Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

dds log

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

dds log

Unread postby ineedhalp » May 25th, 2011, 2:26 pm

DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.7600.16385
Run by KKK at 20:21:45 on 2011-05-25
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.39.1033.18.4077.2807 [GMT 2:00]
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Alice ti aiuta\McciTrayApp.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
============== Pseudo HJT Report ===============
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [AliceRV_McciTrayApp] C:\Program Files (x86)\Alice ti aiuta\McciTrayApp.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
================= FIREFOX ===================
FF - ProfilePath - C:\Users\KKK\AppData\Roaming\Mozilla\Firefox\Profiles\j69kpwc0.default\
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
============= SERVICES / DRIVERS ===============
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-12-27 378472]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
=============== Created Last 30 ================
2011-05-25 21:28:10 -------- d-----w- C:\Windows\Panther
2011-05-25 18:07:28 98816 ----a-w- C:\Windows\sed.exe
2011-05-25 18:07:28 89088 ----a-w- C:\Windows\MBR.exe
2011-05-25 18:07:28 256512 ----a-w- C:\Windows\PEV.exe
2011-05-25 18:07:28 161792 ----a-w- C:\Windows\SWREG.exe
2011-05-25 17:33:06 -------- d-----w- C:\Users\KKK\AppData\Roaming\Malwarebytes
2011-05-25 17:33:04 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-25 17:33:04 -------- d-----w- C:\ProgramData\Malwarebytes
2011-05-25 17:33:01 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-05-25 17:33:01 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-05-25 17:19:48 -------- d-----w- C:\Program Files (x86)\osu!
2011-05-25 17:19:44 -------- d-----w- C:\Users\KKK\AppData\Roaming\Downloaded Installations
2011-05-25 16:49:10 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-05-25 16:49:10 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-05-25 16:42:24 388096 ----a-r- C:\Users\KKK\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-05-25 16:42:24 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-05-25 16:18:03 374664 ----a-w- C:\Windows\System32\drivers\netio.sys
2011-05-25 16:18:03 1898376 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-05-25 16:13:45 8718160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{84506EB5-8466-48ED-80AB-16F5D8DCF428}\mpengine.dll
2011-05-25 16:13:45 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-05-25 15:59:04 102912 --sha-r- C:\Windows\SysWow64\msvcrt204.dll
2011-05-25 15:27:28 -------- d-----w- C:\Windows\Roaming
2011-05-25 15:27:28 -------- d-----w- C:\Program Files (x86)\Common Files\Motive
2011-05-25 15:27:28 -------- d-----w- C:\Program Files (x86)\Common Files\AliceRV
2011-05-25 15:27:28 -------- d-----w- C:\Program Files (x86)\Alice ti aiuta
2011-05-25 15:24:51 -------- d-----w- C:\Program Files (x86)\Alice Messenger
2011-05-25 15:19:11 412776 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
2011-05-25 15:19:10 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll
2011-05-25 15:19:10 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
2011-05-25 15:19:07 -------- d-----w- C:\Program Files (x86)\Realtek
2011-05-25 14:54:07 -------- d-----w- C:\Users\KKK\AppData\Local\Diagnostics
2011-05-25 14:37:58 -------- d-----w- C:\Program Files (x86)\Telecom Italia
2011-05-25 14:37:51 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2011-05-25 14:37:51 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2011-05-25 14:37:51 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2011-05-25 14:37:51 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2011-05-25 12:43:18 -------- d-----w- C:\Users\KKK\AppData\Local\Microsoft Games
2011-05-25 11:56:03 29288 ----a-w- C:\Windows\System32\nvhdap64.dll
2011-05-25 11:56:03 155752 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2011-05-25 11:56:03 1359976 ----a-w- C:\Windows\System32\nvgenco64hda.dll
2011-05-25 11:54:58 12858472 ----a-w- C:\Windows\System32\nvd3dumx.dll
2011-05-25 11:48:23 -------- d-----w- C:\Recovery
==================== Find3M ====================
2011-05-25 15:55:21 833024 ----a-w- C:\Windows\SysWow64\user32.dll.old
2011-05-25 15:55:21 1008640 ----a-w- C:\Windows\System32\user32.dll.old
============= FINISH: 20:21:52,87 ===============


DDS (Ver_11-05-19.01)
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 25/05/2011 13:31:14
System Uptime: 25/05/2011 19:48:15 (1 hours ago)
Motherboard: ASUSTeK Computer INC. | | P8H67
Processor: Intel(R) Core(TM) i5-2500 CPU @ 3.30GHz | LGA1155 | 3301/100mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 244 GiB total, 226,042 GiB free.
E: is CDROM ()
==== Disabled Device Manager Items =============
Class GUID:
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_1B21&DEV_1042&SUBSYS_84881043&REV_00\4&16B16BD2&0&00E7
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_1B21&DEV_1042&SUBSYS_84881043&REV_00\4&16B16BD2&0&00E7
Class GUID:
Description: PCI Simple Communications Controller
Device ID: PCI\VEN_8086&DEV_1C3A&SUBSYS_844D1043&REV_04\3&11583659&0&B0
Name: PCI Simple Communications Controller
PNP Device ID: PCI\VEN_8086&DEV_1C3A&SUBSYS_844D1043&REV_04\3&11583659&0&B0
Class GUID:
Description: SM Bus Controller
Device ID: PCI\VEN_8086&DEV_1C22&SUBSYS_844D1043&REV_05\3&11583659&0&FB
Name: SM Bus Controller
PNP Device ID: PCI\VEN_8086&DEV_1C22&SUBSYS_844D1043&REV_05\3&11583659&0&FB
==== System Restore Points ===================
RP1: 25/05/2011 14:11:30 - Windows Update
RP2: 25/05/2011 16:38:17 - Installato Installazione Guidata Alice
RP3: 25/05/2011 17:03:18 - Installato Installazione Guidata Alice
RP4: 25/05/2011 17:19:02 - Installato Realtek Ethernet Controller Driver
RP5: 25/05/2011 17:23:38 - Installato Installazione Guidata Alice
RP6: 25/05/2011 17:53:26 - Windows Modules Installer
RP7: 25/05/2011 17:55:02 - Windows Update
==== Installed Programs ======================
Adobe Flash Player 10 ActiveX
Alice Messenger
Alice ti aiuta
Installazione Guidata Alice
Malwarebytes' Anti-Malware
Mozilla Firefox 4.0.1 (x86 it)
NVIDIA Stereoscopic 3D Driver
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
RTC Client API v1.3 msm
Spybot - Search & Destroy
==== Event Viewer Messages From Past Week ========
25/05/2011 20:09:06, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
25/05/2011 20:08:58, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
==== End Of File ===========================

help please :(
Active Member
Posts: 1
Joined: May 25th, 2011, 2:20 pm
Register to Remove

Re: dds log

Unread postby Carolyn » May 27th, 2011, 8:15 am

I'm reviewing your logs and will post back shortly.
User avatar
MRU Emeritus
MRU Emeritus
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: dds log

Unread postby Carolyn » May 27th, 2011, 8:54 am

Hello and Welcome to the forums!

My name is Carolyn and I'll be glad to help you with your computer problems.

Please do not run any other tool until instructed to do so!
Please reply to this thread, do not start another!
Please tell me about any problems that have occurred during the fix.
Please tell me of any other symptoms you may be having as these can help also.
Please try as much as possible not to run anything while executing a fix.

If you follow these instructions, everything should go smoothly.


Before we start: Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

In light of this it would be wise for you to back up any files and folders that you don't want to lose before we proceed.


Create a System Restore Point
  1. Right-click on Computer ... select Properties.
  2. In the left pane under Tasks ... click System protection.
    If UAC prompts for an administrator password or approval, type the password or give your "permission to continue".
  3. Select System Protection ...then choose Create.
  4. In the System Restore dialog box, type a description for the restore point ... click Create, again.
    A window will pop up with "The Restore Point was created successfully" confirmation message.
  5. Click OK ...then close the System Restore dialog.


TDSSKiller - Rootkit Removal Tool
Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  1. Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista - W7 users: Right-click and select "Run As Administrator".
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
    If you don't see file extensions, please see: How to change the file extension.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Ensure Cure (default) is selected... then click Continue > Reboot now to finish the cleaning process.
    • If Cure is not offered as an option, choose Skip.
  5. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory. (usually Local Disk C:).
  6. Copy and paste the contents of that file in your next reply.
If, for some reason,you can't locate the text file to paste into your reply, just tell me, but DO NOT run the program a second time.


I see that you have run ComboFix.

A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

Please post the contents of the ComboFix log. It can be found at C:\ComboFix.txt


Please include the following logs in your next reply (post all logs as text, no attachments please):
  • The TDSSKiller log
  • ComboFix.txt
  • A description of the problems that you are having with this computer.
User avatar
MRU Emeritus
MRU Emeritus
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: dds log

Unread postby NonSuch » May 31st, 2011, 3:59 pm

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Posts: 27257
Joined: February 23rd, 2005, 7:08 am
Location: California
Register to Remove

Return to Infected? Virus, malware, adware, ransomware, oh my!

Who is online

Users browsing this forum: No registered users and 48 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware