Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Live Security Suite...


  • This topic is locked This topic is locked
3 replies to this topic

#1 Peter1000

Peter1000

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:55 PM

Posted 21 June 2010 - 12:20 AM

I've been trying to de-infect a computer. Amongst other viruses it had was Live Security Suite. Running Malwareware Bytes' AntiMalware and Avira (free versions) seems to have soved removed most of the visible problems. However running the DDS recommended in the preparation guide seems to show two AV programs running - Avira and Live Security Suite, although the latter is disabled. Further (full) scans with MBAM & Avira don't seem to find any trace and I've had a look for the files/keys described here but I can't see any. I'd appreciate any help/advice on this and how to be sure I've managed to remove all the problems.


DDS (Ver_10-03-17.01) - NTFSx86
Run by Peter at 17:18:01.17 on 20/06/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.126 [GMT 1:00]

AV: Live Security Suite *On-access scanning disabled* (Updated) {BA7955D2-A704-4D1D-AB3F-7733A580F0DB}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdpserv.exe
C:\WINDOWS\system32\lxdpcoms.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lexmark Z2300 Series\lxdpmon.exe
C:\Program Files\Lexmark Z2300 Series\lxdpMsdMon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Kontiki\KHost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Peter\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.co.uk/
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant =
uURLSearchHooks: N/A: {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - c:\progra~1\inboxt~1\Inbox.dll
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: : {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - c:\progra~1\inboxt~1\Inbox.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
TB: &Inbox Toolbar: {d7e97865-918f-41e4-9cd0-25ab1c574ce8} - c:\progra~1\inboxt~1\Inbox.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [YSearchProtection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [kdx] c:\program files\kontiki\KHost.exe -all
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SkyTel] SkyTel.EXE
mRun: [lxdpmon.exe] "c:\program files\lexmark z2300 series\lxdpmon.exe"
mRun: [lxdpamon] "c:\program files\lexmark z2300 series\lxdpamon.exe"
mRun: [QuickFinder Scheduler] "c:\program files\wordperfect office x3\programs\QFSCHD130.EXE"
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -startup
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [kdx] "c:\program files\kontiki\KHost.exe" -all
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\Peter\startm~1\programs\startup\bbcipl~1.lnk - c:\program files\bbc iplayer desktop\BBC iPlayer Desktop.exe
StartupFolder: c:\docume~1\Peter\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: Open with WordPerfect - c:\program files\wordperfect office x3\programs\WPLauncher.hta
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1157518295687
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1245692655625
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - c:\progra~1\inboxt~1\Inbox.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-6-18 11608]
R1 RapportKELL;RapportKELL;c:\program files\trusteer\rapport\bin\RapportKELL.sys [2010-5-27 59240]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-5-27 166632]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-6-18 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-6-18 267432]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-6-18 60936]
R2 lxdp_device;lxdp_device;c:\windows\system32\lxdpcoms.exe -service --> c:\windows\system32\lxdpcoms.exe -service [?]
R2 lxdpCATSCustConnectService;lxdpCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdpserv.exe [2009-6-27 98984]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2010-5-27 840936]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-5-28 14896]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S1 RapportBuka;RapportBuka;\??\c:\windows\system32\drivers\rapportbuka.sys --> c:\windows\system32\drivers\RapportBuka.sys [?]

=============== Created Last 30 ================

2010-06-20 16:16:09 0 ----a-w- c:\documents and settings\Peter\defogger_reenable
2010-06-20 08:19:49 0 d-----w- c:\docume~1\Peter\applic~1\Windows Search
2010-06-20 07:06:42 98816 ----a-w- c:\windows\sed.exe
2010-06-20 07:06:42 77312 ----a-w- c:\windows\MBR.exe
2010-06-20 07:06:42 256512 ----a-w- c:\windows\PEV.exe
2010-06-20 07:06:42 161792 ----a-w- c:\windows\SWREG.exe
2010-06-20 06:14:50 0 d-----w- c:\program files\iPod
2010-06-20 06:14:14 0 d-----w- c:\program files\iTunes
2010-06-20 06:08:46 0 d-----w- c:\program files\Bonjour
2010-06-19 12:56:25 0 d-----w- c:\program files\CCleaner
2010-06-19 12:31:57 0 d-----w- c:\program files\common files\xing shared
2010-06-19 08:37:35 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-06-19 08:37:35 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-19 07:51:19 0 d-----w- c:\program files\Secunia
2010-06-19 06:01:03 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-06-18 21:56:22 0 d-----w- c:\docume~1\Peter\applic~1\Windows Desktop Search
2010-06-18 21:55:39 0 d-----w- c:\program files\Windows Desktop Search
2010-06-18 21:55:38 0 d-----w- c:\windows\system32\GroupPolicy
2010-06-18 21:54:12 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2010-06-18 21:54:12 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
2010-06-18 21:54:12 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
2010-06-18 19:37:58 0 d-----w- c:\program files\MSXML 6.0
2010-06-18 18:40:30 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2010-06-18 18:40:30 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll
2010-06-18 18:39:31 54272 ----a-w- c:\windows\system32\ixsso.dll
2010-06-18 18:39:20 81920 ------w- c:\windows\system32\ieencode.dll
2010-06-18 18:38:50 19569 ----a-w- c:\windows\003064_.tmp
2010-06-18 17:52:43 0 dc-h--w- c:\docume~1\alluse~1\applic~1\~0
2010-06-18 17:11:38 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-06-18 17:11:02 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-06-18 17:11:01 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-06-18 17:10:56 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-06-18 17:10:14 2146304 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-06-18 17:10:11 2024448 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-06-18 17:10:09 2066816 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-06-18 17:09:44 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-06-18 17:09:36 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-06-18 17:08:39 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2010-06-18 17:08:37 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2010-06-18 17:08:37 110592 -c----w- c:\windows\system32\dllcache\services.exe
2010-06-18 17:08:36 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2010-06-18 17:08:35 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2010-06-18 17:08:34 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-06-18 17:08:33 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2010-06-18 17:08:32 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2010-06-18 17:08:31 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2010-06-18 17:04:18 353792 -c----w- c:\windows\system32\dllcache\srv.sys
2010-06-18 16:54:14 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-06-18 16:49:53 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-06-18 16:03:52 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-06-18 16:03:52 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-06-18 16:03:51 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-06-18 16:03:48 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-18 16:03:47 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-06-18 16:03:46 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-06-18 16:03:43 11076096 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-06-18 16:02:38 41984 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-06-18 12:08:13 0 d-----w- c:\windows\system32\NtmsData
2010-06-18 10:55:29 0 d-----w- c:\docume~1\Peter\applic~1\Avira
2010-06-18 10:39:17 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-06-18 10:39:17 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-06-18 10:37:03 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-06-18 10:36:58 0 d-----w- c:\program files\Avira
2010-06-18 10:36:58 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira
2010-06-18 08:34:58 0 d-----w- c:\docume~1\Peter\applic~1\Malwarebytes
2010-06-18 08:34:52 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-18 08:34:51 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-06-18 08:34:50 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-18 08:34:50 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-16 20:42:26 233 ----a-w- c:\documents and settings\Peter\SelfDel.bat
2010-06-09 18:39:11 139264 ----a-w- c:\windows\system32\igfxres.dll
2010-06-09 18:33:15 28288 -c--a-w- c:\windows\system32\dllcache\xjis.nls
2010-06-09 18:33:01 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll
2010-06-09 18:33:01 31232 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys
2010-06-09 18:31:59 38912 -c--a-w- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
2010-06-09 18:30:53 10096640 -c--a-w- c:\windows\system32\dllcache\hwxcht.dll
2010-06-09 18:29:51 45056 -c--a-w- c:\windows\system32\dllcache\EXCH_aqadmin.dll
2010-06-09 18:29:40 5632 -c--a-w- c:\windows\system32\dllcache\EXCH_adsiisex.dll
2010-06-09 18:27:10 488 ---ha-r- c:\windows\system32\logonui.exe.manifest
2010-06-09 18:27:01 749 ---ha-r- c:\windows\WindowsShell.Manifest
2010-06-09 18:27:01 749 ---ha-r- c:\windows\system32\wuaucpl.cpl.manifest
2010-06-09 18:27:01 749 ---ha-r- c:\windows\system32\sapi.cpl.manifest
2010-06-09 18:27:01 749 ---ha-r- c:\windows\system32\ncpa.cpl.manifest
2010-06-09 18:26:38 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2010-06-09 18:16:10 0 d-----w- c:\program files\common files\ODBC
2010-06-09 17:51:31 450794 ----a-r- C:\txtsetup.sif
2010-06-09 17:51:31 260272 ----a-r- C:\$LDR$
2010-06-09 17:51:16 0 d-----w- C:\$WIN_NT$.~BT
2010-06-09 17:51:11 0 d-----w- c:\windows\setup.pss
2010-06-07 20:17:52 0 d-----w- c:\windows\SxsCaPendDel
2010-06-05 11:48:12 0 d-----w- c:\program files\Trusteer
2010-05-28 11:04:52 14896 ----a-w- c:\windows\system32\drivers\psi_mf.sys

==================== Find3M ====================

2010-06-19 12:31:18 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-06-09 18:25:34 23428 ----a-w- c:\windows\system32\emptyregdb.dat
2010-05-18 15:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 15:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:51:20 285696 ----a-w- c:\windows\system32\atmfd.dll
2006-09-07 02:05:46 8 --sha-r- c:\windows\system32\F084E71B5F.sys
2009-12-08 21:15:18 6528 --sha-w- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 17:19:11.50 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:11:55 PM

Posted 26 June 2010 - 05:16 PM

Hi,

If you still need help with this post fresh dds logs, please.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#3 Peter1000

Peter1000
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:55 PM

Posted 28 June 2010 - 01:37 AM

Hello, thanks for the reply. I think I've solved it now. I guess you can lock this. smile.gif

#4 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:11:55 PM

Posted 28 June 2010 - 02:12 AM

Ok. Thanks for letting us know smile.gif

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users