Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help there might be a virus?


  • This topic is locked This topic is locked
3 replies to this topic

#1 Helpvirus123

Helpvirus123

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:41 PM

Posted 19 November 2011 - 11:26 PM

Can someone help me if there is a virus?

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:20:08 PM, on 11/20/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\Program Files\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Uniblue\SpeedUpMyPC\spmonitor.exe
C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
C:\Program Files\AVG\AVG2012\avgfws.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\Uniblue\SPEEDU~1\sump.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\GIXIE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\GIXIE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\GIXIE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\GIXIE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Documents and Settings\GIXIE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\GIXIE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\GIXIE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\GIXIE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/niwradsoft/{71AD05CE-F844-4B44-9A9C-6447815F6A13}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/niwradsoft/{71AD05CE-F844-4B44-9A9C-6447815F6A13}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - mscoree.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - mscoree.dll (file missing)
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\Vista Drive Icon\DrvIcon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpeedUpMyPC] "C:\PROGRA~1\Uniblue\SPEEDU~1\launcher.exe" -d 20000
O4 - HKCU\..\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 5584 bytes

Edit: Merged two separate topics into one. ~ Animal

BC AdBot (Login to Remove)

 


#2 Helpvirus123

Helpvirus123
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:41 PM

Posted 20 November 2011 - 12:01 AM

DDS (Ver_2011-06-23.01) - FAT32x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_27
Run by GIXIE at 12:58:55 on 2011-11-20
Microsoft Windows XP Professional 5.1.2600.2.1252.63.1033.18.1978.965 [GMT 8:00]
.
AV: AVG Internet Security 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Enabled*
.
============== Running Processes ===============
.
C:\Program Files\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Uniblue\SpeedUpMyPC\spmonitor.exe
C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
C:\Program Files\AVG\AVG2012\avgfws.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\Uniblue\SPEEDU~1\sump.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\GIXIE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\GIXIE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\GIXIE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\GIXIE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Documents and Settings\GIXIE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\GIXIE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\GIXIE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\GIXIE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\GIXIE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page =
uStart Page = hxxp://www.bigseekpro.com/niwradsoft/{71AD05CE-F844-4B44-9A9C-6447815F6A13}
uSearch Bar =
mStart Page = hxxp://www.bigseekpro.com/niwradsoft/{71AD05CE-F844-4B44-9A9C-6447815F6A13}
uInternet Settings,ProxyOverride = *.local
mSearchAssistant =
BHO: QuickStores-Toolbar: {10edb994-47f8-43f7-ae96-f2ea63e9f90f} - mscoree.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: QuickStores-Toolbar: {10edb994-47f8-43f7-ae96-f2ea63e9f90f} - mscoree.dll
TB: StylerToolBar: {d2f8f919-690b-4ea2-9fa7-a203d1e04f75} - c:\program files\styler\tb\StylerTB.dll
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpeedUpMyPC] "c:\progra~1\uniblue\speedu~1\launcher.exe" -d 20000
uRun: [Xvid] c:\program files\xvid\CheckUpdate.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [DrvIcon] c:\program files\vista drive icon\DrvIcon.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{4979A2AF-5943-4E5E-A215-6885E2F373D3} : DhcpNameServer = 192.168.2.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Notify: igfxcui - igfxdev.dll
Notify: klogon - c:\windows\system32\klogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-7-11 32592]
R0 KL1;kl1;c:\windows\system32\drivers\kl1.sys [2011-3-4 133208]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-7-11 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2011-3-4 11352]
R2 avgfws;AVG Firewall;c:\program files\avg\avg2012\avgfws.exe [2011-10-24 2398512]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2011-5-23 30944]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-7-11 16720]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2009-5-19 110080]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-5-19 140376]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2011-3-10 34608]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19472]
R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [2009-5-19 1023872]
S1 MpKsl178e97c3;MpKsl178e97c3; [x]
S1 MpKsl17c2f825;MpKsl17c2f825; [x]
S1 MpKsl1e9d1d96;MpKsl1e9d1d96; [x]
S1 MpKsl291b8d45;MpKsl291b8d45; [x]
S1 MpKsl7516da5c;MpKsl7516da5c; [x]
S1 MpKsla5f49f78;MpKsla5f49f78; [x]
S1 MpKslb9186e8c;MpKslb9186e8c; [x]
S1 MpKslbaa45ec4;MpKslbaa45ec4; [x]
S1 MpKslc223458a;MpKslc223458a; [x]
S1 MpKsle612f56e;MpKsle612f56e; [x]
S1 MpKsle7305fb7;MpKsle7305fb7; [x]
