Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Malware on my machine.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Malware on my machine.

Unread postby ktsteel758 » January 25th, 2009, 6:03 pm

I dont know what I downloaded but I get popups of some television episode link and weight loss adds. I ran Trojan Remover 6.75 and it found csrssc.exe and listed it as known Malware.
hijackthisLOG.TXT


Here is my log file for HijackThis.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:49:28 PM, on 1/25/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Globe Software\StatBar\StatBar.exe
C:\Users\Tom\AppData\Local\Temp\winlognn.exe
C:\Windows\ehome\ehmsas.exe
C:\hp\kbd\kbd.exe
C:\Users\Tom\AppData\Local\Temp\csrssc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [StatBar] C:\Program Files\Globe Software\StatBar\StatBar.exe
O4 - HKCU\..\Run: [lrijh8s73jhbfgfd] C:\Users\Tom\AppData\Local\Temp\winlognn.exe
O4 - HKCU\..\Run: [tezrtsjhfr84iusjfo84f] C:\Users\Tom\AppData\Local\Temp\csrssc.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: UltimateBet - {3EB3B7E8-1466-405A-B5BC-44513AF85E34} - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltimateBet\UltimateBet.lnk (HKCU)
O9 - Extra 'Tools' menuitem: UltimateBet - {3EB3B7E8-1466-405A-B5BC-44513AF85E34} - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltimateBet\UltimateBet.lnk (HKCU)
O13 - Gopher Prefix:
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8707 bytes
------------------------------------------------------------------------------------------------------------------------

Thanks in advance.

Tom
You do not have the required permissions to view the files attached to this post.
ktsteel758
Active Member
 
Posts: 3
Joined: January 25th, 2009, 12:34 pm
Advertisement
Register to Remove

Re: Malware on my machine.

Unread postby Sharagoz » January 25th, 2009, 8:20 pm

Hello ktsteel758, welcome to MWR
Please take note of the following before we begin the cleaning process:
  • The whole process will usually take at least a week complete, sometimes several weeks depending on the severity of the infection and how promptly you and me are able to reply, so please stay patient
  • Hang in there until I give you the 'All clean'. If you leave prematurely because your computer seems to be back to its old self, the risk of re-infection will be very high
  • Perform all actions in the order given
  • The instructions I give expect that you're using an account with administrator privileges and that the language of your operating system is English.
  • Dont be afraid to ask questions if something is unclear or you run into issues during cleaning steps
  • I recommend you read through each set of instructions before you actually perform them

Download and run DDS by sUBs
  • Download DDS from one of the links below and save it to your desktop
    Link1 | Link2 | Link3
  • Right-click on the file and chose Run as administrator to run the tool
  • A black window will stay open while the tool runs
  • Wait for the scan to finish (this will only take a couple of minutes), and two logs to open in separate notepad documents
  • Include both these logs in your next reply
User avatar
Sharagoz
Retired Graduate
 
Posts: 985
Joined: February 22nd, 2008, 4:31 pm
Location: Norway

Re: Malware on my machine.

Unread postby ktsteel758 » January 25th, 2009, 11:05 pm

Hello Sharagoz, thanks for taking this one on. . I did what you posted and here are the results:

DDS (Ver_09-01-19.01) - NTFSx86
Run by Tom at 21:36:08.67 on Sun 01/25/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3070.2021 [GMT -5:00]

AV: Symantec AntiVirus *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k regsvc
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\WUDFHost.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Globe Software\StatBar\StatBar.exe
C:\Users\Tom\AppData\Local\Temp\winlognn.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\hp\kbd\kbd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Poker Application\UltimateBet\mainclient.exe
C:\Poker Application\UltimateBet\aphh.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\notepad.exe
C:\Users\Tom\AppData\Local\Temp\csrssc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\explorer.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Tom\Downloads\dds.com
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: NoExplorer - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [HPADVISOR] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autorun=AUTORUN
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [StatBar] c:\program files\globe software\statbar\StatBar.exe
uRun: [lrijh8s73jhbfgfd] c:\users\tom\appdata\local\temp\winlognn.exe
uRun: [tezrtsjhfr84iusjfo84f] c:\users\tom\appdata\local\temp\csrssc.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [<NO NAME>]
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [TrojanScanner] c:\program files\trojan remover\Trjscan.exe /boot
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
LSA: Authentication Packages = msv1_0 relog_ap

