Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Re-Direct Malware/Adware Virus


  • This topic is locked This topic is locked
5 replies to this topic

#1 Fig666

Fig666

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:05 AM

Posted 23 May 2010 - 08:32 AM

I have been having trouble with my computer for about a week now, I have looked on the internet and downloaded and tried various applications to remove this redirect virus off my computer inc. malware bytes, regcure, spybot, spyware doctor, hitman pro 3 and a few others and I still have the same problem. The problems i have been having started 3 or so weeks ago when I noticed that I cant use Windows Updates anymore (error code 80072efe) I am also unable to use the system restore and create any restore points (Not enough memory to create restore point) When I go onto the internet and type in the search details the search results show up as normal but when I try to go to the website using the link it re-directs me to a completely different website or search engine especially ASK Jeeves. if I copy the link into the address bar it seems to work fine.

Please can you help me eliminate this virus off my computer as it has been driving me daft.


DDS (Ver_10-03-17.01) - NTFSx86
Run by Gary at 13:54:01.75 on 23/05/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.2430.1077 [GMT 1:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files (x86)\AVG 9 Pro\avgchsvx.exe
C:\Program Files (x86)\AVG 9 Pro\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Program Files (x86)\AVG 9 Pro\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\AVG 9 Pro\avgwdsvc.exe
C:\Program Files (x86)\AVG 9 Pro\avgfws9.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
C:\Program Files (x86)\Spyware Doctor\pctsTray.exe
C:\Windows\System32\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\AVG 9 Pro\avgemc.exe
C:\Program Files (x86)\AVG 9 Pro\avgam.exe
C:\Program Files (x86)\AVG 9 Pro\avgnsx.exe
C:\Program Files (x86)\AVG 9 Pro\avgcsrvx.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\AVG 9 Pro\avgtray.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\AVG 9 Pro\avgcsrvx.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Registry Mechanic\RegMech.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\notepad.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Users\Gary\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Bar = Preserve
uStart Page = hxxp://www.yahoo.co.uk/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files (x86)\avg 9 pro\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~2\office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files (x86)\avg 9 pro\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~2\office14\URLREDIR.DLL
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files (x86)\avg 9 pro\toolbar\IEToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [uTorrent] "c:\program files (x86)\utorrent\uTorrent.exe"
uRun: [RegistryMechanic]
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [AVG9_TRAY] c:\progra~2\avg9pr~1\avgtray.exe
mRun: [BCSSync] "c:\program files (x86)\office14\BCSSync.exe" /DelayServices
mRun: [ISTray] "c:\program files (x86)\spyware doctor\pctsTray.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files (x86)\malwarebytes' anti-malware\mbamgui.exe" /starttray
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files (x86)\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files (x86)\office14\ONBttnIELinkedNotes.dll
DPF: {18226BF8-DC0B-4D81-80E9-A41AE37BB73A} - hxxp://download.pplive.com/webinstall/install.CAB
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files (x86)\avg 9 pro\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files (x86)\avg 9 pro\avgpp.dll
AppInit_DLLs: avgrsstx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~2\office14\GROOVEEX.DLL

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-4-24 52872]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-5-22 207280]
R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2010-4-24 24856]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-4-24 216200]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-4-24 29512]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-4-24 242896]
R2 avg9emc;AVG E-mail Scanner;c:\program files (x86)\avg 9 pro\avgemc.exe [2010-4-24 916760]
R2 avg9wd;AVG WatchDog;c:\program files (x86)\avg 9 pro\avgwdsvc.exe [2010-4-24 308064]
R2 avgfws9;AVG Firewall;c:\program files (x86)\avg 9 pro\avgfws9.exe [2010-4-24 2325816]
R2 MBAMService;MBAMService;c:\program files (x86)\malwarebytes' anti-malware\mbamservice.exe [2010-5-22 304464]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\spyware doctor\pctsAuxs.exe [2010-5-22 358600]
R2 sdCoreService;PC Tools Security Service;c:\program files (x86)\spyware doctor\pctsSvc.exe [2010-5-22 1141200]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\windows\system32\nvSCPAPISvr.exe [2009-6-10 232960]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-5-22 20952]
R3 netr28u;Belkin N1 Wireless USB Adapter Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2007-1-1 552448]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-23 136176]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\toolbar\toolbarbroker.exe --> c:\program files (x86)\toolbar\ToolbarBroker.exe [?]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\office14\GROOVE.EXE [2009-10-29 30603640]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2009-9-26 4639136]

