Jump to content

Recommended Posts

Hi there,

I have tried using rkill and Malware Bytes (fully updated) to remove this pesky MS Removal Tool virus, but to no avail. I have followed the instructions in the "I'm Infected - What Do I Do Now?" post.

Here is the DDS.txt file, as well as the three attached log files (ark, attach, MBAM-log) necessary.

Any help is greatly appreciated. Many thanks.

- Stuart

.

DDS (Ver_11-03-05.01) - NTFSx86 NETWORK

Run by Stuart at 21:34:11.95 on 13/04/2011

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_18

Microsoft Windows 7 Professional 6.1.7600.0.1252.2.1033.18.3070.2395 [GMT -4:00]

.

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\Explorer.EXE

C:\Windows\system32\ctfmon.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Users\Stuart\Desktop\Virus stuff\dds.com

C:\Windows\system32\conhost.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [steam] "c:\program files\steam\Steam.exe" -silent

uRun: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

uRun: [Google Update] "c:\users\stuart\appdata\local\google\update\GoogleUpdate.exe" /c

uRunOnce: [bCe31002pDkIg31002] c:\programdata\bce31002pdkig31002\bCe31002pDkIg31002.exe

mRun: [Corel File Shell Monitor] c:\program files\corel\corel paint shop pro photo x2\CorelIOMonitor.exe

mRun: [start WingMan Profiler] c:\program files\logitech\gaming software\LWEMon.exe /noui

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [dlcxmon.exe] "c:\program files\dell photo aio printer 926\dlcxmon.exe"

mRun: [MemoryCardManager] "c:\program files\dell photo aio printer 926\memcard.exe"

mRun: [DLCXCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCXtime.dll,_RunDLLEntry@16

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office11\EXCEL.EXE/3000

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office11\REFIEBAR.DLL

DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\stuart\appdata\roaming\mozilla\firefox\profiles\na1ozhgk.default\

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.51204.0\npctrlui.dll

FF - plugin: c:\users\stuart\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll

.

============= SERVICES / DRIVERS ===============

.

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]

R3 amdiox86;AMD IO Driver;c:\windows\system32\drivers\amdiox86.sys [2011-3-20 37944]

S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ati technologies\ati.ace\fuel\Fuel.Service.exe [2011-1-26 284672]

S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ati technologies\ati.ace\reservation manager\AMD Reservation Manager.exe [2010-6-17 140224]

S2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-2-17 136176]

S2 iRacingService;iRacing.com Helper Service;i:\games\iracing\iRacingService.exe [2009-12-21 513696]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 papycpu;papycpu;c:\windows\system32\drivers\papycpu.sys [2010-1-13 1984]

S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

.

=============== Created Last 30 ================

.

2011-04-10 23:45:23 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-04-10 23:45:20 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-04-10 23:45:20 -------- d-----w- c:\program files\Malwarebytes

2011-04-10 22:25:14 -------- d-----w- c:\progra~2\bCe31002pDkIg31002

2011-04-03 19:00:07 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll

2011-04-03 19:00:06 728024 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll

2011-04-03 19:00:06 1975768 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll

2011-04-03 19:00:06 1893336 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll

2011-04-03 19:00:06 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll

2011-04-03 19:00:06 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll

2011-04-03 19:00:06 142296 ----a-w- c:\program files\mozilla firefox\libEGL.dll

2011-04-03 19:00:06 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2011-03-26 06:15:38 -------- d-----w- c:\users\stuart\appdata\roaming\StreamTorrent

2011-03-26 06:15:37 -------- d-----w- c:\program files\StreamTorrent 1.0

2011-03-20 23:40:16 -------- d-----w- c:\users\stuart\appdata\local\AMD

2011-03-20 23:37:23 -------- d-----w- c:\program files\ATI Stream

2011-03-20 23:37:10 -------- d-----w- c:\progra~2\AMD

2011-03-20 23:37:03 37944 ----a-w- c:\windows\system32\drivers\amdiox86.sys

2011-03-20 22:56:30 257024 ----a-w- c:\windows\system32\msv1_0.dll

2011-03-20 22:53:49 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2011-03-20 22:53:49 49472 ----a-w- c:\windows\system32\netfxperf.dll

2011-03-20 22:53:49 297808 ----a-w- c:\windows\system32\mscoree.dll

2011-03-20 22:53:49 295264 ----a-w- c:\windows\system32\PresentationHost.exe

2011-03-20 22:53:49 1130824 ----a-w- c:\windows\system32\dfshim.dll

2011-03-20 22:45:46 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys

2011-03-20 22:45:42 190976 ----a-w- c:\windows\system32\drivers\ks.sys

2011-03-20 22:45:22 -------- d-----w- c:\program files\MSXML 4.0

2011-03-20 22:45:18 4915024 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\backup\mpengine.dll

2011-03-20 22:45:16 5943120 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{8953f43d-9de2-41ad-ba28-915898fee072}\mpengine.dll

2011-03-20 22:45:02 276992 ----a-w- c:\windows\system32\wcncsvc.dll

2011-03-20 22:43:54 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2011-03-20 22:42:59 516096 ----a-w- c:\program files\windows mail\wab.exe

2011-03-20 22:42:59 37376 ----a-w- c:\windows\system32\rtutils.dll

2011-03-20 22:42:59 34816 ----a-w- c:\windows\system32\msasn1.dll

2011-03-20 22:42:58 738816 ----a-w- c:\windows\system32\wmpmde.dll

2011-03-20 22:42:58 314368 ----a-w- c:\windows\system32\webio.dll

2011-03-20 22:42:57 132608 ----a-w- c:\windows\system32\cabview.dll

2011-03-20 22:42:57 109056 ----a-w- c:\windows\system32\t2embed.dll

2011-03-20 22:42:56 571904 ----a-w- c:\windows\system32\oleaut32.dll

2011-03-20 22:37:59 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2011-03-20 22:37:59 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys

2011-03-20 22:37:59 107520 ----a-w- c:\windows\system32\cdd.dll

2011-03-16 22:52:17 -------- d-----w- c:\users\stuart\appdata\local\ATI

2011-03-16 22:50:04 -------- d-----w- c:\program files\ATI

2011-03-16 22:49:47 -------- d-----w- c:\program files\ATI Technologies

.

==================== Find3M ====================

.

2011-03-31 01:54:40 3140 --sha-w- c:\progra~2\KGyGaAvL.sys

2011-02-19 05:33:11 802304 ----a-w- c:\windows\system32\FntCache.dll

2011-02-19 05:32:48 1074176 ----a-w- c:\windows\system32\DWrite.dll

2011-02-19 05:32:35 739840 ----a-w- c:\windows\system32\d2d1.dll

2011-02-02 22:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-01-17 05:38:38 161792 ----a-w- c:\windows\system32\d3d10_1.dll

.

============= FINISH: 21:35:24.05 ===============

Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.