================= FIREFOX ===================

FF - ProfilePath - c:\users\tom\appdata\roaming\mozilla\firefox\profiles\rnkuk2m2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.cnn.com/
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-1-25 28544]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-1-11 99376]
R4 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2008-10-28 156968]
R4 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2008-12-4 226640]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-1-11 55264]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2008-12-8 533344]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-11-28 122008]
S3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2008-1-20 987648]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2008-1-20 251904]
S4 nvrd32;NVIDIA nForce RAID Driver;c:\windows\system32\drivers\nvrd32.sys [2008-4-10 131616]

=============== Created Last 30 ================

2009-01-25 16:47 <DIR> --d----- c:\program files\Trend Micro
2009-01-25 05:59 162,304 a------- c:\windows\system32\ztvunrar36.dll
2009-01-25 05:59 153,088 a------- c:\windows\system32\UNRAR3.dll
2009-01-25 05:59 77,312 a------- c:\windows\system32\ztvunace26.dll
2009-01-25 05:59 75,264 a------- c:\windows\system32\unacev2.dll
2009-01-25 05:59 69,632 a------- c:\windows\system32\ztvcabinet.dll
2009-01-25 05:59 <DIR> --d----- c:\users\tom\appdata\roaming\Simply Super Software
2009-01-25 05:59 <DIR> --d----- c:\programdata\Simply Super Software
2009-01-25 05:59 <DIR> --d----- c:\program files\Trojan Remover
2009-01-25 05:59 <DIR> --d----- c:\progra~2\Simply Super Software
2009-01-25 05:58 108,336 a------- c:\windows\system32\mswinsck.ocx
2009-01-25 05:58 163,840 a------- c:\windows\system32\Updater.exe
2009-01-25 05:36 28,544 a------- c:\windows\system32\drivers\pavboot.sys
2009-01-25 05:36 <DIR> --d----- c:\program files\Panda Security
2009-01-25 05:16 <DIR> a-d----- c:\programdata\TEMP
2009-01-25 05:16 <DIR> --d----- c:\program files\Spyware Doctor
2009-01-25 00:01 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-01-25 00:01 15,464 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-01-25 00:01 <DIR> --d----- c:\program files\iPod
2009-01-25 00:01 <DIR> --d----- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-25 00:01 <DIR> --d----- c:\program files\iTunes
2009-01-25 00:01 <DIR> --d----- c:\progra~2\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-25 00:00 <DIR> --d----- c:\program files\Bonjour
2009-01-24 23:59 <DIR> --d----- c:\programdata\Apple Computer
2009-01-24 23:58 <DIR> --d----- c:\programdata\Apple
2009-01-24 21:56 <DIR> --d----- c:\program files\Monopoly - SpongeBob SquarePants Edition
2009-01-24 21:52 792,381 a------- c:\users\tom\appdata\roaming\svchost.exe
2009-01-24 21:52 <DIR> --d----- c:\users\tom\appdata\roaming\_4f514a42bfe74ce2b0cd08f523764de4
2009-01-24 09:21 7 a------- c:\windows\sbacknt.bin
2009-01-24 09:20 152,904 a------- c:\windows\system32\vghd.scr
2009-01-24 09:20 <DIR> --d----- c:\program files\vghd
2009-01-24 02:41 129,784 -------- c:\windows\system32\pxafs.dll
2009-01-22 20:13 <DIR> --d----- c:\program files\WildGames
2009-01-21 19:42 <DIR> --d----- c:\users\tom\appdata\roaming\WildTangent
2009-01-19 19:30 <DIR> --d----- c:\program files\Audacity
2009-01-17 04:02 <DIR> --d----- c:\programdata\CyberLink
2009-01-14 20:46 230,424 a------- C:\img2-001.raw
2009-01-14 19:25 288,768 a------- c:\windows\system32\drivers\srv.sys
2009-01-12 03:46 <DIR> --d----- c:\programdata\LightScribe
2009-01-12 03:46 <DIR> --d----- c:\progra~2\LightScribe
2009-01-11 23:51 <DIR> --d----- c:\program files\VideoLAN
2009-01-11 23:23 <DIR> --d----- c:\programdata\vsosdk
2009-01-11 23:23 <DIR> --d----- c:\progra~2\vsosdk
2009-01-11 23:13 164,352 a------- c:\windows\system32\unrar.dll
