Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please help if you can (Internet Security 2010 virus and much more!)


  • This topic is locked This topic is locked
3 replies to this topic

#1 AdamKB

AdamKB

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:50 PM

Posted 27 January 2010 - 11:12 AM

Hello everyone,

This is my first post here, save for the one in the intro forum. I have several issues, so I apologize if I am making this post in the wrong place first. I am guessing I should start here as the source of my problems seems to have been a version Internet Security 2010 virus - the one that kept popping up that my computer was infected.

I tried to do some research on how to get rid of it, but following suggestions I updated my Ad Aware, then tried Malwarebytes and neither found the virus. (I am also running AVG 9.0 Free). Once that didn't work, I tried to find some information on how to remove it manually.

That's where things started going downhill. This virus seems to have hijacked all Google and Yahoo search results, as well as messed with my screensaver and disabled my ability to get to the task manager.

The only fix that seemed to do anything was I was briefly able to re-enable the Task-Manager. But shortly after that, it was disabled again, and the virus seemed to be back and creating more pop-ups.

So I went back online and ended up finding two more suggestions: One for SuperAntiSpyware and the other for UnHackMe. I tried them both. Both seemed to say they found the virus and both said they successfully removed it. But not only is it still here, whenever my computer boots, it won't load properly. First I get a warning window that Windows Explorer has stopped working, then every 10 seconds or so I get a warning window that Microsoft Windows Search Protocol Host has stopped working. Usually I get hung at a black screen with these warning windows popping up. Once I saw my wallpaper.

So the only way for me to use the computer at all is to simply turn it off from the power button, then reboot so it tells me it didn't shut down properly and gives me the option of booting in safe-mode, which is where I am now.

One time, Safe-Mode didn't load properly and the next time Windows tried to start it gave me the option to do a Start-up Repair. After trying that, Windows said it could not fix the problem automatically and to contact the manufacturer. However it gave me no indication what the problem was. So I can't help with more details here for you.

It gets worse: Furthermore, this is an older laptop and I cannot find my original boot disk. I have also tried to do a backup to CDs but the PC locks up. I was able to do a backup of my docs and pictures to the D: partition, but that was it.

Next, when I tried to make the RootRepeal log to post here, RootRepeal hangs when I check the "Files" box. It never finishes (14 hours later). I do have a partial log that includes everything else.

So here I am, looking for anyone with some advice. I wish I could provide more details but I don't know what else to tell you or provide for you. Thank you very much!
Adam

Here is my DDS Log:
------------------------


DDS (Ver_09-12-01.01) - NTFSx86 NETWORK
Run by dtyme321 at 19:07:44.51 on Tue 01/26/2010
Internet Explorer: 8.0.6001.18882
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.1546 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Norton Internet Security *enabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\dtyme321\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSEARCH PAGE = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://en.us.acer.yahoo.com
mDefault_Page_URL = hxxp://en.us.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
uURLSearchHooks: H - No File
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: IEPlugin Class: {11222041-111b-46e3-bd29-efb2449479b1} - c:\progra~1\arcsoft\mediac~1\intern~1\ARCURL~1.DLL
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.33.0\gears.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [Acer Tour Reminder] c:\acer\acertour\Reminder.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\HOMERunner.exe"
uRun: [AdobeBridge]
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Google Update] "c:\users\dtyme321\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [UnHackMe Monitor] c:\program files\unhackme\hackmon.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [PLFSet] rundll32.exe c:\windows\PLFSet.dll,PLFDefSetting
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [eRecoveryService]
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\users\dtyme321\appdata\roaming\micros~1\windows\startm~1\programs\startup\1-clic~1.lnk - c:\program files\1-click answers\answers.exe
uPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
uPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
uPolicies-system: DisableTaskMgr = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
dPolicies-explorer: NoFolderOptions = 1 (0x1)
dPolicies-system: DisableTaskMgr = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.33.0\gears.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {3B0EA9E6-7003-4B38-B398-9B1B6DF439C5} - hxxp://download1.answers.com/pub/AnswersSetup.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {6F750203-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Mystery%20in%20London/Images/armhelper.ocx
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\kbdsock.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli larubuko.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\dtyme321\appdata\roaming\mozilla\firefox\profiles\584dek4j.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: browser.startup.homepage - hxxp://m.www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\google\google gears\firefox\lib\ff35\gears.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\web platform installer\NPWPIDetector.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\users\dtyme321\appdata\local\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\users\dtyme321\appdata\local\yahoo!\browserplus\2.4.21\plugins\npybrowserplus_2.4.21.dll
FF - plugin: c:\users\dtyme321\appdata\roaming\move networks\plugins\npqmp071505000010.dll
FF - plugin: c:\users\dtyme321\appdata\roaming\move networks\plugins\npqmp071505000011.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-1-21 207792]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-1-17 360584]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-2-8 179712]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2009-6-2 4233728]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-20 333192]
S1 AvgMfx86;AVG Minifilter x86 Resident Driver;c:\windows\system32\drivers\avgmfx86.sys [2008-3-8 28424]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-1-5 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-1-5 74480]
S2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-6-2 21504]
S2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-1-17 285392]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-1-21 112592]
S2 gupdate1c93edc6f7c3cb0;Google Update Service (gupdate1c93edc6f7c3cb0);c:\program files\google\update\GoogleUpdate.exe [2008-11-4 133104]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-2 21504]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-1-5 7408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-1-21 359624]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-1-21 1141712]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [2006-10-1 26624]

