Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Tidserv/TDL3/Alureon infection


  • Please log in to reply
3 replies to this topic

#1 BHA81

BHA81

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:02 PM

Posted 02 August 2010 - 05:27 AM

Hey guys, I need help!! Have been trying to fix myself for the last two weeks. I have a decent knowledge about what should and shouldn't be running or resting on my machine and I don't think I have made the situation worse--yet whistling.gif

Here are the symptoms:

1. I am running Norton 360--I get constant notifications that a recent attempt to attack my computer was blocked--HTTPS Tidserv Request 2

2. Backdoor.Tidserv.Inf! has been detected by Norton 360 but only occasionally. A complete scan shows nothing detected.

3. Google or any search for that matter gets redirected constantly. IE7 and Firefox seem powerless to stop this but Google Chrome doesn't always get redirected.

4. Taskbar sometimes switches back to classic windows style completely on it's own. I understand this may or may not be caused by virus activity but its' never happend before.

5. I cannot leave the machine on for more than a few hours at a time without it hanging up and becoming completely unresponsive. I have to hard reboot all the time!

6. System Restore would not let me restore from any backup point that was available.


What I have done so far:

I have downloaded many programs for Rootkit detection and removal starting with MalwareBytes--No luck. I have also tried:

Spybot S&D--Found tracing cookies only

Hitman Pro 3.5--Message about a hidden driver in the Hardware stack was detected could mean TDL3 infection

Cleantdss by Proland--Found Nothing

CleanAlureon by Proland--Found a version of TDL3 and removed it. Don't remember which one but It's not the one causing the problems.

ComboFix--Found nothing

Last but not least--I have tried over and over to Run GMER to no avail. It constantly hangs up in the middle of the scan and makes my whole system unstable. I am forced to hard restart the system everytime. I'm thinking that one of these programs should have come up with something. It must be something I am doing wrong but obviously, I don't know what or I wouldn't be writing this as we speak. I have disabled system restore and Norton while the scans are going on.

Ok, so here is my DDS log. I will patiently await a response. Thank You in advance to whom ever helps me out.



DDS (Ver_10-03-17.01) - NTFSx86
Run by HP_Administrator at 5:40:02.17 on Mon 08/02/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1225 [GMT -4:00]

AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\WINDOWS\system32\HPZipm12.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\rundll32.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://aol.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\3.8.0.41\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\3.8.0.41\IPSBHO.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\3.8.0.41\coIEPlg.dll
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [Google Update] "c:\documents and settings\hp_administrator\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [DMAScheduler] "c:\program files\hp digitalmedia archive\DMAScheduler.exe"
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [F5D7050v3] c:\program files\belkin\f5d7050v3\Belkinwcui.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPwuSchd2.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [HitmanPro35] "c:\program files\hitman pro 3.5\HitmanPro35.exe" /scan:boot
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: trymedia.com
DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} - hxxp://simcity.ea.com/update/EARTPX.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {BC18E6DF-BE57-4580-93E8-F228F9A133AA} - hxxp://simcity.ea.com/exchange/lots/teleport/MaxisSimCity4LotTeleX.cab
DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} - hxxp://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D3D83E08-54D1-4E9D-8EAF-9F979D139294} - hxxp://simcity.ea.com/scape/teleport/MaxisSimCityScapeTeleX.cab
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton 360\engine\3.8.0.41\CoIEPlg.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hp_adm~1\applic~1\mozilla\firefox\profiles\11ritmf6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com/
FF - plugin: c:\documents and settings\hp_administrator\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XULRunner: {5800B3BE-85F5-400E-9216-B0EC426D784E} - c:\documents and settings\hp_administrator\local settings\application data\{5800B3BE-85F5-400E-9216-B0EC426D784E}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0308000.029\SymEFA.sys [2010-7-27 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0308000.029\BHDrvx86.sys [2010-7-27 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0308000.029\cchpx86.sys [2010-7-27 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100730.001\IDSXpx86.sys [2010-7-31 331640]
R2 N360;Norton 360;c:\program files\norton 360\engine\3.8.0.41\ccSvcHst.exe [2010-7-27 117640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-7-27 102448]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100801.003\NAVENG.SYS [2010-8-1 85424]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100801.003\NAVEX15.SYS [2010-8-1 1362608]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2010-7-27 91496]
S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\drivers\sscebus.sys [2010-5-20 90240]
S3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\drivers\sscemdfl.sys [2010-5-20 14976]
S3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\drivers\sscemdm.sys [2010-5-20 121856]
S3 xbreader;MaxDrive XBox Driver (xbreader.sys);c:\windows\system32\drivers\xbreader.sys [2001-1-2 19677]

=============== Created Last 30 ================

2010-08-01 13:52:42 2048 ----a-w- C:\Uninstall.dat
2010-08-01 11:31:32 133440 ----a-w- c:\windows\system32\LnkProtect.dll
2010-07-30 04:30:58 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-07-30 04:30:23 0 d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro
2010-07-30 04:30:21 0 d-----w- c:\program files\Hitman Pro 3.5
2010-07-28 05:01:54 0 d-s---w- C:\BHA81
2010-07-28 00:45:54 0 d-----w- c:\program files\Image Icon Converter
2010-07-27 23:36:53 91496 ----a-w- c:\windows\system32\drivers\nvhda32.sys
2010-07-27 23:36:53 26216 ----a-w- c:\windows\system32\nvhdap32.dll
2010-07-27 23:36:53 232040 ----a-w- c:\windows\system32\nvcohda.dll
2010-07-27 22:57:06 482432 ----a-w- c:\windows\system32\drivers\cchpx86.sys
2010-07-27 22:57:06 43696 ----a-w- c:\windows\system32\drivers\srtspx.sys
2010-07-27 22:57:06 310320 ----a-w- c:\windows\system32\drivers\SymEFA.sys
2010-07-27 22:57:06 259632 ----a-w- c:\windows\system32\drivers\BHDrvx86.sys
2010-07-27 22:57:06 217136 ----a-w- c:\windows\system32\drivers\symtdi.sys
2010-07-27 21:49:31 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2010-07-27 21:49:28 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-07-27 21:49:28 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-07-27 21:49:28 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-07-27 21:49:28 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-07-27 21:49:28 0 d-----w- c:\program files\Symantec
2010-07-27 21:48:55 0 d-----w- c:\program files\Norton 360
2010-07-27 21:44:37 0 d-----w- c:\program files\NortonInstaller
2010-07-27 17:21:06 3903 ----a-w- c:\windows\system32\nvnrm.nvu
2010-07-27 17:21:06 101888 ----a-w- c:\windows\system32\drivers\nvtcp.sys
2010-07-27 17:21:05 176128 ----a-w- c:\windows\system32\nvunrm.exe
2010-07-27 04:35:37 0 d-sha-r- C:\cmdcons
2010-07-26 22:15:24 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-07-26 22:15:24 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-07-26 04:48:23 0 d--h--w- c:\windows\PIF
2010-07-25 09:19:42 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-22 16:11:04 75 ----a-w- c:\windows\system32\nvUnsupRes.dat
2010-07-22 13:44:51 43609 ----a-w- c:\windows\system32\nvapps.nvb
2010-07-22 12:54:46 6343040 ----a-w- c:\windows\system32\nv4_disp.dll
2010-07-22 12:54:46 6300544 ----a-w- c:\windows\system32\dllcache\nv4_disp.dll
2010-07-22 12:54:43 10604128 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-07-22 12:54:43 10604128 ----a-w- c:\windows\system32\dllcache\nv4_mini.sys
2010-07-22 12:43:59 236136 ----a-w- c:\windows\system32\nvcodins.dll
2010-07-22 12:43:59 236136 ----a-w- c:\windows\system32\nvcod.dll
2010-07-22 12:43:59 1388544 ----a-w- c:\windows\system32\nvapi.dll
2010-07-22 12:43:46 472576 ----a-w- c:\windows\Nvidia Omega Drivers v2.169.21 Uninstall.exe
2010-07-22 11:22:53 0 d-----w- c:\windows\nview
2010-07-22 08:11:41 25 ----a-w- c:\windows\system32\nvModes.dat
2010-07-22 07:48:14 233052 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-07-22 07:48:11 233056 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-07-22 07:48:11 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-07-22 07:48:11 0 ----a-w- c:\windows\system32\nvdrswr.lk
2010-07-20 02:28:03 0 d-----w- c:\docume~1\hp_adm~1\applic~1\8916BAE39A7ABB0599C0F5CAAC4E5C79
2010-07-19 07:11:08 25 ----a-w- c:\windows\cdplayer.ini
2010-07-18 11:39:22 7959 ----a-w- c:\windows\system32\nvinfo.pb
2010-07-18 11:39:22 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-07-18 11:39:20 2914408 ----a-w- c:\windows\system32\nvcuvid.dll
2010-07-18 11:39:20 2506344 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-07-18 11:39:20 2195030 ----a-w- c:\windows\system32\nvdata.bin
2010-07-18 11:39:20 10260480 ----a-w- c:\windows\system32\nvcompiler.dll
2010-07-14 09:38:40 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-09 20:24:26 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-07-09 20:24:18 277608 ----a-w- c:\windows\system32\nvmccs.dll
2010-07-09 20:24:18 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-07-09 20:24:16 155752 ----a-w- c:\windows\system32\nvsvc32.exe
2010-07-09 20:24:16 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-07-09 20:24:16 13923432 ----a-w- c:\windows\system32\nvcpl.dll
2010-07-08 22:55:29 110387 ----a-w- c:\windows\hpoins11.dat
2010-07-08 22:55:10 6947 ----a-w- c:\windows\hpomdl11.dat
2010-07-08 22:45:21 38400 ----a-w- c:\windows\system32\hpz3l054.dll
2010-07-08 22:43:00 98304 ----a-w- c:\windows\system32\hpzjsn01.dll
2010-07-08 22:43:00 827392 ----a-w- c:\windows\system32\hpotiop2.dll
2010-07-08 22:43:00 77824 ----a-w- c:\windows\system32\HPZIDS01.dll
2010-07-08 22:43:00 659456 ----a-w- c:\windows\system32\hpowiax2.dll
2010-07-08 22:43:00 254026 ----a-w- c:\windows\system32\hpovst09.dll

