Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


PC overrun with malware (incl. TDSS, FakeAlert & Alureon S)

  • This topic is locked This topic is locked
2 replies to this topic

#1 Maria M

Maria M

  • Members
  • 1 posts
  • Local time:02:41 PM

Posted 14 June 2011 - 03:26 PM

My PC is overrun with malware. I have a PC running Windows Vista Ultimate with no service packs (have been unable to install them). None of my security programs have been successful in getting rid of the malware and I don't know what else to do. Please help.

I know the PC has malware because of the following symptoms:

  • Windows Defender no longer works. I am unable to turn on the program. I cannot even start the service manually.
  • Periodically, a "Windows Defender" window pops up spontaneously and begins to scan the PC. I do not start the scan. I believe the program is not Windows Defender but is an imposter. Windows Defender never popped up spontaneously like that in the last 4 years I've had the PC. Also, the program does not allow me to navigate to any of the other tabs (e.g., the Home tab). It only gives access to the scan tab where it runs a scan spontaneously.
  • IE launches spontaneously and opens to http://www.findstation.org/ae3.php?aid=520&sid=direc10.
  • Whenever I click a link on a Google or Bing search results page, I get redirected to other sites.
  • McAfee Window pops up spontaneously with the message: "Your Computer is at Risk. Please check your status so you can address any security issues to keep your PC protected." Includes a Check Status button.
  • A "Windows Vista Recovery" window appears that tells me I have multiple security issues on my computer and asks me to download a program to fix the security issues. The program spontaneously scans my PC. I have never seen this program appear before 2 weeks ago.
  • I've run multiple scans with McAfee Internet Security and Malewarebytes' AntiMalware (free version) and most of the time the scans say the computer is not infected.
  • The PC has spontaneously crashed (to blue screen) several times in last two weeks (about 10 times).
  • Even in Safe Mode, IE launches spontaneously

I tried running the security programs in safe mode and at one point was able to get some information from them. According to McAfee Internet Security, it found and removed TDSS.e!rootkit! According to Malewarebytes' AntiMalware (free version), it found and removed Trojan.FakeAlert and Trojan.Alureon S. However, the symptoms of the Malware still appear.

I followed the instructions in the preparation guide and am now posting the content of the DDS.txt file:

