Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan, Google Redirect, Computer/Internet Slowdown


  • This topic is locked This topic is locked
2 replies to this topic

#1 Nerbil

Nerbil

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:47 AM

Posted 07 January 2010 - 11:58 PM

Hello! I've been trying to tackle this problem on my own for several days now, but am at the end of my rope. Here's some brief info on the situation to see if it rings any bells:

Picked up a Trojan, and knew the second I picked it up since ZoneAlarm started going nuts. AVG also started throwing off alarms ever 5 minutes on the dot regarding "Trojan Downloader Generic9 ACFU" and it accessing svchost.exe. After attempting unsuccessful cleans (some in safe mode) using AVG, MBAM, SpyDoctor, etc. eventually I resorted to using "MoveOnBoot" to replace svchost.exe with a (supposedly) clean file from one of my backup i386 folders. I also removed a few registry keys that I found by searching for "EP.exe" as well as the folders it was creating in my "Local Settings\Temp" folder an in my "Windows\Temp" folder.

After doing this, scans no longer detect any trojans or malware, however Firefox and IE are still plagued with the Google Redirect problem, my system is incredibly slow, and download speeds are way down. I've tried running programs such as SDFix and ComboFix, but no luck.

The requested logs are included, but I could not get RootRepeal to run, it would hang on the "Initializing" screen with 100% CPU load. This is also happening to another small, self contained EXE program I use called "NZB-O-Matic." The process is shown running at 100% load, but the UI never appears.

Oh, the OS is WinXP Professional SP2.

Any help would be greatly appreciated!!

--------------

DDS (Ver_09-12-01.01) - NTFSx86
Run by Jake and Jamie at 22:19:11.95 on Thu 01/07/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_01
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1535.914 [GMT -6:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Anti-Spyware Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG4\AVG9\avgchsvx.exe
C:\Program Files\AVG4\AVG9\avgrsx.exe
svchost.exe
C:\Program Files\AVG4\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\WINDOWS\SYSTEM32\ATIPTAXX.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\AVG4\AVG9\avgtray.exe
C:\Program Files\HP\Button Manager\BM.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\AVG4\AVG9\avgwdsvc.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
svchost.exe
C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Jake and Jamie\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.33.0\gears.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
EB: Groove Folder Synchronization: {2a541ae1-5bf6-4665-a8a3-cfa9672e4291} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [UltraMon] "c:\program files\ultramon\UltraMon.exe" /auto
mRun: [Logitech BT Wizard] LBTWiz.exe -silent
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [Zone Labs Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Easy Synchronization] c:\program files\logitech\easy synchronization\LogitechEasySync.exe
mRun: [RivaTunerStartupDaemon] "c:\program files\rivatuner v2.0 final release\RivaTuner.exe" /S
mRun: [AtiPTA] c:\windows\system32\ATIPTAXX.EXE
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [AVG9_TRAY] c:\progra~1\avg4\avg9\avgtray.exe
mRunOnce: [Easy Synchronization] c:\program files\logitech\easy synchronization\LogitechEasySync.exe --ports
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpbutt~1.lnk - c:\program files\hp\button manager\BM.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "c:\program files\fiddler\Fiddler.exe"
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.33.0\gears.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162433750781
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
SEH: ShellExecuteHook class: {fe24cd78-7c63-465d-8787-4edf7fc79895} - c:\program files\logitech\easy synchronization\shellexecutehook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jakean~1\applic~1\mozilla\firefox\profiles\50bzgp0r.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - component: c:\program files\google\google gears\firefox\lib\ff35\gears.dll
FF - plugin: c:\documents and settings\jake and jamie\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-1-6 207792]
R1 atitray;atitray;c:\program files\radeon omega drivers\v3.8.330\ati tray tools\atitray.sys [2005-11-13 14336]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-1-5 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-1-5 28424]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2006-11-3 392824]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg4\avg9\avgwdsvc.exe [2010-1-5 285392]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-1-6 112592]
R2 uCamMonitor;CamMonitor;c:\program files\arcsoft\magic-i visual effects 2\uCamMonitor.exe [2009-12-29 104960]
R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\common files\realtime soft\ultramonmirrordrv\x32\UltraMonUtility.sys [2006-9-24 11776]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [2009-12-29 14336]
R3 UltraMonMirror;UltraMonMirror;c:\windows\system32\drivers\UltraMonMirror.sys [2006-9-24 3584]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-1-6 359624]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-1-6 1141712]
S4 gupdate1c90d9b121edfb8;Google Update Service (gupdate1c90d9b121edfb8);c:\program files\google\update\GoogleUpdate.exe [2008-7-15 133104]
S4 Msri54xps;Msri54xps; [x]