==================== Find3M ====================

2010-07-27 21:49:19 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-07-27 21:49:12 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2010-07-09 22:38:00 604776 ----a-w- c:\windows\system32\nvudisp.exe
2010-07-09 22:38:00 4595712 ----a-w- c:\windows\system32\nvcuda.dll
2010-07-09 22:38:00 13549568 ----a-w- c:\windows\system32\nvoglnt.dll
2010-07-07 17:46:46 604776 ----a-w- c:\windows\system32\nvuninst.exe
2010-06-21 22:07:45 600680 ----a-w- c:\windows\system32\nvuhda.exe
2010-06-03 02:41:44 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-05-04 12:39:27 70656 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2010-05-04 12:39:27 13824 ----a-w- c:\windows\system32\dllcache\ieudinit.exe
2009-05-05 22:27:00 61 --sh--w- c:\windows\cnerolf.dat
2006-10-29 17:55:48 32 --sha-w- c:\windows\sminst\HPCD.SYS

============= FINISH: 5:41:12.57 ===============


BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:07:02 PM

Posted 09 August 2010 - 01:07 PM

Hello BHA81,



Sorry for the delay. sad.gif If you still need help, please post a new DDS/HijackThis log and I'll be happy to look at it. smile.gif

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 BHA81

BHA81
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:02 PM

Posted 09 August 2010 - 06:52 PM

Thank You for the reply and offer to help. Unfortunately (or rather "fortunately" ) I no longer need help with this removal. I finally gave up and just did a reinstall which turned out to be the right thing to do (in my opinion anyway). Honestly, the only reason I didn't just do a restore in the first place was due to "principal" and "pride". mad.gif I just hate having to say "I give UP!!!" and "YOU WIN this round, nasty rootkit" due to the bastards who put these viruses on the net in the first place. Anyway, my machine is running better now than it has in years. I didn't realize how much other crap besides viruses i had slowing it down. THANKS thumbup2.gif to everyone here who selflessly give their time to help others with the fight against "evil". Good day guys!!!! smile.gif

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:07:02 PM

Posted 10 August 2010 - 09:06 AM

Hello,

You sound just like me! laugh.gif Well, it's all said and done now, and I'm glad it's running so well. thumbup2.gif

Thank you so much for letting me know.

Take care!
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users