2009-01-11 23:13 38 a------- c:\windows\avisplitter.ini
2009-01-11 23:13 <DIR> --d----- c:\program files\K-Lite Codec Pack
2009-01-11 21:23 <DIR> --d----- c:\program files\common files\AVSMedia
2009-01-11 21:23 <DIR> --d----- c:\program files\AVSMedia
2009-01-11 19:44 87,608 a------- c:\users\tom\appdata\roaming\inst.exe
2009-01-11 19:44 47,360 a------- c:\windows\system32\drivers\pcouffin.sys
2009-01-11 19:44 47,360 a------- c:\users\tom\appdata\roaming\pcouffin.sys
2009-01-11 19:44 217,127 a------- c:\windows\system32\drv43260.dll
2009-01-11 19:44 208,935 a------- c:\windows\system32\drv33260.dll
2009-01-11 19:44 176,165 a------- c:\windows\system32\drv23260.dll
2009-01-11 19:44 102,439 a------- c:\windows\system32\sipr3260.dll
2009-01-11 19:44 65,602 a------- c:\windows\system32\cook3260.dll
2009-01-11 19:44 1,184,984 a------- c:\windows\system32\wvc1dmod.dll
2009-01-11 19:44 626,688 a------- c:\windows\system32\vp7vfw.dll
2009-01-11 19:43 <DIR> --d----- c:\program files\VSO
2009-01-11 19:31 <DIR> --d----- c:\program files\PowerISO
2009-01-11 19:19 109,744 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-11 19:19 8,014 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-11 19:19 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-01-11 19:18 <DIR> --d----- c:\program files\Symantec
2009-01-11 19:18 <DIR> --d----- c:\program files\Symantec AntiVirus
2009-01-11 18:04 <DIR> --d----- c:\windows\pss
2009-01-11 15:31 428,544 a------- c:\windows\system32\EncDec.dll
2009-01-11 15:31 293,376 a------- c:\windows\system32\psisdecd.dll
2009-01-11 15:31 217,088 a------- c:\windows\system32\psisrndr.ax
2009-01-11 15:31 177,664 a------- c:\windows\system32\mpg2splt.ax
2009-01-11 15:31 80,896 a------- c:\windows\system32\MSNP.ax
2009-01-11 15:31 57,856 a------- c:\windows\system32\MSDvbNP.ax
2009-01-11 15:31 241,152 a------- c:\windows\system32\PortableDeviceApi.dll
2009-01-11 15:31 147,456 a------- c:\windows\system32\Faultrep.dll
2009-01-11 15:31 125,952 a------- c:\windows\system32\wersvc.dll
2009-01-11 15:31 425,472 a------- c:\windows\system32\PhotoMetadataHandler.dll
2009-01-11 15:31 712,704 a------- c:\windows\system32\WindowsCodecs.dll
2009-01-11 15:31 347,648 a------- c:\windows\system32\WindowsCodecsExt.dll
2009-01-11 15:31 1,645,568 a------- c:\windows\system32\connect.dll
2009-01-11 13:01 55,264 a------- c:\windows\system32\drivers\fssfltr.sys
2009-01-11 12:59 3,426,072 a------- c:\windows\system32\d3dx9_32.dll
2009-01-11 12:58 <DIR> --d----- c:\program files\Microsoft SQL Server Compact Edition
2009-01-11 03:00 <DIR> --d----- c:\program files\CONEXANT
2009-01-10 08:18 <DIR> --d----- c:\programdata\Acronis
2009-01-10 08:16 132,224 a------- c:\windows\system32\drivers\snapman.sys
2009-01-09 15:12 <DIR> --d----- c:\program files\ESET
2009-01-09 15:01 <DIR> --d----- c:\programdata\ESET
2009-01-09 12:48 <DIR> --d----- C:\Poker Application
2009-01-09 12:48 1,383,424 a------- c:\windows\system32\mshtml.tlb
2009-01-09 12:45 2,048 a------- c:\windows\system32\tzres.dll
2009-01-09 12:42 441,760 a------- c:\windows\system32\drivers\timntr.sys
2009-01-09 12:42 44,384 a------- c:\windows\system32\drivers\tifsfilt.sys
2009-01-09 12:40 368,480 a------- c:\windows\system32\drivers\tdrpman.sys
2009-01-09 12:39 <DIR> --d----- c:\program files\MSXML 4.0
2009-01-09 12:35 <DIR> --d----- C:\Seagate temp
2009-01-09 12:27 <DIR> --d----- c:\program files\PeerGuardian2
2009-01-09 11:58 1,524,736 a------- c:\windows\system32\wucltux.dll
2009-01-09 11:58 83,456 a------- c:\windows\system32\wudriver.dll
2009-01-09 11:58 162,064 a------- c:\windows\system32\wuwebv.dll
2009-01-09 11:58 31,232 a------- c:\windows\system32\wuapp.exe
2009-01-09 11:41 <DIR> --d----- c:\programdata\Seagate
2009-01-09 11:41 <DIR> --d----- c:\program files\Seagate
2009-01-09 11:41 <DIR> --d----- c:\progra~2\Seagate