=============== Created Last 30 ================

2010-01-08 03:12:57 0 d-sha-r- C:\cmdcons
2010-01-08 03:10:56 98816 ----a-w- c:\windows\sed.exe
2010-01-08 03:10:56 77312 ----a-w- c:\windows\MBR.exe
2010-01-08 03:10:56 261632 ----a-w- c:\windows\PEV.exe
2010-01-08 03:10:56 161792 ----a-w- c:\windows\SWREG.exe
2010-01-08 03:10:41 0 d-----w- C:\Combo-Fix
2010-01-07 02:46:40 0 d-----w- c:\program files\Trend Micro
2010-01-07 01:27:08 0 d-----w- c:\docume~1\jakean~1\applic~1\Malwarebytes
2010-01-07 01:27:01 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 01:26:58 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-06 23:58:23 577024 -c--a-w- c:\windows\system32\dllcache\user32.dll
2010-01-06 23:49:02 0 d-----w- c:\windows\ERUNT
2010-01-06 23:45:06 0 d-----w- C:\SDFix
2010-01-06 22:01:37 883 ----a-w- c:\windows\RegSDImport.xml
2010-01-06 22:01:37 880 ----a-w- c:\windows\RegISSImport.xml
2010-01-06 22:01:37 767952 ----a-w- c:\windows\BDTSupport.dll
2010-01-06 22:01:37 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-01-06 22:01:37 1640400 ----a-w- c:\windows\PCTBDCore.dll
2010-01-06 22:01:37 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-01-06 22:01:37 131 ----a-w- c:\windows\IDB.zip
2010-01-06 22:01:37 1152444 ----a-w- c:\windows\UDB.zip
2010-01-06 21:54:04 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2010-01-06 21:54:04 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-01-06 21:53:34 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-01-06 21:53:34 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2010-01-06 21:53:34 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2010-01-06 21:53:34 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-01-06 21:53:17 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2010-01-06 21:53:17 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-01-06 21:52:55 0 d-----w- c:\program files\Spyware Doctor
2010-01-06 21:52:55 0 d-----w- c:\program files\common files\PC Tools
2010-01-06 21:52:55 0 d-----w- c:\docume~1\jakean~1\applic~1\PC Tools
2010-01-06 21:52:55 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2010-01-06 05:49:59 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-01-06 05:49:59 0 d-----w- c:\windows\system32\drivers\Avg
2010-01-06 05:49:51 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-01-06 05:49:48 0 d-----w- c:\program files\AVG4
2010-01-06 05:49:48 0 d-----w- c:\program files\AVG
2010-01-06 05:13:54 0 d-----w- c:\program files\common files\Gibinsoft Shared
2010-01-06 05:13:27 0 d-----w- c:\windows\Downloaded Installations
2010-01-06 04:57:32 0 d-----w- c:\windows\system32\wbem\Repository
2010-01-06 04:30:36 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-01-06 04:30:35 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-06 03:58:11 0 d-----w- c:\program files\GiPo@Utilities
2010-01-05 21:55:46 0 d-----w- C:\$AVG
2010-01-05 21:55:33 12464 ----a-w- c:\windows\system32\avgrsstx(2).dll
2010-01-05 21:55:17 0 d-----w- c:\windows\system32\drivers\Avg(2)
2010-01-05 21:55:09 0 d-----w- c:\program files\AVG(2)
2010-01-05 21:55:08 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2010-01-05 21:54:51 0 d-----w- c:\windows\SxsCaPendDel