=============== Created Last 30 ================

2010-01-26 20:56:41 16384 ----a-w- c:\users\dtyme321\jan262010.BJF
2010-01-26 04:33:28 10380 ----a-w- c:\windows\system32\Regrun2.rr2
2010-01-25 22:09:19 6 ----a-w- c:\windows\system32\iphy.dll
2010-01-25 22:09:18 8192 ----a-w- c:\windows\system32\htmp.030
2010-01-25 22:09:18 4608 ----a-w- c:\windows\system32\srsvc.dll
2010-01-25 22:09:16 225 ----a-w- c:\windows\system32\uses32.dat
2010-01-25 22:09:16 100 ----a-w- c:\windows\system32\flags.ini
2010-01-25 22:09:02 25088 ----a-w- c:\windows\system32\helper32.dll
2010-01-25 22:09:02 1117184 ----a-w- c:\windows\system32\IS15.exe
2010-01-25 22:08:52 26624 ----a-w- c:\windows\system32\winlogon32.exe
2010-01-25 22:08:46 253440 -c--a-w- C:\ygjst.exe
2010-01-23 17:42:43 123 ----a-w- c:\windows\rootkitno.ini
2010-01-23 01:14:39 0 dc----w- C:\RootkitNO
2010-01-23 00:41:01 0 dc----w- c:\program files\trend micro
2010-01-23 00:30:03 2 --shatr- c:\windows\winstart.bat
2010-01-23 00:29:15 12752 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
2010-01-23 00:29:09 0 dc----w- c:\program files\UnHackMe
2010-01-23 00:21:47 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-01-23 00:21:22 0 dc----w- c:\program files\SUPERAntiSpyware
2010-01-23 00:21:22 0 d-----w- c:\users\dtyme321\appdata\roaming\SUPERAntiSpyware.com
2010-01-23 00:20:22 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-01-21 18:05:02 883 ----a-w- c:\windows\RegSDImport.xml
2010-01-21 18:05:02 880 ----a-w- c:\windows\RegISSImport.xml
2010-01-21 18:05:02 767952 ----a-w- c:\windows\BDTSupport.dll
2010-01-21 18:05:02 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-01-21 18:05:02 131 ----a-w- c:\windows\IDB.zip
2010-01-21 18:05:01 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-01-21 18:05:01 1640400 ----a-w- c:\windows\PCTBDCore.dll
2010-01-21 18:05:01 1152444 ----a-w- c:\windows\UDB.zip
2010-01-21 17:58:58 98600 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2010-01-21 17:58:58 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2010-01-21 17:58:58 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-01-21 17:58:34 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2010-01-21 17:58:33 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-01-21 17:58:33 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2010-01-21 17:58:33 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-01-21 17:58:07 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2010-01-21 17:58:07 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-01-21 17:57:57 0 dc----w- c:\program files\Spyware Doctor
2010-01-21 17:57:57 0 d-----w- c:\users\dtyme321\appdata\roaming\PC Tools
2010-01-21 17:57:57 0 d-----w- c:\programdata\PC Tools
2010-01-21 17:57:57 0 d-----w- c:\program files\common files\PC Tools
2010-01-18 17:18:45 0 dc----w- c:\program files\CCleaner
2010-01-18 16:00:18 0 d-----w- c:\users\dtyme321\appdata\roaming\Malwarebytes
2010-01-18 16:00:06 0 d-----w- c:\programdata\Malwarebytes
2010-01-18 16:00:05 0 dc----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-18 15:12:32 0 d-----w- c:\programdata\Lavasoft
2010-01-17 21:12:38 0 dc-h--w- C:\$AVG
2010-01-17 21:11:51 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-01-17 21:11:00 0 d-----w- c:\programdata\avg9
2010-01-17 02:49:56 6435 ----a-w- c:\windows\system32\WORK.DAT
2010-01-13 13:50:43 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-13 13:50:43 156672 ----a-w- c:\windows\system32\t2embed.dll

