Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I have a rootkit that won't go away...


  • This topic is locked This topic is locked
2 replies to this topic

#1 canuhelp0920

canuhelp0920

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:09 PM

Posted 09 November 2009 - 10:14 PM

1)so i noticed my computer was running slow
2) installed malawarebytes found rootkit.TDSS
3) removed it and did a clean install or so i thought
4)did a scan latter after moving all of my music and stuffs found rootkit.agent
5) it decided to infect handbrake uninstaller and unlocker uninstaller ?? and it infected the handbrake.exe installer and the the unlocker installer
6)i have pics of the results of the 2 scans that i will post if it will help you help me.....
7) malawarebytes thinks the rootkit is gone, but i am not so sure.....
8) logging into windows seems more slow than usual....

Please Help......



here is the DDS info


DDS (Ver_09-10-26.01) - NTFSx86
Run by Sam at 18:35:50.27 on Mon 11/09/2009
Internet Explorer: 8.0.6001.18828
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3061.1350 [GMT -8:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:Windowssystem32wininit.exe
C:Program FilesAVGAVG9avgchsvx.exe
C:Program FilesAVGAVG9avgrsx.exe
C:Windowssystem32lsm.exe
C:Program FilesAVGAVG9avgcsrvx.exe
C:Windowssystem32svchost.exe -k DcomLaunch
C:Windowssystem32svchost.exe -k rpcss
C:WindowsSystem32svchost.exe -k LocalServiceNetworkRestricted
C:WindowsSystem32svchost.exe -k LocalSystemNetworkRestricted
C:Windowssystem32svchost.exe -k netsvcs
C:Windowssystem32svchost.exe -k GPSvcGroup
C:Windowssystem32SLsvc.exe
C:Windowssystem32svchost.exe -k LocalService
C:Windowssystem32svchost.exe -k NetworkService
C:Windowssystem32WLANExt.exe
C:WindowsSystem32WLTRYSVC.EXE
C:WindowsSystem32bcmwltry.exe
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
C:Program FilesAlwil SoftwareAvast4ashServ.exe
C:WindowsSystem32spoolsv.exe
C:Windowssystem32svchost.exe -k LocalServiceNoNetwork
C:WindowsSystem32DriverStoreFileRepositorystwrt.inf_c09c50a2aestsrv.exe
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:Program FilesAVGAVG9avgwdsvc.exe
C:Program FilesSeagateBasicsServiceSyncServicesBasics.exe
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesIntelWirelessBinEvtEng.exe
C:Program FilesAVGAVG9avgnsx.exe
C:Windowssystem32taskeng.exe
C:Windowssystem32Dwm.exe
C:WindowsExplorer.EXE
C:Windowssystem32svchost.exe -k NetworkServiceNetworkRestricted
C:Program FilesIntelWirelessBinRegSrvc.exe
C:Program FilesSandboxieSbieSvc.exe
C:WindowsSystem32DriverStoreFileRepositorystwrt.inf_c09c50a2STacSV.exe
C:Windowssystem32svchost.exe -k imgsvc
C:WindowsSystem32svchost.exe -k WerSvcGroup
C:Windowssystem32SearchIndexer.exe
C:Windowssystem32DRIVERSxaudio.exe
C:Program FilesAVGAVG9avgemc.exe
C:Program FilesAVGAVG9avgcsrvx.exe
C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
C:WindowsSystem32WLTRAY.EXE
C:WindowsOEM02Mon.exe
C:Program FilesDellTPadApoint.exe
C:Program FilesDellDell Webcam ManagerDellWMgr.exe
C:WindowsSystem32igfxtray.exe
C:WindowsSystem32igfxpers.exe
C:Windowssystem32igfxsrvc.exe
C:Program FilesAVGAVG9avgtray.exe
C:Program FilesiTunesiTunesHelper.exe
C:Program FilesSigmaTelC-Major AudioWDMsttray.exe
C:Program FilesSeagateBasicsBasics StatusMaxMenuMgrBasics.exe
C:Program FilesAlwil SoftwareAvast4ashDisp.exe
C:Program FilesSandboxieSbieCtrl.exe
C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe
C:Program FilesDellQuickSetquickset.exe
C:Windowssystem32wbemwmiprvse.exe
C:Program FilesDellTPadApMsgFwd.exe
C:Program FilesDellTPadApntex.exe
C:Program FilesDellTPadHidFind.exe
C:Program FilesiPodbiniPodService.exe
C:Windowssystem32SearchProtocolHost.exe
C:Windowssystem32Taskmgr.exe
C:Program FilesSpybot - Search & DestroyTeaTimer.exe
C:Program FilesMalwarebytes' Anti-Malwarembam.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Windowssystem32wbemwmiprvse.exe
C:Windowssystem32vssvc.exe
C:WindowsSystem32svchost.exe -k swprv
C:Windowssystem32SearchFilterHost.exe
C:Windowssystem32DllHost.exe
C:Windowssystem32DllHost.exe
C:UsersSamDesktopdds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:program filesavgavg9avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:progra~1spybot~1SDHelper.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
uRun: [SandboxieControl] "c:program filessandboxieSbieCtrl.exe"
uRun: [SUPERAntiSpyware] c:program filessuperantispywareSUPERAntiSpyware.exe
uRun: [SpybotSD TeaTimer] c:program filesspybot - search & destroyTeaTimer.exe
mRun: [Windows Defender] %ProgramFiles%Windows DefenderMSASCui.exe -hide
mRun: [Broadcom Wireless Manager UI] c:windowssystem32WLTRAY.exe
mRun: [OEM02Mon.exe] c:windowsOEM02Mon.exe
mRun: [Apoint] c:program filesdelltpadApoint.exe
mRun: [DELL Webcam Manager] "c:program filesdelldell webcam managerDellWMgr.exe" /s
mRun: [IgfxTray] c:windowssystem32igfxtray.exe
mRun: [HotKeysCmds] c:windowssystem32hkcmd.exe
mRun: [Persistence] c:windowssystem32igfxpers.exe
mRun: [dellsupportcenter] "c:program filesdell support centerbinsprtcmd.exe" /P dellsupportcenter
mRun: [AVG9_TRAY] c:progra~1avgavg9avgtray.exe
mRun: [QuickTime Task] "c:program filesquicktimeQTTask.exe" -atboottime
mRun: [iTunesHelper] "c:program filesitunesiTunesHelper.exe"
mRun: [SigmatelSysTrayApp] %ProgramFiles%SigmaTelC-Major AudioWDMsttray.exe
mRun: [basicsmssmenu] "c:program filesseagatebasicsbasics statusMaxMenuMgrBasics.exe"
mRun: [avast!] c:progra~1alwils~1avast4ashDisp.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:program filesmalwarebytes' anti-malwarembam.exe" /runcleanupscript
mRunOnce: [Malwarebytes' Anti-Malware] c:program filesmalwarebytes' anti-malwarembamgui.exe /install /silent
StartupFolder: c:progra~2micros~1windowsstartm~1programsstartupquickset.lnk - c:program filesdellquicksetquickset.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:progra~1spybot~1SDHelper.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:program filesavgavg9avgpp.dll
Notify: !SASWinLogon - c:program filessuperantispywareSASWINLO.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: avgrsstx.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:program filessuperantispywareSASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:userssamappdataroamingmozillafirefoxprofileshzzilx13.default
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:windowsmicrosoft.netframeworkv3.5windows presentation foundationdotnetassistantextension
FF - HiddenExtension: Java Console: No Registry Reference - c:program filesmozilla firefoxextensions{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:program filesmozilla firefoxgreprefssecurity-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:windowssystem32driversaswSP.sys [2009-11-9 114768]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:windowssystem32driversavgldx86.sys [2009-11-7 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:windowssystem32driversavgtdix.sys [2009-11-7 360584]
R1 SASDIFSV;SASDIFSV;c:program filessuperantispywaresasdifsv.sys [2009-10-12 9968]
R1 SASKUTIL;SASKUTIL;c:program filessuperantispywareSASKUTIL.SYS [2009-10-12 74480]
R2 AESTFilters;Andrea ST Filters Service;c:windowssystem32driverstorefilerepositorystwrt.inf_c09c50a2AEstSrv.exe [2009-11-7 73728]
R2 aswFsBlk;aswFsBlk;c:windowssystem32driversaswFsBlk.sys [2009-11-9 20560]
R2 aswMonFlt;aswMonFlt;c:windowssystem32driversaswMonFlt.sys [2009-11-9 51792]
R2 avg9emc;AVG Free E-mail Scanner;c:program filesavgavg9avgemc.exe [2009-11-7 906520]
R2 avg9wd;AVG Free WatchDog;c:program filesavgavg9avgwdsvc.exe [2009-11-7 285392]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:windowssystem32driversIntcHdmi.sys [2009-11-7 111616]
R3 MBAMSwissArmy;MBAMSwissArmy;c:windowssystem32driversmbamswissarmy.sys [2009-11-9 38224]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:windowssystem32driversOEM02Dev.sys [2007-10-10 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:windowssystem32driversOEM02Vfx.sys [2009-11-7 7424]
R3 SASENUM;SASENUM;c:program filessuperantispywareSASENUM.SYS [2009-10-12 7408]
R3 SbieDrv;SbieDrv;c:program filessandboxieSbieDrv.sys [2009-9-30 116736]
S2 SBSDWSCService;SBSD Security Center Service;c:program filesspybot - search & destroySDWinSec.exe [2009-11-9 1153368]
S3 a016bus;Sony Ericsson Device A016 driver (WDM);c:windowssystem32driversa016bus.sys [2009-11-7 83880]
S3 a016mdfl;Sony Ericsson Device A016 USB WMC Modeme Filter;c:windowssystem32driversa016mdfl.sys [2009-11-7 15016]
S3 a016mdm;Sony Ericsson Device A016 USB WMC Modem Driver;c:windowssystem32driversa016mdm.sys [2009-11-7 110504]
S3 a016mgmt;Sony Ericsson Device A016 USB WMC Device Management Drivers (WDM);c:windowssystem32driversa016mgmt.sys [2009-11-7 104488]
S3 a016obex;Sony Ericsson Device A016 USB WMC OBEX Interface;c:windowssystem32driversa016obex.sys [2009-11-7 100648]
S3 RR;RR;c:userssamappdatalocaltempRR.exe [2009-11-9 506752]

=============== Created Last 30 ================

2009-11-10 01:34:52 0 d-----w- c:program filesTrend Micro
2009-11-10 01:32:08 38224 ----a-w- c:windowssystem32driversmbamswissarmy.sys
2009-11-10 01:32:06 19160 ----a-w- c:windowssystem32driversmbam.sys
2009-11-10 01:32:06 0 d-----w- c:program filesMalwarebytes' Anti-Malware
2009-11-10 01:21:31 0 d-----w- c:programdataSpybot - Search & Destroy
2009-11-10 01:21:31 0 d-----w- c:program filesSpybot - Search & Destroy
2009-11-09 23:38:36 0 d-----w- c:programdataTEMP
2009-11-09 23:38:32 118784 ----a-w- c:windowssystem32MSSTDFMT.DLL
2009-11-09 23:38:31 0 d-----w- c:program filesSpywareBlaster
2009-11-09 23:30:11 0 d-----w- c:programdataSUPERAntiSpyware.com
2009-11-09 23:30:01 0 d-----w- c:userssamappdataroamingSUPERAntiSpyware.com
2009-11-09 23:30:01 0 d-----w- c:program filesSUPERAntiSpyware
2009-11-09 23:18:50 0 d-----w- c:program filescommon filesWise Installation Wizard
2009-11-09 22:47:36 54168519 ----a-w- c:windowssystem32FGWPSPXG
2009-11-09 21:23:27 51792 ----a-w- c:windowssystem32driversaswMonFlt.sys
2009-11-09 19:21:20 0 d-----w- C:TEMP
2009-11-09 06:38:59 1638912 ----a-w- c:windowssystem32mshtml.tlb
2009-11-08 22:35:38 0 d-----w- c:userssamappdataroamingBullzip
2009-11-08 22:24:46 0 d-----r- C:Sandbox
2009-11-08 22:24:02 1744 ----a-w- c:windowsSandboxie.ini
2009-11-08 22:23:39 0 d-----w- c:program filesSandboxie
2009-11-08 20:47:05 0 d-----w- c:programdataSeagate
2009-11-08 20:47:05 0 d-----w- c:program filesSeagate
2009-11-08 09:27:38 0 d-----w- c:userssamappdataroamingOpenOffice.org
2009-11-08 09:19:25 0 d-----w- c:program filesJRE
2009-11-08 09:19:05 0 d-----w- c:program filesOpenOffice.org 3
2009-11-08 09:18:02 411368 ----a-w- c:windowssystem32deploytk.dll
2009-11-08 08:20:59 0 d-----w- c:windowssystem32eu-ES
2009-11-08 08:20:59 0 d-----w- c:windowssystem32ca-ES
2009-11-08 08:20:56 0 d-----w- c:windowssystem32vi-VN
2009-11-08 07:46:28 0 d-----w- c:windowssystem32EventProviders
2009-11-08 07:44:59 87040 ----a-w- c:windowssystem32mssitlb.dll
2009-11-08 06:40:37 2048 ----a-w- c:windowssystem32tzres.dll
2009-11-08 06:22:57 18904 ----a-w- c:windowssystem32StructuredQuerySchemaTrivial.bin
2009-11-08 06:22:55 11967524 ----a-w- c:windowssystem32korwbrkr.lex
2009-11-08 05:01:16 0 d-----w- c:program filesAvanquest update
2009-11-08 04:59:05 41984 ----a-w- c:windowssystem32netfxperf.dll
2009-11-08 04:51:58 0 d-----w- c:programdataBVRP Software
2009-11-08 04:21:41 83880 ----a-w- c:windowssystem32driversa016bus.sys
2009-11-08 04:21:41 15016 ----a-w- c:windowssystem32driversa016mdfl.sys
2009-11-08 04:21:41 12200 ----a-w- c:windowssystem32driversa016whnt.sys
2009-11-08 04:21:41 12200 ----a-w- c:windowssystem32driversa016wh.sys
2009-11-08 04:21:41 12200 ----a-w- c:windowssystem32driversa016cmnt.sys
2009-11-08 04:21:41 12200 ----a-w- c:windowssystem32driversa016cm.sys
2009-11-08 04:21:41 110504 ----a-w- c:windowssystem32driversa016mdm.sys
2009-11-08 04:21:41 104488 ----a-w- c:windowssystem32driversa016mgmt.sys
2009-11-08 04:21:41 100648 ----a-w- c:windowssystem32driversa016obex.sys
2009-11-08 04:21:33 0 d-----w- c:programdataSony Ericsson
2009-11-08 04:21:33 0 d-----w- c:program filesSony Ericsson
2009-11-08 04:15:03 0 d-----w- c:userssamappdataroamingIrfanView
2009-11-08 04:15:03 0 d-----w- c:program filesIrfanView
2009-11-08 04:12:45 0 d-----w- c:program filesPaint.NET
2009-11-08 04:09:51 0 d-----w- c:userssamappdataroamingAny Video Converter
2009-11-08 04:09:27 0 d-----w- c:program filesAny Video Converter
2009-11-08 04:07:40 0 d-----w- c:program filesDefraggler
2009-11-08 04:07:17 0 d-----w- c:program filesCCleaner
2009-11-08 04:05:00 0 d-----w- c:programdataDVD Shrink
2009-11-08 04:04:59 0 d-----w- c:program filesDVD Shrink
2009-11-08 04:00:33 0 d-----w- c:program filesVideoLAN
2009-11-08 03:59:11 227840 ----a-w- c:windowssystem32bzFlRdr.dll
2009-11-08 03:59:11 103424 ----a-w- c:windowssystem32bzDCT.dll
2009-11-08 03:59:10 126976 ----a-w- c:windowssystem32bzpdfc.dll
2009-11-08 03:59:08 194560 ----a-w- c:windowssystem32bzpdf.dll
2009-11-08 03:59:05 140288 ----a-w- c:windowssystem32comdlg32.OCX
2009-11-08 03:59:05 0 d-----w- c:program filesBullzip
2009-11-08 03:58:18 0 d-----w- c:userssamappdataroamingFoxit
2009-11-08 03:58:18 0 d-----w- c:program filesFoxit Software
2009-11-08 03:54:58 0 d-----w- c:program filesUnlocker
2009-11-08 03:51:39 1696768 ----a-w- c:windowssystem32gameux.dll
2009-11-08 03:51:38 4240384 ----a-w- c:windowssystem32GameUXLegacyGDFs.dll
2009-11-08 03:51:38 28672 ----a-w- c:windowssystem32Apphlpdm.dll
2009-11-08 03:46:11 904776 ----a-w- c:windowssystem32driverstcpip.sys
2009-11-08 03:46:11 30720 ----a-w- c:windowssystem32driverstcpipreg.sys
2009-11-08 03:46:11 105984 ----a-w- c:windowssystem32netiohlp.dll
2009-11-08 03:46:10 9728 ----a-w- c:windowssystem32TCPSVCS.EXE
2009-11-08 03:46:10 8704 ----a-w- c:windowssystem32HOSTNAME.EXE
2009-11-08 03:46:10 27136 ----a-w- c:windowssystem32NETSTAT.EXE
2009-11-08 03:46:10 19968 ----a-w- c:windowssystem32ARP.EXE
2009-11-08 03:46:10 17920 ----a-w- c:windowssystem32ROUTE.EXE
2009-11-08 03:46:10 17920 ----a-w- c:windowssystem32netevent.dll
2009-11-08 03:46:10 11264 ----a-w- c:windowssystem32MRINFO.EXE
2009-11-08 03:46:10 10240 ----a-w- c:windowssystem32finger.exe
2009-11-08 03:44:27 313344 ----a-w- c:windowssystem32wmpdxm.dll
2009-11-08 03:44:25 43520 ----a-w- c:windowssystem32msdxm.tlb
2009-11-08 03:44:25 18432 ----a-w- c:windowssystem32amcompat.tlb
2009-11-08 03:44:09 6656 ----a-w- c:windowssystem32kbd106n.dll
2009-11-08 03:43:47 218624 ----a-w- c:windowssystem32msv1_0.dll
2009-11-08 03:43:43 68096 ----a-w- c:windowssystem32wlanhlp.dll
2009-11-08 03:43:43 513536 ----a-w- c:windowssystem32wlansvc.dll
2009-11-08 03:43:43 2501921 ----a-w- c:windowssystem32wlan.tmf
2009-11-08 03:43:42 65024 ----a-w- c:windowssystem32wlanapi.dll
2009-11-08 03:43:42 302592 ----a-w- c:windowssystem32wlansec.dll
2009-11-08 03:43:42 293376 ----a-w- c:windowssystem32wlanmsm.dll
2009-11-08 03:43:42 127488 ----a-w- c:windowssystem32L2SecHC.dll
2009-11-08 03:43:12 2034688 ----a-w- c:windowssystem32win32k.sys
2009-11-08 03:42:20 60928 ----a-w- c:windowssystem32msasn1.dll
2009-11-08 03:42:12 91136 ----a-w- c:windowssystem32avifil32.dll
2009-11-08 03:42:07 3600456 ----a-w- c:windowssystem32ntkrnlpa.exe
2009-11-08 03:42:06 3548216 ----a-w- c:windowssystem32ntoskrnl.exe
2009-11-08 03:42:04 160256 ----a-w- c:windowssystem32wkssvc.dll
2009-11-08 03:42:02 623616 ----a-w- c:windowssystem32localspl.dll
2009-11-08 03:41:26 2066432 ----a-w- c:windowssystem32mstscax.dll
2009-11-08 03:41:25 53248 ----a-w- c:windowssystem32tsgqec.dll
2009-11-08 03:41:25 136192 ----a-w- c:windowssystem32aaclient.dll
2009-11-08 03:41:20 289792 ----a-w- c:windowssystem32atmfd.dll
2009-11-08 03:41:19 72704 ----a-w- c:windowssystem32fontsub.dll
2009-11-08 03:41:19 34304 ----a-w- c:windowssystem32atmlib.dll
2009-11-08 03:41:19 23552 ----a-w- c:windowssystem32lpk.dll
2009-11-08 03:41:19 156672 ----a-w- c:windowssystem32t2embed.dll
2009-11-08 03:41:19 10240 ----a-w- c:windowssystem32dciman32.dll
2009-11-08 03:41:14 784896 ----a-w- c:windowssystem32rpcrt4.dll
2009-11-08 03:40:57 71680 ----a-w- c:windowssystem32atl.dll
2009-11-08 03:29:09 604672 ----a-w- c:windowssystem32WMSPDMOD.DLL
2009-11-08 03:28:17 0 ---ha-w- c:windowssystem32driversMsft_User_WpdFs_01_00_00.Wdf
2009-11-08 03:25:28 144896 ----a-w- c:windowssystem32driverssrv2.sys
2009-11-08 03:25:13 310784 ----a-w- c:windowssystem32unregmp2.exe
2009-11-08 03:25:11 7680 ----a-w- c:windowssystem32spwmp.dll
2009-11-08 03:25:11 4096 ----a-w- c:windowssystem32msdxm.ocx
2009-11-08 03:25:11 4096 ----a-w- c:windowssystem32dxmasf.dll
2009-11-08 03:25:10 8147456 ----a-w- c:windowssystem32wmploc.DLL
2009-11-08 03:19:25 26600 ----a-w- c:windowssystem32driversGEARAspiWDM.sys
2009-11-08 03:19:25 107368 ----a-w- c:windowssystem32GEARAspi.dll
2009-11-08 03:18:25 0 d-----w- c:program filesiPod
2009-11-08 03:18:24 0 d-----w- c:programdata{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-11-08 03:18:24 0 d-----w- c:program filesiTunes
2009-11-08 03:17:35 0 d-----w- c:program filesBonjour
2009-11-08 03:16:58 0 d-----w- c:programdataApple Computer
2009-11-08 03:14:33 0 d-----w- c:programdataApple
2009-11-08 03:09:00 0 d--h--w- C:$AVG
2009-11-08 03:08:59 12464 ----a-w- c:windowssystem32avgrsstx.dll
2009-11-08 03:08:57 360584 ----a-w- c:windowssystem32driversavgtdix.sys
2009-11-08 03:08:50 333192 ----a-w- c:windowssystem32driversavgldx86.sys
2009-11-08 03:08:47 0 d-----w- c:windowssystem32driversAvg
2009-11-08 03:08:44 0 d-----w- c:program filesAVG
2009-11-08 03:08:43 0 d-----w- c:programdataavg9
2009-11-08 03:03:52 1524736 ----a-w- c:windowssystem32wucltux.dll
2009-11-08 03:03:37 83456 ----a-w- c:windowssystem32wudriver.dll
2009-11-08 03:03:27 31232 ----a-w- c:windowssystem32wuapp.exe
2009-11-08 03:03:27 162064 ----a-w- c:windowssystem32wuwebv.dll
2009-11-08 02:56:03 0 d-----w- c:userssamappdataroamingMalwarebytes
2009-11-08 02:55:58 0 d-----w- c:programdataMalwarebytes
2009-11-08 02:54:43 16058 ----a-w- c:windowssystem32results.xml
2009-11-08 02:50:05 0 d-----w- c:programdataSupportSoft
2009-11-08 02:49:58 0 d-----w- c:programdataPC-Doctor
2009-11-08 02:49:57 0 d-----w- c:programdataPCDr
2009-11-08 02:49:37 0 d-----w- c:program filesDell Support Center
2009-11-08 02:49:36 0 d-----w- c:program filescommon filessupportsoft
2009-11-08 02:49:17 0 d-----w- c:programdataDell
2009-11-08 02:45:05 73728 ----a-w- c:windowssystem32AEstSrv.exe
2009-11-08 02:45:05 647168 ----a-w- c:windowssystem32aestecap.dll
2009-11-08 02:45:05 53248 ----a-w- c:windowssystem32aestaren.dll
2009-11-08 02:45:05 131072 ----a-w- c:windowssystem32aestacap.dll
2009-11-08 02:45:04 102400 ----a-w- c:windowssystem32stacsv.exe
2009-11-08 02:45:02 1601536 ----a-w- c:windowssystem32stlang.dll
2009-11-08 02:44:57 4947968 ----a-w- c:windowssystem32stacgui.cpl
2009-11-08 02:44:03 527872 ----a-w- c:windowssystem32stapo.dll
2009-11-08 02:44:03 492544 ----a-w- c:windowssystem32ctapo32.dll
2009-11-08 02:44:03 45568 ----a-w- c:windowssystem32ctppld.dll
2009-11-08 02:44:03 330752 ----a-w- c:windowssystem32driversstwrt.sys
2009-11-08 02:44:03 328704 ----a-w- c:windowssystem32stcplx.dll
2009-11-08 02:44:03 312320 ----a-w- c:windowssystem32stapi32.dll
2009-11-08 02:44:03 150016 ----a-w- c:windowssystem32st325866.dll
2009-11-08 02:44:03 0 d-----w- c:program filesSigmaTel
2009-11-08 02:39:11 0 d-----w- c:windowssystem32Lang
2009-11-08 02:39:10 920088 ----a-w- c:windowssystem32igxpun.exe
2009-11-08 02:39:10 319456 ----a-w- c:windowssystem32difxapi.dll
2009-11-08 02:35:16 262144 ----a-w- c:windowssystem32bcmwlu00.exe
2009-11-08 02:35:13 2756608 ----a-w- c:windowssystem32bcmttls.dll
2009-11-08 02:23:26 76 --sh--r- c:windowsCT4CET.bin
2009-11-08 02:22:46 0 d-----w- c:program filescommon filesReallusion
2009-11-08 02:21:03 5627904 ----a-w- c:windowssystem32LiveCamVirtual.ocx
2009-11-08 02:20:13 348160 ----a-w- c:windowssystem32msvcr71.dll
2009-11-08 02:20:11 499712 ----a-w- c:windowssystem32msvcp71.dll
2009-11-08 02:20:07 1060864 ----a-w- c:windowssystem32MFC71.DLL
2009-11-08 02:20:00 0 d-----w- c:program filesCreative Live! Cam
2009-11-08 02:17:40 0 d-----w- c:program filesCreative
2009-11-08 02:14:50 0 d-----w- c:program filesMarvell
2009-11-08 01:51:07 0 d-----w- c:userssamappdataroamingTMP
2009-11-08 01:49:59 0 ---ha-w- c:windowssystem32driversMsft_Kernel_Apfiltr_01005.Wdf
2009-11-08 01:49:23 0 d-----w- c:program filesDellTPad
2009-11-08 01:47:14 164400 ----a-w- c:windowssystem32driversApfiltr.sys
2009-11-08 01:47:14 1419232 ----a-w- c:windowssystem32WdfCoInstaller01005.dll
2009-11-08 01:47:14 100542 ----a-w- c:windowssystem32Vxdif.dll
2009-11-08 01:45:27 0 d-----w- c:windowsDownloaded Installations
2009-11-08 01:42:02 90112 ----a-w- c:windowssystem32snymsico.dll
2009-11-08 01:42:02 42496 ----a-w- c:windowssystem32driversrimsptsk.sys
2009-11-08 01:42:02 39936 ----a-w- c:windowssystem32driversrimmptsk.sys
2009-11-08 01:42:02 37376 ----a-w- c:windowssystem32driversrixdptsk.sys
2009-11-08 01:42:02 16480 ----a-w- c:windowssystem32rixdicon.dll
2009-11-08 01:37:42 0 d-----w- C:Intel
2009-11-08 01:35:36 27072 ----a-w- c:windowssystem32driversPCASp50.sys
2009-11-08 01:34:53 0 d-----w- c:programdataNovatel Wireless
2009-11-08 01:31:16 0 d-----w- c:program filesCONEXANT
2009-11-08 01:30:58 986624 ----a-w- c:windowssystem32driversHSX_DPV.sys
2009-11-08 01:30:58 94208 ----a-w- c:windowssystem32mdmxsdk.dll
2009-11-08 01:30:58 8192 ----a-w- c:windowssystem32driversXAudio.sys
2009-11-08 01:30:58 659968 ----a-w- c:windowssystem32driversHSX_CNXT.sys
2009-11-08 01:30:58 386560 ----a-w- c:windowssystem32driversXAudio.exe
2009-11-08 01:30:58 206848 ----a-w- c:windowssystem32driversHSXHWAZL.sys
2009-11-08 01:30:58 172032 ----a-w- c:windowssystem32Uci32114.dll
2009-11-08 01:30:58 12672 ----a-w- c:windowssystem32driversmdmxsdk.sys
2009-11-08 01:30:57 144360 ----a-w- c:windowssystem32driversdel1028.cty
2009-11-08 01:28:57 0 d-----w- c:userssamappdataroamingIntel
2009-11-08 01:28:55 0 d-----w- c:programdataRoaming
2009-11-08 01:28:34 0 d-----w- c:programdataIntel
2009-11-08 01:26:55 0 d-----w- c:program filesModem Diagnostic Tool
2009-11-08 01:25:39 0 d-----w- c:program filesCisco
2009-11-08 01:20:30 0 d-----w- c:windowssystem32vmm32
2009-11-08 01:20:30 0 d-----w- c:program filesDell
2009-11-08 01:20:15 0 d-sh--w- c:windowsInstaller
2009-11-08 01:10:29 0 d-----w- c:windowsPanther
2009-11-08 01:10:20 8192 --s-a-r- C:BOOTSECT.BAK
2009-11-08 01:10:18 333257 --sha-r- C:bootmgr
2009-11-08 01:10:18 0 d-sh--w- C:Boot
2009-11-08 01:10:00 24 ---ha-r- c:windowsdell_version
2009-11-08 01:10:00 0 d-----w- c:windowssystem32OEM

==================== Find3M ====================

2009-11-08 08:29:07 86016 ----a-w- c:windowsinfinfstor.dat
2009-11-08 08:29:07 51200 ----a-w- c:windowsinfinfpub.dat
2009-11-08 08:29:07 143360 ----a-w- c:windowsinfinfstrng.dat
2009-11-08 08:20:45 665600 ----a-w- c:windowsinfdrvindex.dat
2009-11-08 08:15:21 37665 ----a-w- c:windowsfontsGlobalUserInterface.CompositeFont
2009-08-29 03:42:52 2065696 ----a-w- c:windowssystem32usbaaplrc.dll
2009-08-27 05:22:28 916480 ----a-w- c:windowssystem32wininet.dll
2009-08-27 05:17:43 71680 ----a-w- c:windowssystem32iesetup.dll
2009-08-27 05:17:43 109056 ----a-w- c:windowssystem32iesysprep.dll
2009-08-27 03:42:29 133632 ----a-w- c:windowssystem32ieUnatt.exe
2008-01-21 02:43:21 174 --sha-w- c:program filesdesktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:windowsinfperflib0409perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:windowsinfperflib0409perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:windowsinfperflib0409perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:windowsinfperflib0409perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:windowsinfperflib0000perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:windowsinfperflib0000perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:windowsinfperflib0000perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:windowsinfperflib0000perfc.dat

============= FINISH: 18:36:16.28 ===============

Oh i forgot to say i am new here, and hello :(

so forgive me if i made a mistake in my post....

Merged posts. ~ OB

Attached Files


Edited by Orange Blossom, 09 November 2009 - 10:51 PM.


BC AdBot (Login to Remove)

 


#2 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:01:09 PM

Posted 16 November 2009 - 08:48 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.


If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
PW

#3 SpySentinel

SpySentinel

  • Staff Emeritus
  • 2,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The United States
  • Local time:01:09 PM

Posted 07 December 2009 - 12:46 PM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member with the link to this thread.

Everyone else please start a new topic.
Posted Image
Unified Network of Instructors and Trained Eliminators

Posted Image

My help is always free, but if you can, please Posted Image to help me continue the fight against malware.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users