Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My antivirus detected Install[1].exe and wisdstr.exe


  • This topic is locked This topic is locked
5 replies to this topic

#1 Dritus

Dritus

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:41 AM

Posted 07 August 2009 - 01:04 AM

Hi, my antivirus software detected several instances of these two files Install[1].exe and wisdstr.exe, and on my system tray a periodic message appears saying this:

"Your computer is infected!

Windows has detected spyware infection!

It is recomended to use special antispyware tools to pervent data loss. Windows will now download and install the most up-to-date antispyware for you

Click here to protect your computer from spyware!"

I'm attaching a screenshot of the message and also a screenshot of the Auto-Protect Results my antivirus shows.

Can you please help me??

P.S. I'm also attaching the DDS tool logs:


DDS (Ver_09-07-30.01) - NTFSx86
Run by rochinga at 0:52:07.65 on 07/08/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.5.0_12
Microsoft Windows XP Professional 5.1.2600.2.1252.52.1033.18.2039.1219 [GMT -5:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\ActivCard\acautoreg.exe
C:\Program Files\Common Files\ActivCard\accoca.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Remote tools\msraLinkMonitor.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\PROGRA~1\HEWLET~1\PCCOE3~1\OVCMS~1\radexecd.exe
C:\PROGRA~1\HEWLET~1\PCCOE3~1\OVCMS~1\radsched.exe
C:\PROGRA~1\HEWLET~1\PCCOE3~1\OVCMS~1\Radstgms.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\PC COE\COEMsgDisplay.exe
C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Hewlett-Packard\PC COE\IDA.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\WINDOWS\system32\AccelerometerSt.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\GetITIcon\GetITShell.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Microsoft Office Communicator\communicator.exe
C:\WINDOWS\system32\braviax.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\onenotem.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Documents and Settings\rochinga\Local Settings\Temporary Internet Files\Content.IE5\ZH5AMVLO\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearchAssistant = hxxp://www.google.com
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [braviax] c:\windows\system32\braviax.exe
mRun: [COEMsgDisplay] c:\program files\hewlett-packard\pc coe\COEMsgDisplay.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.5.0_12\bin\jusched.exe"
mRun: [QuickPassword] c:\program files\activcard\activcard gold\agquickp.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [IDA] c:\program files\hewlett-packard\pc coe\IDA.EXE
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [AccelerometerSysTrayApplet] c:\windows\system32\AccelerometerSt.exe
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [WatchDog] c:\program files\intervideo\dvd check\DVDCheck.exe
mRun: [GetITIcon] c:\program files\hewlett-packard\getiticon\GetITShell.exe
mRun: [Communicator] "c:\program files\microsoft office communicator\communicator.exe" /fromrunkey
mRun: [braviax] c:\windows\system32\braviax.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\rochinga\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office11\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dvdche~1.lnk - c:\program files\intervideo\dvd check\DVDCheck.exe
uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
mPolicies-explorer: NoWindowsUpdate = 0 (0x0)
mPolicies-explorer: NoMSAppLogo5ChannelNotify = 1 (0x1)
mPolicies-system: SynchronousMachineGroupPolicy = 0 (0x0)
mPolicies-system: SynchronousUserGroupPolicy = 0 (0x0)
mPolicies-system: DisableNT4Policy = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_12\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: compaq.com\ie.config.asia
Trusted Zone: compaq.com\ie.config.eur
Trusted Zone: compaq.com\ie.config.im.hou
Trusted Zone: compaq.com\ie.config.jp
Trusted Zone: dec.com\ie.config.ecom
Trusted Zone: tandem.com\ie.config
Trusted Zone: compaq.com\ie.config.asia
Trusted Zone: compaq.com\ie.config.eur
Trusted Zone: compaq.com\ie.config.im.hou
Trusted Zone: compaq.com\ie.config.jp
Trusted Zone: dec.com\ie.config.ecom
Trusted Zone: tandem.com\ie.config
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {00000033-9593-4264-8B29-930B3E4EDCCD} - hxxps://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall33.cab
DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189776183175
DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: igfxcui - igfxdev.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-8-6 28544]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2005-12-19 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2005-12-19 54968]
R2 acautoreg;ActivCard Gold Autoregister;c:\program files\common files\activcard\acautoreg.exe [2007-6-26 53248]
R2 Accoca;ActivCard Gold service;c:\program files\common files\activcard\accoca.exe [2007-6-26 143360]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-3-7 192160]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-3-7 169632]
R2 msralinkmonitor;MSRA Link Monitor;c:\program files\remote tools\msraLinkMonitor.exe [2007-8-28 147456]
R2 radexecd;HP OVCM Notify Daemon;c:\progra~1\hewlet~1\pccoe3~1\ovcms~1\radexecd.exe [2007-2-20 270510]
R2 radsched;HP OVCM Scheduler Daemon;c:\progra~1\hewlet~1\pccoe3~1\ovcms~1\radsched.exe [2007-3-22 172205]
R2 Radstgms;HP OVCM MSI Redirector;c:\progra~1\hewlet~1\pccoe3~1\ovcms~1\Radstgms.exe [2008-7-3 315570]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2006-5-26 1799408]
R3 akbus;ActivCard Virtual Reader Enumerator;c:\windows\system32\drivers\akbus.sys [2007-4-6 13619]
R3 akpcsc;ActivCard Virtual PC/SC Device Driver;c:\windows\system32\drivers\akpcsc.sys [2007-6-27 9493]
R3 aksbus;ActivIdentity Virtual Reader Enumerator;c:\windows\system32\drivers\aksbus.sys [2007-4-6 13647]
R3 akspcsc;ActivIdentity Virtual PC/SC Device Driver;c:\windows\system32\drivers\akspcsc.sys [2007-6-27 10161]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-7-21 101936]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2007-4-17 36608]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090803.005\naveng.sys [2009-8-3 87888]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090803.005\navex15.sys [2009-8-3 875728]
R3 RadiaMsi;RadiaMsi;c:\windows\system32\drivers\radiamsi.sys [2007-8-3 23424]
S3 actccid;ActivCard USB Reader V2;c:\windows\system32\drivers\actccid.sys [2007-6-26 47660]
S3 AKSIM;ActivKey Sim;c:\windows\system32\drivers\aksim.sys [2007-6-27 27008]
S3 magaService;Lan Discover Agent;c:\program files\sygate\ssa\maga\maga.exe --> c:\program files\sygate\ssa\maga\maga.exe [?]

=============== Created Last 30 ================

2009-08-06 11:09 28,544 a------- c:\windows\system32\drivers\pavboot.sys
2009-08-06 11:09 <DIR> --d----- c:\program files\Panda Security
2009-08-06 10:40 12,288 a------- c:\windows\system32\braviax.exe
2009-07-31 15:40 <DIR> --d----- c:\program files\Emoticon Maker
2009-07-30 13:28 <DIR> --d----- c:\program files\Windows Media Connect 2
2009-07-30 13:26 <DIR> --d----- c:\windows\system32\LogFiles
2009-07-21 15:36 <DIR> --d----- C:\AIP
2009-07-21 15:32 <DIR> --d----- c:\program files\Microsoft Office Communicator
2009-07-21 15:14 0 a------- c:\windows\HPMProp.INI
2009-07-21 15:14 290,816 a------- c:\windows\system32\hpmml081.dll
2009-07-21 15:14 274,432 a------- c:\windows\system32\hpmpm081.dll
2009-07-21 15:14 233,472 a------- c:\windows\system32\hpmtp081.dll
2009-07-21 15:14 208,896 a------- c:\windows\system32\hpmpw081.dll
2009-07-21 15:14 188,416 a------- c:\windows\system32\hpmja081.dll
2009-07-21 15:14 149,504 a------- c:\windows\system32\hpcpn081.dll
2009-07-21 15:14 59,928 a------- c:\windows\system32\fxcompchannel.dll
2009-07-21 15:14 49,252 a------- c:\windows\system32\HPMNQUE.DLL
2009-07-21 15:14 49,250 a------- c:\windows\system32\HPMNNDPS.DLL
2009-07-21 15:13 <DIR> --d----- C:\Scripts
2009-07-21 15:04 262,144 a------- c:\windows\system32\default_user_class.dat
2009-07-21 14:39 3,248 a------- c:\windows\system32\wbem\Outlook_01ca0a3af209c3e4.mof
2009-07-21 14:10 623 a------- c:\windows\details.xml
2009-07-21 13:11 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-07-21 13:11 272,128 -------- c:\windows\system32\drivers\bthport.sys
2009-07-21 13:10 459,264 -c------ c:\windows\system32\dllcache\msfeeds.dll
2009-07-21 13:10 268,288 -c------ c:\windows\system32\dllcache\iertutil.dll
2009-07-21 13:10 52,224 -c------ c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-21 13:10 2,455,488 -c------ c:\windows\system32\dllcache\ieapfltr.dat
2009-07-21 13:10 991,232 -c------ c:\windows\system32\dllcache\ieframe.dll.mui
2009-07-21 13:10 383,488 -c------ c:\windows\system32\dllcache\ieapfltr.dll
2009-07-21 13:10 63,488 -c------ c:\windows\system32\dllcache\icardie.dll
2009-07-21 13:10 13,824 -c------ c:\windows\system32\dllcache\ieudinit.exe
2009-07-21 13:10 6,066,176 -c------ c:\windows\system32\dllcache\ieframe.dll
2009-07-21 12:41 <DIR> --d----- c:\program files\Microsoft Visual Studio 8
2009-07-21 12:13 6,257 a------- C:\DOCUME
2009-07-21 11:57 <DIR> --d----- c:\documents and settings\rochinga\Tracing
2009-07-21 11:56 <DIR> --d----- c:\program files\Microsoft
2009-07-21 11:56 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-07-21 11:54 <DIR> --d----- c:\program files\common files\Windows Live
2009-07-21 11:54 <DIR> --dsh--- c:\documents and settings\rochinga\UserData
2009-07-21 11:31 3,248 a------- c:\windows\system32\wbem\Outlook_01ca0a20aef98da8.mof
2009-07-21 11:28 26,496 ac------ c:\windows\system32\dllcache\usbstor.sys
2009-07-21 11:28 13,459 a------- c:\documents and settings\rochinga\createprof.vbs
2009-07-21 11:28 <DIR> --d----- c:\documents and settings\rochinga
2009-07-21 11:25 188,416 a------- c:\windows\system32\igfxres.dll
2009-07-21 11:24 201,856 a------- c:\windows\system32\drivers\SynTP.sys
2009-07-21 11:24 196,608 a------- c:\windows\system32\SynCtrl.dll
2009-07-21 11:24 163,840 a------- c:\windows\system32\SynCOM.dll
2009-07-21 11:24 143,360 a------- c:\windows\system32\SynTPAPI.dll
2009-07-21 11:24 110,592 a------- c:\windows\system32\SynTPCo4.dll
2009-07-21 11:24 <DIR> --d----- c:\program files\Synaptics
2009-07-21 11:23 <DIR> --d----- c:\program files\Macrovision Corp
2009-07-21 11:23 204,800 a------- c:\windows\system32\IVIresizeW7.dll
2009-07-21 11:23 200,704 a------- c:\windows\system32\IVIresizeA6.dll
2009-07-21 11:23 192,512 a------- c:\windows\system32\IVIresizeP6.dll
2009-07-21 11:23 192,512 a------- c:\windows\system32\IVIresizeM6.dll
2009-07-21 11:23 188,416 a------- c:\windows\system32\IVIresizePX.dll
2009-07-21 11:23 20,480 a------- c:\windows\system32\IVIresize.dll
2009-07-21 11:23 <DIR> --d----- c:\program files\common files\InterVideo
2009-07-21 11:22 <DIR> --d----- c:\program files\InterVideo
2009-07-21 11:22 1,560,576 a------- c:\windows\system32\BttnCmns_64.dll
2009-07-21 11:22 1,560,576 a------- c:\windows\system32\BttnCmns.dll
2009-07-21 11:22 987,136 a------- c:\windows\system32\BttnCmn.dll
2009-07-21 11:22 195 ---shr-- c:\windows\system32\vssver2.scc
2009-07-21 11:22 325,120 a------- c:\windows\system32\accelerometercp.CPL
2009-07-21 11:22 124,928 a------- c:\windows\system32\accelerometerST.exe
2009-07-21 11:22 7,680 a------- c:\windows\system32\accelerometerdll.DLL
2009-07-21 11:21 106,557 a------- c:\windows\system32\btw_ci.dll
2009-07-21 11:21 868,298 a------- c:\windows\system32\drivers\btkrnl.sys
2009-07-21 11:21 <DIR> --d----- c:\program files\WIDCOMM
2009-07-21 11:21 1,695 a--shr-- c:\windows\system32\drivers\103C_HP_NTBK_HP Compaq 6510b (GM108UC#ABM)_YN_0U_QCNU8334DNQ_EU_46_I30C0_SHP_VKBC Version 71.2E_B68DDU Ver. F.12_T080522_WXP2_L409_M2040_J80_7Intel_8Core2 Duo T7300_91.99_#090721_N14E41693_(GM108UC#ABM)_XMOBILE.MRK
2009-07-21 11:21 32,356 -------- c:\windows\system32\pusbfd1.sys
2009-07-21 11:21 26,629 -------- c:\windows\system32\pusbfd2.vxd
2009-07-21 11:21 <DIR> --d----- C:\swsetup
2009-07-21 11:19 <DIR> --d----- c:\program files\HPQ
2009-07-21 11:18 <DIR> --d----- c:\program files\ActivIdentity
2009-07-21 11:18 <DIR> --dshr-- C:\cmdcons
2009-07-21 11:17 <DIR> --d----- c:\windows\SchCache
2009-07-21 11:14 <DIR> --d----- C:\Intel
2009-07-21 04:13 <DIR> --d----- c:\program files\Analog Devices
2009-07-21 04:12 309,760 a------- c:\windows\system32\difxapi.dll
2009-07-21 04:12 61,056 a------- c:\windows\system32\drivers\ohci1394.sys
2009-07-21 04:12 6,400 a------- c:\windows\system32\drivers\enum1394.sys
2009-07-21 04:12 53,248 a------- c:\windows\system32\drivers\1394bus.sys
2009-07-21 04:12 9,344 a------- c:\windows\system32\drivers\compbatt.sys
2009-07-21 04:12 14,080 a------- c:\windows\system32\drivers\CmBatt.sys
2009-07-21 04:12 14,080 a------- c:\windows\system32\drivers\battc.sys

==================== Find3M ====================

2009-07-22 13:22 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-07-21 11:18 86,097 a------- c:\windows\system32\akpg.dll
2009-07-21 11:18 86,093 a------- c:\windows\system32\akspg.dll
2009-07-21 11:18 73,811 a------- c:\windows\system32\akins.dll
2009-07-21 11:18 73,807 a------- c:\windows\system32\aksins.dll

============= FINISH: 0:52:28.82 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:41 AM

Posted 17 August 2009 - 10:17 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 Dritus

Dritus
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:41 AM

Posted 17 August 2009 - 10:26 AM

I downloaded and installed Avast antivirus and did a full scan of my machine, however I am not completely sure the problem is gone, since every now and then some strange things still happen like the antivirus notifying me that it couldn't fix the necessary tasks to remove the threat. This appears to happen randomly.

Here are the logs

DDS (Ver_09-07-30.01) - NTFSx86
Run by rochinga at 10:22:10.83 on 17/08/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.5.0_12
Microsoft Windows XP Professional 5.1.2600.2.1252.52.1033.18.2039.927 [GMT -5:00]

AV: avast! antivirus 4.8.1335 [VPS 090816-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\ActivCard\acautoreg.exe
C:\Program Files\Common Files\ActivCard\accoca.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Remote tools\msraLinkMonitor.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\PROGRA~1\HEWLET~1\PCCOE3~1\OVCMS~1\radexecd.exe
C:\PROGRA~1\HEWLET~1\PCCOE3~1\OVCMS~1\radsched.exe
C:\PROGRA~1\HEWLET~1\PCCOE3~1\OVCMS~1\Radstgms.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Hewlett-Packard\PC COE\COEMsgDisplay.exe
C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\PC COE\IDA.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\WINDOWS\system32\AccelerometerSt.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\GetITIcon\GetITShell.exe
C:\Program Files\Microsoft Office Communicator\communicator.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
C:\Documents and Settings\rochinga\Local Settings\Temporary Internet Files\Content.IE5\NVSF0DAD\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearchAssistant = hxxp://www.google.com
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [braviax] c:\windows\system32\braviax.exe
mRun: [COEMsgDisplay] c:\program files\hewlett-packard\pc coe\COEMsgDisplay.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.5.0_12\bin\jusched.exe"
mRun: [QuickPassword] c:\program files\activcard\activcard gold\agquickp.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [IDA] c:\program files\hewlett-packard\pc coe\IDA.EXE
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [AccelerometerSysTrayApplet] c:\windows\system32\AccelerometerSt.exe
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [WatchDog] c:\program files\intervideo\dvd check\DVDCheck.exe
mRun: [GetITIcon] c:\program files\hewlett-packard\getiticon\GetITShell.exe
mRun: [Communicator] "c:\program files\microsoft office communicator\communicator.exe" /fromrunkey
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\rochinga\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office11\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dvdche~1.lnk - c:\program files\intervideo\dvd check\DVDCheck.exe
uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
mPolicies-explorer: NoWindowsUpdate = 0 (0x0)
mPolicies-explorer: NoMSAppLogo5ChannelNotify = 1 (0x1)
mPolicies-system: SynchronousMachineGroupPolicy = 0 (0x0)
mPolicies-system: SynchronousUserGroupPolicy = 0 (0x0)
mPolicies-system: DisableNT4Policy = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_12\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: compaq.com\ie.config.asia
Trusted Zone: compaq.com\ie.config.eur
Trusted Zone: compaq.com\ie.config.im.hou
Trusted Zone: compaq.com\ie.config.jp
Trusted Zone: dec.com\ie.config.ecom
Trusted Zone: tandem.com\ie.config
Trusted Zone: compaq.com\ie.config.asia
Trusted Zone: compaq.com\ie.config.eur
Trusted Zone: compaq.com\ie.config.im.hou
Trusted Zone: compaq.com\ie.config.jp
Trusted Zone: dec.com\ie.config.ecom
Trusted Zone: tandem.com\ie.config
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {00000033-9593-4264-8B29-930B3E4EDCCD} - hxxps://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall33.cab
DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189776183175
DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: igfxcui - igfxdev.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-8-9 64160]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-8-6 28544]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-8-9 114768]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2005-12-19 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2005-12-19 54968]
R2 acautoreg;ActivCard Gold Autoregister;c:\program files\common files\activcard\acautoreg.exe [2007-6-26 53248]
R2 Accoca;ActivCard Gold service;c:\program files\common files\activcard\accoca.exe [2007-6-26 143360]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-8-9 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-8-9 138680]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-3-7 192160]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-3-7 169632]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-7-3 1029456]
R2 msralinkmonitor;MSRA Link Monitor;c:\program files\remote tools\msraLinkMonitor.exe [2007-8-28 147456]
R2 radexecd;HP OVCM Notify Daemon;c:\progra~1\hewlet~1\pccoe3~1\ovcms~1\radexecd.exe [2007-2-20 270510]
R2 radsched;HP OVCM Scheduler Daemon;c:\progra~1\hewlet~1\pccoe3~1\ovcms~1\radsched.exe [2007-3-22 172205]
R2 Radstgms;HP OVCM MSI Redirector;c:\progra~1\hewlet~1\pccoe3~1\ovcms~1\Radstgms.exe [2008-7-3 315570]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2006-5-26 1799408]
R3 akbus;ActivCard Virtual Reader Enumerator;c:\windows\system32\drivers\akbus.sys [2007-4-6 13619]
R3 akpcsc;ActivCard Virtual PC/SC Device Driver;c:\windows\system32\drivers\akpcsc.sys [2007-6-27 9493]
R3 aksbus;ActivIdentity Virtual Reader Enumerator;c:\windows\system32\drivers\aksbus.sys [2007-4-6 13647]
R3 AKSIM;ActivKey Sim;c:\windows\system32\drivers\aksim.sys [2007-6-27 27008]
R3 akspcsc;ActivIdentity Virtual PC/SC Device Driver;c:\windows\system32\drivers\akspcsc.sys [2007-6-27 10161]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-8-9 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-8-9 352920]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-7-21 101936]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2007-4-17 36608]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090816.003\naveng.sys [2009-8-16 87888]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090816.003\navex15.sys [2009-8-16 875728]
R3 RadiaMsi;RadiaMsi;c:\windows\system32\drivers\radiamsi.sys [2007-8-3 23424]
S2 gupdate1ca19162f1d52ca;Google Update Service (gupdate1ca19162f1d52ca);c:\program files\google\update\GoogleUpdate.exe [2009-8-9 133104]
S3 actccid;ActivCard USB Reader V2;c:\windows\system32\drivers\actccid.sys [2007-6-26 47660]
S3 magaService;Lan Discover Agent;c:\program files\sygate\ssa\maga\maga.exe --> c:\program files\sygate\ssa\maga\maga.exe [?]

=============== Created Last 30 ================

2009-08-12 10:44 <DIR> --d----- c:\program files\VideoLAN
2009-08-09 13:24 15,688 a------- c:\windows\system32\lsdelete.exe
2009-08-09 12:30 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-08-09 12:23 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{EF63305C-BAD7-4144-9208-D65528260864}
2009-08-09 12:23 <DIR> --d----- c:\program files\Lavasoft
2009-08-07 14:37 <DIR> --d----- c:\program files\XMLEditPro
2009-08-06 11:09 28,544 a------- c:\windows\system32\drivers\pavboot.sys
2009-08-06 11:09 <DIR> --d----- c:\program files\Panda Security
2009-07-31 15:40 <DIR> --d----- c:\program files\Emoticon Maker
2009-07-30 13:28 <DIR> --d----- c:\program files\Windows Media Connect 2
2009-07-30 13:26 <DIR> --d----- c:\windows\system32\LogFiles
2009-07-21 15:36 <DIR> --d----- C:\AIP
2009-07-21 15:32 <DIR> --d----- c:\program files\Microsoft Office Communicator
2009-07-21 15:14 0 a------- c:\windows\HPMProp.INI
2009-07-21 15:14 290,816 a------- c:\windows\system32\hpmml081.dll
2009-07-21 15:14 274,432 a------- c:\windows\system32\hpmpm081.dll
2009-07-21 15:14 233,472 a------- c:\windows\system32\hpmtp081.dll
2009-07-21 15:14 208,896 a------- c:\windows\system32\hpmpw081.dll
2009-07-21 15:14 188,416 a------- c:\windows\system32\hpmja081.dll
2009-07-21 15:14 149,504 a------- c:\windows\system32\hpcpn081.dll
2009-07-21 15:14 59,928 a------- c:\windows\system32\fxcompchannel.dll
2009-07-21 15:14 49,252 a------- c:\windows\system32\HPMNQUE.DLL
2009-07-21 15:14 49,250 a------- c:\windows\system32\HPMNNDPS.DLL
2009-07-21 15:13 <DIR> --d----- C:\Scripts
2009-07-21 15:04 262,144 a------- c:\windows\system32\default_user_class.dat
2009-07-21 14:39 3,248 a------- c:\windows\system32\wbem\Outlook_01ca0a3af209c3e4.mof
2009-07-21 14:10 623 a------- c:\windows\details.xml
2009-07-21 13:11 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-07-21 13:11 272,128 -------- c:\windows\system32\drivers\bthport.sys
2009-07-21 13:10 459,264 -c------ c:\windows\system32\dllcache\msfeeds.dll
2009-07-21 13:10 268,288 -c------ c:\windows\system32\dllcache\iertutil.dll
2009-07-21 13:10 52,224 -c------ c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-21 13:10 2,455,488 -c------ c:\windows\system32\dllcache\ieapfltr.dat
2009-07-21 13:10 991,232 -c------ c:\windows\system32\dllcache\ieframe.dll.mui
2009-07-21 13:10 383,488 -c------ c:\windows\system32\dllcache\ieapfltr.dll
2009-07-21 13:10 63,488 -c------ c:\windows\system32\dllcache\icardie.dll
2009-07-21 13:10 13,824 -c------ c:\windows\system32\dllcache\ieudinit.exe
2009-07-21 13:10 6,066,176 -c------ c:\windows\system32\dllcache\ieframe.dll
2009-07-21 12:41 <DIR> --d----- c:\program files\Microsoft Visual Studio 8
2009-07-21 12:13 9,036 a------- C:\DOCUME
2009-07-21 11:57 <DIR> --d----- c:\documents and settings\rochinga\Tracing
2009-07-21 11:56 <DIR> --d----- c:\program files\Microsoft
2009-07-21 11:56 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-07-21 11:54 <DIR> --d----- c:\program files\common files\Windows Live
2009-07-21 11:54 <DIR> --dsh--- c:\documents and settings\rochinga\UserData
2009-07-21 11:31 3,248 a------- c:\windows\system32\wbem\Outlook_01ca0a20aef98da8.mof
2009-07-21 11:28 26,496 ac------ c:\windows\system32\dllcache\usbstor.sys
2009-07-21 11:28 13,459 a------- c:\documents and settings\rochinga\createprof.vbs
2009-07-21 11:28 <DIR> --d----- c:\documents and settings\rochinga
2009-07-21 11:25 188,416 a------- c:\windows\system32\igfxres.dll
2009-07-21 11:24 201,856 a------- c:\windows\system32\drivers\SynTP.sys
2009-07-21 11:24 196,608 a------- c:\windows\system32\SynCtrl.dll
2009-07-21 11:24 163,840 a------- c:\windows\system32\SynCOM.dll
2009-07-21 11:24 143,360 a------- c:\windows\system32\SynTPAPI.dll
2009-07-21 11:24 110,592 a------- c:\windows\system32\SynTPCo4.dll
2009-07-21 11:24 <DIR> --d----- c:\program files\Synaptics
2009-07-21 11:23 <DIR> --d----- c:\program files\Macrovision Corp
2009-07-21 11:23 204,800 a------- c:\windows\system32\IVIresizeW7.dll
2009-07-21 11:23 200,704 a------- c:\windows\system32\IVIresizeA6.dll
2009-07-21 11:23 192,512 a------- c:\windows\system32\IVIresizeP6.dll
2009-07-21 11:23 192,512 a------- c:\windows\system32\IVIresizeM6.dll
2009-07-21 11:23 188,416 a------- c:\windows\system32\IVIresizePX.dll
2009-07-21 11:23 20,480 a------- c:\windows\system32\IVIresize.dll
2009-07-21 11:23 <DIR> --d----- c:\program files\common files\InterVideo
2009-07-21 11:22 <DIR> --d----- c:\program files\InterVideo
2009-07-21 11:22 1,560,576 a------- c:\windows\system32\BttnCmns_64.dll
2009-07-21 11:22 1,560,576 a------- c:\windows\system32\BttnCmns.dll
2009-07-21 11:22 987,136 a------- c:\windows\system32\BttnCmn.dll
2009-07-21 11:22 195 ---shr-- c:\windows\system32\vssver2.scc
2009-07-21 11:22 325,120 a------- c:\windows\system32\accelerometercp.CPL
2009-07-21 11:22 124,928 a------- c:\windows\system32\accelerometerST.exe
2009-07-21 11:22 7,680 a------- c:\windows\system32\accelerometerdll.DLL
2009-07-21 11:21 106,557 a------- c:\windows\system32\btw_ci.dll
2009-07-21 11:21 868,298 a------- c:\windows\system32\drivers\btkrnl.sys
2009-07-21 11:21 <DIR> --d----- c:\program files\WIDCOMM
2009-07-21 11:21 1,695 a--shr-- c:\windows\system32\drivers\103C_HP_NTBK_HP Compaq 6510b (GM108UC#ABM)_YN_0U_QCNU8334DNQ_EU_46_I30C0_SHP_VKBC Version 71.2E_B68DDU Ver. F.12_T080522_WXP2_L409_M2040_J80_7Intel_8Core2 Duo T7300_91.99_#090721_N14E41693_(GM108UC#ABM)_XMOBILE.MRK
2009-07-21 11:21 32,356 -------- c:\windows\system32\pusbfd1.sys
2009-07-21 11:21 26,629 -------- c:\windows\system32\pusbfd2.vxd
2009-07-21 11:21 <DIR> --d----- C:\swsetup
2009-07-21 11:19 <DIR> --d----- c:\program files\HPQ
2009-07-21 11:18 <DIR> --d----- c:\program files\ActivIdentity
2009-07-21 11:18 <DIR> --dshr-- C:\cmdcons
2009-07-21 11:17 <DIR> --d----- c:\windows\SchCache
2009-07-21 11:14 <DIR> --d----- C:\Intel
2009-07-21 04:13 <DIR> --d----- c:\program files\Analog Devices
2009-07-21 04:12 309,760 a------- c:\windows\system32\difxapi.dll
2009-07-21 04:12 61,056 a------- c:\windows\system32\drivers\ohci1394.sys
2009-07-21 04:12 6,400 a------- c:\windows\system32\drivers\enum1394.sys
2009-07-21 04:12 53,248 a------- c:\windows\system32\drivers\1394bus.sys
2009-07-21 04:12 9,344 a------- c:\windows\system32\drivers\compbatt.sys
2009-07-21 04:12 14,080 a------- c:\windows\system32\drivers\CmBatt.sys
2009-07-21 04:12 14,080 a------- c:\windows\system32\drivers\battc.sys

==================== Find3M ====================

2009-07-22 13:22 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-07-21 11:18 86,097 a------- c:\windows\system32\akpg.dll
2009-07-21 11:18 86,093 a------- c:\windows\system32\akspg.dll
2009-07-21 11:18 73,811 a------- c:\windows\system32\akins.dll
2009-07-21 11:18 73,807 a------- c:\windows\system32\aksins.dll

============= FINISH: 10:22:35.17 ===============

Attached Files



#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:41 AM

Posted 21 August 2009 - 07:54 AM

Hello.

We'll make sure everything is okay.

I would like to see two more scans.

Download and run MalwareBytes Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link

Download and run RootRepeal CR

Please download RootRepeal from the following location and save it to your desktop.
  • Unzip the RootRepeal.zip file it to it's own folder. (If you did not use the "Direct Download" mirror to download RootRepeal).
  • Close/Disable all other programs especially your security programs (anti-spyware, anti-virus, and firewall) Refer to this page, if you are unsure how.
  • Physically disconnect your machine from the internet as your system will be unprotected.
  • Double-click on RootRepeal.exe to run it. If you are using Vista, please right-click and run as Administrator...
  • Click the Posted Image tab at the bottom.
  • Now press the Posted Image button.
  • A box will pop up, check the boxes beside All Seven options/scan area
    Posted Image
  • Now click OK.
  • Another box will open, check the boxes beside all the drives, eg : C:\, then click OK.
  • The scan will take a little while to run, so let it go unhindered.
  • Once it is done, click the Save Report button. Posted Image
  • Save it as RepealScan and save it to your desktop
  • Reconnect to the internet.
  • Post the contents of that log in your reply please.
Post back with both logs in your next reply.

Then, take a new DDS run and post back with the two dds logs as well.

Thanks.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#5 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:41 AM

Posted 24 August 2009 - 02:53 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 5-7 from the last day I replied initially, the topic will need to be closed.

Thanks for understanding.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#6 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:41 AM

Posted 27 August 2009 - 03:43 PM

Hello.

Due to Lack of feedback, this topic is now Closed

If you need this topic reopened, please Send Me a Message. In your message please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic in the Hijackthis-Malware Removal forum.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users