S1 MpKslfb4103af;MpKslfb4103af; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-5-19 1691480]
S3 apf001;apf001;d:\rakionis\bin\apf001.sys [2011-9-30 10872]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2011-5-23 30944]
S3 EagleXNt;EagleXNt; [x]
S3 esgiguard;esgiguard; [x]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2009-12-21 36608]
S3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [2003-8-7 6528]
S3 GGSAFERDriver;GGSAFER Driver; [x]
S3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\drivers\ghidpnp.sys --> c:\windows\system32\drivers\gHidPnp.Sys [?]
S3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\drivers\gmouusb.sys --> c:\windows\system32\drivers\gMouUsb.sys [?]
S3 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2011-7-9 565552]
S3 MBAMSwissArmy;MBAMSwissArmy; [x]
S3 rak;rak; [x]
S3 redxd1;redxd1; [x]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [2009-12-21 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [2009-12-21 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [2009-12-21 121856]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-5-13 121064]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 zenx1;zenx1; [x]
S4 AVP;Kaspersky Anti-Virus Service; [x]
S4 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-12-21 233472]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-7-11 47128]
S4 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2008-7-11 369688]
.
=============== Created Last 30 ================
.
2011-11-19 15:06:40 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-11-19 15:06:40 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2011-11-18 11:42:24 -------- d-sh--w- C:\FOUND.030
2011-11-14 06:39:44 -------- d-sh--w- C:\FOUND.029
2011-11-13 10:30:48 -------- d-----w- c:\documents and settings\all users\application data\NexonUS
2011-11-12 06:06:46 -------- d-sh--w- C:\FOUND.028
2011-11-05 07:27:57 -------- d-sh--w- c:\documents and settings\gixie\IECompatCache
2011-11-01 08:22:21 -------- d-----w- c:\windows\system32\VIRepair
2011-11-01 08:07:09 -------- d-----w- c:\documents and settings\gixie\application data\ViSplore
2011-11-01 08:07:07 -------- d-----w- c:\documents and settings\gixie\application data\ViGlance
2011-11-01 08:07:06 -------- d-----w- c:\documents and settings\gixie\application data\ViStart
2011-11-01 08:00:26 -------- d-----w- c:\windows\system32\VITrans
2011-11-01 07:57:43 20480 ----a-w- c:\windows\system32\scrnrdr.exe
2011-10-29 15:04:13 -------- d-----w- c:\program files\Warkeys
2011-10-25 10:20:28 -------- d-sh--w- C:\FOUND.027
2011-10-24 11:33:30 -------- d-sh--w- C:\FOUND.026
2011-10-24 02:58:18 -------- d-----w- c:\documents and settings\gixie\application data\Process Hacker 2
.
==================== Find3M ====================
.
2011-11-20 03:48:24 7232 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-10-12 10:23:30 234800 ----a-w- c:\windows\system32\drivers\SynTP.sys
2011-10-12 10:23:30 210216 ----a-w- c:\windows\system32\SynCtrl.dll
2011-10-12 10:21:56 203352 ----a-w- c:\windows\system32\JmCrIcon.dll
2011-10-12 10:21:56 140376 ----a-w- c:\windows\system32\drivers\jmcr.sys
2011-10-12 10:21:30 1023872 ----a-w- c:\windows\system32\drivers\rt2860.sys
2011-10-12 05:32:18 161064 ------w- c:\windows\system32\SynTPAPI.dll
2011-10-12 05:32:18 1461992 ------w- c:\windows\system32\WdfCoInstaller01009.dll
2011-10-12 05:32:18 120104 ------w- c:\windows\system32\SynTPCo4.dll
2011-10-12 05:32:16 173352 ------w- c:\windows\system32\SynCOM.dll
2011-10-08 15:56:26 443448 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-10-08 15:41:10 2 --sha-r- c:\windows\winstart.bat
2011-10-07 18:31:18 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-10-07 18:31:16 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-06 22:23:48 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-05 03:24:28 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-03 22:21:42 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-09-14 15:45:38 716153 ----a-w- c:\windows\system32\unins000.exe
2011-09-12 22:30:10 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-09-02 05:03:28 730192 ----a-w- c:\program files\common files\ZugoInstaller.exe
2011-08-30 15:05:04 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-30 15:05:04 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-08-30 15:05:04 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-08-30 15:05:04 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-08-07 03:46:38 227618 ----a-w- c:\program files\uninst.exe
2011-08-05 10:58:14 32409688 ----a-w- c:\program files\im_installer.exe
2011-02-22 06:31:22 4485976 ----a-w- c:\program files\vcredist_x86.exe
2008-10-09 20:52:38 4379984 ----a-w- c:\program files\D3Dx9_40.dll
2008-07-12 00:18:52 3851784 ----a-w- c:\program files\D3DX9_39.dll
2008-03-08 23:25:10 236 ----a-w- c:\program files\common files\dx.reg
.
============= FINISH: 12:59:44.12 ===============

#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:41 PM

Posted 24 November 2011 - 11:34 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Nothing suspicious was found on your log.

Before I suggest an remedial tool please run and post the logs requested below. I also need to know what problem you are having with this computer.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) ( 511KB ) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Please post the logs for my review.

#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:41 PM

Posted 29 November 2011 - 09:36 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users