Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit/Vundo Virus


  • This topic is locked This topic is locked
2 replies to this topic

#1 Islandg1rl

Islandg1rl

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:24 AM

Posted 03 January 2010 - 09:46 PM

Hello All -

Need some assistance wilth removing rootkit.tdss and/or vundo virus from my PC. I'm pretty sure I was infected about 1.5 weeks ago. I think I have tried everything to remove it. My AVG catches it but of course once cleaned, it's back again. I decided to download Spyware Doctor, once again, it detects it but once removed, it's back again. I ran VundoFix, but it doesn't find anything. I also noticed previous to this that my task manager had been disabled, I thought maybe it was something I had done, only to find out as I was trying to remove these other problems, it was a virus. I was able to fix it. The only other issues that I've noticed is I can not go into safe mode, I get a blue screen, not sure if that has anything to do with the trojan or rootkit; my computer re-directs me to other sites; and at times after the PC is idle I'm left with only my background and no icons or a start menu.

Rootkit.TDSS only pops up on Spyware Doctor. There are two things constantly popping up in the AVG scanner, Vundo.JD virus. One in Windows/system32/tdlcmd.dll and one in System Volume Information/_restore, each has a string of number and letters behind it. It would not let me copy it from the scan. I attempted to disable my AVG while running the DDS but I could not find a way to do so. If that makes a difference, please let me know. Also, if you need the full string of the System Volume Information I can attempt to send that as well.

Thanks for any assistance that can be offered. I'm an amatuer at computers, I know enough to get me in trouble(obviously). So thanks for being patient and hopefully I've done everything that you guys have asked for correcly!! I know you guys are busy and I'll be patient!!!



DDS (Ver_09-12-01.01) - NTFSx86
Run by Nikki at 18:07:39.26 on Sun 01/03/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.221 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\AOL\1163718826\ee\AOLSoftware.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Runtime Software\DriveImage XML\dixml.exe
C:\Documents and Settings\Nikki\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page =
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\progra~1\skype\phone\ieplugin\SKYPEI~1.DLL
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [YSearchProtection] c:\program files\yahoo!\search protection\SearchProtection.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [HostManager] c:\program files\common files\aol\1163718826\ee\AOLSoftware.exe
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [Creative WebCam Tray] c:\program files\creative\shared files\CAMTRAY.EXE
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [EPSON Stylus CX7800 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIAFA.EXE /P26 "EPSON Stylus CX7800 Series" /O6 "USB001" /M "Stylus CX7800"
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\progra~1\skype\phone\ieplugin\SKYPEI~1.DLL
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: yahoo.com
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {298BFFEE-662D-11D5-ADAF-00E0810232D7} - hxxps://video.manheim.com/lib/LiveSound.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1166513833765
DPF: {7206EAAC-5CFA-43A3-9F61-E27E8E51E42F} - hxxp://adus1.liveglobalbid.com/container_repository/laiexec.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,zpasspc.dll

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-12-26 207792]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-12 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-2-12 28424]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-12 360584]

=============== Created Last 30 ================

2010-01-03 22:45:43 0 d-----w- c:\program files\Runtime Software
2010-01-03 22:21:11 0 d-----w- c:\windows\pss
2010-01-02 21:03:06 0 d-----w- c:\docume~1\nikki\applic~1\Malwarebytes
2010-01-02 21:02:57 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-02 21:02:55 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-01-02 21:02:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-02 21:02:54 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-31 23:05:40 0 d-----w- c:\program files\TrendMicro
2009-12-31 21:27:25 0 d-----w- c:\program files\Trend Micro
2009-12-31 19:17:26 0 d-----w- C:\VundoFix Backups
2009-12-31 18:45:53 0 d-----w- c:\program files\Enigma Software Group
2009-12-31 17:56:57 0 d-----w- c:\windows\SHELLNEW
2009-12-29 02:10:29 0 d-----w- c:\docume~1\alluse~1\applic~1\SecTaskMan
2009-12-29 02:10:10 0 d-----w- c:\program files\Security Task Manager
2009-12-29 00:25:25 0 d--h--w- C:\$AVG
2009-12-29 00:21:56 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2009-12-28 23:51:25 0 d--h--w- c:\windows\system32\GroupPolicy
2009-12-28 11:54:19 5758 ----a-w- c:\windows\38e0thie9293z5.ocx
2009-12-28 10:51:09 15317 ----a-w- c:\windows\4563sza5bot911.bin
2009-12-28 08:02:38 13236 ----a-w- c:\windows\57325pambotz9b.bin
2009-12-27 00:45:01 767952 ----a-w- c:\windows\BDTSupport.dll
2009-12-27 00:45:00 883 ----a-w- c:\windows\RegSDImport.xml
2009-12-27 00:45:00 880 ----a-w- c:\windows\RegISSImport.xml
2009-12-27 00:45:00 149456 ----a-w- c:\windows\SGDetectionTool.dll
2009-12-27 00:45:00 131 ----a-w- c:\windows\IDB.zip
2009-12-27 00:44:59 165840 ----a-w- c:\windows\PCTBDRes.dll
2009-12-27 00:44:59 1640400 ----a-w- c:\windows\PCTBDCore.dll
2009-12-27 00:44:59 1152444 ----a-w- c:\windows\UDB.zip
2009-12-27 00:40:26 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2009-12-27 00:40:26 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-12-27 00:40:06 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-12-27 00:40:06 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2009-12-27 00:40:06 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-12-27 00:40:06 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-12-27 00:39:26 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2009-12-27 00:39:26 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-12-27 00:39:16 0 d-----w- c:\program files\common files\PC Tools
2009-12-27 00:39:15 0 d-----w- c:\program files\Spyware Doctor
2009-12-27 00:39:15 0 d-----w- c:\docume~1\nikki\applic~1\PC Tools
2009-12-27 00:39:15 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2009-12-26 16:30:30 7614 ----a-w- c:\windows\system32\93zvi5u9799.cpl
2009-12-25 10:31:06 11333 ----a-w- c:\windows\system32\1z54vir9160.cpl
2009-12-24 22:37:33 2356275 ----a-w- C:\Saftey_101.wmv
2009-12-24 20:15:51 4712 ----a-w- c:\windows\242dthrza5104609.exe
2009-12-22 17:17:37 16450 ----a-w- c:\windows\system32\z2980spambot7555.dll
2009-12-22 09:15:33 6352 ----a-w- c:\windows\55f4spa9sz1858.dll
2009-12-21 04:02:00 4215 ----a-w- c:\windows\system32\18246hacktool95z.dll
2009-12-21 01:43:32 17207 ----a-w- c:\windows\system32\21fcstz5l3972.cpl
2009-12-20 18:16:56 11890 ----a-w- c:\windows\system32\279z9vi9us555.exe
2009-12-20 08:34:09 12540 ----a-w- c:\windows\system32\3f61addwa9ez4015.exe
2009-12-17 21:36:48 0 d-----w- c:\docume~1\alluse~1\applic~1\McAfee Security Scan
2009-12-17 21:36:40 0 d-----w- c:\program files\McAfee Security Scan
2009-12-17 10:18:02 3050 ----a-w- c:\windows\10586haczto9l208.ocx
2009-12-15 17:58:08 15589 ----a-w- c:\windows\system32\14635hackt5ol191z.cpl
2009-12-15 16:51:16 7445 ----a-w- c:\windows\system32\28885not-a-virusz549.cpl
2009-12-15 11:42:16 7703 ----a-w- c:\windows\system32\5781szye99.exe
2009-12-14 21:14:24 13544 ----a-w- c:\windows\z495troj95e.exe
2009-12-13 16:16:12 16167 ----a-w- c:\windows\570zthreat19847.ocx
2009-12-12 14:08:20 3409 ----a-w- c:\windows\5054zorm19b.ocx
2009-12-11 14:10:17 7494 ----a-w- c:\windows\2425spa9sz375.exe
2009-12-08 07:43:10 6060 ----a-w- c:\windows\system32\56719tro9ze0.ocx