DDS.txt File

DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 8.0.6001.18882
Run by mmmejias at 12:38:49 on 2011-06-14
Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.1.1033.18.2046.821 [GMT -5:00]
============== Running Processes ===============
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\DDNI\DIBS\DDNIService.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Lenovo\PM Driver\PMSveH.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\Program Files\Lenovo\System Update\SUService.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Lenovo\PM Driver\PMHandler.exe
C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE
C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Lenovo\Camera Center\bin\LenovoCameraCenter.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\McAfee\Core\mchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Lenovo\Client Security Solution\password_manager.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://lenovo.live.com
uInternet Settings,ProxyOverride = *.local
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [TPWAUDAP] c:\program files\lenovo\hotkey\TpWAudAp.exe
mRun: [TPFNF7] c:\progra~1\lenovo\npdirect\TPFNF7SP.exe /r
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [PMHandler] c:\progra~1\lenovo\pmdriv~1\PMHandler.exe
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Message Center Plus] c:\program files\lenovo\message center plus\MCPLaunch.exe /start
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [LPManager] c:\progra~1\lenovo\lenovo~2\LPMGR.exe
mRun: [LenovoOobeOffers] c:\swtools\lenovowelcome\lenovooobeoffers.exe /filepath="c:\swshare\firstrun.txt"
mRun: [InstaLAN] "c:\program files\belkin\router setup and monitor\BelkinRouterMonitor.exe" startup
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent
mRun: [CameraApplicationLauncher] c:\program files\lenovo\camera center\bin\CameraApplicationLaunchpadLauncher.exe
mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE
mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe
mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\users\mmmejias\appdata\roaming\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee.com\agent\mcagent.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\lenovo\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\lenovo\bluetooth software\btsendto_ie.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://download.boulder.ibm.com/ibmdl/pub/pc/pccbbs/bp_pc/acpirexe.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
TCP: DhcpNameServer =
TCP: Interfaces\{4EF84B38-5460-46C1-AA31-5260EC749017} : DhcpNameServer =
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\puresp3.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
============= SERVICES / DRIVERS ===============
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-6-27 387480]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2008-5-12 13480]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-4-17 64584]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-4-17 84200]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 MpKslaee9f864;MpKslaee9f864;c:\programdata\microsoft\microsoft antimalware\definition updates\{43f92cfa-56c8-4fee-b8c7-fa39db5b7580}\MpKslaee9f864.sys [2011-6-14 28752]
R2 DDNIService;DDNIService;c:\program files\ddni\dibs\DDNIService.exe [2007-12-15 149992]
R2 FNF5SVC;Fn+F5 Service;c:\program files\lenovo\hotkey\FnF5svc.exe [2007-5-10 54832]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-5-1 181544]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2011-4-22 88176]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-8 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-8 271480]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-8 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-4-17 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-4-17 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-4-17 141792]
R2 ptumlcmsvc;PTUML290 Connection Manager Service;c:\windows\system32\ptumlcmsvc.exe [2011-3-7 113168]
R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2007-5-10 55936]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2007-7-10 569344]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-2-8 179712]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-4-17 56064]
R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [2009-3-28 34128]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-11-22 153280]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-11-22 52320]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-4-17 314088]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2007-5-22 30336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-4-17 84488]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-11-22 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-11-22 40552]
S3 PTUMLBUS;PTUML USB Composite Device Driver;c:\windows\system32\drivers\PTUMLBUS.sys [2011-3-17 59664]
S3 PTUMLCVsp;PANTECH UML290 Connection Manager Port;c:\windows\system32\drivers\PTUMLCVsp.sys [2011-3-17 168208]
S3 PTUMLMdm;PANTECH UML290;c:\windows\system32\drivers\PTUMLMdm.sys [2011-3-17 168208]
S3 PTUMLNET;PANTECH UML290 WWAN;c:\windows\system32\drivers\PTUMLNET.sys [2011-3-17 74768]
S3 PTUMLNVsp;PANTECH UML290 NMEA Port;c:\windows\system32\drivers\PTUMLNVsp.sys [2011-3-17 168848]
S3 PTUMLRMNET;PANTECH UML290 RMNET Service;c:\windows\system32\drivers\PTUMLRMNET.sys [2011-3-17 59920]
S3 PTUMLVsp;PANTECH UML290 Diagnostic Port;c:\windows\system32\drivers\PTUMLVsp.sys [2011-3-17 168208]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
=============== Created Last 30 ================
2011-06-14 17:08:43 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{43f92cfa-56c8-4fee-b8c7-fa39db5b7580}\MpKslaee9f864.sys
2011-06-14 13:47:34 -------- d-sh--w- C:\$RECYCLE.BIN
2011-06-14 05:56:23 256512 ----a-w- c:\windows\PEV.exe
2011-06-14 05:56:23 208896 ----a-w- c:\windows\MBR.exe
2011-06-14 05:56:22 98816 ----a-w- c:\windows\sed.exe
2011-06-14 05:56:22 518144 ----a-w- c:\windows\SWREG.exe
2011-06-13 13:17:53 6962000 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-06-13 13:15:43 6962000 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{43f92cfa-56c8-4fee-b8c7-fa39db5b7580}\mpengine.dll
2011-06-13 03:46:28 263942 ----a-w- c:\windows\system32\wbem\WMIObjectsMigration.bin
2011-06-12 02:54:43 439632 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{bc7c8e34-5874-48c9-ba0c-f6328ffb7d42}\gapaengine.dll
2011-06-12 02:50:27 -------- d-----w- c:\program files\Microsoft Security Client
2011-06-12 01:47:58 -------- d-----w- c:\users\mmmejias\appdata\local\ElevatedDiagnostics
2011-06-12 01:38:51 -------- d-----w- c:\program files\Microsoft ATS
2011-06-11 17:56:42 6962000 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{b1c14a51-958c-437d-995d-3c1ab4652eec}\mpengine.dll
2011-06-11 11:12:55 72704 ----a-w- c:\windows\system32\admparse.dll
2011-06-11 10:42:36 -------- d-----w- c:\users\mmmejias\appdata\roaming\Malwarebytes
2011-06-11 10:40:39 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-11 10:40:36 -------- d-----w- c:\programdata\Malwarebytes
2011-06-11 10:40:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-11 08:30:32 -------- d-----w- C:\A
2011-06-11 08:22:45 -------- d-----w- c:\programdata\Common Files
2011-06-11 08:17:12 -------- d-----w- c:\programdata\MFAData
2011-06-10 16:00:02 -------- d-----w- C:\SafeMSI
2011-06-03 15:26:03 730112 ----a-w- c:\windows\system32\autochk.exe
2011-05-24 22:30:33 643072 ----a-w- c:\windows\system32\autochk_6.3.11.exe
2011-05-23 18:04:01 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-05-23 18:04:01 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-05-23 18:04:01 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-05-23 18:04:01 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-05-23 18:04:01 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-05-23 17:54:13 -------- d-----w- c:\users\mmmejias\appdata\roaming\GARMIN
2011-05-23 17:01:08 -------- d-----w- C:\4c3e2d5318ae0b84caa86998b4
2011-05-23 17:00:31 -------- d-----w- C:\2cdc4cd28bee1b590d69a52341
2011-05-23 15:09:11 -------- d-----w- C:\ca7a70559b7d7466bac7da
2011-05-23 15:08:23 -------- d-----w- C:\435556248af186afb195a1aa
2011-05-22 00:18:15 -------- d-----w- c:\users\mmmejias\appdata\local\Help
2011-05-22 00:07:41 33536 ----a-w- c:\windows\system32\drivers\tvtfilter.sys
2011-05-21 23:16:18 -------- d-----w- c:\windows\system32\Lang
2011-05-21 23:16:07 317976 ----a-w- c:\windows\system32\drivers\iaStor.sys
2011-05-21 23:13:31 -------- d-----w- c:\program files\Lenovo Group Limited
2011-05-21 22:18:43 30144 ----a-w- c:\windows\system32\drivers\psadd.sys
2011-05-21 22:18:40 -------- d-----w- c:\users\mmmejias\appdata\roaming\Downloaded Installations
2011-05-19 14:46:58 -------- d-----w- C:\7b71fa03eec75dd235d992ce
2011-05-19 14:32:51 -------- d-----w- c:\windows\system32\catroot2
2011-05-19 08:30:26 -------- d-----w- C:\dfa1ac2a501f1635adf3cfb13362d249
2011-05-19 03:23:19 47560 ----a-w- c:\windows\system32\SPReview.exe
2011-05-19 03:23:19 152576 ----a-w- c:\windows\system32\SPWizUI.dll
2011-05-19 02:36:59 -------- d-----w- c:\windows\pss
==================== Find3M ====================
2011-06-14 17:08:51 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2011-06-14 17:08:49 58288 ----a-w- c:\windows\system32\rpcnet.dll
2011-06-12 02:12:18 3504008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-05-23 20:23:30 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2011-05-23 17:24:06 58288 ------w- c:\windows\system32\rpcnet.exe
2011-05-21 23:30:15 129784 ----a-w- c:\windows\system32\pxafs.dll
2011-04-14 19:01:38 95824 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-04-14 19:01:38 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-04-14 19:01:38 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-04-14 19:01:38 84200 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2011-04-14 19:01:38 64584 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2011-04-14 19:01:38 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-04-14 19:01:38 52320 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-04-14 19:01:38 387480 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-04-14 19:01:38 314088 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-04-14 19:01:38 153280 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-03-21 16:50:30 3140 --sha-w- c:\windows\system32\KGyGaAvL.sys
2011-03-21 16:50:29 88 --sha-r- c:\windows\system32\8852FF75B6.sys
============= FINISH: 12:41:15.23 ===============

I am also attaching the Attach.txt file (zipped) and the Ark.txt file. Please help. I thank you in advance for your assistance.Attached File  Attach.zip   6.16KB   0 downloadsAttached File  ark.txt   423.85KB   1 downloads

BC AdBot (Login to Remove)


#2 Elise


    Bleepin' Blonde

  • Malware Study Hall Admin
  • 61,248 posts
  • Gender:Female
  • Location:Romania
  • Local time:11:41 PM

Posted 23 June 2011 - 10:22 AM

Hello ,
And :welcome: to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new DDS log (don't forget attach.txt)

Thanks and again sorry for the delay.

regards, Elise

"Now faith is the substance of things hoped for, the evidence of things not seen."


Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome


Malware analyst @ Emsisoft

#3 Elise


    Bleepin' Blonde

  • Malware Study Hall Admin
  • 61,248 posts
  • Gender:Female
  • Location:Romania
  • Local time:11:41 PM

Posted 03 July 2011 - 08:21 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

regards, Elise

"Now faith is the substance of things hoped for, the evidence of things not seen."


Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome


Malware analyst @ Emsisoft

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users