2010-01-02 05:34:44 0 d-----w- c:\docume~1\alluse~1\applic~1\Trymedia
2010-01-02 05:33:44 0 d-----w- c:\program files\BFG
2010-01-02 05:24:02 0 d-----w- c:\docume~1\alluse~1\applic~1\PopCap Games
2010-01-02 05:23:47 16 ----a-w- c:\windows\popcinfot.dat
2010-01-02 05:23:47 0 ----a-w- c:\windows\popcreg.dat
2009-12-31 06:19:48 0 d-----w- c:\program files\PopCap Games
2009-12-30 06:39:24 53248 ----a-w- c:\windows\system32\SSUBTMR6.DLL
2009-12-30 06:39:24 218432 ----a-w- c:\windows\system32\RICHTX32.OCX
2009-12-30 06:28:55 127808 ----a-w- c:\windows\system32\MSWINSCK.OCX
2009-12-30 06:28:55 10752 ----a-w- c:\windows\system32\aamd532.dll
2009-12-30 05:48:35 0 d-----w- c:\program files\HP
2009-12-30 05:19:49 55808 ----a-w- c:\windows\system32\ArcSoftKsUFilter.dll
2009-12-30 05:19:49 14336 ----a-w- c:\windows\system32\drivers\ArcSoftKsUFilter.sys
2009-12-30 02:37:04 49152 ----a-w- c:\windows\system32\ChCfg.exe
2009-12-30 02:36:48 4122368 ----a-r- c:\windows\system32\drivers\alcxwdm.sys
2009-12-30 02:36:39 0 d-----w- c:\program files\Realtek AC97
2009-12-30 02:36:37 141016 ----a-w- c:\windows\system32\alsndmgr.wav
2009-12-30 02:36:37 10528768 ----a-w- c:\windows\system32\RTLCPL.exe
2009-12-30 02:36:35 577536 ----a-w- c:\windows\soundman.exe
2009-12-30 02:36:35 315392 ----a-w- c:\windows\alcupd.exe
2009-12-30 02:36:35 217088 ----a-w- c:\windows\Alcrmv.exe
2009-12-30 02:36:35 18804736 ----a-w- c:\windows\system32\alsndmgr.cpl
2009-12-30 02:36:35 147456 ----a-w- c:\windows\system32\RtlCPAPI.dll
2009-12-30 01:02:20 0 d-----w- c:\docume~1\alluse~1\applic~1\ArcSoft
2009-12-30 01:01:50 212480 ----a-w- c:\windows\system32\PCDLIB32.DLL
2009-12-30 00:35:56 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-12-30 00:34:30 0 d-----r- c:\program files\Skype
2009-12-30 00:05:55 90624 -c--a-w- c:\windows\system32\dllcache\kswdmcap.ax
2009-12-30 00:05:55 90624 ----a-w- c:\windows\system32\kswdmcap.ax
2009-12-30 00:05:54 61952 -c--a-w- c:\windows\system32\dllcache\kstvtune.ax
2009-12-30 00:05:54 61952 ----a-w- c:\windows\system32\kstvtune.ax
2009-12-30 00:05:54 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2009-12-30 00:05:54 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2009-12-30 00:05:53 43008 -c--a-w- c:\windows\system32\dllcache\ksxbar.ax
2009-12-30 00:05:53 43008 ----a-w- c:\windows\system32\ksxbar.ax
2009-12-30 00:05:53 20992 -c--a-w- c:\windows\system32\dllcache\dshowext.ax
2009-12-30 00:05:53 20992 ----a-w- c:\windows\system32\dshowext.ax

==================== Find3M ====================

2009-12-30 00:32:02 4212 ---h--w- c:\windows\system32\zllictbl.dat

============= FINISH: 22:20:47.95 ===============

Attached Files


Edited by Nerbil, 08 January 2010 - 12:34 AM.


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:47 PM

Posted 14 January 2010 - 03:01 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  1. Please download OTL from following mirror:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. Push the button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:47 PM

Posted 19 January 2010 - 01:16 PM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users