Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HTTP Tidserv Request, Need cleaning and fast :O!


  • This topic is locked This topic is locked
3 replies to this topic

#1 Blackphoenix297

Blackphoenix297

  • Banned
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:21 PM

Posted 01 March 2010 - 08:41 PM

Well, before i post all the information from DDS, id like to say some things to moderators or other users that might post

1. I do not want to reformat my computer, unless its a final option and the only way to get rid of it
2. Moderators, if you are reading this, thank you
3. Remeber i want to remove it, not reformat my computer

INFO: this virus attacks my computer every 15 to 30 minutes, no i have no lost credit card info or anything else, passwords, possibly, but no credit card numbers have been stolen. when i got this virus my anti virus just was not on, credit card security was on. Nothing has been harmed, i just need to get rid of this thing because my computer is slowing and some Internet Explorers do not work, and is trying to attack SVCHOST.exe, sound familiar? well ive noticed it is most likely similar to a Backdoor.Tidserv.k which does pretty much a vanishing act. note i have no idea what is affecting my speed but norton tells me the name is HTTP Tidserv Request

DDS INFO:


DDS (Ver_09-12-01.01) - NTFSx86
Run by chris at 20:19:16.27 on Mon 03/01/2010
Internet Explorer: 8.0.6001.18882
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.1.1033.18.3070.1765 [GMT -5:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\system32\libusbd-nt.exe
C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\Windows\system32\PnkBstrA.exe
C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Steam\Steam.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Xfire\Xfire.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\IObit\Game Booster\gbtray.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2scan.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZCRJIXDC\dds[1].scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

ustart page = about:blank
uWindow Title = Microsoft Internet Explorer
uSearch Bar =
uDefault_Search_URL = hxxp://www.google.com/ie
uLocal Page = \blank.htm
mStart Page = about:blank
mWindow Title = Microsoft Internet Explorer
mDefault_Page_URL =
mDefault_Search_URL =
mSearch Page =
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.8.0.41\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.8.0.41\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.8.0.41\coIEPlg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {EE1CF5AE-0CEB-491D-9485-7F5C01CDD895} - No File
TB: {AB21B82C-08A2-4D30-B7F9-2CD8ED8BC88B} - No File
TB: Websentials - webs, email, weather, news, radio: {3fe6336c-ae41-4594-82ac-a08f8b52290d} -
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
uRun: [Google Update] "c:\users\chris\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\ntunecmd.exe" boot "c:\users\chris\appdata\local\nvidia corporation\ntune\profiles\osbootpf.nsu"
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
c:\users\chris\appdata\local\temp\dc30.tmp\temp00
c:\users\chris\appdata\local\temp\dc30.tmp\temp00
c:\users\chris\appdata\local\temp\dc30.tmp\temp00
c:\users\chris\appdata\local\temp\dc30.tmp\temp00
c:\users\chris\appdata\local\temp\dc30.tmp\temp00
c:\users\chris\appdata\local\temp\dc30.tmp\temp00
StartupFolder: c:\users\chris\appdata\roaming\micros~1\windows\startm~1\programs\startup\xfire.lnk - c:\program files\xfire\Xfire.exe
uPolicies-explorer: NoResolveTrack = 1 (0x1)
uPolicies-explorer: NoFolderOptions = 00000000
uPolicies-explorer: RestrictRun = 0 (0x0)
uPolicies-explorer: NoThumbnailCache = 1 (0x1)
uPolicies-explorer: link = 00000000
uPolicies-system: NoSecCPL = 0 (0x0)
uPolicies-system: NoDispAppearancePage = 0 (0x0)
uPolicies-system: NoDispSettingsPage = 0 (0x0)
uPolicies-system: NoDevMgrPage = 0 (0x0)
uPolicies-system: NoConfigPage = 0 (0x0)
uPolicies-system: NoVirtMemPage = 0 (0x0)
uPolicies-system: NoFileSysPage = 0 (0x0)
uPolicies-system: NoNetSetup = 0 (0x0)
uPolicies-system: NoNetSetupIDPage = 0 (0x0)
uPolicies-system: NoNetSetupSecurityPage = 0 (0x0)
uPolicies-system: NoWorkgroupContents = 0 (0x0)
uPolicies-system: NoEntireNetwork = 0 (0x0)
uPolicies-system: NoFileSharingControl = 0 (0x0)
mPolicies-explorer: NoResolveTrack = 1 (0x1)
mPolicies-explorer: NoFolderOptions = 00000000
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {4944924A-64E4-49C1-AC97-ABA3927262FE} - hxxp://channel.dontblynk.com/Launcher/StWbUsa.CAB
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.8.0.41\CoIEPlg.dll
mASetup: {7070D8E0-650A-46b3-B03C-9497582E6A74} - %SystemRoot%\system32\soundschemes.exe /AddRegistration
Hosts: 192.168.110.107 NPI191D02

============= SERVICES / DRIVERS ===============

R0 AFS;AFS;c:\windows\system32\drivers\AFS.SYS [2007-8-25 79052]
R0 AVG Anti-Rootkit;AVG Anti-Rootkit;c:\windows\system32\drivers\avgarkt.sys [2007-1-31 5632]
R1 AvgArCln;Avg Anti-Rootkit Clean Driver;c:\windows\system32\drivers\AvgArCln.sys [2010-2-28 3968]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1008000.029\BHDrvx86.sys [2010-2-3 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1008000.029\cchpx86.sys [2010-2-3 482432]
R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-11-25 12672]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2009-3-28 84832]

=============== Created Last 30 ================

2010-03-01 23:12:43 0 d-----w- c:\program files\a-squared Anti-Malware
2010-03-01 01:26:49 3968 ----a-w- c:\windows\system32\drivers\AvgArCln.sys
2010-02-28 14:32:27 0 d-----w- c:\users\chris\appdata\roaming\Malwarebytes
2010-02-28 14:32:11 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-28 14:32:07 0 d-----w- c:\programdata\Malwarebytes
2010-02-28 14:32:06 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-28 14:32:06 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-27 14:54:59 0 d-----w- c:\users\chris\appdata\roaming\Xfire Plus
2010-02-27 14:54:52 0 d-----w- c:\program files\Xfire Plus
2010-02-25 21:33:17 0 d-----w- c:\program files\Nexon
2010-02-25 16:52:23 0 d-----w- c:\program files\dumps
2010-02-25 01:19:54 0 d-----w- c:\program files\LogMeIn Hamachi
2010-02-25 01:02:39 0 d-----w- c:\program files\Steam
2010-02-24 16:49:59 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-24 16:48:59 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-24 16:48:58 471552 ----a-w- c:\windows\system32\secproc.dll
2010-02-24 16:48:57 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-24 16:48:57 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-24 16:48:57 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-24 16:48:57 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-24 16:48:56 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-24 16:48:56 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-24 16:48:55 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-02-24 16:48:52 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-02-24 16:48:51 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-02-24 16:48:50 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-02-23 01:26:00 147456 ----a-w- c:\windows\system32\uc_neosteam_launching.dll
2010-02-16 17:06:56 0 d-----w- c:\programdata\NCH Swift Sound
2010-02-16 17:06:46 0 d-----w- c:\program files\NCH Swift Sound
2010-02-16 16:07:30 2434856 ----a-w- c:\windows\system32\pbsvc_bc2.exe
2010-02-15 04:24:19 0 d-----w- c:\programdata\Google Updater
2010-02-14 02:52:21 0 d-----w- c:\programdata\Yahoo!
2010-02-14 02:52:18 0 d-----w- c:\programdata\Yahoo! Companion
2010-02-13 23:16:57 0 d-----w- c:\program files\YouTube Downloader
2010-02-11 03:16:10 41872 ----a-w- c:\windows\system32\xfcodec.dll
2010-02-10 14:09:35 287 ----a-w- c:\windows\game.ini
2010-02-10 12:19:13 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-02-10 12:19:09 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-02-10 12:18:47 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-10 12:18:47 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-10 12:17:46 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-10 12:17:46 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-10 12:16:15 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-02-10 12:16:14 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2010-02-10 12:16:04 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-02-10 12:16:03 82944 ----a-w- c:\windows\system32\mciavi32.dll
2010-02-10 12:16:03 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-02-10 12:16:03 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-02-10 12:16:03 22528 ----a-w- c:\windows\system32\msyuv.dll
2010-02-10 12:16:03 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-02-10 12:16:03 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2010-02-10 12:16:02 91136 ----a-w- c:\windows\system32\avifil32.dll
2010-02-10 12:16:02 123904 ----a-w- c:\windows\system32\msvfw32.dll
2010-02-07 23:57:56 886796 ---ha-w- c:\windows\system32\mlfcache.dat
2010-02-07 04:38:24 323584 ----a-w- c:\windows\system32\SCDialer2.ocx
2010-02-07 04:38:23 471040 ----a-w- c:\windows\system32\SCDialer1.ocx
2010-02-07 03:28:47 0 d-----w- c:\program files\GCFScape
2010-02-03 02:41:12 0 d-----w- c:\program files\common files\EasyInfo
2010-01-31 04:15:25 7437 ----a-w- c:\windows\system32\nvinfo.pb
2010-01-31 04:15:25 11586280 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2010-01-31 04:15:25 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2010-01-31 04:15:24 68200 ----a-w- c:\windows\system32\OpenCL.dll
2010-01-31 04:15:24 4321384 ----a-w- c:\windows\system32\nvwgf2um.dll
2010-01-31 04:15:24 14924392 ----a-w- c:\windows\system32\nvoglv32.dll
2010-01-31 04:15:21 9388648 ----a-w- c:\windows\system32\nvd3dum.dll
2010-01-31 04:15:21 4077672 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-01-31 04:15:21 4061800 ----a-w- c:\windows\system32\nvcuda.dll
2010-01-31 04:15:21 2243176 ----a-w- c:\windows\system32\nvcuvid.dll
2010-01-31 04:15:21 182888 ----a-w- c:\windows\system32\nvcod189.dll
2010-01-31 04:15:21 11639400 ----a-w- c:\windows\system32\nvcompiler.dll

==================== Find3M ====================

2010-03-02 00:42:04 151227 ----a-w- c:\programdata\nvModes.dat
2010-02-16 16:37:35 139128 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-02-16 16:37:21 215128 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-02-16 16:23:35 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-02-16 16:07:51 138056 ----a-w- c:\users\chris\appdata\roaming\PnkBstrK.sys
2010-01-31 04:16:27 51200 ----a-w- c:\windows\inf\infpub.dat
2010-01-31 04:16:27 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-01-31 04:16:23 143360 ----a-w- c:\windows\inf\infstor.dat
2010-01-12 04:03:33 1280616 ----a-w- c:\windows\system32\nvapi.dll
2010-01-12 03:18:00 962664 ----a-w- c:\windows\system32\nvsvc.dll
2010-01-12 03:18:00 13679720 ----a-w- c:\windows\system32\nvcpl.dll
2010-01-12 03:18:00 129640 ----a-w- c:\windows\system32\nvvsvc.exe
2010-01-12 03:18:00 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-01-02 06:38:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32:33 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32:33 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57:00 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-30 20:35:47 669184 ----a-w- c:\windows\system32\pbsvc.exe
2009-12-29 23:30:17 5970 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2009-12-29 13:52:55 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-12-17 23:18:54 75264 ----a-w- c:\windows\system32\uc_holybeast_launching.dll
2009-12-17 23:17:42 64000 ----a-w- c:\windows\system32\uc_sfighters_launching.dll
2009-12-15 22:21:32 427008 ----a-w- c:\windows\system32\uc_wepic_launching.dll
2009-12-14 19:15:14 2146304 ----a-w- c:\windows\system32\GPhotos.scr
2009-12-02 22:59:15 23872 ----a-w- c:\windows\system32\mv2.dll
2009-11-01 11:44:07 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-01-01 19:54:55 174 --sha-w- c:\program files\desktop.ini
2007-11-10 19:11:13 774144 ----a-w- c:\program files\RngInterstitial.dll
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-10-11 16:20:26 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-10-11 16:20:26 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-10-11 16:20:26 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2009-10-11 16:20:26 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-08-04 22:06:56 10 --sha-r- c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\config.sys
2009-08-04 22:06:56 10 --sha-r- c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\config.sys
2009-08-04 22:06:56 10 --sha-r- c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6002.18005_none_fff8f2266fafa2e8\config.sys

============= FINISH: 20:29:58.94 ===============


Please help me bleeping computers wacko.gif

Edited by Pandy, 01 March 2010 - 10:15 PM.
Move from Windows Vista ~Pandy


BC AdBot (Login to Remove)

 


#2 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:21 PM

Posted 02 March 2010 - 05:46 PM

Hello.

My name is Extremeboy and I will help you with your log. smile.gif

To start off, I do see a few infections already although, I would like to have a more look and detailed look of your system. Please run the following two tools and fomr there we can continue.

Download and run DDS

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results soon.
  • Follow the instructions that pop up for posting the results and then click Ok.
  • The black and message box window shall then disappear.
  • Please save both log files on your desktop and post the DDS.txt and zip up and attach Attach.txt as instructed.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

Disable CD Emulation Programs using DeFogger

To disable CD Emulation programs using DeFogger please perform these steps:
  1. Please download DeFogger to your desktop.
  2. Once downloaded, double-click on the DeFogger icon to start the tool.
  3. The application window will now appear. You should now click on the Disable button to disable your CD Emulation drivers
  4. When it prompts you whether or not you want to continue, please click on the Yes button to continue
  5. When the program has completed you will see a Finished! message. Click on the OK button to exit the program.
  6. If CD Emulation programs are present and have been disabled, DeFogger will now ask you to reboot the machine. Please allow it to do so by clicking on the OK button.

Download and Run GMER

We will use GMER to scan for rootkits.
  • Please download GMER from one of the following locations, and save it to your desktop:This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop. Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.
  • Close any and all open programs, as this process may crash your computer.
  • Double click or on your desktop.
  • When you have done this, close all running programs.
    There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program. Right-click and select Run As Administrator... if you are using Vista
  • Allow the gmer.sys driver to load if asked.

    If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system... Click NO.
  • In the right panel, you will see several boxes that have been checked. Please UNCHECK the following:
    • Sections
    • Registry
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show all (Don't miss this one!)
  • Click on and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.

If GMER doesn't work in Normal Mode try running it in Safe Mode

Note: Do Not run any program while GMER is running
*Note*: Rootkit scans often produce false positives. Do NOT take any actions on "<--- ROOKIT" entries

Edited by extremeboy, 02 March 2010 - 05:46 PM.

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#3 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:21 PM

Posted 06 March 2010 - 03:11 PM

Hello.

Are you still there? Do you still require help?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 7 days from the last day I replied initially, the topic will need to be closed.

Thanks for understanding.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:21 PM

Posted 15 March 2010 - 08:41 PM

Hello.

Due to Lack of feedback, this topic is now Closed

If you need this topic reopened, please Send Me a Message. In your message please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users