Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple Trojans/Malware infections. Can not seem to rid myself of them


  • This topic is locked This topic is locked
2 replies to this topic

#1 kckentucky

kckentucky

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:49 AM

Posted 25 July 2009 - 02:00 PM

Greetings all.

I have been dealing with this all day now and cannot seem to rid my computer of these very very nasty things. I have ran:

Anti-Malware
SuperAntispyware
Spybot S&D
SDFix

I have combofix, but every time I run the exe it says that it has been compromised and I should download a new version. I am at wits end. Here is my DDS.txt:


DDS (Ver_09-06-26.01) - NTFSx86 NETWORK
Run by kevin at 14:53:15.46 on Sat 07/25/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1638 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

{17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\Explorer.exe
svchost.exe C:\WINDOWS\TEMP\VRT1.tmp
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\f1320237-6d8c-47bf-95df-fc7ca8e0f978.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\kevin\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

mDefault_Page_URL = hxxp://www.yahoo.com/
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
mStart Page = hxxp://www.yahoo.com/
mSearch Bar =

hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.htm

l
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program

files\avg\avg8\toolbar\IEToolbar.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} -

c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common

files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program

files\avg\avg8\avgssie.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai

roboform\roboform.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program

files\avg\avg8\toolbar\IEToolbar.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} -

c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program

files\avg\avg8\toolbar\IEToolbar.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai

roboform\roboform.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -

c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /install
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [Launch Ai Booster] "c:\program files\asus\ai booster\OverClk.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRunOnce: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes'

anti-malware\mbam.exe" /runcleanupscript
dRun: [Monopod] c:\windows\temp\b.exe
IE: Customize Menu - file://c:\program files\siber systems\ai

roboform\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai

roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai

roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai

roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai

roboform\RoboFormComShowToolbar.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} -

hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} -

hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?124839229727

2
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -

hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program

files\avg\avg8\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -

c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program

files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\kevin\applic~1\mozilla\firefox\profiles\gfggohu9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL -

hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program

files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program

files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program

files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\siber systems\ai roboform\firefox\components\rfproxy_31.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled",

true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText",

"noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect",

true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input",

true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js -

pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js -

pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js -

pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level",

2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed",

"~");
c:\program files\mozilla firefox\defaults\pref\firefox.js -

pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js -

pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js -

pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js -

pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js -

pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js -

pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache",

true);
c:\program files\mozilla firefox\defaults\pref\firefox.js -

pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js -

pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js -

pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history",

true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata",

true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords",

false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads",

true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies",

true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache",

true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions",

true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps",

false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings",

false);
c:\program files\mozilla firefox\defaults\pref\firefox.js -

pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior",

2);
c:\program files\mozilla firefox\defaults\pref\firefox.js -

pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js -

pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js -

pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri",

"https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R0 Si3132r5;SiI-3132 SoftRaid 5 Controller;c:\windows\system32\drivers\Si3132r5.sys [2008-10-9

217128]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-7-23

108552]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-7-23

335752]
S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver

x86;c:\windows\system32\drivers\avgmfx86.sys [2009-7-23 27784]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-4-28 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-4-28 72944]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-7-23 907032]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-7-23 298776]
S2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe

[2008-11-9 602392]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-4-28 7408]

=============== Created Last 30 ================

2009-07-25 14:07 <DIR> --dsh--- c:\documents and settings\kevin\PrivacIE
2009-07-25 13:56 40 a------- c:\windows\system32\2.tmp
2009-07-25 13:20 <DIR> --d----- c:\program files\Trend Micro
2009-07-25 12:45 578,560 ac------ c:\windows\system32\dllcache\user32.dll
2009-07-25 12:44 <DIR> --d----- c:\windows\ERUNT
2009-07-25 12:43 <DIR> --d----- C:\SDFix
2009-07-25 12:01 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-07-25 12:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search &

Destroy
2009-07-25 11:12 <DIR> --d----- c:\docume~1\kevin\applic~1\Malwarebytes
2009-07-25 10:51 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-25 10:51 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-25 10:51 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-25 10:51 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-07-25 09:47 <DIR> --d-----

c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-07-25 09:47 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-07-25 09:47 <DIR> --d----- c:\docume~1\kevin\applic~1\SUPERAntiSpyware.com
2009-07-25 09:37 88 a------- C:\Make Money Online.url
2009-07-25 09:37 70 a------- C:\Girls on your desktop.url
2009-07-25 09:37 <DIR> --d----- c:\program files\DVD Decrypter
2009-07-25 09:36 1,122,304 a------- C:\glQrack.exe
2009-07-25 09:36 21,695,388 a------- C:\buckaroo-banzai.mov
2009-07-25 09:36 <DIR> --d----- c:\temp\Virtual PC 2004
2009-07-25 09:36 <DIR> --d----- c:\temp\US-ENG
2009-07-25 09:36 <DIR> --d----- c:\temp\UK-ENG
2009-07-25 09:36 <DIR> --d----- c:\temp\kldetector13
2009-07-25 09:36 <DIR> --d----- c:\temp\deep temp
2009-07-25 09:36 15,083,520 a------- c:\temp\spybotsd160.exe
2009-07-25 09:36 38,030 a------- c:\temp\kldetector13.zip
2009-07-25 09:36 7,499,056 a------- c:\temp\Firefox Setup 3.0.1.exe
2009-07-25 09:36 4,978,366 a------- c:\temp\EzLog_9017.zip
2009-07-25 09:36 19,653,399 a------- c:\temp\DOOM3-1.3.1.exe
2009-07-25 09:36 6,398,246 a------- c:\temp\bh32aeng.EXE
2009-07-25 09:36 48,367,896 a------- c:\temp\avg_free_stf_en_8_138a1332.exe
2009-07-25 09:36 60,358 a----r-- c:\temp\apver.vbs
2009-07-25 09:36 19,153,264 a------- c:\temp\aaw2008.exe
2009-07-25 09:36 <DIR> --d----- C:\temp
2009-07-25 09:36 <DIR> --d----- C:\QUAKE
2009-07-25 09:36 <DIR> --d----- C:\Q
2009-07-25 09:35 <DIR> --d----- C:\pottysurfing backup
2009-07-25 09:35 <DIR> --d----- C:\iPhone pictures
2009-07-25 09:35 <DIR> --d----- C:\IDSTUFF
2009-07-25 09:35 <DIR> --d----- C:\Emmi's Phone Pics
2009-07-25 09:35 <DIR> --d----- C:\DeePsea
2009-07-25 09:35 966,656 a------- C:\KevinCornett - Final Exam.doc
2009-07-24 23:34 262,144 a------- C:\ntuser.dat
2009-07-24 23:33 <DIR> --d----- c:\program files\Yahoo!
2009-07-24 23:25 21,504 ac------ c:\windows\system32\dllcache\hidserv.dll
2009-07-24 23:25 21,504 a------- c:\windows\system32\hidserv.dll
2009-07-24 23:25 60,032 ac------ c:\windows\system32\dllcache\usbaudio.sys
2009-07-24 23:25 60,032 a------- c:\windows\system32\drivers\USBAUDIO.sys
2009-07-24 23:25 32,128 ac------ c:\windows\system32\dllcache\usbccgp.sys
2009-07-24 23:25 32,128 a------- c:\windows\system32\drivers\usbccgp.sys
2009-07-24 12:03 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-07-23 22:50 <DIR> --d----- c:\program files\Siber Systems
2009-07-23 22:34 <DIR> --d----- c:\documents and settings\kevin\Data
2009-07-23 22:29 <DIR> --d----- c:\docume~1\kevin\applic~1\Alchemy Mindworks
2009-07-23 22:27 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-07-23 22:27 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-07-23 22:27 <DIR> --d----- c:\program files\iPod
2009-07-23 22:27 <DIR> --d----- c:\program files\iTunes
2009-07-23 22:27 <DIR> --d-----

c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-23 22:27 <DIR> --d----- c:\program files\Bonjour
2009-07-23 22:19 <DIR> --d----- c:\program files\SecondLife
2009-07-23 22:18 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-07-23 22:18 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-07-23 22:18 335,752 a------- c:\windows\system32\drivers\avgldx86.sys
2009-07-23 22:18 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-07-23 22:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AVG Security

Toolbar
2009-07-23 22:17 <DIR> --d----- c:\program files\AVG
2009-07-23 22:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-07-23 22:14 <DIR> --d----- c:\docume~1\kevin\applic~1\AVG8
2009-07-23 22:08 <DIR> --dsh--- c:\documents and settings\kevin\IETldCache
2009-07-23 21:53 <DIR> --d----- c:\windows\system32\XPSViewer
2009-07-23 21:53 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-07-23 21:53 617,472 -c------

c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-07-23 21:53 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-07-23 21:53 89,088 -c------

c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-07-23 21:53 <DIR> --d----- C:\ab9ea832196216745bf32166
2009-07-23 21:53 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-07-23 21:53 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-07-23 21:53 117,760 -------- c:\windows\system32\prntvpt.dll
2009-07-23 21:50 101,376 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-07-23 21:50 <DIR> --d----- c:\windows\ie8updates
2009-07-23 21:50 11,064,832 -c------ c:\windows\system32\dllcache\ieframe.dll
2009-07-23 21:50 1,985,024 -c------ c:\windows\system32\dllcache\iertutil.dll
2009-07-23 21:50 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-07-23 21:50 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-07-23 21:49 <DIR> -cd-h--- c:\windows\ie8
2009-07-23 21:45 <DIR> --d----- c:\program files\Windows Media Connect 2
2009-07-23 21:44 <DIR> --d----- c:\windows\system32\LogFiles
2009-07-23 21:35 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-07-23 21:35 235,520 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-07-23 21:35 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-07-23 21:34 333,952 -c------ c:\windows\system32\dllcache\srv.sys
2009-07-23 21:32 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-07-23 21:32 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll
2009-07-23 21:31 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2009-07-23 21:31 331,776 -c------ c:\windows\system32\dllcache\msadce.dll
2009-07-23 21:31 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
2009-07-23 21:30 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-07-23 21:30 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
2009-07-23 20:55 <DIR> --d----- c:\windows\system32\scripting
2009-07-23 20:55 <DIR> --d----- c:\windows\system32\en
2009-07-23 20:55 <DIR> --d----- c:\windows\l2schemas
2009-07-23 20:52 <DIR> --d----- c:\windows\network diagnostic
2009-07-23 20:35 <DIR> --d----- c:\windows\system32\PreInstall
2009-07-23 20:35 <DIR> --d-h--- c:\windows\$hf_mig$
2009-07-23 20:29 466,944 a------- c:\windows\system32\nvunrm.exe
2009-07-23 20:29 6,045 a------- c:\windows\system32\nvnrm.nvu
2009-07-23 20:29 4,984 a------- c:\windows\system32\drivers\nvphy.bin
2009-07-23 20:24 36,352 a------- c:\windows\system32\drivers\AmdK8.sys
2009-07-23 20:24 <DIR> --d----- c:\program files\AMD
2009-07-23 20:23 <DIR> --d----- c:\program files\ASUS
2009-07-23 20:23 <DIR> --d----- c:\program files\Realtek Sound Manager
2009-07-23 20:23 <DIR> --d----- c:\program files\AvRack
2009-07-23 20:23 <DIR> --d----- c:\program files\Realtek AC97
2009-07-23 20:03 <DIR> --d----- c:\windows\system32\wbem\AutoRecover
2009-07-23 20:02 <DIR> --ds---- c:\windows\system32\Microsoft
2009-07-23 19:59 316,640 a------- c:\windows\WMSysPr9.prx
2009-07-23 19:59 <DIR> --d----- c:\windows\provisioning
2009-07-23 19:59 <DIR> --d----- c:\windows\peernet
2009-07-23 19:58 <DIR> --d----- c:\windows\ServicePackFiles
2009-07-23 19:56 26,144 a------- c:\windows\system32\spupdsvc.exe
2009-07-23 19:55 <DIR> --d----- c:\windows\EHome
2009-07-23 19:54 31,232 -------- c:\windows\system32\spnpinst.exe
2009-07-23 19:54 7,208 -------- c:\windows\system32\secupd.sig
2009-07-23 19:54 4,569 -------- c:\windows\system32\secupd.dat
2009-07-23 19:39 <DIR> --d----- c:\windows\system32\bits
2009-07-23 19:39 354,304 a------- c:\windows\system32\winhttp.dll
2009-07-23 19:39 18,944 a------- c:\windows\system32\qmgrprxy.dll
2009-07-23 19:39 438,784 -------- c:\windows\system32\xpob2res.dll
2009-07-23 19:39 8,192 -------- c:\windows\system32\bitsprx2.dll
2009-07-23 19:39 7,168 -------- c:\windows\system32\bitsprx3.dll
2009-07-23 19:38 213,528 a------- c:\windows\system32\wuaucpl.cpl
2009-07-23 19:38 31,768 a------- c:\windows\system32\wucltui.dll.mui
2009-07-23 19:38 23,576 a------- c:\windows\system32\wuaucpl.cpl.mui
2009-07-23 19:38 18,456 a------- c:\windows\system32\wuaueng.dll.mui
2009-07-23 19:38 23,576 a------- c:\windows\system32\wuapi.dll.mui
2009-07-23 19:33 <DIR> --d----- c:\windows\system32\ReinstallBackups
2009-07-23 19:29 <DIR> --d----- c:\windows\system32\AGEIA
2009-07-23 19:28 <DIR> --d----- c:\program files\common files\Wise Installation

Wizard
2009-07-23 19:28 <DIR> --d----- c:\program files\NVIDIA Corporation
2009-07-23 19:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NVIDIA Corporation
2009-07-23 19:19 552 a------- c:\windows\system32\d3d8caps.dat
2009-07-23 19:19 <DIR> --d----- c:\program files\SystemRequirementsLab
2009-07-23 19:17 <DIR> --ds---- c:\documents and settings\kevin\UserData
2009-07-23 19:16 <DIR> --d----- c:\program files\Marvell
2009-07-23 18:59 <DIR> --dsh--- c:\windows\Installer
2009-07-23 18:59 <DIR> --d----- c:\documents and settings\kevin
2009-07-23 07:13 8,192 a------- c:\windows\REGLOCS.OLD
2009-07-23 07:11 471,102 ac------ c:\windows\system32\dllcache\imskdic.dll
2009-07-23 07:10 <DIR> --d----- c:\windows\system32\xircom
2009-07-23 07:10 <DIR> --dsh--- c:\documents and settings\all users\DRM
2009-07-23 07:09 749 a---hr-- c:\windows\WindowsShell.Manifest
2009-07-23 07:08 <DIR> --d----- c:\program files\common files\MSSoap
2009-07-23 07:07 <DIR> --d-h--- c:\program files\WindowsUpdate
2009-07-23 07:07 <DIR> --d----- c:\program files\Online Services
2009-07-23 07:07 <DIR> --d----- c:\program files\Messenger
2009-07-23 07:07 <DIR> --d----- c:\program files\MSN Gaming Zone
2009-07-23 07:06 <DIR> --d----- c:\program files\Windows NT
2009-07-23 02:17 <DIR> --d----- c:\program files\common files\ODBC
2009-07-23 02:17 <DIR> --d----- c:\program files\common files\SpeechEngines
2009-07-23 02:16 <DIR> --d--r-- c:\documents and settings\all users\Documents

==================== Find3M ====================

2009-07-23 20:58 86,327 a-------

c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-07-23 07:07 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-07-14 14:54 10,457,088 a------- c:\windows\system32\nvoglnt.dll
2009-07-14 14:54 7,741,664 a------- c:\windows\system32\drivers\nv4_mini.sys
2009-07-14 14:54 5,842,816 a------- c:\windows\system32\nv4_disp.dll
2009-07-14 14:54 2,189,856 a------- c:\windows\system32\nvcuvid.dll
2009-07-14 14:54 2,002,944 a------- c:\windows\system32\nvcuda.dll
2009-07-14 14:54 1,706,528 a------- c:\windows\system32\nvcuvenc.dll
2009-07-14 14:54 1,597,690 a------- c:\windows\system32\nvdata.bin
2009-07-14 14:54 868,352 a------- c:\windows\system32\nvapi.dll
2009-07-14 14:54 485,920 a------- c:\windows\system32\nvudisp.exe
2009-07-14 14:54 151,552 a------- c:\windows\system32\nvcodins.dll
2009-07-14 14:54 151,552 a------- c:\windows\system32\nvcod.dll
2009-07-14 13:35 2,173,472 a------- c:\windows\system32\nvcplui.exe
2009-07-14 13:35 81,920 a------- c:\windows\system32\nvwddi.dll
2009-07-14 13:35 4,026,368 a------- c:\windows\system32\nvvitvs.dll
2009-07-14 13:35 3,170,304 a------- c:\windows\system32\nvwss.dll
2009-07-14 13:34 13,877,248 a------- c:\windows\system32\nvcpl.dll
2009-07-14 13:34 4,923,392 a------- c:\windows\system32\nvdisps.dll
2009-07-14 13:34 3,547,136 a------- c:\windows\system32\nvgames.dll
2009-07-14 13:34 1,286,144 a------- c:\windows\system32\nvmobls.dll
2009-07-14 13:34 188,484 a------- c:\windows\system32\nvsvc32.exe
2009-07-14 13:34 188,416 a------- c:\windows\system32\nvmccss.dll
2009-07-14 13:34 163,840 a------- c:\windows\system32\nvcolor.exe
2009-07-14 13:34 86,016 a------- c:\windows\system32\nvmctray.dll
2009-07-14 13:34 229,376 a------- c:\windows\system32\nvmccs.dll
2009-07-10 07:01 485,920 a------- c:\windows\system32\NVUNINST.EXE
2009-06-16 10:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 10:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-03 15:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-05-13 01:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
2009-04-29 00:46 81,920 -------- c:\windows\system32\ieencode.dll
2009-04-28 09:55 70,936 a------- c:\windows\system32\PhysXLoader.dll

============= FINISH: 14:53:34.14 ===============



I sincerely appreciate the help and support of any who offer. I believe I have the proper tools, I just do not apparently know the proper order to execute them. I am willing to do whatever is required . I have attached the attach.txt file.

Attached Files



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:49 AM

Posted 04 August 2009 - 04:54 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,011 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:06:49 AM

Posted 09 August 2009 - 02:14 PM

Due to the lack of feedback, this Topic is now closed.

In case you still have problems, please send me a Private message to reopen this topic within the next 5 days. Beyond that point, please start a new topic.

Orange Blossom :thumbup2:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users