=============== Created Last 30 ================

2010-05-23 12:39:52 0 ----a-w- c:\users\gary\defogger_reenable
2010-05-23 11:40:48 0 d-----w- c:\programdata\Google
2010-05-23 10:24:02 65536 --sha-w- c:\users\gary\ntuser.dat{3b24e4c7-6642-11df-a7d3-0018380433cc}.TM.blf
2010-05-23 10:24:02 524288 --sha-w- c:\users\gary\ntuser.dat{3b24e4c7-6642-11df-a7d3-0018380433cc}.TMContainer00000000000000000002.regtrans-ms
2010-05-23 10:24:02 524288 --sha-w- c:\users\gary\ntuser.dat{3b24e4c7-6642-11df-a7d3-0018380433cc}.TMContainer00000000000000000001.regtrans-ms
2010-05-23 10:22:15 0 d-----w- c:\users\gary\appdata\roaming\Registry Mechanic
2010-05-23 10:22:10 0 --sha-w- c:\users\gary\S-1-5-21-73489694-4057037766-494124430-1000.rrr.LOG2
2010-05-23 10:22:10 0 --sha-w- c:\users\gary\S-1-5-21-73489694-4057037766-494124430-1000.rrr.LOG1
2010-05-23 10:11:57 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2010-05-23 10:11:57 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2010-05-23 10:11:56 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2010-05-23 10:11:56 506368 ----a-w- c:\windows\system32\msxml.dll
2010-05-22 23:59:01 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-05-22 23:45:45 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-05-22 23:45:24 0 d-----w- c:\programdata\Hitman Pro
2010-05-22 18:24:56 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-22 18:24:54 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-22 17:14:34 1636304 ----a-w- c:\windows\PCTBDCore.dll.old
2010-05-22 17:08:24 97208 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2010-05-22 17:08:24 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2010-05-22 17:08:24 229304 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-05-22 17:08:09 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-05-22 17:08:09 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2010-05-22 17:08:09 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2010-05-22 17:08:09 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-05-22 17:07:54 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2010-05-22 17:07:54 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-05-22 17:07:47 0 d-----w- c:\users\gary\appdata\roaming\PC Tools
2010-05-22 17:07:47 0 d-----w- c:\programdata\PC Tools
2010-05-22 17:07:47 0 d-----w- c:\program files\common files\PC Tools
2010-05-22 11:01:23 1896 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2010-05-22 10:52:48 0 d-----w- c:\programdata\SITEguard
2010-05-22 10:52:46 471040 ---ha-w- C:\SZKGFS.dat
2010-05-22 10:51:59 0 d-----w- c:\programdata\STOPzilla!
2010-05-22 10:51:59 0 d-----w- c:\program files\common files\iS3
2010-05-21 09:36:51 0 d-----w- c:\users\gary\appdata\roaming\Malwarebytes
2010-05-21 09:36:21 0 d-----w- c:\programdata\Malwarebytes
2010-05-21 09:15:13 0 d---a-w- c:\programdata\TEMP
2010-05-15 14:01:04 65536 --sha-w- c:\users\gary\ntuser.dat{6333355e-5ff3-11df-afca-0018380433cc}.TM.blf
2010-05-15 14:01:04 524288 --sha-w- c:\users\gary\ntuser.dat{6333355e-5ff3-11df-afca-0018380433cc}.TMContainer00000000000000000002.regtrans-ms
2010-05-15 14:01:04 524288 --sha-w- c:\users\gary\ntuser.dat{6333355e-5ff3-11df-afca-0018380433cc}.TMContainer00000000000000000001.regtrans-ms
2010-05-15 13:07:23 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-05-12 08:59:21 0 d-----w- c:\users\gary\Project Camelot
2010-05-11 13:20:03 0 d-----w- c:\users\gary\appdata\roaming\aerix
2010-05-11 12:50:14 54156 ---ha-w- c:\windows\QTFont.qfn
2010-05-11 12:50:14 1409 ----a-w- c:\windows\QTFont.for
2010-05-09 22:27:24 0 d-----w- c:\program files\Realtek
2010-05-09 14:02:55 0 d-----w- c:\program files\common files\DivX Shared
2010-05-09 13:25:35 0 dc----w- c:\programdata\{9DF77379-A83D-46CF-968D-03CBC652096D}
2010-05-09 10:05:41 1908 ----a-w- c:\windows\diagwrn.xml
2010-05-09 10:05:41 1908 ----a-w- c:\windows\diagerr.xml
2010-05-09 09:42:30 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2010-05-09 08:57:25 0 d-----w- c:\users\gary\appdata\roaming\NCH Software
2010-05-08 18:38:19 0 d-----w- c:\users\gary\Future Theatre Radio
2010-05-05 11:18:15 0 d-----w- c:\program files\common files\PX Storage Engine
2010-05-05 11:09:31 0 d-----w- c:\programdata\DivX
2010-04-29 17:33:06 0 d-----w- c:\program files\MSXML 4.0
2010-04-28 17:40:18 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-04-28 17:39:57 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2010-04-28 17:39:57 1037312 ----a-w- c:\windows\system32\lsasrv.dll
2010-04-28 17:39:55 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2010-04-28 10:06:07 0 d-----w- c:\programdata\Nero
2010-04-26 22:04:42 353592 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2010-04-26 10:48:57 0 d-----w- c:\users\gary\My Application Forms
2010-04-26 10:43:53 0 d-----w- c:\windows\system32\appmgmt
2010-04-26 10:24:00 0 d-----w- c:\program files\Microsoft Synchronization Services
2010-04-26 10:22:55 0 d-----w- c:\windows\PCHEALTH
2010-04-26 10:22:55 0 d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-04-26 10:19:51 0 d-----w- c:\program files\Microsoft Visual Studio 8
2010-04-26 10:18:02 0 d-----w- c:\program files\Microsoft Analysis Services
2010-04-26 10:16:40 0 d-----w- c:\programdata\Microsoft Help
2010-04-25 15:26:43 0 d-----w- c:\program files\PPLive
2010-04-25 11:01:49 0 d-----w- c:\windows\system32\RTCOM
2010-04-25 09:14:50 0 d--h--w- C:\$AVG
2010-04-24 23:41:10 2622496 ----a-w- c:\windows\system32\RtkAPO.dll
2010-04-24 19:24:44 203776 ----a-w- c:\windows\system32\clrviddc.dll
2010-04-24 18:18:54 0 d-----w- c:\program files\SoundSpectrum
2010-04-24 17:33:55 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-04-24 17:33:54 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-04-24 17:33:53 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-24 17:33:45 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-04-24 17:33:40 0 d-----w- c:\windows\system32\drivers\Avg
2010-04-24 17:33:36 0 d-----w- c:\programdata\AVG Security Toolbar
2010-04-24 17:33:01 24856 ----a-w- c:\windows\system32\drivers\avgfwd6x.sys
2010-04-24 13:16:01 0 d-----w- c:\users\gary\appdata\roaming\PPLive
2010-04-24 12:33:20 719872 ----a-w- c:\windows\system32\devil.dll
2010-04-24 12:33:20 351744 ----a-w- c:\windows\system32\avisynth.dll
2010-04-24 12:33:20 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2010-04-24 12:33:19 1060864 ----a-w- c:\windows\system32\mfc71.dll
2010-04-24 10:39:43 28672 ----a-w- c:\windows\system32\AVEQT.dll
2010-04-24 10:39:43 129024 ----a-w- c:\windows\system32\AVERM.dll
2010-04-24 10:06:48 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2010-04-23 18:42:58 257024 ----a-w- c:\windows\system32\msv1_0.dll
2010-04-23 18:37:59 3954568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-23 18:37:59 3899280 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-23 18:37:58 91648 ----a-w- c:\windows\system32\avifil32.dll
2010-04-23 18:37:58 84480 ----a-w- c:\windows\system32\mciavi32.dll
2010-04-23 18:37:58 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-04-23 18:37:58 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-04-23 18:37:58 22016 ----a-w- c:\windows\system32\msyuv.dll
2010-04-23 18:37:58 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-04-23 18:37:58 1328640 ----a-w- c:\windows\system32\quartz.dll
2010-04-23 18:37:58 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2010-04-23 18:37:56 132608 ----a-w- c:\windows\system32\cabview.dll
2010-04-23 18:36:29 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-23 18:36:29 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-23 18:36:29 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-23 18:28:54 0 d-----w- c:\program files\NVIDIA Corporation
2010-04-23 18:19:00 0 d-----w- c:\windows\Panther
2010-04-23 13:20:17 0 d-----w- c:\programdata\NCH Swift Sound

==================== Find3M ====================

2010-04-24 19:19:41 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-04-24 18:37:36 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-04-23 09:52:05 552448 ----a-w- c:\windows\system32\drivers\netr28u.sys
2010-04-23 09:22:25 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-03-08 21:33:56 427520 ----a-w- c:\windows\system32\vbscript.dll
2010-03-08 17:59:18 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-02-23 07:56:00 977920 ----a-w- c:\windows\system32\wininet.dll
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 13:55:22.94 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:05 PM

Posted 23 May 2010 - 09:15 AM

Hello Fig666

Welcome to BleepingComputer smile.gif
========================One or more of the identified infections is a backdoor trojan or rootkit.

This type of infection has the capabilities to allows hacker to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identity Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 Fig666

Fig666
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:05 AM

Posted 23 May 2010 - 10:37 AM

I would like for you to please clean this trojan/rootkit off my computer if you can, would you suggest that I re-format and re-install just to be on the safe side.

#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:05 PM

Posted 23 May 2010 - 10:47 AM

Reformat is a for sure way to tell but I have cleaned this infection successfully on every occasion.
So I would say to clean it as well.
This type of infection has those capabilities so I felt the need to have warned you about it.
==================
Download TDSSKiller and save it to your Desktop.
  • Right click on the file and choose extract all extract the file to your desktop then run it.
  • If prompted to restart the computer type in Y then it will restart.
  • Once completed it will create a log in your C:\ drive
  • Please post the contents of that log
=======
Please visit this webpage for download links, and instructions for running Combofix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#5 Fig666

Fig666
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:05 AM

Posted 24 May 2010 - 02:42 AM

Thanks for all your help on this matter, I decided to do a complete re-install of my OS yesterday just to be on the safe side.

#6 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:05 PM

Posted 24 May 2010 - 05:58 AM

You are welcome smile.gif


Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. smile.gif

If your the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users