Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HTTPS TidServ 2 / HTTP TidServ


  • This topic is locked This topic is locked
2 replies to this topic

#1 Aria

Aria

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:28 PM

Posted 02 June 2010 - 02:03 PM

Hello. I was brought here through google search, when looking up information on a problem I am having which seems to be affecting people other than me as of late. I am running a Vaio Laptop on Vista Business, and I have been infected since last night with a stealth rootkit (?) which my antivirus software can't completely remove. I am receiving (blocked) HTTPS attacks from various IP's every 10-20 minutes, as informed by Norton Antivirus. HTTPS TidServ 2 affects SVCHOST.exe, and HTTP TidServ affects Firefox.exe. HTTP TidServ seems to respond when I open up Firefox, and whenever I start it up, Firefox usually informs me that it is restoring data from a crash (even though I shut it down legit on last use). Firefox is currently 3.6.3. Prior to this I did not have the most recent version of Java (Release 17), but since this problem, I have updated it to Release 20. Norton has removed several Trojans and a Downloader from the Java cache files, but I am still getting attacks, and Norton, Malwarebytes, and SuperAntiSpyware don't seem to be picking up on whatever program is sending out signals to my attackers. You guys have helped others with problems extremely similar to mine, so please look at my logs, and tell me what actions I can take to remove this nasty bug in my system. Any advice on how to deal with it would be much appreciated. Thank you.

(Note that for my privacy, I have omitted references to my real name, but otherwise, everything in the logs is accurate and intact)

Attached File  AlertSummary.png   39.3KB   6 downloads
Attached File  AlertSummary2.png   47.19KB   6 downloads


DDS (Ver_10-03-17.01) - NTFSx86
Run by USER at 12:42:07.58 on Wed 06/02/2010
Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_20
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.2046.985 [GMT -5:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\stacsv.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\DllHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\Sony\VAIO Center Access Bar\VCAB.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Sony\VAIO Service Utility\VAIO-SUTOOL.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\servicing\TrustedInstaller.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Users\USER\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.sony.com/vaiopeople
mDefault_Page_URL = hxxp://www.sony.com/vaiopeople
mWinlogon: Userinit=c:\windows\system32\Userinit.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - No File
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.8.0.41\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.8.0.41\IPSBHO.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Show Norton Toolbar: {90222687-f593-4738-b738-fbee9c7b26df} - c:\program files\common files\symantec shared\coshared\browser\1.5\UIBHO.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.8.0.41\coIEPlg.dll
TB: {DE9C389F-3316-41A7-809B-AA305ED9D922} - No File
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [igndlm.exe] c:\program files\download manager\DLM.exe /windowsstart /startifwork
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [VAIOCameraUtility] "c:\program files\sony\vaio camera utility\VCUServe.exe"
mRun: [VAIO Center Access Bar] "c:\program files\sony\vaio center access bar\VCAB.exe"
mRun: [VAIOSecurity] "c:\program files\sony\vaio security center\VSC.exe" 1
mRun: [QuickBooks Simple Start] "c:\program files\intuit\simplestartentice\entice.exe"
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ISBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
StartupFolder: c:\users\USER\appdata\roaming\micros~1\windows\startm~1\programs\startup\neverw~1.lnk - c:\neverwinternights\nwn\ereg\ATR1.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab
DPF: {4A116A80-85B6-4299-A018-A717FD7AC66A} - hxxp://m1.cdn.gaiaonline.com/plugins/IDMFlash.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} - hxxp://www.playwhat.com/solidPlugin/solidstateion.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
TCP: {352D9081-D9E7-41FC-9247-D6128140FC5F} = 68.94.156.1,151.164.8.201
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.8.0.41\CoIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\USER\appdata\roaming\mozilla\firefox\profiles\u6cwj9si.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\download manager\npfpdlm.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\users\USER\appdata\roaming\mozilla\firefox\profiles\u6cwj9si.default\extensions\flashplugin@idm\platform\winnt\plugins\npidmdcp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1008000.029\SymEFA.sys [2010-2-3 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1008000.029\BHDrvx86.sys [2010-2-3 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1008000.029\cchpx86.sys [2010-2-3 482432]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100520.001\IDSvix86.sys [2009-10-28 343088]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-10-12 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-10-12 67656]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2010-3-30 1107336]
R2 MSSQL$VAIO_VEDB;SQL Server (VAIO_VEDB);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2009-5-27 29262680]
R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.8.0.41\ccSvcHst.exe [2010-2-3 117640]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R2 SCRCAMHRDRV;ScreenCamera HR;c:\windows\system32\drivers\SCRCAMHRDRV.sys [2010-5-12 234800]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-6-1 102448]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\drivers\vrtaucbl.sys [2010-5-15 50728]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2009-10-27 4232704]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\drivers\R5U870FLx86.sys [2007-5-21 74240]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\drivers\R5U870FUx86.sys [2007-5-21 43904]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [2007-5-21 31104]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\system32\drivers\nis\1008000.029\symndisv.sys [2010-2-3 48688]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-4-23 812544]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-24 21504]
S3 ICScsiSV;Image Converter SCSI Service;c:\program files\sony\image converter 3\ICScsiSV.exe [2007-7-27 75952]
S3 IcVzMonLauncher;IcVzMonLauncher;c:\program files\sony\image converter 3\IcVzMonLauncher.exe [2007-7-27 67760]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-6-1 38224]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2007-6-18 17920]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2007-1-22 7680]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-10-12 12872]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\sony\vaio media integrated server\UCLS.exe [2007-7-27 745472]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\sony\vaio media integrated server\platform\SV_Httpd.exe [2007-7-27 397312]
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\sony\vaio media integrated server\platform\UPnPFramework.exe [2007-7-27 1089536]
S4 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2007-7-27 1174664]

=============== Created Last 30 ================

2010-06-02 07:30:21 0 ----a-w- c:\users\USER\defogger_reenable
2010-06-02 07:00:06 0 d-----w- C:\vir
2010-06-02 06:56:55 1314 ----a-w- C:\atapi.reg
2010-06-02 06:56:54 19944 ----a-w- c:\windows\system32\drivers\tmpatapi.sys
2010-06-02 06:56:54 0 d-----w- C:\backup
2010-06-02 06:43:24 0 d-----w- c:\programdata\Sun
2010-06-02 06:43:10 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-02 06:39:21 77312 ----a-w- c:\windows\mbr.exe
2010-06-02 04:28:11 0 d-----w- c:\users\USER\appdata\roaming\Malwarebytes
2010-06-02 04:27:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-02 04:27:03 0 d-----w- c:\programdata\Malwarebytes
2010-06-02 04:27:02 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-02 04:26:59 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-01 07:17:07 148741 ----a-w- C:\05312010.html
2010-05-31 04:02:39 70176 ----a-w- c:\users\USER\.recently-used.xbel
2010-05-31 01:27:20 952 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-05-30 16:33:25 0 d-----w- c:\program files\Cygnus FREE EDITION
2010-05-29 06:45:05 34849 ----a-w- C:\05282010.html
2010-05-29 06:44:47 2157591 ----a-w- C:\05282010.cmpgn
2010-05-26 04:47:40 150686 ----a-w- C:\05252010.html
2010-05-25 17:35:14 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-25 01:55:54 81 ----a-w- c:\users\USER\.gtk-bookmarks
2010-05-24 23:40:39 0 d-----w- c:\program files\DDS Converter 2
2010-05-24 02:05:34 75310 ----a-w- C:\05232010.2
2010-05-23 23:55:56 52091 ----a-w- C:\05232010.1
2010-05-22 17:30:28 146 ----a-w- c:\windows\DelMR.bat
2010-05-20 04:03:54 69961 ----a-w- C:\5192010.html
2010-05-19 03:57:49 687282 ----a-w- C:\vtm2.cmpgn
2010-05-19 03:57:35 214077 ----a-w- C:\5182010.html
2010-05-19 03:56:55 0 d-----w- C:\VTMLog 5
2010-05-17 18:33:47 1234148 ----a-w- C:\VTM.cmpgn
2010-05-17 03:57:35 0 d-----w- c:\users\USER\.chartool
2010-05-17 03:57:16 0 d-----w- c:\users\USER\.tokentool
2010-05-17 03:56:49 0 d-----w- c:\users\USER\.inittoolDbg
2010-05-17 03:42:03 0 d-----w- c:\users\USER\.maptool
2010-05-17 02:18:24 0 d-----w- c:\programdata\Apple Computer
2010-05-17 02:14:17 0 d-----w- c:\programdata\Apple
2010-05-15 20:25:20 50728 ----a-w- c:\windows\system32\drivers\vrtaucbl.sys
2010-05-15 20:25:20 0 d-----w- c:\program files\Virtual Audio Cable
2010-05-14 02:49:57 54156 ---ha-w- c:\windows\QTFont.qfn
2010-05-14 02:49:57 1409 ----a-w- c:\windows\QTFont.for
2010-05-13 01:36:08 234800 ----a-w- c:\windows\system32\drivers\SCRCAMHRDRV.sys
2010-05-12 18:00:42 0 ----a-w- c:\windows\mngui.INI
2010-05-12 17:49:40 0 d-----w- c:\users\USER\appdata\roaming\Motorola
2010-05-12 17:49:37 0 d-----w- c:\users\USER\appdata\roaming\Teleca
2010-05-12 17:47:31 0 d-----w- c:\program files\Intuwave
2010-05-12 17:47:09 0 d-----w- c:\program files\common files\Teleca Shared
2010-05-12 17:42:30 0 d-----w- c:\program files\common files\Motorola Shared
2010-05-12 17:35:36 0 d-----w- c:\program files\Motorola
2010-05-12 17:23:08 98 ----a-w- c:\windows\WirelessFTP.INI
2010-05-12 07:06:05 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2010-05-12 06:44:51 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-04 16:18:51 0 d-----w- c:\program files\SystemRequirementsLab

==================== Find3M ====================

2010-06-02 03:13:32 34912 ----a-w- c:\users\USER\appdata\roaming\nvModes.dat
2010-05-15 21:26:06 86016 ----a-w- c:\windows\inf\infpub.dat
2010-05-15 21:26:06 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-05-15 21:26:05 143360 ----a-w- c:\windows\inf\infstor.dat
2010-03-05 14:01:02 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-13 21:27:06 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-10-26 19:46:59 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:07 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:07 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:07 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:07 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2010-02-02 23:47:06 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\cookies\index.dat
2010-02-02 23:47:06 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\history\history.ie5\index.dat
2010-02-02 23:47:06 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\temporary internet files\content.ie5\index.dat
2009-12-28 21:53:54 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

============= FINISH: 12:42:41.03 ===============


Attached File  Attach.txt   7.39KB   5 downloads
Attached File  GMER.log   17.59KB   9 downloads

BC AdBot (Login to Remove)

 


#2 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:03:28 AM

Posted 04 June 2010 - 04:56 PM

Hi Aria, and welcome to Bleeping Computer.

* Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
* Execute the file TDSSKiller.exe by double-clicking on it.
* Wait for the scan and disinfection process to be over.
* When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).
The log is like UtilityName.Version_Date_Time_log.txt.
for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.
c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#3 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:03:28 AM

Posted 18 June 2010 - 10:18 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, just send me a PM (Send message from my profile) with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users