==================== Find3M ====================

2010-01-17 21:12:06 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-01-17 21:11:51 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-01-02 06:38:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32:33 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32:33 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57:00 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-28 21:27:39 73312 ----a-w- c:\windows\system32\drivers\adfs.sys
2009-12-10 13:45:19 70984 ----a-w- c:\users\dtyme321\g2mdlhlpx.exe
2009-11-20 15:22:49 86016 ----a-w- c:\windows\inf\infstor.dat
2009-11-20 15:22:49 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-20 15:22:49 51200 ----a-w- c:\windows\inf\infpub.dat
2009-11-20 15:22:49 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-11-14 00:47:32 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-11-14 00:47:28 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47:28 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47:28 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47:28 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47:28 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47:28 696320 ----a-w- c:\windows\system32\DivX.dll
2009-11-09 12:32:32 10752 ----a-w- c:\windows\system32\wamregps.dll
2009-11-09 12:31:42 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 12:30:06 8192 ----a-w- c:\windows\system32\iisrstap.dll
2009-11-09 12:30:06 153600 ----a-w- c:\windows\system32\iisRtl.dll
2009-11-09 12:30:03 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 12:28:40 27136 ----a-w- c:\windows\system32\ahadmin.dll
2009-11-09 12:28:34 51712 ----a-w- c:\windows\system32\admwprox.dll
2009-11-09 10:48:26 14848 ----a-w- c:\windows\system32\iisreset.exe
2009-11-03 01:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 09:17:42 2048 ----a-w- c:\windows\system32\tzres.dll
2008-06-28 16:27:40 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-04-02 22:27:51 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\cookies\index.dat
2009-04-02 22:27:51 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\history\history.ie5\index.dat
2009-04-02 22:27:51 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\temporary internet files\content.ie5\index.dat
2009-10-18 02:39:23 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-03-25 17:42:18 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-03-25 17:42:18 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-03-25 17:42:18 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2009-03-25 17:42:18 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
1601-01-01 00:03:19 93184 --sha-w- c:\windows\system32\bafazuku.dll
1601-01-01 00:12:31 52736 --sha-w- c:\windows\system32\biyiziko.dll
1601-01-01 00:03:18 53248 --sha-w- c:\windows\system32\dunemara.dll
1601-01-01 00:03:18 93696 --sha-w- c:\windows\system32\fijiveni.dll
1601-01-01 00:03:19 45568 --sha-w- c:\windows\system32\jiwesowe.dll
1601-01-01 00:03:19 39424 --sha-w- c:\windows\system32\kijasoza.dll
1601-01-01 00:03:18 39424 --sha-w- c:\windows\system32\pagifali.dll
1601-01-01 00:03:18 60928 --sha-w- c:\windows\system32\vozutiso.dll
2007-10-05 11:11:38 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 19:11:44.23 ===============


Attached Files



BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:50 PM

Posted 01 February 2010 - 03:38 PM

Hi AdamKB,

Welcome to Virus/Trojan/Spyware/Malware Removal (VTSMR) forum and apologies for the delay . I am going to assist you with your problem.

Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. Please let me know in your next reply if you agree with this.

If your issue is still not resolved:
  1. Please update meon the current condition of your computer.

  2. Post the latest DDS logs.

  3. Download the GMER Rootkit Scanner exe file from here and save it to your desktop.
    • Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
    • Click on this link to see a list of programs that should be disabled.
    • Disconnect from the Internet and close all running programs.
    • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
    • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
    • In the right panel, you will see several boxes that have been checked. Make sure the following are unchecked:
      • Sections
      • IAT/EAT
      • Drives/Partition other than C:\ drive (C:\ drive should remain checked)
      • Show All (this one also should be unchecked)
    • Then click the Scan button & wait for it to begin. (Please be patient as it can take some time to complete).
    • When the scan is finished, you will see the scan button appears again. Click Save to save the scan results to your Desktop.
    • Save the file as gmer.log and copy/paste the contents in your next reply.


#3 AdamKB

AdamKB
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:50 PM

Posted 01 February 2010 - 04:27 PM

Thank you for getting back with me. I believe my PC has been cleaned. While waiting for a reply here I was browsing many of the other threads and discovered one almost identical to mine in the archives. I followed those steps and it seemed to have worked.

So, a very huge thank you to this forum! It's been a lifesaver. (Or at least a laptop saver!!) smile.gif

Cheers!
Adam

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:50 PM

Posted 01 February 2010 - 04:39 PM

Glad it is sorted out and thanks for letting me know Adams. smile.gif

This thread will now be closed since the issue seems to be resolved.







0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users