2009-01-09 11:19 <DIR> --d----- c:\programdata\Avira
2009-01-09 11:19 <DIR> --d----- c:\progra~2\Avira
2009-01-09 11:17 <DIR> --d----- c:\users\tom\Tracing
2009-01-09 11:17 <DIR> --d----- c:\program files\Microsoft LifeCam
2009-01-09 11:14 <DIR> --d----- c:\program files\Microsoft
2009-01-09 11:14 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-01-09 11:14 <DIR> --d----- c:\windows\PCHEALTH
2009-01-09 11:10 <DIR> --d----- c:\program files\common files\Windows Live
2009-01-09 10:58 <DIR> --d----- c:\program files\IDM Computer Solutions
2009-01-09 10:46 12,240,896 a------- c:\windows\system32\NlsLexicons0007.dll
2009-01-09 10:46 2,644,480 a------- c:\windows\system32\NlsLexicons0009.dll
2009-01-09 10:46 801,280 a------- c:\windows\system32\NaturalLanguage6.dll
2009-01-09 10:45 <DIR> --d----- c:\program files\Globe Software
2009-01-09 10:45 361,984 a------- c:\windows\system32\IPSECSVC.DLL
2009-01-09 10:45 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-01-09 10:45 891,448 a------- c:\windows\system32\drivers\tcpip.sys
2009-01-09 10:45 72,192 a------- c:\windows\system32\drivers\pacer.sys
2009-01-09 10:45 15,360 a------- c:\windows\system32\pacerprf.dll
2009-01-09 10:43 430,080 a------- c:\windows\system32\vbscript.dll
2009-01-09 10:43 180,224 a------- c:\windows\system32\scrobj.dll
2009-01-09 10:43 155,648 a------- c:\windows\system32\wscript.exe
2009-01-09 10:43 135,168 a------- c:\windows\system32\wshom.ocx
2009-01-09 10:43 135,168 a------- c:\windows\system32\cscript.exe
2009-01-09 10:43 90,112 a------- c:\windows\system32\wshext.dll
2009-01-09 10:43 738,304 a------- c:\windows\system32\inetcomm.dll
2009-01-09 10:43 172,032 a------- c:\windows\system32\scrrun.dll
2009-01-09 10:43 1,314,816 a------- c:\windows\system32\quartz.dll
2009-01-09 10:43 3,601,464 a------- c:\windows\system32\ntkrnlpa.exe
2009-01-09 10:43 3,549,240 a------- c:\windows\system32\ntoskrnl.exe
2009-01-09 10:43 1,334,272 a------- c:\windows\system32\msxml6.dll
2009-01-09 10:42 <DIR> --d----- c:\program files\uTorrent
2009-01-09 10:41 <DIR> --d----- c:\users\tom\appdata\roaming\uTorrent
2009-01-09 10:33 <DIR> --d----- c:\windows\Downloaded Installations
2009-01-09 10:33 <DIR> --dsh--- c:\windows\ftpcache
2009-01-09 10:31 553 a------- c:\windows\USetup.iss
2009-01-09 10:31 104,992 a------- c:\windows\RTKAUDIOSERVICE.EXE
2009-01-09 10:30 319,456 a------- c:\windows\DIFxAPI.dll
2009-01-09 10:30 6,266,880 a------- c:\windows\RtHDVCpl.exe
2009-01-09 10:30 2,152,088 a------- c:\windows\system32\drivers\RTKVHDA.sys
2009-01-09 10:30 1,196,032 a------- c:\windows\RtlUpd.exe
2009-01-09 10:30 725,504 a------- c:\windows\system32\RtkPgExt.dll
2009-01-09 10:30 540,672 a------- c:\windows\system32\RTSndMgr.cpl
2009-01-09 10:30 285,216 a------- c:\windows\system32\RtkApoApi.dll
2009-01-09 10:30 <DIR> --d----- c:\program files\Realtek
2009-01-09 10:30 520,192 a------- c:\windows\RtlExUpd.dll
2009-01-09 10:30 315,392 a------- c:\windows\HideWin.exe
2009-01-09 10:26 453,152 a------- c:\windows\system32\nvuninst.exe
2009-01-09 10:21 <DIR> --d----- c:\users\tom\appdata\roaming\WinBatch
2009-01-09 10:10 117,760 a------- c:\windows\system32\hpz3l4v2.dll
2009-01-09 10:10 <DIR> --d----- c:\users\tom\appdata\roaming\Symantec
2009-01-09 10:09 44 a------- c:\windows\system\hpsysdrv.dat
2009-01-09 10:01 <DIR> --d----- c:\users\Tom
2009-01-07 05:17 1,825 a--shr-- c:\windows\system32\drivers\103C_HP_CPC_KJ378AA-ABA a6430f_YC_0Pavi_QMXU819_E82NAv3PrA1_49_INARRA3_SOEMMB_V3.02_B5.14_T080620_WUH1_L409_M2942_J640_7AMD_8Phenom 8400 Triple-Core_92.1_#090107_N10DE03EF_Z14F12F20_G10DE03D0.MRK
2009-01-07 05:12 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-01-05 16:18 90,112 a------- c:\windows\system32\QuickTimeVR.qtx
2009-01-05 16:18 57,344 a------- c:\windows\system32\QuickTime.qts