==================== Find3M ====================

2009-12-29 00:24:37 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-12-29 00:24:37 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-12-29 00:23:35 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-12-03 01:12:37 16679 ----a-w- c:\windows\system32\612bdownl9ade51z48.bin
2009-11-28 17:56:05 12868 ----a-w- c:\windows\92e9a5dwaze82.exe
2009-11-27 19:08:33 2849 ----a-w- c:\windows\15fctz9ef3162.bin
2009-11-27 01:45:55 3444 ----a-w- c:\windows\system32\1z979vi9u54d8.dll
2009-11-21 23:01:48 9279 ----a-w- c:\windows\2926tzief18605.exe
2009-11-21 13:52:21 2608 ----a-w- c:\windows\5fcast5a9z093.bin
2009-11-20 16:01:07 9066 ----a-w- c:\windows\15z0downloade92568.bin
2009-11-20 03:11:58 11769 ----a-w- c:\windows\system32\7d86spa5sz13359.dll
2009-11-18 14:12:12 6377 ----a-w- c:\windows\59a3threat27361z.dll
2009-11-16 06:14:58 8248 ----a-w- c:\windows\system32\f75downlozder2898.dll
2009-11-14 05:52:20 7353 ----a-w- c:\windows\65z9steal1880.bin
2009-11-11 15:54:43 11485 ----a-w- c:\windows\z75cth59f2841.dll
2009-11-10 19:17:12 12704 ----a-w- c:\windows\system32\95929orm50z.bin
2009-11-08 17:14:02 18009 ----a-w- c:\windows\c0cv5r129z.bin
2009-11-08 14:22:03 16310 ----a-w- c:\windows\z8993spambot485.dll
2009-11-01 17:20:48 8894 ----a-w- c:\windows\system32\4dfaz9yware5552.exe
2009-11-01 11:26:25 11757 -c--a-w- c:\windows\50z3sparse19385.dll
2009-11-01 10:15:59 4586 ----a-w- c:\windows\system32\1a11st9a52494z.bin
2009-10-29 07:45:38 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-28 12:17:01 6103 ----a-w- c:\windows\system32\9672zi9us5b0.dll
2009-10-27 19:27:05 15528 -c--a-w- c:\windows\55b9backdzor1250.exe
2009-10-27 03:22:11 5093 ----a-w- c:\windows\system32\2492zworm4f15.dll
2009-10-23 11:59:00 18253 -c--a-w- c:\windows\56979py7bz.bin
2009-10-22 22:10:42 17070 -c--a-w- c:\windows\9505troj6ez.bin
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-17 02:19:24 68108 ---ha-w- c:\windows\system32\mlfcache.dat
2009-10-16 16:37:43 3239 ----a-w- c:\windows\system32\22245ir2z79.bin
2009-10-15 00:12:45 6272 ----a-w- c:\windows\system32\d9zv9r22635.exe
2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 22:46:23 10522 -c--a-w- c:\windows\5729sparse599z.bin
2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-11 09:17:27 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-11 09:00:08 4624 -c--a-w- c:\windows\29z8spars51559.bin
2009-10-09 15:19:51 17389 ----a-w- c:\windows\system32\2890zs5y179.bin
2009-10-08 11:53:09 16157 ----a-w- c:\windows\system32\3z4steal5998.exe
2009-10-08 09:28:19 12460 ----a-w- c:\windows\system32\391csparse58z6.exe
2009-10-06 02:33:06 6334 -c--a-w- c:\windows\505529izus59f.dll
2008-08-31 16:59:45 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008083120080901\index.dat

============= FINISH: 18:15:07.40 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Islandg1rl

Islandg1rl
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:24 AM

Posted 05 January 2010 - 06:33 AM

:( Just wanted to let you guys know that my issue is fixed. After a lot of work and research, I did it. Thanks for having this site for tips, you guys helped greatly!!!

One less email to respond to. I was going to delete it, but I couldn't figure out how to do it.

#3 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,114 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:24 PM

Posted 05 January 2010 - 06:53 AM

Since this issue seems to be resolved, this topic is now closed.

If you are the original topic starter and you need this topic to be re-opened, please send me a PM.

Everyone else, please start a new topic.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users