
R3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [2009-5-11 127496]
S1 f8245a6f;f8245a6f;c:\windows\system32\drivers\f8245a6f.sys [2009-5-20 0]
S2 AshEvtSvc;AshEvtSvc;c:\windows\system32\ashevtsvc.exe -k netsvcs --> c:\windows\system32\AshEvtSvc.exe -k netsvcs [?]
S2 qosywe;qosywe;c:\windows\system32\drivers\zxqnea.sys --> c:\windows\system32\drivers\zxqnea.sys [?]
S2 sciyh;sciyh; [x]
S2 wiatjhk;wiatjhk;c:\windows\system32\drivers\rdissx.sys --> c:\windows\system32\drivers\rdIssx.sys [?]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-5-31 254040]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-5-31 352920]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-3-10 38496]
S3 nsesvc;Norman Scanner Engine Service;c:\program files\norman\nse\bin\Nsesvc.exe [2009-5-31 310328]
S3 nvcoas;Norman Virus Control on-access component;c:\program files\norman\nvc\bin\Nvcoas.exe [2009-5-31 195640]
S3 oUltraf;oUltraf;\??\c:\docume~1\alex\locals~1\temp\oultraf.sys --> c:\docume~1\alex\locals~1\temp\oUltraf.sys [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-5-29 348752]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-5-29 1095560]
S3 ultradfg;ultradfg;c:\windows\system32\drivers\ultradfg.sys [2009-5-13 33792]

=============== Created Last 30 ================

2009-05-31 13:48 1,341,837 a------- C:\MGtools.exe
2009-05-31 02:35 73,728 a------- c:\windows\system32\javacpl.cpl
2009-05-31 02:32 212,024 a------- c:\windows\system32\nscrnsav.scr
2009-05-31 02:32 19,512 a------- c:\windows\system32\drivers\nvcw32mf.sys
2009-05-31 02:31 <DIR> --d----- c:\program files\Norman
2009-05-31 02:15 1,060,864 a------- c:\windows\system32\MFC71.dll
2009-05-31 02:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-05-31 02:01 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-05-31 02:01 <DIR> --d----- c:\docume~1\alex\applic~1\SUPERAntiSpyware.com
2009-05-31 01:22 55,640 a------- c:\windows\system32\drivers\avgntflt.sys
2009-05-31 01:22 <DIR> --d----- c:\program files\Avira
2009-05-31 01:22 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2009-05-31 00:55 <DIR> --d----- c:\program files\SpywareBlaster
2009-05-31 00:48 28,544 a------- c:\windows\system32\drivers\pavboot.sys
2009-05-31 00:47 <DIR> --d----- c:\program files\Panda Security
2009-05-30 21:10 2,044,927 a------- C:\fraglist.luar
2009-05-30 13:32 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-05-30 13:32 130,936 a------- c:\windows\system32\drivers\PCTCore.sys
2009-05-30 13:32 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-05-30 13:32 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-05-30 13:32 <DIR> --d----- c:\program files\common files\PC Tools
2009-05-30 13:32 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2009-05-29 23:15 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AIM
2009-05-29 16:32 3,506,397 a------- C:\fraglist.htm
2009-05-29 16:28 <DIR> --d----- c:\windows\UltraDefrag
2009-05-29 06:23 81,288 a------- c:\windows\system32\drivers\iksyssec.sys
2009-05-29 06:23 66,952 a------- c:\windows\system32\drivers\iksysflt.sys
2009-05-29 06:23 40,840 a------- c:\windows\system32\drivers\ikfilesec.sys
2009-05-29 06:23 29,576 a------- c:\windows\system32\drivers\kcom.sys
2009-05-29 06:22 <DIR> --d----- c:\program files\Spyware Doctor
2009-05-29 06:22 <DIR> --d----- c:\docume~1\alex\applic~1\PC Tools
2009-05-29 05:37 12,770 a------- c:\windows\system32\oodbs.lor
2009-05-29 05:25 <DIR> --d----- c:\windows\system32\oodag
2009-05-29 05:24 <DIR> --d----- c:\program files\OO Software
2009-05-29 04:50 <DIR> --d----- c:\docume~1\alex\applic~1\Auslogics
2009-05-29 04:50 <DIR> --d----- c:\program files\Auslogics
2009-05-28 05:32 <DIR> --d----- c:\program files\Battle for Wesnoth 1.7.0
2009-05-20 17:52 <DIR> --d----- c:\windows\pss
2009-05-20 17:51 106 a------- C:\xcrashdump.dat
2009-05-20 17:38 182,912 ac------ c:\windows\system32\dllcache\ndis.sys
2009-05-20 17:35 5,569 -------- c:\windows\system32\uacinit.dll
2009-05-20 17:35 66,560 a------- c:\windows\system32\UACibuiexyoebtkbos.dll
2009-05-20 17:35 19,456 a------- c:\windows\system32\UACnpuyamlrfslkgpa.dll
2009-05-20 17:35 19,968 a------- c:\windows\system32\UACkrfogoxtsckwbab.dll
2009-05-20 17:35 224 a------- c:\windows\system32\UACdyajuxjdldbgvvm.dat
2009-05-20 17:35 25,600 a------- c:\windows\system32\UACepxgytqgwykxmqr.dll
2009-05-20 17:34 0 a------- c:\windows\system32\drivers\f8245a6f.sys
2009-05-20 17:34 <DIR> --d----- c:\windows\system32\870159
2009-05-19 05:28 102,664 a------- c:\windows\system32\drivers\tmcomm.sys
2009-05-17 14:18 <DIR> --d----- c:\docume~1\alex\applic~1\Black Sea Studios
2009-05-13 03:16 <DIR> --d-h--- c:\windows\PIF
2009-05-12 00:13 350,240 a------- c:\windows\system32\PbsAuDrvPropPage_uk.dll
2009-05-12 00:13 110,752 a------- c:\windows\system32\drivers\pbsaudrv.sys
2009-05-12 00:13 24 a------- c:\windows\system32\Drv64_32.dat
2009-05-12 00:13 <DIR> --d----- c:\program files\PolderbitS
2009-05-11 23:58 <DIR> --d----- c:\docume~1\alex\applic~1\TotalRecorder
2009-05-11 23:53 127,496 a------- c:\windows\system32\drivers\TotRec7.sys
2009-05-11 23:53 106,496 a------- c:\windows\system32\DrvTrNTl.dll
2009-05-11 23:53 61,448 a------- c:\windows\system32\DrvTrNTm.dll
2009-05-11 23:53 <DIR> --d----- c:\program files\HighCriteria
2009-05-11 23:24 54,156 a---h--- c:\windows\QTFont.qfn
2009-05-11 23:24 1,409 a------- c:\windows\QTFont.for
2009-05-11 23:22 <DIR> --d----- c:\program files\Audacity
2009-05-10 15:23 <DIR> --d----- C:\DirectX2
2009-05-10 12:28 <DIR> --d----- c:\docume~1\alex\applic~1\Tilted Mill
2009-05-10 03:30 <DIR> --d----- C:\Torrent
2009-05-09 19:18 <DIR> --d----- c:\docume~1\alex\applic~1\Mount&Blade
2009-05-09 19:11 <DIR> --d----- c:\program files\Mount&Blade
2009-05-09 18:13 <DIR> --d----- c:\docume~1\alex\applic~1\RobinsonCrusoeREF
2009-05-09 17:07 <DIR> --d----- c:\program files\ReflexiveArcade
2009-05-06 16:52 84 a------- c:\windows\opt_2460.ini
2009-05-05 16:41 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-05-05 16:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-05-04 02:45 <DIR> --d----- c:\documents and settings\alex\.housecall6.6
2009-05-03 21:28 <DIR> --d----- c:\program files\Battle for Wesnoth 1.6.1
2009-05-02 11:48 <DIR> --d----- c:\program files\vso

==================== Find3M ====================

2009-05-31 02:34 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-28 15:34 15,688 a------- c:\windows\system32\lsdelete.exe
2009-05-20 17:38 182,912 a------- c:\windows\system32\drivers\ndis.sys
2009-05-13 01:56 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-05-08 09:30 325,896 a------- c:\windows\system32\drivers\avgldx86.sys
2009-05-08 09:30 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-04-23 15:34 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-04-22 00:20 14,311,680 a------- c:\windows\system32\xlive.dll
2009-04-22 00:20 13,642,496 a------- c:\windows\system32\xlivefnt.dll
2009-04-08 01:41 1,316,096 a------- c:\windows\system32\ooscrsav.scr
2009-04-08 01:41 730,368 a------- c:\windows\system32\oodsvct.exe
2009-04-08 01:40 1,377,536 a------- c:\windows\system32\oodag.exe
2009-04-08 01:39 2,553,088 a------- c:\windows\system32\oodtray.exe
2009-04-08 01:39 194,816 a------- c:\windows\system32\oodbs.exe
2009-04-08 01:35 951,552 a------- c:\windows\system32\oodtrrs.dll
2009-04-08 01:35 541,952 a------- c:\windows\system32\oodssrs.dll
2009-04-08 01:34 9,984 a------- c:\windows\system32\oodbsrs.dll
2009-04-08 01:34 8,448 a------- c:\windows\system32\OODAGRS.DLL
2009-04-08 01:34 15,616 a------- c:\windows\system32\OODAGMG.DLL
2009-04-07 15:00 37,896 a------- c:\windows\system32\drivers\oobctm.sys
2009-04-07 14:59 15,104 a------- c:\windows\system32\ootmapi.dll
2009-04-06 15:32 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 15:32 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-20 17:25 41,808 a------- c:\windows\system32\xfcodec.dll
2009-03-17 21:05 593,920 -------- c:\windows\system32\ati2sgag.exe
2009-03-16 15:27 442,368 a------- c:\windows\system32\ATIDEMGX.dll
2009-03-16 15:26 328,704 a------- c:\windows\system32\ati2dvag.dll
2009-03-16 15:17 307,200 a------- c:\windows\system32\atiiiexx.dll
2009-03-16 15:17 204,800 a------- c:\windows\system32\atipdlxx.dll
2009-03-16 15:16 155,648 a------- c:\windows\system32\Oemdspif.dll
2009-03-16 15:16 26,112 a------- c:\windows\system32\Ati2mdxx.exe
2009-03-16 15:16 43,520 a------- c:\windows\system32\ati2edxx.dll
2009-03-16 15:16 155,648 a------- c:\windows\system32\ati2evxx.dll
2009-03-16 15:15 602,112 a------- c:\windows\system32\ati2evxx.exe
2009-03-16 15:13 53,248 a------- c:\windows\system32\ATIDDC.DLL
2009-03-16 15:06 3,820,736 a------- c:\windows\system32\ati3duag.dll
2009-03-16 15:04 11,563,008 a------- c:\windows\system32\atioglxx.dll
2009-03-16 14:53 2,675,328 a------- c:\windows\system32\ativvaxx.dll
2009-03-16 14:40 49,664 a------- c:\windows\system32\atimpc32.dll
2009-03-16 14:40 49,664 a------- c:\windows\system32\amdpcom32.dll
2009-03-16 14:36 475,136 a------- c:\windows\system32\atikvmag.dll
2009-03-16 14:35 303,104 a------- c:\windows\system32\atiok3x2.dll
2009-03-16 14:35 131,072 a------- c:\windows\system32\atiadlxx.dll
2009-03-16 14:35 45,056 a------- c:\windows\system32\aticalrt.dll
2009-03-16 14:34 45,056 a------- c:\windows\system32\aticalcl.dll
2009-03-16 14:34 17,408 a------- c:\windows\system32\atitvo32.dll
2009-03-16 14:33 3,264,512 a------- c:\windows\system32\aticaldd.dll
2009-03-16 14:28 630,784 a------- c:\windows\system32\ati2cqag.dll
2009-03-16 14:18 517,448 a------- c:\windows\system32\XAudio2_4.dll
2009-03-16 14:18 235,352 a------- c:\windows\system32\xactengine3_4.dll
2009-03-16 14:18 69,448 a------- c:\windows\system32\XAPOFX1_3.dll
2009-03-16 14:18 22,360 a------- c:\windows\system32\X3DAudio1_6.dll
2009-03-11 15:43 21,840 a------- c:\windows\system32\SIntfNT.dll
2009-03-11 15:43 17,212 a------- c:\windows\system32\SIntf32.dll
2009-03-11 15:43 12,067 a------- c:\windows\system32\SIntf16.dll
2009-03-09 15:27 4,178,264 a------- c:\windows\system32\D3DX9_41.dll
2009-03-09 15:27 1,846,632 a------- c:\windows\system32\D3DCompiler_41.dll
2009-03-09 15:27 453,456 a------- c:\windows\system32\d3dx10_41.dll
2009-03-06 09:44 283,648 a------- c:\windows\system32\pdh.dll
2009-03-03 14:56 118,784 a------- c:\windows\system32\atibtmon.exe
2008-12-28 23:07 22,328 a------- c:\docume~1\alex\applic~1\PnkBstrK.sys
2008-12-23 17:34 32 a----r-- c:\documents and settings\all users\hash.dat

============= FINISH: 14:12:19.78 ===============

BC AdBot (Login to Remove)

 


m

#2 RenatoMejias

RenatoMejias

  • Malware Response Team
  • 913 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:49 AM

Posted 11 June 2009 - 09:03 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
Renato Victor Mejias
Malware help in portuguese
jetian6yw.jpg

#3 RenatoMejias

RenatoMejias

  • Malware Response Team
  • 913 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:49 AM

Posted 21 June 2009 - 11:44 AM

Due to the lack of feedback, this Topic is now closed.

In the event you still have problems, please send a Private Message to any Moderator or the Malware Helper who replied to you here and ask them to reopen this topic within the next 5 days. Anything beyond the 5 day period from the timestamp of this post, please start a new topic.
Renato Victor Mejias
Malware help in portuguese
jetian6yw.jpg




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users