==================== Find3M ====================

2009-01-24 23:59 143,360 a------- c:\windows\inf\infstrng.dat
2009-01-24 23:59 86,016 a------- c:\windows\inf\infstor.dat
2009-01-24 23:59 51,200 a------- c:\windows\inf\infpub.dat
2009-01-09 12:59 665,600 a------- c:\windows\inf\drvindex.dat
2008-12-04 22:55 307,560 a------- c:\windows\WLXPGSS.SCR
2008-12-02 22:37 49,480 a------- c:\windows\system32\sirenacm.dll
2008-10-31 22:44 52,736 a------- c:\windows\apppatch\iebrshim.dll
2008-10-31 22:44 2,154,496 a------- c:\windows\apppatch\AcGenral.dll
2008-10-31 22:44 541,696 a------- c:\windows\apppatch\AcLayers.dll
2008-10-31 22:44 460,288 a------- c:\windows\apppatch\AcSpecfc.dll
2008-10-31 22:44 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2008-10-31 22:44 28,672 a------- c:\windows\system32\Apphlpdm.dll
2008-10-31 20:21 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2008-10-29 01:29 2,927,104 a------- c:\windows\explorer.exe
2008-01-20 21:43 174 a--sh--- c:\program files\desktop.ini
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 21:36:37.22 ===============
You do not have the required permissions to view the files attached to this post.
ktsteel758
Active Member
 
Posts: 3
Joined: January 25th, 2009, 12:34 pm

Re: Malware on my machine.

Unread postby ktsteel758 » January 26th, 2009, 4:14 am

I have been trying myself to rid my machine of this na d it seems to be gone. I used a combo of online scanners and got a copy of NOD 32 antivirus. I am not sure if you would need a new log from Hijackthis.

Thanks,

Tom
ktsteel758
Active Member
 
Posts: 3
Joined: January 25th, 2009, 12:34 pm

Re: Malware on my machine.

Unread postby Sharagoz » January 26th, 2009, 4:37 am

If you still want my help you'll need to post a new DDS log.

But a couple of other things first:
You'll have to stop running scans on your own if you're gonna work with me. If I see changes in the logs I did not expect it will only lead to confusion.
You'll also have to uninstall uTorrent if you want to continue, because of board policy. See MWR policy on P2P programs for more details.
User avatar
Sharagoz
Retired Graduate
 
Posts: 985
Joined: February 22nd, 2008, 4:31 pm
Location: Norway

Re: Malware on my machine.

Unread postby NonSuch » January 31st, 2009, 11:17 pm

Due to lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 198 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware